On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> This came up during u2k20 while discussing tempfiles for gotweb inside a
> chroot. At the moment we don't include it by default and ports have to
> create it themselves. Since I assume we want web applications to run
> inside a /var/www chroot as much as possible and even some libc
> functions depend on /tmp being available I'd argue we should include it
> by default.
WIth FastCGI, perhaps I'm confused, but why do web applications need to
be inside the /var/www chroot? Can't they be anywhere, or even have a
seperate chroot directory? Should we be handling things things that
are not in base?
> I also choose to make the directory 1777, similar to a normal /tmp,
> since both multiple slowcgi or php-fpm pools can run simultaneously
> under different users.
>
> The cleanup functions don't reflect the current /tmp cleanup style, but
> we can move the existing find statements to -delete in a separate patch.
>
> I already had some positive feedback during u2k20 on the concept.
> OK?
>
> martijn@
>
> Index: etc//daily
> ===================================================================
> RCS file: /cvs/src/etc/daily,v
> retrieving revision 1.93
> diff -u -p -r1.93 daily
> --- etc//daily 9 Sep 2019 20:02:26 -0000 1.93
> +++ etc//daily 7 Apr 2020 14:37:15 -0000
> @@ -55,6 +55,11 @@ if [ -d /tmp -a ! -L /tmp ]; then
> ! -path ./.ICE-unix ! -name . \
> -execdir rmdir -- {} \; >/dev/null 2>&1; }
> fi
> +if [ -d /var/www/tmp -a ! -L /var/www/tmp ]; then
> + cd /var/www/tmp && {
> + find -x . -type f -atime +7 -delete 2>/dev/null
> + find -x . -type d -empty -delete 2>/dev/null
> +fi
>
> # Additional junk directory cleanup would go like this:
> #if [ -d /scratch -a ! -L /scratch ]; then
> Index: etc//rc
> ===================================================================
> RCS file: /cvs/src/etc/rc,v
> retrieving revision 1.543
> diff -u -p -r1.543 rc
> --- etc//rc 24 Jan 2020 06:17:37 -0000 1.543
> +++ etc//rc 7 Apr 2020 14:37:15 -0000
> @@ -532,7 +532,7 @@ if [[ -f /etc/ptmp ]]; then
> 'password file may be incorrect -- /etc/ptmp exists'
> fi
>
> -echo clearing /tmp
> +echo clearing temporary directories
>
> # Prune quickly with one rm, then use find to clean up /tmp/[lqv]*
> # (not needed with mfs /tmp, but doesn't hurt there...).
> @@ -540,6 +540,7 @@ echo clearing /tmp
> (cd /tmp &&
> find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \
> ! -name quota.group ! -name vi.recover -execdir rm -rf -- {} \;)
> +(cd /var/www/tmp && find . -x -delete)
>
> # Create Unix sockets directories for X if needed and make sure they have
> # correct permissions.
> Index: etc//mtree/4.4BSD.dist
> ===================================================================
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.314
> diff -u -p -r1.314 4.4BSD.dist
> --- etc//mtree/4.4BSD.dist 29 Nov 2019 03:28:20 -0000 1.314
> +++ etc//mtree/4.4BSD.dist 7 Apr 2020 14:37:15 -0000
> @@ -749,6 +749,7 @@ var
> ..
> run type=dir uname=root gname=daemon mode=755
> ..
> + tmp type=dir uname=root gname=wheel mode=01777
> ..
>
> # ./var/audit
>
>
