scheduled regular purging of a directory

[y2kdis]

how do i purge/delete files older than 1 day from a particular directory? i might have to do this every day so i'm assuming this has to be done in cron but i'm clueless as to how to go about it. i don't have any experience yet in linux scripting or setting a cron job so a sample snippet or instructions will be very much appreciated.

[lacek]

Here is a crontab entry doing this:

Code: Select all

12 1 * * * root find /the/directory/you/wanna/purge -mtime +1 -exec rm \{\} \;

See the man page of cron, crontab and find for more info.

[Jeroen]

Please look into 'tmpreaper' program (apt-get or aptitude or synaptic install it), it does what you are looking for, in an easily configureable way -- and also more efficient and more secure. Lacek's solution for example is vulnerabile to a symlink attack, a malicious user with too much time on his hands can get root to remove such files like /etc/passwd, and can't deal with directories.

tmpreaper installs itself in /etc/cron.daily/ automatically, and is configureable via /etc/tmpreaper.conf, but you can run the command 'tmpreaper' from cron manually too.

[y2kdis]

i tried to install tmpreaper but i came across some errors.
------------------------------------------------------------------------
Preconfiguring packages ...
Can't exec "/tmp/tmpreaper.config.57021": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
open2: exec of /tmp/tmpreaper.config.57021 configure failed at /usr/share/perl5/Debconf/ConfModule.pm line 44
tmpreaper failed to preconfigure, with exit status 255
Selecting previously deselected package tmpreaper.
(Reading database ... 22975 files and directories currently installed.)
Unpacking tmpreaper (from .../tmpreaper_1.6.5_i386.deb) ...
Setting up tmpreaper (1.6.5) ...
-------------------------------------------------------------------------

i looks like tmpreaper was installed but it's not working. any idea how to solve this?

by the way, i've pasted below the section of the files that conflicted with the installation. the particular line that threw an error is marked with a comment.

Open3.pm

Code: Select all

    if ($cmd[0] eq '-') { croak "Arguments don't make sense when the command is '-'"
         if @cmd > 1;
         return 0;
     }
     local($")=(" ");
     //NEXT LINE IS 168 
     exec @cmd # XXX: wrong process to croak from or croak "$Me: exec of @cmd failed";     
    }

ConfModule.pm

Code: Select all

sub startup {
   my $this=shift;
   my $confmodule=shift;
   $this->frontend->clear;
   $this->busy([]);
	
   my @args=$this->confmodule($confmodule);
   push @args, @_ if @_;
	
   debug developer => "starting ".join(' ',@args);
   //NEXT LINE IS 44
   $this->pid(open2($this->read_handle(FileHandle->new), $this->write_handle(FileHandle->new), @args)) || die $!;
   
  $this->caught_sigpipe('');
  $SIG{PIPE}=sub { $this->caught_sigpipe(128) };
}

[Jeroen]

Maybe you've mounted /tmp as noexec?

[Guest]

Maybe you've mounted /tmp as noexec?

Yay! You were right it's mounted as nosuid,noexec as suggested from another site. Anyway, i temporarily removed the noexec option then installed tmpreaper. No error this time!

After that I edited /etc/tmpreaper.conf to have the ff changes:
age limit for files=1 day
directory to clean='/var/www/out/'

Code: Select all

if [ -n "$TMPTIME" -a "$TMPTIME" -gt 0 ]; then
    TMPREAPER_TIME=${TMPTIME}d
else
    TMPREAPER_TIME=1d
   #I changed the above value from 7d to 1d
fi
# uncomment and change the next line to overrule the /etc/default/rcS value
TMPREAPER_TIME=1d  
#I commented out the above line and change the value from 7d to 1d

TMPREAPER_PROTECT_EXTRA=''
TMPREAPER_DIRS='/var/www/out/.'
#I changed the above value from '/tmp.' to '/var/www/out/.'
TMPREAPER_ADDITIONALOPTIONS=''

Then I re-edited /etc/fstab and set /tmp as noexec again since it's not the target folder now. Did I do the right thing? Also, since I removed /tmp from the tmpreaper configuration I am assuming that whatever application was used to regularly clean that folder before tmpreaper was installed will be associated with it again. I may be wrong though.

[y2kdis]

Sorry, that was me. I didn't notice I wasn't log in when I made a reply.

[kink]

Also, since I removed /tmp from the tmpreaper configuration I am assuming that whatever application was used to regularly clean that folder before tmpreaper was installed will be associated with it again. I may be wrong though.

On a default Debian system, /tmp is not cleaned up automatically, only if you install a thing like tmpreaper. It will be wiped on boot, that's all. So it's actually a good thing to have tmpreaper clear /tmp out regularly.

[y2kdis]

i included /tmp back on the list but kept the noexec option for it. will tmpreaper work on it even with that setting? tmpreaper had a conflict during installation with noexec option but now that is already installed i wonder if it will be ok to revert back to the original setting. i'm asking basically because i don't know if noexec for a folder is limited to files within it (tmpreaper is installed outside /tmp).

[Jeroen]

Once a program is installed, it probably works fine with noexec on /tmp. If not, you'll notice. Installation scripts should fail if there was some error (as tmpreaper did), but it will note that in dpkg's database, and dpkg will retry until it succeeds. If dpkg/apt/whatever don't complain anymore and try again to configure tmpreaper, assume it's installed correctly. Especially if it simply just works when you try it .

Note though, that noexec on /tmp provides mostly just a false sense of security, while executing scripts and programs is then no longer possible, one can execute scripts (including perl) by using "perl /tmp/scriptname.pl", also, there are typically more world-writeable places on the filesystem ($HOME of most users, /var/tmp). It might help against some very standard scriptkiddie-attacks, but when you've got a human with even a modest brain on the attacking side, you lose anyway if one would otherwise be able to execute a random program in /tmp.