Ignore some directories from being chown'ed by a cron file

[overmind]

As you know at 3AM every day a cron script is being run that will search all files on the hard drive and chown some of them (security thing). If I have a file server with lots of small files I do not want such find process to run for those files.

Do you know what script runs (by default) and if it is possible to customize the script so it will not look for example in /mnt?

I think the script is from /etc/periodic/daily but I do not know which is it.

The script will run:

root       15476   4.6  0.1  18196  12184  ??  D     3:02AM    8:58.38 find -sx / /mnt /drive/files
 /mnt/drive/files/archive /mnt/drive/archive/a /dev/null -type f ( -perm -u+x -or -perm -g+x -or 
-perm -o+x ) ( -perm -u+s -or -perm -g+s ) -exec ls -liTd {} +

I want to ignore everything from /mnt.

 

[phoenix]

Search the forums for "periodic" and "security" and you'll find several threads on this very topic. Even just searching for "periodic" and "3 am" will find several threads on this topic.

 

[fluca1978]

The 450.security script of the periodic-daily executes all the scripts in the /etc/periodic/security path, and the 100.chksetuid is the one you are looking for.

 

[SirDice]

As you know at 3AM every day a cron script is being run that will search all files on the hard drive and chown some of them (security thing).

None of the periodic scripts chown(8) anything. The only script that uses chown(8) is weekly/310.locate and that only operates on the /var/db/locate.database file.

 

[kpa]

Yeah, 100.chksetuid is nothing but a diff(1) against a last known state of setuid binaries in the system.

 

[overmind]

Well, the ps code I've posted in my first post on this thread does that every morning at 3 AM.

I wonder which variable from /etc/defaults/periodic.conf file (if any) should I copy to /etc/periodic.conf and modify accordingly to skip this process for /mnt dir.

 

[SirDice]

Well, the ps code I've posted in my first post on this thread does that every morning at 3 AM.

That code snipped doesn't change anything. It does an ls(1) on the files it finds, nothing more, nothing less.

 

[overmind]

The ps line might be longer, the one I've posted is just what I was able to grep(1)().

 

[SirDice]

As mentioned before, it's part of 100.chksetuid. That script does not change permissions or ownership.

 

[phoenix]

Edit /etc/periodic/security/100.chksetuid, comment out this line:

        MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`

And replace it with a space-separated list of mountpoints that you do want checked:

        MP="/ /var /usr /usr/local /yadda /blah /other/cool/stuff"

Just be warned that this file will be overwritten the next time you do an installworld/mergemaster.

Of, is you want to skip all ZFS filesystems, then just remove the ,zfs part of the MP line. Then the script will only check your UFS filesystems.