Filereaper
Contents:
Purpose
Status
Features
Bugs
Dependencies
Related Projects
Code
To make better use of disk space by dynamically reallocating storage space
to files under /tmp in real-time. Files will be kept for as long
as possible, and only removed when insufficient free disk space exists.
Minimal development resources were attached to this project at its
earliest first release in April 1998, and while it works at all I'm
not doing any work on it. I have a design for a project to update
filereaper but so far no time or resource commitments to develop
it.
There is no current development on this project. Occasionally there are
bug fixes. The last bug fix was 2007-10-28.
- Secure: does not allow symbolic link attacks, and makes use of
chroot when run as root.
- Portable: written in Perl, the only porting required for a new OS would
be an implementation of that OS's get-free-space system call.
- Flexible: there are a number of configuration options for minimal
expiration time and subdirectory preservation.
- Real-Time: filereaper checks free space every two seconds and
maintains a list of old files in descending age order. Designed to be run
as a high-priority background task, it will detect low-disk-space conditions
as they happen and free disk space within seconds.
- It's written in Perl 4, which makes it error-prone and slow compared to
an optimized C implementation or even a Perl 5 modular implementation.
So far all of the errors have been harmless--there is a great deal of
sanity checking within the code to ensure that it does not unexpectedly
delete files, either through program error or malicious system cracking
attempts--however there is evidence of some OS or library bugs in Solaris
and every now and then some Perl versions (or just some Debian builds
of some Perl versions) have spontaneous crashing bugs or memory leaks.
- It's not your standard crontab file deletion script--this is a real
time garbage collector, designed to run all the time, not once per day.
Some people consider this to be a bug...
- It is essential that inode numbers are fixed, constant values stored
in or derived from the filesystem; the sanity checking that prevents
misuse of the daemon by system crackers will interpret dynamically
assigned or otherwise non-persistent inode numbers as an attempt to
circumvent system security. A similar problem arises with filesystems
where a directory inode can be reached through multiple paths
(e.g. through filesystem-level "snapshots" mechanisms on some enterprise
NAS systems, or if you have hardlinked directories). filereaper
assumes a tree, not a DAG.
- Don't run the program on a filesystem that is too full to meet the
minimum space threshold; filereaper will continually try
(and probably fail) to delete anything it can find until the situation
is resolved.
- OS and filesystem
- Just about any Unix flavor, including non-Unix filesystems that
preserve inode numbers. Runs on anything Perl runs on, provided that
a function for calculating free disk space is supplied.
- Languages and Libraries
- Perl 5. Actually mostly Perl 4, but just enough Perl 5 to stop it
from compiling on Perl 4. It could benefit from redesign.
- Red Hat Linux
- I exchanged email with ewt@redhat.com who wrote the original
tmpwatch that was part of Red Hat, although he didn't get it
entirely right. tmpwatch has since been rewritten a number of
times since I last read its source code.
- Debian GNU/Linux
- The people who maintain the Debian tmpreaper package
read my Bugtraq article where I explained security problems faced
by file reapers in general. The source code contains a URL (http://www.geek-girl.com/bugtraq/1996_2/0054.html)
that points to the Bugtraq article I wrote that started it all...
filereaper - documentation is in the
comments at the beginning of the Perl script, the code is at the end.
tmpclean - a sample script that I use
for cleaning filesystems, to show how filereaper is typically used.
You run this script at system start-up time, in the background.