mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-09 00:44:49 +08:00
74 lines
2.9 KiB
Bash
74 lines
2.9 KiB
Bash
|
#! /usr/bin/env bash
|
||
|
|
# vim: set filetype=sh ts=4 sw=4 sts=4 et:
|
||
|
|
#
|
||
|
|
# This scripts removes the empty folders that may pile up in each users' home
|
||
|
|
# directory, under the ttyrec/ folder. As every server they connect to has its
|
||
|
|
# own folder there (1 IP = 1 folder), and as ttyrecs are rotated and moved out by
|
||
|
|
# the `osh-encrypt-rsync.pl` script, we might end up with a lot of empty
|
||
|
|
# subfolders there. This is especially true for users that tend to connect to
|
||
|
|
# a lot of different servers (maybe to never connect there again) over the course of time.
|
||
|
|
|
||
|
|
basedir=$(readlink -f "$(dirname "$0")"/../..)
|
||
|
|
# shellcheck source=lib/shell/functions.inc
|
||
|
|
. "$basedir"/lib/shell/functions.inc
|
||
|
|
|
||
|
|
trap "_err 'Unexpected termination!'" EXIT
|
||
|
|
|
||
|
|
# setting default values
|
||
|
|
LOGFILE=""
|
||
|
|
LOG_FACILITY="local6"
|
||
|
|
ENABLED=1
|
||
|
|
MTIME_DAYS=1
|
||
|
|
|
||
|
|
# building config files list
|
||
|
|
config_list=''
|
||
|
|
if [ -f "$BASTION_ETC_DIR/osh-remove-empty-folders.conf" ]; then
|
||
|
|
config_list="$BASTION_ETC_DIR/osh-remove-empty-folders.conf"
|
||
|
|
fi
|
||
|
|
if [ -d "$BASTION_ETC_DIR/osh-remove-empty-folders.conf.d" ]; then
|
||
|
|
config_list="$config_list $(find "$BASTION_ETC_DIR/osh-remove-empty-folders.conf.d" -mindepth 1 -maxdepth 1 -type f -name "*.conf" | sort)"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ -z "$config_list" ]; then
|
||
|
|
exit_fail "No configuration loaded, aborting"
|
||
|
|
fi
|
||
|
|
|
||
|
|
# load the config files only if they're owned by root:root and mode is o-rwx
|
||
|
|
for file in $config_list; do
|
||
|
|
if check_secure "$file"; then
|
||
|
|
# shellcheck source=etc/bastion/osh-remove-empty-folders.conf.dist
|
||
|
|
. "$file"
|
||
|
|
else
|
||
|
|
exit_fail "Configuration file not secure ($file), aborting."
|
||
|
|
fi
|
||
|
|
done
|
||
|
|
|
||
|
|
# shellcheck disable=SC2153
|
||
|
|
if [ -n "$LOGFILE" ] ; then
|
||
|
|
exec &>> >(tee -a "$LOGFILE")
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ "$ENABLED" != 1 ]; then
|
||
|
|
exit_success "Script is disabled"
|
||
|
|
fi
|
||
|
|
|
||
|
|
# first, we list all the directories to get a count
|
||
|
|
_log "Counting the number of directories before the cleanup..."
|
||
|
|
nbdirs_before=$(find /home/ -mindepth 3 -maxdepth 3 -type d -mtime +$MTIME_DAYS -regextype egrep -regex '^/home/[^/]+/ttyrec/[0-9.]+$' -print | wc -l)
|
||
|
|
|
||
|
|
_log "We have $nbdirs_before directories, removing empty ones..."
|
||
|
|
# then we pass them all through rmdir, it'll just fail on non-empty ones.
|
||
|
|
# this is (way) faster than trying to be smart and listing each and every directory's contents first.
|
||
|
|
find /home/ -mindepth 3 -maxdepth 3 -type d -mtime +$MTIME_DAYS -regextype egrep -regex '^/home/[^/]+/ttyrec/[0-9.]+$' -print0 | xargs -r0 rmdir -- 2>/dev/null
|
||
|
|
|
||
|
|
# finally, see how many directories remain
|
||
|
|
_log "Counting the number of directories after the cleanup..."
|
||
|
|
nbdirs_after=$(find /home/ -mindepth 3 -maxdepth 3 -type d -mtime +$MTIME_DAYS -regextype egrep -regex '^/home/[^/]+/ttyrec/[0-9.]+$' -print | wc -l)
|
||
|
|
|
||
|
|
_log "Finally deleted $((nbdirs_before - nbdirs_after)) directories in this run"
|
||
|
|
|
||
|
|
# note that there is a slight TOCTTOU in the counting, as some external process might actually *add*
|
||
|
|
# directories so our count might be slightly wrong, but as this is just for logging sake, this is not an issue
|
||
|
|
|
||
|
|
exit_success "Done"
|