feat: only do a full chown of the /data directory if requested or if the /data directory is not owned by plone#201
Conversation
…the /data directory is not owned by plone
| find /data -not -user plone -exec chown plone:plone {} \+ | ||
| # Check ownership, OR check if we are explicitly forcing a fix | ||
| if [ "$(stat -c '%U' /data)" != "plone" ] || [ "$FORCE_CHOWN" = "1" ]; then | ||
| find /data -not -user plone -exec chown plone:plone {} \+ |
There was a problem hiding this comment.
Maybe log something before this starts, so it's more obvious when it happens?
There was a problem hiding this comment.
also find + chown is a lot slower, just use chown -R and it will be fast and you don't need any check :-) or, at least, move the check on the file, so do find and use stat to see if the file owner should be changed and change it only if needed. This avoid to write no fs when unnecessary. Something like "find /datadirectory ! ( -user plone -group plone ) -exec chown nomeutente:nomegruppo {} +"
Find will check if a file have an incorrect user or group and write only if it happens. So it should be very fast. For example (in a blobstorage I've created a file named zero with owner root and group plone):
$ ls -l 0
-rw-r--r-- 1 root plone 0 20 mar 10.08 0
$ time find . ! \( -user plone -group plone \) -exec echo {} +
./0
real 0m1,535s
user 0m0,654s
sys 0m0,880s
time find . | wc -l
133625
real 0m1,348s
user 0m0,559s
sys 0m0,854s
# time find . ! \( -user plone -group plone \) -exec chown plone:plone {} +
real 0m1,452s
user 0m0,637s
sys 0m0,813s
root@portaletest:/usr/local/sw/plone/plone_prod2025/var/blobstorage# ls -l 0
-rw-r--r-- 1 plone plone 0 20 mar 10.08 0
in a couple of seconds you can check things, and the time depends on the number of files to fix. Said that, it is quite uncommon to have mixed users/group in the blobstorage, so I don't know if this optimisation can really help. Also, the command above don't check for file permissions/suid directories.
So the best command is:
$ time chown -R plone:plone .
real 0m1,606s
user 0m0,495s
sys 0m1,109s
but this is because -R already checks if the owner and group are already ok. So you've the check already in place in chown -R. In this case it is all ok and in a 1,6 secs you can do the check. This is a local filesystem, things can be different in other cases but the command just read until it really needs to write. Chown has a -c flag that outputs only changed files, it can be handy when testing.
Note: beware of syntax and escaping in the find command above, can be tricky because of ! and (
There was a problem hiding this comment.
Thank you for your stats @yurj.
I have 2 sites that I have already moved to plone-backend + plone-zeo and where I have running a custom plone-backend image without the find-chown dance. When I run the said chown command I get the following information:
Site 1: 590667 blobs
real 2m38.144s
user 0m0.010s
sys 0m0.005s
Site 2: many more blobs than Site 1. It is still running after more than 30 minutes and hasn't finished yet 😓
In this other site, I have a buildout based project, and I have run the same command:
Site 3: 95238 blobs
real 0m22.840s
user 0m0.572s
sys 0m5.470s
So I will update the PR to add the information message as suggested.
|
I have added an output message to signal that the docker image is running the find & chown commands. I have also added some tests for this functionality. If accepted, I will forward-port this to the 6.2 branch too. |
3 participants
As an alternative to #198, here I check that the
datafolder is owned byploneand run thefind-and-chownonly if it is not.I also add an option to explicitly run the the find-and-chown if a given env var is passed.