[RTFACT-16594] Yum upgrade of Artifactory or RPM upgrade should only change ownership of files that are not owned by "artifactory" user Created: 04/May/18  Updated: 20/Aug/19

Status: Open
Project: Artifactory Binary Repository
Component/s: Installer, YUM
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Normal
Reporter: Nihal Reddy Chinna Choudhary Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: artifactory
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Support Tickets:

US Army CERDEC I2WD - MD - Support Case, Kinaxis - Support Case, EA Electronic Arts - Support Case

Product Comments: 31-May-2019: Support, please follow-up with Or Gat who's responsible for the installers.

 Description   

Yum upgrade of Artifactory or RPM upgrade should only change ownership of files that are not owned by "artifactory" user during the upgrade. Currently the yum installer runs a chown on the entire $ARTIFACTORY_HOME/ folder recursively and since the filestore also exists under the $ARTIFACTORY_HOME/ this can take very long time on Secure Linux systems.

As the "filestore" contains all the binaries the "chown" can take a long time to complete on secure systems where it is an audited event and generated a lot of syslog messages.

Instead of running chown recursively to set the "artifactory" user as owner on all files and folders under $ARTIFACTORY_HOME/ we should find the files that are not owned by "artifactory" user and "chown" only those files.



 Comments   
Comment by Ken Martindale [ 20/Aug/19 ]

I'm not sure if doing a find would really be that much faster because it still has to traverse every entry.  Perhaps on a secure system.

Regardless, we have very large Artifactory servers (tens of TBs and tens of millions of binaries) and the chown is by far the longest step in our software upgrade process.  It can take an hour or more to complete, and may not even actually change the ownership of a single file.  I'd prefer to just do the find and/or chown myself at my own convenience (if it's really even needed) instead of stalling the installation of the RPM for an hour while it runs a chown on 30 million files.

Generated at Sun Dec 15 03:57:57 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.