|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] -R vs. find(1) + xargs(1)
|
| I let it slide at to(last?)night's meeting, but here's the number 1
| reason you never want to use -R (there are others): -R will follow
| sym links, whereas you can always tell find(1) not to.
I'm sure that somewhere, someone has a chmod/chown that
follows symlinks, but "most" systems do "the right thing".
in typical POSIX silliness though, the issue is left inconsistent,
vague, and not entirely addressed in the standard:
chmod does not address or mention symlinks at all
chown + chgrp specify that -P -L and -H will determine
how symlinks will be handled. it does not specify the
default behavior if none of -[PLH] is given.
so while there may be potential danger in ch{own,grp,mod}
danger also lurks in find (see below).
| Suppose you're moving a bunch of users from one system to another.
| uids conflict, so you'll have to chown and chgrp (if you think you
| don't need to chgrp, you must not have any users sharing files, or
| no conflict gids for those shared groups) all over /home (or
or you know that chown will take a group argument, so that
you can do with both with one command.
| equivalent; while I'm at it, if you're on Solaris and you think you
| can get away with chown and chgrp at all rather than setfacl, you'll
end-users don't know about acls. you'll be fine. :-)
| lose). You do it with -R, and Joe "Local Root" Cracker has a sym
| link to /etc/shadow in his home directory. Whoops. Then you realize
| you missed the dot-files and do -R on .*. Yikes. Go find a tape
| backup (you've got one, of course?): you're hosed.
|
| Note that some ch{mod,grp,own}(1)s have a -P flag which says "never
| follow sym links". That's nice. It's probably even a Posix standard.
see above, re POSIX.
| I don't trust it. Sun's stuff, for instance, still lacks it in
| Solaris 8 (and Solaris 9, I think, though I don't have a copy around
| any more to check). No, you don't want to use GNU's utilities for
| this on Solaris (or FreeBSD, btw), as they'll mangle ACLs.
|
| In any case, the point is that recursion should scare you a lot in
| file systems. You should take the time to make sure it won't hurt
| anything. But that's time you could take just thinking of all the
| cases (there really aren't that many) and constructing a proper find
| xargs command line.
|
| (On a related note, you *really* want to use GNU find(1)'s -print0
| and their xargs(1) -0 flags. You want to use them badly enough to
| install them on Sun systems, which still lack these intensely useful
| features. Especially where Samba and users unaware of Unix naming
| conventions are involved. You may not need them every time, but
| the first time you needed them and didn't use them, you'll know that
| you really just want to use them all the time and not repeat the
| agony.)
the first time you needed them and didn't use them is already too late.
get out your backup tapes--you are "owned".
you should *never* run 'find ... -print | xargs' on directories
in which potentially untrustable end-users have write access
(eg. /tmp or user home dirs).
*always* use the -print0 form or the -exec form.
consider the case of a user creating a set of files/dirs
called "foo /etc/passwd" (ie. with a space)
oops.
on a system where '-R' does not follow symlinks, ch{own,mod,grp}
are not exploitable like the above find.
when in doubt, read the man page.
and hey, let's be careful out there.
--jeff
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|