FYI: safe use of chown ( was Re: kstartupconfig ?)

Mon Nov 10 09:33:39 GMT 2008

On Monday 10 November 2008 05:21:30 Stephen Dowdy wrote:
> Anne Wilson wrote, On 11/09/08 13:51:
> > Funnily enough, I met exactly this error message yesterday.  All I needed
> > to do was to boot into single user mode, then chown -R username:groupname
> > /home/username for the remaining users.
>
> Anne and all,
>
> A tangential word of caution...
> (this is mainly for those who admin multi-user systems where
> you have to consider your user-base as potentially hostile or
> compromised, not necessarily personal/home systems)
>
> # whoami
> joe
>
> # cd ; pwd
> /home/joe
>
> # ln -s /etc/passwd passwd
>
> Guess what happens when you come along as root and do:
>
> chown -R joe:joegroup /home/joe   ???
>
> /etc/passwd gets owned by 'joe'.  (according to POSIX rules on
> symlink dereferencing.  (see chown() and lchown())
>
>
> I have learned to get in the habit of ALWAYS typing '-h' with '-R':
>
>    chown -hR user:group {dir}
>
> where '-h' specifies to NOT traverse/dereference symlinks.
>
> Because all unix-like distributions behave differently, you may need to
> figure out if your linux/unix operates in this fashion and you otherwise
> may need to use some combination of 'find -exec' and variant options to not
> traverse symlinks to do 'chown' operations safely.
>
I've not seen that particular bit of advice before, and it's very valuable.  
Thanks.

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde/attachments/20081110/bed21d51/attachment.sig>
-------------- next part --------------
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.