Sunday, December 12, 2010

Running msec on on of my Mandriva machines turned up a number of world-writable files. These are potential security problems, especially on a machine that faces the Internet. The obvious solution was to use chmod to remove any world writable permissions.

But there's the problem. The chmod command has a recursive directive, -R, that would work except that it would change permissions on the directories as well. After all in *NIX, all directories are files.

Thanks to my friends at TWUUG, I discovered that the find command, used with its -exec directive could accomplish what I wanted.

find /xxx -type f -exec chmod o=-w {} + ;

Breaking this down:

find - the find command itself. Depending on what files you are modifying, you may need to be root.

/xxx - the path to where the files are located.

-type f - this tells find to look for files; type d would tell it to look for directories.

-exec - this directive tells find to execute the command that follows, in this case:

chmod - the command that will change permissions.

o=-w - the directive to chmod that sets the permissions of others to not writable. You can use whatever incantations of permissions that you need (see man chmod).

{} + - this appends each file selected by the find command to those that chmod will act upon.

`\' - Note: these characters are used to protect the expansion started by {} from the shell. I found that not only was it unnecessary on my Mandriva system, including it would cause the command to fail. YMMV.

; - this terminates the command.

No comments: