While POSIX (now) actually specifies the desired behavior for rm, it does not (yet) for chown or chgrp.
IMHO, it would be a welcome change to make chown and chgrp reject an attempt to operate recursively on a root file system, even though POSIX has not yet required that behavior. In a way, adding this protection to chown and chgrp feels even more important than adding it for rm: these tools typically process files at a significantly higher rate than rm, so can inflict more damage in the time it might take an interactive user to realize the error and hit ^C. On Thu, Jun 18, 2020 at 3:14 PM Harald Koch <[email protected]> wrote: > > Hello, > > first, thank you to all of you making it possible to bring Unix to everyone > of us! > As a technical supporter, we see situations each day where we ask ourself how > this could happen. In the last seven days, we had to support our customers > who made big mistakes, and two times it was a very big effort to revert the > backups and make the system functional. These two situations both occured > (independently from each other) by changing permissions due to misconfigured > NFS and CIFS shares. The remote administrator tried to solve it by a simple > „chown“ or „chgrp“ recursively, which is wrong to solve the situation, but > that’s another point. The problem is, that they made a "chown -R www-data /" > - ok, bad idea afterwards. > My colleague (here in CC) tries to find out how this could easily enhanced, > and found in the man pages the section: > > --no-preserve-root > do not treat '/' specially (the default) > > --preserve-root > fail to operate recursively on ‚/' > > > So, there is an option to disallow this behavior. Would have been this set in > the call of chown, we would have saved much time (and customer’s money, which > flows into our pockets). The question is: if there is such a safety option, > why is it reverted to „by default unsafe“? In my understanding, it would be > better to have „--preserve-root“ be the default and to allow operation on „/" > only by option. I know this would have a big impact on existing scripts, but > I feel a bit disappointed by the administrator-friendlyness of these options. > It’s like having an airbag in a car, but you must enable it in exactly the > situation of an accident. > How do you feel about this? > > > Freundliche Grüße/Best regards, > > Harald Koch > > c-works GmbH > Otto-Lilienthal-Str. 36 > 71034 Böblingen > > E-Mail: [email protected] <mailto:[email protected]> > Tel.: +49-(0)7031-714-9440 > Fax: +49-(0)7031-714-9442 > > Geschäftsführer/Managing Director: Harald Koch > Sitz und Registergericht/Domicile and Court of Registry: Stuttgart > HRB-Nr./ Commercial Register No. 725882 > > — > Due to corona we moved to remote office, leading to possible telephone > quality degradation. > >
