On Wed, 18 Feb 2004 23:30, Kristopher Matthews <[EMAIL PROTECTED]> wrote: > > This is a security nightmare. I would *not* recommend doing any such > > thing in a user filesystem. > > You're making the assumption that he LIKES his users. :)
It's not a matter of whether the admin likes his users, it's whether they like him. A hostile user can create a hard link to /etc/shadow, /etc/passwd, etc in their home directory. Then such a recursive chown will give the hostile user root on the machine. If you are going to change such things then you need to use the -uid or -gid options to find (depending on whether you are changing the UID or GID), and you need to do it when the machine is in single-user mode (IE no-one can login and cron jobs can't run). The other way of doing it properly is to write a program that open's each file, calls fstat() to check the UID/GID, then uses fchown() or fchmod(). It would be nice if someone was to patch the -R option of chown/chgrp/chmod in coreutils to do this sort of thing. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page