On Fri, Aug 16, 2019 at 11:42:12PM -0500, David Wright wrote:
> Difficult to say. My reaction would be to check the ownership of all
> non-root-owned files. Because of the potential for trouble like the
> above, I routinely keep a list on each system.
>
> # find / -mount \( ! -group 0 -o ! -user 0 \) -ls | awk '{printf "%s %s
> %s\n", $5, $6, $11}' | sort -k 3 > /root/non-root-owned-files
The use of $11 here assumes the filename doesn't contain any whitespace.
It'll break if one does. You'd be better off using GNU find's -printf
features, than parsing the output of -ls with awk.
Looks like you want the username, groupname, and filename. So that would
be:
find / -mount \( ! group 0 -o ! -user 0 \) -printf '%u %g %p\n' |
sort -k 3 > /root/non-root-owned-files
