[pfx-dev] [PATCH] fix false positive warning in postfix-script

[wagner riffel via Postfix-devel]

I have a system which the root user name is not root, that makes those "find
-user root" commands spam false positives at postfix startup, It would be
possible to change to "-user 0" instead, but that would generate false positives
whenever there's a user named 0 in the system. In this system there's -uid
option in find (coreutils find), but I found that this option is not in POSIX
find manual thus I assume it would break the script on BSDs systems. (I didn't
tested this patch in such system tho)

The patch is a little clumsy and inefficient since it needs to exec ls for every
file it finds, but there's not many of them and in my tests it didn't impact the
overall startup time. I'm not very skilled writing portable scripts so if you
better, let know.

BR.

-w


diff --git conf/postfix-script conf/postfix-script
index c43d764fb..f894467aa 100755
--- conf/postfix-script
+++ conf/postfix-script
@@ -307,8 +307,12 @@ check-warn)
        # Check Postfix root-owned directory owner/permissions.
 
        find $queue_directory/. $queue_directory/pid \
-           -prune ! -user root \
-           -exec $WARN not owned by root: {} \;
+           -prune -exec ls -nd {} \; |
+           while read -r _ _ uid _ _ _ _ _ file; do
+               if [ $uid -nt 0 ]; then
+                   $WARN not owned by root: $file
+               fi
+           done
 
        find $queue_directory/. $queue_directory/pid \
            -prune \( -perm -020 -o -perm -002 \) \
@@ -324,8 +328,12 @@ check-warn)
        }
        todo=`echo "$todo" | tr ' ' '\12' | sort -u`
 
-       find $todo ! -user root \
-           -exec $WARN not owned by root: {} \;
+       find $todo -exec ls -nd {} \; |
+           while read -r _ _ uid _ _ _ _ _ file; do
+               if [ $uid -eq 1 ]; then
+                   $WARN not owned by root: $file
+               fi
+           done
 
        find $todo \( -perm -020 -o -perm -002 \) \
            -exec $WARN group or other writable: {} \;
@@ -371,8 +379,12 @@ check-warn)
        for dir in bin etc lib sbin usr
        do
            test -d $dir && {
-               find $dir ! -user root \
-                   -exec $WARN not owned by root: $queue_directory/{} \;
+               find $dir -exec ls -nd {} |
+                   while read -r _ _ uid _ _ _ _ _ file; do
+                       if [ $uid -nt 0 ]; then
+                           $WARN not owned by root: $file
+                       fi
+                   done
 
                find $dir -type f -print | while read path
                do

_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org