LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to find root owned world writable files? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-find-root-owned-world-writable-files-837378/)

pinga123 10-11-2010 06:27 AM
How to find root owned world writable files?
 
Being a system administrator i came across a statement as " Excluding temporary directories /tmp and /var/tmp, no root owned files should be in world writable directories"

While the above statement may look straight forward but how would i check if there are any such directories in the distribution?

acid_kewpie 10-11-2010 06:39 AM
Code:
find / -owner root -perm /o=w
should cover it i think.

pinga123 10-11-2010 06:59 AM
Quote:
Originally Posted by acid_kewpie (Post 4123764)
Code:
find / -owner root -perm /o=w
should cover it i think.
I think this will be more appropriate .

Correct me if i m wrong.



Code:
# find / -type d -user root -perm /o=w

angel115 10-11-2010 07:21 AM
~~mistake~~

acid_kewpie 10-11-2010 07:22 AM
certainly it's -user, not -owner. doh.

GrapefruiTgirl 10-11-2010 07:39 AM
So, I'm still missing something here. Won't the solution(s) offered, identify root-owned other-writeable directories, but not check whether there's any root-owned files in there (and if there aren't, then the directory should be filtered out of the results, no?)?

acid_kewpie 10-11-2010 07:46 AM
Quote:
Originally Posted by GrapefruiTgirl (Post 4123821)
So, I'm still missing something here. Won't the solution(s) offered, identify root-owned other-writeable directories, but not check whether there's any root-owned files in there (and if there aren't, then the directory should be filtered out of the results, no?)?
-d is short for "da files"

grail 10-11-2010 07:53 AM
Well your query says root owned 'files' not directories so '-type d' would be incorrect.
I believe you would need to pipe food into a while loop and check if directory had the correct perms.

Something like:
Code:
while read -r test_file
do
    [[ $(stat -c%A "$test_file") =~ .w.$ ]] && echo "${test_file%/*}"
done< <(find -type f -user root)
Edit: Forgot to print the right thing ... oops

acid_kewpie 10-11-2010 08:00 AM
Quote:
Originally Posted by grail (Post 4123839)
Well your query says root owned 'files' not directories so '-type d' would be incorrect.
I believe you would need to pipe food into a while loop and check if directory had the correct perms.

Something like:
Code:
while read -r test_file
do
    [[ $(stat -c%A "$test_file") =~ .w.$ ]] && echo "$test_file"
done< <(find -type f -user root)
Why do I keep misreading things? Yes, you would have a two stage thing here as find doesn't keep any context in terms of what files are in what directories. So you'd need to find the directories and then see if in that directory there are any files owned by root.

GrapefruiTgirl 10-11-2010 08:33 AM
Thanks grail & Chris - that clears things up!

grail, I had been working on something similar to what you've got there, but yours looks better. :)

grail 10-11-2010 08:35 AM
thanks :)

pinga123 10-11-2010 11:28 PM
Quote:
Originally Posted by grail (Post 4123885)
thanks :)
Its seems i have thousands of files lying there .
Not sure about whatever i did is correct.Here listing the things i did.

I have created a bash script named tempprogram.sh

place it under / directory.

executed.

content:
Code:
# cat testprogram.sh
#!/bin/bash

while read -r test_file
do
    [[ $(stat -c%A "$test_file") =~ .w.$ ]] && echo "${test_file%/*}"
done< <(find -type f -user root)
Output:(only some part of output is pasted as its too much to post.
Code:
./proc/5834/task/5834/attr
./proc/5834/task/5834/attr
./proc/5834/task/5834/attr
./proc/5834/task/5834/attr
./proc/5834/task/5834/attr
./proc/5834/task/5855/attr
./proc/5834/task/5855/attr
./proc/5834/task/5855/attr
./proc/5834/task/5855/attr
./proc/5834/task/5855/attr
./proc/5834/attr
./proc/5834/attr
./proc/5834/attr
./proc/5834/attr
./proc/5834/attr
./proc/5999/task/5999/attr
./proc/5999/task/5999/attr
./proc/5999/task/5999/attr
./proc/5999/task/5999/attr
./proc/5999/task/5999/attr
./proc/5999/task/6007/attr
./proc/5999/task/6007/attr
./proc/5999/task/6007/attr
./proc/5999/task/6007/attr
./proc/5999/task/6007/attr
./proc/5999/task/6382/attr
./proc/5999/task/6382/attr
./proc/5999/task/6382/attr
./proc/5999/task/6382/attr
./proc/5999/task/6382/attr
./proc/5999/attr
./proc/5999/attr
./proc/5999/attr
./proc/5999/attr
./proc/5999/attr
./proc/6001/task/6001/attr
./proc/6001/task/6001/attr
./proc/6001/task/6001/attr
./proc/6001/task/6001/attr
./proc/6001/task/6001/attr
./proc/6001/attr
./proc/6001/attr
./proc/6001/attr
./proc/6001/attr
./proc/6001/attr
./proc/6028/task/6028/attr
./proc/6028/task/6028/attr
./proc/6028/task/6028/attr
Please guide me on next course of action.

grail 10-12-2010 12:20 AM
Just noticed that we are also stating the file and not the directory ... my bad.
Change the following:
Code:
$(stat -c%A "$test_file")

# to

$(stat -c%A "${test_file%/*}")
Now we will be testing if the directory is writable and not the file :redface:

chrism01 10-12-2010 01:21 AM
@pinga123: /proc is a window into the kernel; ignore that dir

pinga123 10-12-2010 11:26 PM
Please find the modified code but even this seems to generate lot of output entries i guess they and in lacks.
Please help.
Quote:
# cat testprogram.sh
#!/bin/bash

while read -r test_file
do
[[ $(stat -c%A "${test_file%/*}") ]] && echo "${test_file%/*}"
done< <(find -type f -user root)


All times are GMT -5. The time now is 05:46 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page