| View previous topic :: View next topic |
| Author |
Message |
_uniplex
n00b
Joined: 02 Mar 2004
Posts: 2
|
 Posted: Mon Mar 08, 2004 11:31 am Post subject: security guide, section 7, reloaded. :) |
 |
|
A couple days ago I posted something similar but I found that it was a little buggy and deleted it from the forums. Hopefully this aint as bad. 
To get the list of world writable files and store their full pathname along with their original permissions, and the permissions they need have in order to not be world or group writable I've done this.
| Code: | | /usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -printf "%m " -print0 | while read -rd $'\000' var; do [[ $(echo ${var%% *} | wc -m) = "5" ]] && z=${var:0:1} && var=${var:1}; case ${var:1:1} in 2|3|6|7) a=$(( ${var:1:1} - 2 )) && c=1 ;; *) a=${var:1:1} ;; esac; case ${var:2:1} in 2|3|6|7) b=$(( ${var:2:1} - 2 )) && c=1 ;; *) b=${var:2:1} ;; esac && [[ -n $z ]] && echo $z${var%% *} $z${var:0:1}$a$b ${var#* } || ( [[ -n $c ]] && echo ${var%% *} ${var:0:1}$a$b ${var#* } ); unset {a,b,c,z,var}; done | tee -a ${HOME%/}/writable.txt |
Then to change the permissions I did this.
| Code: | | while read var; do set -- $var; b="$2"; shift 2; chmod $b $@; done < <(echo "$(< ${HOME%/}/writable.txt)") |
Incase that breaks something we still have ${HOME%/}/writable.txt with all the original file permissions, so to undo them I could do this:
| Code: | | while read var; do set -- $var; a="$1"; shift 2; chmod $a $@; done < <(echo "$(< ${HOME%/}/writable.txt)") |
Last edited by _uniplex on Sun Mar 14, 2004 6:53 pm; edited 3 times in total |
|
| Back to top |
|
 |
Greven
Tux's lil' helper
Joined: 28 Jul 2002
Posts: 138
|
| Posted: Mon Mar 08, 2004 2:35 pm Post subject: |
|
|
This looks nice and all..... but how do I use this?  Sorry but I'm still learning unix and bash.
_________________
veritas vos liberabit...
Linux User Number: 346805
Wine-Wiki
AMD 64 3500+ | MSI "K8T NEO2-FIR" | mushkin Dual Channel DDR 400 |
|
| Back to top |
|
|
_uniplex
n00b
Joined: 02 Mar 2004
Posts: 2
|
| Posted: Mon Mar 08, 2004 9:48 pm Post subject: |
|
|
You can copy and paste the lines individually just as they are into a bash shell and hit enter. They should be run in the order that they are listed from top to bottom.
The second line is the one that actually changes any file permissions.
If it causes any programs to break then simply re-emerging the package should fix it. If that's not enough you can run the third and last line to undo all the changes back to the way they were originally.
The code in section 7 of the security guide doesn't properly handle files which contains spaces in their names. And they show you a little about how to use chmod to manually change the files permissions. And that should be enough for most people I guess. Me, I just run something like this and be done with it (not saying that my other code doesn't work just fine too.)
| Code: | | /usr/bin/find / type f \( -perm -2 -o -perm -20 \) -print0 | xargs -i -0 chmod go-w {} |
note. find is a fast utility. the same can't always be said for bash and while read loops. Be ready for that massive bash line to take a while on a slow computer with alot of group and world writable files. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
