
An important safety note about chown and symlinks (also chmod and chgrp) - zdw
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/ChownSymlinkSafety
======
jlgaddis
From a follow-up article [0]:

> _As it happens, I was mistaken about some aspects of the situation with
> chown._

\---

[0]:
[https://utcc.utoronto.ca/~cks/space/blog/sysadmin/ChownSymli...](https://utcc.utoronto.ca/~cks/space/blog/sysadmin/ChownSymlinkSafetyII)

------
mehrdadn
Related pro tip that no one ever explained to me:

In POSIX commands (like 'find'), -P means perform this operation on the
_physical_ hierarchy. (What does that mean? Physical stuff can't be recursive.
So that implies symlinks aren't dereferenced.) -L means perform it on the
_logical_ hierarchy (i.e. where links are followed), and -H (not sure what it
might stand for? hard links?) behaves like -P during recursion and like -L at
the top level.

Unfortunately these don't explain what happens on mount points. Turns out
there's also sometimes a -x or -xdev option (on Linux at least) that means
"don't go across mount points". So on a command like 'find' on Linux, you
probably always want -xdev in addition to -P.

~~~
jackewiehose
> So on a command like 'find' on Linux, you probably always want -xdev in
> addition to -P.

No, why? A default of -P is fine but a default of -xdev would mean you
couldn't search everything like find / ...

edit: Not sure where you got "physical" hierarchy. Here is the debian
explanation of -P:

    
    
        -P     Never  follow  symbolic links.  This is the default behaviour.  When find examines or prints information a file,
               and the file is a symbolic link, the information used shall be taken from the properties of  the  symbolic  link
               itself.

~~~
yread
Why would you do find / ... instead of locate ... ?

~~~
usefulcat
Probably either because the locate database could be out of date, or because
you want to do any number of things that find can do that locate can't
(-mtime, -executable, -fstype, -links, etc).

------
wicket
I found it interesting to compare the four chown manuals (POSIX, GNU, FreeBSD
and OpenBSD) and can see why the author may have been confused about the -h
switch.

The POSIX manual is the only one that explicitly states that -h applies to
each file operand (as opposed to files encountered during the traversal from
-R). The SYNOPSIS section also makes it clear how it differs.

FreeBSD kind of gets it right, but without the word "operand" it could easily
be misinterpreted.

GNU uses the word "referenced" which could also be open to misinterpretation.

The OpenBSD manual doesn't really make it clear at all, but kind of implies it
with the comment about -h and -R options being mutually exclusive.

------
inopinatus
Back in the day you could write a core dump through a symlink. In conjunction
with other bugs this made a very exploitable privilege escalation.

You’d think modern tooling would know better, but no. Chef can happily write
templates through a symlink, and this will, bizarrely, even be the default in
future.

------
philsnow
The article doesn't say what to do if you only have gnu chmod.

    
    
        find dirname \! -type l -exec chmod a+r {} \;
    

Could do what you want. Maybe there should be more exclusions? Are symlimks
the only dangerous thing?

------
renewiltord
Clearly I have been doing completely unsafe things for some twenty years now.
This blows my mind.

------
hacker_newz
This isn't a safety note, it's a warning not to use flags that you don't fully
understand.

~~~
gruez
>it's a warning not to use flags that you don't fully understand.

and how many people were told to do chown -R from stackoverflow?

~~~
jlgaddis
I suppose people blindly following suggestions on the Internet will eventually
learn a hard lesson -- don't.

Corollary: Learn to RTFM.

Unless you've went out of your way to avoiding installing the documentation
(man pages, etc.), all the answers you need (well, most of them) are right
there on your own system.

~~~
loopz
There should be sane defaults though, instead of expecting everyone to have to
learn the same thing.

~~~
greglindahl
Unix is user-friendly. It also has high expectations of its users.

