limiting find(1) in /etc/periodic scripts
Polytropon
freebsd at edvax.de
Mon Jul 20 09:40:40 UTC 2015
On Mon, 20 Jul 2015 04:10:09 -0500, Scott Bennett wrote:
> What is the best way to keep find(1) in the various /etc/periodic
> scripts from descending into certain directories?
If I remember correctly, find will only descend into directories
that have the o+rx attribute (readable by everyone). If you do
not want a subtree to be searched, make sure it's +rx for the
owner and +rx for the group, as well as +w where needed, usually
+rwx for the user. A typical setting then is drwxr-x--- for such
directories.
There is another problem:
Directories such as /root should not be searched. The problem
is that there will be an additional information leak, like
$ locate system_secrets
/root/system_secrets.txt
And if "descriptive" file names (including names, locations,
ID numbers, etc.) are involved, well...
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list