Re: chmod, chgrp and symlinks

From: Wulfgard (wulfgard@spacemail.com)
Date: 02/03/03 

From: "Wulfgard" <wulfgard@spacemail.com>
Date: Mon, 3 Feb 2003 00:46:22 +0100

Hello

there is a solution to disable symlinks
you can create a specific ext3 or ext2 device with the symlink option
disable and also other
things like disable execution of compiled or scripts

best regards
a++

"luc wastiaux" <luc@nospam.com> a écrit dans le message de news:
slrnb3r345.vbg.luc@grizzly.dont-panic.info...
> Consider the following shell script, run every night:
>
> #!/bin/sh
> dir="/usr/space/mp3"
>
> chown -R luc.mp3 $dir/luc/
> chown -R guy.mp3 $dir/guy/
> chown -R armelle.mp3 $dir/armelle/
> find $dir -name *.mp3 -exec chmod 640 {} \;
> find $dir -name *.pls -exec chmod 640 {} \;
> find $dir -type d -exec chmod 750 {} \;
> chmod 660 ${dir}/*.mp3 > /dev/null 2>&1
>
> The purpose of this script is to make sure that every mp3 file is readable
> by everyone in the mp3 group, but not writeable by anyone else than the
> owner.
>
> The problem is that I (as user 'luc') can create a symlink in
> /usr/space/mp3/luc to whatever interesting file I would like to see the
> contents of, or modify, and have full access to the file as soon as the
> script is run.
>
> Is there a way of changing permissions in a secure fashion ? I couldn't
> see any "don't follow symlinks" option in man chmod.
>
> thanks.
>
> --
> luc wastiaux
> $> finger luc@info.4002.org

Relevant Pages

  • Re: accessing the files
    ... script in server X and the path of files in script is according to ... On host A, the symlinks point one way, on ... Still a 3rd option, is to mount one path onto another, various unix's do ...
    (comp.unix.questions)
  • Re: sunrpc & finger ports.
    ... I'm not a slackware guy, so I don't know the exact commands. ... There should be a script per ... The tool, whatever it's called on slackware, will change some symlinks ... symlinks are used, and control, startup and shutdown sequences for each ...
    (comp.os.linux.security)
  • Re: Networking / Kill Questions
    ... > that's going to be available on nearly all systems with a SystemV style ... No a lazy sysadmin will write a script to put these symlinks where they ... They will also have a discusion on how to do this: ...
    (alt.os.linux.suse)
  • Re: Corrupt inittab/rc.sysinit?
    ... Change it so it loaded to a text local login on boot. ... >it so I tried adding a sh script into rc.d and then followed ... Don't create symlinks manually. ... Read 'man chkconfig' and look at the existing scripts. ...
    (alt.os.linux.redhat)
  • Re: Goofiness on OSX
    ... I tried a few cases of symlinks pointing to scripts ... when I call my script ... It's intended for starting wish from the command line. ... which OSX Finder starts as it would any other .app. ...
    (comp.lang.tcl)