[Slackbuilds-users] Sanitizing permissions
elyk03 at gmail.com
Sat Jan 4 05:06:11 UTC 2014
I have been using this chmod command in my scripts to sanitize permissions:
chmod -R u+w,go-w,a+rX-st .
In plain english, that will give read access to everyone, write access
only to the owner, exec access to everyone if anyone has it, and
remove all the special permissions (SUID/SGID/SVTX).
Recently there was a mass change  to convert everything over to the
find/exec command in the template. This has a number of bad side
1. It's ugly and takes up five lines instead of one.
2. It's slow. After untarring the source for large packages, I
notice a long pause with no output from the script, and I start to
wonder if something is wrong. If I run that find/exec command against
the Linux kernel tree:
Ouch, three and a half minutes. The chmod command is almost
instantaneous on the same set of files:
3. It doesn't match a lot of combinations. How about 700, 550, 500,
660, or even 000? What about something unnatural like 574? Adding
all these combinations probably won't improve on the ugly or slow
4. It doesn't match files with the SUID, SGID, or SVTX (sticky) bits
set, which I occasionally see in some tarballs. Those files will
escape detection and won't have their permissions sanitized. We would
have to add even more combinations...
So, are we going to be forced to use the find/exec command going
forward, or are we free to switch it back?
More information about the SlackBuilds-users