[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Safety option "--preserve-root" in chown/chgrp
From: |
Jim Meyering |
Subject: |
Re: Safety option "--preserve-root" in chown/chgrp |
Date: |
Sun, 23 Aug 2020 12:24:32 +0200 |
While POSIX (now) actually specifies the desired behavior for rm, it
does not (yet) for chown or chgrp.
IMHO, it would be a welcome change to make chown and chgrp reject an
attempt to operate recursively on a root file system, even though
POSIX has not yet required that behavior. In a way, adding this
protection to chown and chgrp feels even more important than adding it
for rm: these tools typically process files at a significantly higher
rate than rm, so can inflict more damage in the time it might take an
interactive user to realize the error and hit ^C.
On Thu, Jun 18, 2020 at 3:14 PM Harald Koch <h.koch@c-works.de> wrote:
>
> Hello,
>
> first, thank you to all of you making it possible to bring Unix to everyone
> of us!
> As a technical supporter, we see situations each day where we ask ourself how
> this could happen. In the last seven days, we had to support our customers
> who made big mistakes, and two times it was a very big effort to revert the
> backups and make the system functional. These two situations both occured
> (independently from each other) by changing permissions due to misconfigured
> NFS and CIFS shares. The remote administrator tried to solve it by a simple
> „chown“ or „chgrp“ recursively, which is wrong to solve the situation, but
> that’s another point. The problem is, that they made a "chown -R www-data /"
> - ok, bad idea afterwards.
> My colleague (here in CC) tries to find out how this could easily enhanced,
> and found in the man pages the section:
>
> --no-preserve-root
> do not treat '/' specially (the default)
>
> --preserve-root
> fail to operate recursively on ‚/'
>
>
> So, there is an option to disallow this behavior. Would have been this set in
> the call of chown, we would have saved much time (and customer’s money, which
> flows into our pockets). The question is: if there is such a safety option,
> why is it reverted to „by default unsafe“? In my understanding, it would be
> better to have „--preserve-root“ be the default and to allow operation on „/"
> only by option. I know this would have a big impact on existing scripts, but
> I feel a bit disappointed by the administrator-friendlyness of these options.
> It’s like having an airbag in a car, but you must enable it in exactly the
> situation of an accident.
> How do you feel about this?
>
>
> Freundliche Grüße/Best regards,
>
> Harald Koch
>
> c-works GmbH
> Otto-Lilienthal-Str. 36
> 71034 Böblingen
>
> E-Mail: h.koch@c-works.de <mailto:h.koch@c-works.de>
> Tel.: +49-(0)7031-714-9440
> Fax: +49-(0)7031-714-9442
>
> Geschäftsführer/Managing Director: Harald Koch
> Sitz und Registergericht/Domicile and Court of Registry: Stuttgart
> HRB-Nr./ Commercial Register No. 725882
>
> —
> Due to corona we moved to remote office, leading to possible telephone
> quality degradation.
>
>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Safety option "--preserve-root" in chown/chgrp,
Jim Meyering <=