On 12/20/2014 at 07:11 PM, Peter Gerber wrote: > I want to change permission of a directory, recursively. The directory is a > subdirectory of a user's home directory. > > Is there a way to do this in a secure and easy way with the user having full > write access to the home directory? > > Let's assume I would change the permissions as follows > $ chgrp -R www-data ~user/subdir > $ chmod -R g+rwX ~user/subdir > > The issue is that the user could do something like this beforehand: > $ mv ~user/subdir ~user/subdir2 > $ ln -s / ~user/subdir > > Not a very nice thing to do, is it? > > Well, I could just change the user's permission for the home directory as > follows: > $ chown root:users-group ~user > $ chmod g+rwx,+t > > But this seems rather error-prone. Especially because I would have to adjust > the permission of quite a lot of directories, some of which are not even in > the top level of the users' home directories. Frankly, me forgetting to > adjust > the permissions of a few directories is just to great. > > What I now would like to know is, is there an easier way to solve the issue. > Like teaching chmod not to follow links. Unfortunately, I haven't found a -- > make-sure-as-hell-not-to-follow-links-in-any-way parameter or anything the > like.
As usual when dealing with recursive action under *nix, the answer is
find:
find -P ~user/subdir -type d -execdir chgrp www-data {} \; -execdir
chmod g+rwX {} \;
should I think do what you want, and even if I've missed a point or two
somewhere it should still be a decent starting point.
The '-P' option tells find to never follow any symlinks. The rest of it
is standard find syntax; the man page is a bit long, but informative.
(In particular, you should read the section on the '-execdir' option,
since it mentions a security consideration you may want to be aware of.)
--
The Wanderer
The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
