On 12/1/2014 10:55 AM, Bob Proulx wrote:
Ted Mittelstaedt wrote:
Locate will not show files that a user has set private (or root
has set private like /usr/local/certs/machineprivatekey.key
There are at least three versions of locate all with different
behavior with regards to file permissions. The GNU findutils locate
version simply runs as a non-priviledged user and can't see anything
that isn't available to any user.
slocate and mlocate run as root and have visibility into every file
but additionally mark the permission in the database. The database is
unreadable for normal users and the only access is through the suid
binary. The results returned are with respect to the user's current
file access permissions.
mlocate additionally stores directory timestamps to avoid the need to
read directories that have not changed since the last run.
Although mlocate is the most sophisticated of the set I don't use it
personally and I prefer the original locate that simply indexes using
find running as 'nobody' and only lists files that anyone can see. In
any case the behavior depends upon the particular variant of locate
installed on your system. If it is slocate or mlocate then running
"locate" as root will locate every matching file.
It would have likely worked for this - but it's too difficult for
me to attempt to prove a negative (prove a file does not exist) when I'm
using a tool that is written to not show everything.
Unfortunately security is the one feature of the system that by design
makes it harder to use.
And the one feature that users are your worst enemies when it comes to
defeating...
Ted
Bob
