rwl@uvacs.cs.virginia.edu (Ray Lubinsky) (01/07/89)
mlandau@bbn.com (Matt Landau) writes: > Updatedb only works on type 4.2 filesystems, so you have to run it on each > of you servers, and it only builds a cache for 4.2 filesystems, so you > have to do "find string" on each server to find all instances of what > you're looking for. In spite of that, it's a big win over waiting for > find to walk 3 gigabytes of disk every time you want to hunt something > down. It's very much worth your while to run /usr/lib/find/updatedb nightly via cron, but the cautious administrator will want to prevent user directories from being added to the database. Otherwise, even protected directories and their member file objects will be added to the database for all to see. The following are diffs from the original updatedb to add only system files to the database. You will want to change SRCHPATHS to reflect whatever mount points under which your system files reside. (Of course, this all assumes that your users' directories are under one or more separate mount points. It also assumes that you don't care whether general users know what the names of all system files are.) 5c5 < set SRCHPATHS = "/" # directories to be put in the database --- > set SRCHPATHS = "/usr /usr/src" # directories to be put in the database 23,24c23,25 < find ${SRCHPATHS} -fstype nfs -prune -o -print | tr '/' '\001' | \ < (sort -f; echo $status > $errs) | \ --- > (find / -xdev -print ; find ${SRCHPATHS} -fstype nfs -prune -o -print ) | \ > tr '/' '\001' | \ > (sort -f -u; echo $status > $errs) | \ 33c34,35 < echo 'squeeze error: out of sort space' | mail $FINDHONCHO --- > echo '/usr/lib/find/updatedb: squeeze error: out of sort space' | \ > mail $FINDHONCHO -- | Ray Lubinsky rwl@trinity.cs.virginia.edu (Internet) | | rwl@virginia (BITnet) | | Department of Computer Science, ...!uunet!virginia!uvacs!rwl (UUCP) | | University of Virginia (804) 979-6188 (voice) |
seindal@uunet.uu.net (Rene' Seindal) (01/14/89)
rwl@uvacs.cs.virginia.edu (Ray Lubinsky) writes: > It's very much worth your while to run /usr/lib/find/updatedb nightly via > cron, but the cautious administrator will want to prevent user directories > from being added to the database. Otherwise, even protected directories > and their member file objects will be added to the database for all to > see. The following patch to find will only allow users to see the files to which they have search permission. Of course the database is still there, readable and all, so people could read it directly. I you are that paranoid, make find setgid to daemon, and allow only group daemon access to the database. this wouldn't harm updatedb, since it is run as root. Rene' Seindal (seindal@diku.dk). __________ *** /tmp/,RCSt1a07350 Tue Jan 10 17:06:04 1989 --- /tmp/,RCSt2a07350 Tue Jan 10 17:06:06 1989 *************** *** 863,868 **** --- 863,869 ---- char path[1024]; char bigram1[128], bigram2[128]; int found = NO; + struct stat statb; if ( (fp = fopen ( FCODES, "r" )) == NULL ) { fprintf ( stderr, "find: can't open %s\n", FCODES ); *************** *** 898,904 **** if ( *p == NULL ) { /* success on fast match */ found = YES; if ( globflag == NO || amatch ( path, pathpart ) ) ! puts ( path ); break; } } --- 899,906 ---- if ( *p == NULL ) { /* success on fast match */ found = YES; if ( globflag == NO || amatch ( path, pathpart ) ) ! if (stat(path, &statb) == 0) ! puts ( path ); break; } }
cudcv%WARWICK.AC.UK@cunyvm.cuny.edu (Rob McMahon) (01/19/89)
rwl@uvacs.cs.virginia.edu (Ray Lubinsky) writes about `find pattern': > ... the cautious administrator will want to prevent user directories from > being added to the database.... It's easier, and more useful for the users, to just run updatedb as `nobody'. Rob -- UUCP: ...!mcvax!ukc!warwick!cudcv PHONE: +44 203 523037 JANET: cudcv@uk.ac.warwick ARPA: cudcv@warwick.ac.uk Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
dsc@izimbra.css.gov (David S. Comay) (01/19/89)
as distributed by 4.3, `updatedb' is run by user `nobody' so only public files will be added to the database (unless a user has the same group as `nobody' ... 9999 as distributed by 4.3 or -2 by sun). users can prevent their files from showing up in the database by `chmoding' their appropriate directories. i believe one of the reasons `nobody' was added in 4.3 was specifically to support a `public fast find' feature, but i don't remember. dsc
leres@helios.ee.lbl.gov (Craig Leres) (01/21/89)
Rene' Seindal writes: > The following patch to find will only allow users to see the files to > which they have search permission. Of course the database is still there, [...] > ! if (stat(path, &statb) == 0) > ! puts ( path ); Gee whiz, shouldn't you use access() instead of stat()? I mean, if you're going to implement a suboptimal algorithm, the least you can do is code it efficiently. Meanwhile, some people may want to simply run updatedb as an innocuous user: su guest -c /usr/lib/find/updatedb This works pretty well for me. Craig