eggert@sm.unisys.com (Paul Eggert) (12/17/88)
The Sun Security Features Guide (Part #800-1735-10, 9 May 1988, p. 52) recommends that ``ncheck -s'' be used periodically to scan filesystems for security-relevant files. Unfortunately, ``ncheck -s'' has an internal limit on the number of files that it reports. If a filesystem has many such files, ``ncheck -s'' sometimes silently fails to report some of them. In SunOS 4.0, where a server's filesystem contains all its clients' devices, the limit is easily exceeded. The following SunOS 4.0 shell command yields all the information that ``ncheck -s'' yields, and can be used as a workaround. find mount_point -xdev \ \( -type b -o -type c -o ! -type d \( -perm -4000 -o -perm -2000 \) \) -ls [[ It's just a little slower (even if ncheck worked correctly). --wnl ]]
eggert@sm.unisys.com (Paul Eggert) (12/30/88)
[Sorry about submitting the ncheck note twice -- I thought my mailer lost it.] Regarding 'find', compared to 'ncheck -s': [[ It's just a little slower (even if ncheck worked correctly). --wnl ]] I also thought 'find' was slower than 'ncheck -s'. But when I measured them, 'ncheck -s' took 25% more wallclock time than the roughly equivalent 'find', and 60% more user+system CPU time (SunOS 4.0, Sun-3/160, Xylogics 7053, Toshiba MK251, 156 MB partition). In comp.unix.wizards <2802@pixar.UUCP>, Rick Ace reports that 'ncheck' is unnecessarily buggy and slow. Until Sun fixes 'ncheck', stick to 'find'.