Security considerations for find

Posted on 2012-02-09 [Thursday] by jj5

Read about the security considerations for find. Find is a *nix tool for searching though directories for files and filtering them to build lists or run commands.

While I’m here I might as well show you my latest find command, I think it’s a beauty. :)

sudo find . \
  \( \( \( \! -user jj5 \) -or \( \! -group jj5 \) \) \
    -execdir chown jj5:jj5 '{}' \+ \) , \
  \( \( -type d \( \! -perm -u+rwx \) \) \
    -execdir chmod u+rwx '{}' \+ \) , \
  \( \( -type f \( \! -perm -u+rw \) \) \
    -execdir chmod u+rw '{}' \+ \)

Ubuntu/Linux/Unix user and group account management

Posted on 2012-02-03 [Friday] by jj5

To disable a user login:

 $ sudo passwd -l username

To unlock a disabled user login:

 $ sudo passwd -u username

To specify all the secondary groups a user should be in (if they’re already in a group not in this list they will be removed from it) you use:

 $ sudo usermod -G grp_a,grp_b username

To append to the list of secondary groups:

 $ sudo usermod -a -G grp_c username

To show what users are in a group:

 $ grep ^group: /etc/group

E.g. to show which users are in the sudo group:

 $ grep ^sudo: /etc/group

You also need to check primary groups by grepping for the gid in the passwd file. For instance the gid for the sudo group is 27, so to see who’s in sudo you also have to:

 $ grep 27 /etc/passwd

Of course you should take all of the above with a grain of salt because there are a thousand caveats.

Unix command to format a number of bytes as a human readable value

Posted on 2012-01-07 [Saturday] by jj5

It took me a while, but I finally figured out how to print a number from a bash script properly formatted with commas as thousand’s separators. For those like me who weren’t in the know, the magical incantation is:

  printf "%'d" 123456

That will format 123456 as 123,456. Much easier to read when you’re dealing with large numbers such as the sizes of files in gigabytes.

So now if I could only find the Unix command that took a number of bytes and turned it into an approximate value with GB or MB suffixes.

stty sane

Posted on 2012-01-04 [Wednesday] by jj5

When you’re at a Unix terminal and your terminal goes screwy, try typing “stty sane” to reset it. Handy!

tr

Posted on 2012-01-04 [Wednesday] by jj5

I learned about the ‘tr’ Unix command today. It’s for translating text in streams. The particular example was:

  echo | tr '012' '001'

And I didn’t really understand what that did, but now I do. Basically the ‘echo’ part will echo a new line character, which is octal 012. Then tr will read its input stream and read that new line. It then has a rule to translate 012 (new line) to 001 (Ctrl+A), which it does. So basically it’s just a way of getting a Ctrl+A character in a stream. If you use Ctrl+A as your regular expression delimiter you’re unlikely to have a collision in the expression itself.

M	T	W	T	F	S	S
« Oct
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

ProgClub

…because every programmer needs a good club!

Tag Archives: unix

Security considerations for find

Unix command to format a number of bytes as a human readable value

stty sane

tr