#43 Implementing a Secure Locate
The locate script presented as Script #19 is useful but has a security problem: If the build process is run as root, it builds a list of all files and directories on the entire system, regardless of owner, allowing users to see directories and filenames that they wouldn't otherwise have permission to access. The build process can be run as a generic user (as Mac OS X does, running mklocatedb as user nobody), but that's not right either, because as a user I want to be able to locate file matches anywhere in my directory tree, regardless of whether user nobody can see them.
One way to solve this dilemma is to increase the data saved in the locate database so that each entry has an owner, group, and permissions ...
Get Wicked Cool Shell Scripts now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.