Hello,
first, thank you to all of you making it possible to bring Unix to everyone of
us!
As a technical supporter, we see situations each day where we ask ourself how
this could happen. In the last seven days, we had to support our customers who
made big mistakes, and two times it was a very big effort to revert the backups
and make the system functional. These two situations both occured
(independently from each other) by changing permissions due to misconfigured
NFS and CIFS shares. The remote administrator tried to solve it by a simple
„chown“ or „chgrp“ recursively, which is wrong to solve the situation, but
that’s another point. The problem is, that they made a "chown -R www-data /" -
ok, bad idea afterwards.
My colleague (here in CC) tries to find out how this could easily enhanced, and
found in the man pages the section:
--no-preserve-root
do not treat '/' specially (the default)
--preserve-root
fail to operate recursively on ‚/'
So, there is an option to disallow this behavior. Would have been this set in
the call of chown, we would have saved much time (and customer’s money, which
flows into our pockets). The question is: if there is such a safety option, why
is it reverted to „by default unsafe“? In my understanding, it would be better
to have „--preserve-root“ be the default and to allow operation on „/" only by
option. I know this would have a big impact on existing scripts, but I feel a
bit disappointed by the administrator-friendlyness of these options. It’s like
having an airbag in a car, but you must enable it in exactly the situation of
an accident.
How do you feel about this?
Freundliche Grüße/Best regards,
Harald Koch
c-works GmbH
Otto-Lilienthal-Str. 36
71034 Böblingen
E-Mail: h.k...@c-works.de <mailto:h.k...@c-works.de>
Tel.: +49-(0)7031-714-9440
Fax: +49-(0)7031-714-9442
Geschäftsführer/Managing Director: Harald Koch
Sitz und Registergericht/Domicile and Court of Registry: Stuttgart
HRB-Nr./ Commercial Register No. 725882
—
Due to corona we moved to remote office, leading to possible telephone quality
degradation.
