Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!samsung!noose.ecn.purdue.edu!mentor.cc.purdue.edu!sage.cc.purdue.edu!asg From: asg@sage.cc.purdue.edu (The Grand Master) Newsgroups: comp.unix.admin Subject: Re: Help - we lost all our files! Message-ID: <14158@mentor.cc.purdue.edu> Date: 30 Jun 91 18:23:06 GMT References: <1347@escob1.UUCP> <1991Jun30.145153.27975@buster.stafford.tx.us> Sender: news@mentor.cc.purdue.edu Organization: Purdue University Computing Center Lines: 42 In article <1991Jun30.145153.27975@buster.stafford.tx.us> rli@buster.stafford.tx.us writes: %dickson@escob1.UUCP (Dave Dickson) writes: % %>[ description of lost files deleted ] % %>We are reasonably certain that this was not an intruder or other %>nefarious critter, as we have a reasonably secure system (I, know, %>famous last words). % %>Anyway, any help or suggestions as to the cause of this would be %>appreciated. % %>CRONTAB ENTRY: %>45 3 * * * find /tmp/* /usr/tmp/* -mtime +1 -print | xargs rm -r % %The cause of the problem is that you executed this cron as root %and therefore it began processing from the root environment. The %*BUG* then caused rm -r to be executed from '.' which equated to %'/'. If you would take a more defensive posture and always cd to %one of the tmp directories, this could not have happened. % %45 3 * * * cd /tmp; find /tmp/* /usr/tmp/* -mtime +1 -print | xargs rm -r % %In this case, the worst that would have happened is it would have %erased everything in /tmp. Not. what if I do : touch "/tmp/hi .." then .. will be passwd to xargs and........ The best solution in my eyes is to not use xargs. Another possibility is to have tmp owned by say a user named tmp (how original) and execute the cron command with tmp's rights. Then tmp will not be able to remove anything important, just files in /tmp. Bruce -- "Emacs is so nice - it even tries to help | My views are crazy and strange. you when you want to erase a mistake" | But they're right, so I like 'em. Courtesy of you friendly neighborhood Grand Master..... Bruce Varney (asg@sage.cc.purdue.edu)