Path: utzoo!utgpu!attcan!uunet!lll-winken!ames!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: rwl@uvacs.cs.virginia.edu (Ray Lubinsky)
Newsgroups: comp.sys.sun
Subject: Tightening security on SunOS 4.0 'fastfind'
Message-ID: <2894@uvacs.cs.Virginia.EDU>
Date: 6 Jan 89 23:18:11 GMT
References: <12397@silica.BBN.COM>
Sender: usenet@rice.edu
Organization: U.Va. CS in Charlottesville VA
Lines: 43
Approved: Sun-Spots@rice.edu
Original-Date: 30 Dec 88 20:22:59 GMT
X-Sun-Spots-Digest: Volume 7, Issue 90, message 4 of 9

mlandau@bbn.com (Matt Landau) writes:
> Updatedb only works on type 4.2 filesystems, so you have to run it on each
> of you servers, and it only builds a cache for 4.2 filesystems, so you
> have to do "find string" on each server to find all instances of what
> you're looking for.  In spite of that, it's a big win over waiting for
> find to walk 3 gigabytes of disk every time you want to hunt something
> down.

It's very much worth your while to run /usr/lib/find/updatedb nightly via
cron, but the cautious administrator will want to prevent user directories
from being added to the database.  Otherwise, even protected directories
and their member file objects will be added to the database for all to
see.

The following are diffs from the original updatedb to add only system
files to the database.  You will want to change SRCHPATHS to reflect
whatever mount points under which your system files reside.  (Of course,
this all assumes that your users' directories are under one or more
separate mount points.  It also assumes that you don't care whether
general users know what the names of all system files are.)

5c5
< set SRCHPATHS = "/"			# directories to be put in the database
---
> set SRCHPATHS = "/usr /usr/src"	# directories to be put in the database
23,24c23,25
< find ${SRCHPATHS} -fstype nfs -prune -o -print | tr '/' '\001' | \
<    (sort -f; echo $status > $errs) | \
---
> (find / -xdev -print ; find ${SRCHPATHS} -fstype nfs -prune -o -print ) | \
>    tr '/' '\001' | \
>    (sort -f -u; echo $status > $errs) | \
33c34,35
< 	echo 'squeeze error: out of sort space' | mail $FINDHONCHO
---
> 	echo '/usr/lib/find/updatedb: squeeze error: out of sort space' | \
> 	mail $FINDHONCHO

-- 
| Ray Lubinsky                         rwl@trinity.cs.virginia.edu (Internet) |
|                                      rwl@virginia                  (BITnet) |
| Department of Computer Science,      ...!uunet!virginia!uvacs!rwl    (UUCP) |
| University of Virginia               (804) 979-6188                 (voice) |