Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] test for *other* write permissions

On Thu, Nov 15, 2012 at 10:38:43PM +0000, Edward Ned Harvey (blu) wrote:
> I'm running a script as root, I'm going to parse a file.  I can
> easily test that the file is owned by root.  I want to test if the
> group or other write bit is set.

First off, I agree with Gordon, I'd use Python or C (or <shudder> Perl
for this).  But I'll answer your specific issues:

> If using "stat" you can get the perms in drwxrwxrws format.  But the
> number of characters sometimes varies, based on whether or not it's
> a character special device, directory, softlink, etc.  

I don't believe you. :)

Regular file:

$ stat -c "%A" foo


$ stat -c "%A" .bashrc


$ stat -c "%A" Downloads

Block Special:

$ stat -c "%A" /dev/sda


The number of characters is always 10, unless you have SELinux or extended ACLs
enabled...  In that case, the extra characters are added to the right end, so
they don't change anything as far as your script goes.  

> Also, the leading or trailing blank character ' ' space may or may
> not be present for different implementations of stat.  

Easy to deal with:

$ mystat=" drwxr-xr-x "
$ nosp_stat=`echo $mystat|sed 's/ //g'`
$ echo "'$nosp_stat'"

> So although it's definitely possible to find the "w" bit in the "g"
> and "o" fields...  I am hesitant to do this.  Also, even if I want
> to do this, it's not immediately obvious to me, how to extract the
> nth character out of a string in a bash script.

Sixth through eighth characters of $nosp_stat:

$ echo $nosp_stat | cut -c 6-8

Last character of $nosp_stat:

$ echo $nosp_stat |cut -c 10

> If using "stat" you can also get the perms in 755 format.  From
> here, I can easily do a bitwise & with 2, and I can easily find the
> world write bit.  But bash arithmetic doesn't view the number "755"
> in octal...  

Sure it does, you just need to coerce it:

# PREPEND a zero, so the number is octal
$ mystat=0`stat -c "%a" .bashrc`
$ echo $mystat
$ echo $(($mystat - 3))

Now you need to do some math to see what you got is the right thing.
0777 (octal) is 7(16) + 7(8) + 7 = 511 (decimal).  511 - 3 = 508.  The
answer is in decimal, but the inputs can be octal.  You just need to
make sure they start with a 0.

> So far, my best idea is to check if the file is owned by root:root,
> and then just check the World write bit.

That'll work too.

But Python is way easier:

>>> import stat, os
>>> mode = os.stat(".bashrc")
>>> print mode
posix.stat_result(st_mode=33188, st_ino=51135013, st_dev=64514L, st_nlink=1, st_uid=24574, st_gid=600, st_size=6194, st_atime=1353005630, st_mtime=1341511570, st_ctime=1341511570)

You want this:

>>> print ((mode.st_mode | stat.S_IWGRP) and mode.st_gid == 0)

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /