[Discuss] test for *other* write permissions

[invalid at pizzashack.org (Derek Martin)]

On Thu, Nov 15, 2012 at 10:38:43PM +0000, Edward Ned Harvey (blu) wrote:
> I'm running a script as root, I'm going to parse a file.  I can
> easily test that the file is owned by root.  I want to test if the
> group or other write bit is set.

First off, I agree with Gordon, I'd use Python or C (or <shudder> Perl
for this).  But I'll answer your specific issues:

> If using "stat" you can get the perms in drwxrwxrws format.  But the
> number of characters sometimes varies, based on whether or not it's
> a character special device, directory, softlink, etc.  

I don't believe you. :)

Regular file:

$ stat -c "%A" foo
-rw-r--r--

Symlink:

$ stat -c "%A" .bashrc
lrwxrwxrwx

Directory:

$ stat -c "%A" Downloads
drwxr-xr-x

Block Special:

$ stat -c "%A" /dev/sda
brw-rw----

Etc...

The number of characters is always 10, unless you have SELinux or extended ACLs
enabled...  In that case, the extra characters are added to the right end, so
they don't change anything as far as your script goes.  


> Also, the leading or trailing blank character ' ' space may or may
> not be present for different implementations of stat.  

Easy to deal with:

$ mystat=" drwxr-xr-x "
$ nosp_stat=`echo $mystat|sed 's/ //g'`
$ echo "'$nosp_stat'"
'drwxr-xr-x'

> So although it's definitely possible to find the "w" bit in the "g"
> and "o" fields...  I am hesitant to do this.  Also, even if I want
> to do this, it's not immediately obvious to me, how to extract the
> nth character out of a string in a bash script.

Sixth through eighth characters of $nosp_stat:

$ echo $nosp_stat | cut -c 6-8
-xr

Last character of $nosp_stat:

$ echo $nosp_stat |cut -c 10
x


> If using "stat" you can also get the perms in 755 format.  From
> here, I can easily do a bitwise & with 2, and I can easily find the
> world write bit.  But bash arithmetic doesn't view the number "755"
> in octal...  

Sure it does, you just need to coerce it:

# PREPEND a zero, so the number is octal
$ mystat=0`stat -c "%a" .bashrc`
$ echo $mystat
0777
$ echo $(($mystat - 3))
508

Now you need to do some math to see what you got is the right thing.
0777 (octal) is 7(16) + 7(8) + 7 = 511 (decimal).  511 - 3 = 508.  The
answer is in decimal, but the inputs can be octal.  You just need to
make sure they start with a 0.

> So far, my best idea is to check if the file is owned by root:root,
> and then just check the World write bit.

That'll work too.

But Python is way easier:

>>> import stat, os
>>> mode = os.stat(".bashrc")
>>> print mode
posix.stat_result(st_mode=33188, st_ino=51135013, st_dev=64514L, st_nlink=1, st_uid=24574, st_gid=600, st_size=6194, st_atime=1353005630, st_mtime=1341511570, st_ctime=1341511570)

You want this:

>>> print ((mode.st_mode | stat.S_IWGRP) and mode.st_gid == 0)
False

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.