RE: Curious fileutils/coreutils behaviour.
> From: David Malone [mailto:dwmalone@xxxxxxxxxxx]
> Sent: Thursday, May 13, 2004 12:49 PM
>
> Solaris, AIX, and FreeBSD all seem to have less suprising behaviour
> for chown and chmod and provide a "-h" flag for chowning a symlink
> rather than its target. Fileutils also has a "-h" flag, but it is
> the default for chown, so you need to say "--dereference" to get
> it to operate on the target.
>
> While this choice of default isn't clearly wrong...
It's pretty clear to me that it's wrong. It's inconsistent (with the other
utilities) and counterintuitive, which is a major security risk for a
security-sensitive utility. Changing ownership of a symlink is rarely
useful,(*) so it makes the less-desirable behavior the default. It operates
differently from other implementations of the chown command, and requires a
nonstandard and implausible flag to force the de facto standard behavior.
That's three strikes against it; it's out.
Of course, changing the default behavior could have adverse effects on shell
scripts and slow learners, so simply correcting it is likely to cause some
grief. IMO it's worth it in a case like this.
(*)Contrary to the FAQ entry you cited, it is sometimes useful to change the
ownership of a symlink. Since the owner of a symlink can be detected by a
program, there can exist programs which depend on it. Consider a script
which uses "find -user x" for some purpose, for example, or the behavior of
directories with the sticky bit set. Also, there was recently a discussion
of a real-world case on comp.unix.aix where the use of the -h flag behavior
(change link rather than target) would have avoided unfortunate
consequences. The text of the FAQ entry is a classic case of failing to
consider all the consequences of an action and attending only to the most
obvious ones - a common security error.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus