Bug 16640

Summary:	Recursive chown and chmod fail with jabber server
Product:	Gentoo Linux	Reporter:	Rasheed Abdal-Aziz <bugzilla_gentoo>
Component:	New packages	Assignee:	Luke-Jr <luke-jr+gentoobugs>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Rasheed Abdal-Aziz 2003-03-01 19:16:23 UTC

Recently, I used a 3 or 4 month old Jabber-Server ebuild on a clients machine. 
I cant get the details of the ebuild (I rsync'ed after this problem)
What happened was that the Ebuild tried to execute a 'cd /usr/jabber-?.?.?' 
followed by a 'chown -R jabber.jabber *'
The cd failed due to an error with the make (no idea what caused the dir not to 
be there) but the chown continued. You can see my posting on this in 
http://forums.gentoo.org/viewtopic.php?t=38240
This, in my opinion, was a VERY poorly written ebuild. Error checking should 
allways be emplyoed before performing a high risk command such as chown -R - so 
I'd like to suggest that there is a process
in place for reviewing ebuilds that looks for dangerous commands.

I ran the following commands:
	grep -iR 'chown -R' * 
and
	grep -iR 'chmod -R' * 


Thankfully most ebuilds do specify targets on chown/chmod, however a further | 
grep \* revealed a few still using 'chown -R user.group *' and the chmod 
counterpart, and most of them are kernel ebuilds so it may make sense with 
those.

Truly, it would be healthier, where possible, to chown/chmod only those files 
that require it.


Reproducible: Didn't try
Steps to Reproduce:
1.
2.
3.

Comment 1 Luke-Jr 2003-05-09 12:33:52 UTC

This problem does not seem to exist as all chowns use directory names, not *. 
(It may have been valid before, but if so, it no longer is)