command('find / -perm -4000 -o -perm -2000 -type f ! -path '/proc/*' -print 2>/dev/null | grep -v '^find:'')
If I create an empty file and chmod 7777 empty_file (I know it's a stupid thing to do, but users do it on my systems), it comes up positive. But it's not an executable file format. Also, when this find is run as root, it traverses directories inaccessible to non-root users and reports files that may not be visible to or accessible by non-root users. (If a file is suid or sgid root and is only accessible by or executable by root is it a problem?) I know this is nitpicking, but the (non-chef) compliance check run against my systems by corporate central monitoring keeps requiring me to fix these non-problems. It would be great if moving to chef removed these issues rather than perpetuating them.
Simon
command('find / -perm -4000 -o -perm -2000 -type f ! -path '/proc/*' -print 2>/dev/null | grep -v '^find:'')
If I create an empty file and chmod 7777 empty_file (I know it's a stupid thing to do, but users do it on my systems), it comes up positive. But it's not an executable file format. Also, when this find is run as root, it traverses directories inaccessible to non-root users and reports files that may not be visible to or accessible by non-root users. (If a file is suid or sgid root and is only accessible by or executable by root is it a problem?) I know this is nitpicking, but the (non-chef) compliance check run against my systems by corporate central monitoring keeps requiring me to fix these non-problems. It would be great if moving to chef removed these issues rather than perpetuating them.
Simon