COAST Security Archive Logo Maintainance Tools

_____

Overview

This page details the tools used in the maintainance of the archive on a daily basis.

_____

fixperms

The fixperms script is used to fix file permissions on a nightly basis. We do not wish to allow files to exist with any permissions in the archive. This is an unacceptable security risk. Consider this scenario - if a mirror site contains a file which has world execute permissions, then so will our mirrored copy. This could be a potential security hole. So we will chmod all the files to a safe mask.

Run this script by doing: 

/u/coast2/ftp-admin/bin/fixperms /u/coast3/ftp/pub/
it will run silently and change the group to coast and the file permissions in the specified command line args.

_____

fix_dir_tree

This script will fix a directory tree so that no links exist in the tree which point outside the root. For example, many mirrored sites have there own particular directory hierarchy. This need not necessarily be a tree, but it could contain links between various subtrees to allow easy navigation. However, it is possible that we might only mirror one portion of this entire directory hierarchy. Any links that point outside of the tree will be at best meaningless in our archive. At worst they will point to already existing files.

The diagram below illustrates this problem. Here we see a directory hierarchy on the right that makes sense, with a link outside the root A, but once the hierarchy is mirrored, the link no longer makes and sense.

Dangling Link

To fix this problem, use this script.

The script operates by recursively scanning a directory tree from a specified root point, and removing any files which are links that point outside the directory tree.

To run it do: 

/u/coast2/ftp-admin/bin/fix_dir_tree [-d directory] [-q] [-n]
By default it operates from the current directiory on down. The directory to scan can be changed by the -d option. The -q option makes it operate in quiet mode, and not report any output. The -n option will cause it to not actually remove any links, merely report their existence.

_____

symlink_check

This script performs sanity checking on symbolic links. Symbolic links are often placed in directory trees to allow easy navigation to a related subject. However, they can become stale or dangling if they are not kept up to date. This is especially true if a link points to a directory containing a package. This script will search through a directory hierarchy and identify all such dangling links.

To invoke this script do: 

/u/coast2/ftp-admin/bin/symlink_check  /u/coast3/ftp/pub/...
This will recursively check the given directory name for any symbolic links which have not existing destination file.

NOTE: This is different from fix_dir_tree. It will only check to see if the destination of a link exists, even if the destination lies outside the root of the directory tree.

_____

O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project Page.

Purdue CS Homepage Purdue CS Dept page.

Last Modified: 16 March, 1995.

security-archive@cerias.purdue.edu (COAST Security Archive)