diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.fail.sh deleted file mode 100644 index 174a855fae84..000000000000 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.fail.sh +++ /dev/null @@ -1,16 +0,0 @@ -# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu - -useradd user_test - -TESTDIR="/usr/lib/" - -# The remediation performs a 'find' followed by a 'chwon' -# While 'find' doesn't follow symlinks by default, 'chown' does follow, -# so 'chown' will try to change owner of a non existent file while 'find' -# pointed out that the symlink has wrong owner. -ln -s $TESTDIR/mising_test_file $TESTDIR/faulty_symlink -chown -h user_test $TESTDIR/faulty_symlink - -# The Check ignores symlink, so we need to put a reason to run the remediations -touch $TESTDIR/test_me -chown user_test $TESTDIR/test_me diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh new file mode 100644 index 000000000000..51bc6fe2d717 --- /dev/null +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh @@ -0,0 +1,9 @@ +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu + +useradd user_test + +TESTDIR="/usr/lib/" + +# The check ignores this symlink and results in pass +ln -s $TESTDIR/mising_test_file $TESTDIR/faulty_symlink +chown -h user_test $TESTDIR/faulty_symlink diff --git a/shared/templates/file_groupowner/bash.template b/shared/templates/file_groupowner/bash.template index f27d098e3ec2..a7133d28c632 100644 --- a/shared/templates/file_groupowner/bash.template +++ b/shared/templates/file_groupowner/bash.template @@ -13,10 +13,10 @@ {{% for path in FILEPATH %}} {{%- if IS_DIRECTORY %}} {{%- if FILE_REGEX %}} -readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} ! -gid {{{ FILEGID }}}) +readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -gid {{{ FILEGID }}}) for file in "${files[@]}"; do - if basename $file | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then - chgrp -h {{{ FILEGID }}} "$file" + if basename "$file" | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then + chgrp {{{ FILEGID }}} "$file" fi done {{% else %}} diff --git a/shared/templates/file_owner/bash.template b/shared/templates/file_owner/bash.template index 07dc5f66997b..83a53b9d2432 100644 --- a/shared/templates/file_owner/bash.template +++ b/shared/templates/file_owner/bash.template @@ -13,10 +13,10 @@ {{% for path in FILEPATH %}} {{%- if IS_DIRECTORY %}} {{%- if FILE_REGEX %}} -readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} ! -uid {{{ FILEUID }}}) +readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}}) for file in "${files[@]}"; do - if basename $file | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then - chown -h {{{ FILEUID }}} "$file" + if basename "$file" | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then + chown {{{ FILEUID }}} "$file" fi done {{%- else %}} diff --git a/shared/templates/file_permissions/bash.template b/shared/templates/file_permissions/bash.template index 78e8a4557c3a..75f238530261 100644 --- a/shared/templates/file_permissions/bash.template +++ b/shared/templates/file_permissions/bash.template @@ -13,9 +13,9 @@ {{% for path in FILEPATH %}} {{%- if IS_DIRECTORY %}} {{%- if FILE_REGEX %}} -readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}}) +readarray -t files < <(find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f) for file in "${files[@]}"; do - if basename $file | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then + if basename "$file" | grep -qE '{{{ FILE_REGEX[loop.index0] }}}'; then chmod {{{ FILEMODE }}} "$file" fi done