HPE Community
Operating System - HP-UX
1823963 Members
4454 Online
109667 Solutions
New Discussion юеВ

What's the deal with Dot Files and why are they so dangerous?

 
SOLVED
Go to solution
Laurie_2
Advisor

тАО07-17-2002 07:47 AM

тАО07-17-2002 07:47 AM

What's the deal with Dot Files and why are they so dangerous?

Hi All,

I had a user's directory I was trying to work
with. Here what I found:

#cd ~kelli
#ll -a | more

kelli adm .
mike common ..
(all the other files were owned by kelli).

So I didn't understand why this other user
id was showing up as the owner of her ..
file.

OK in my brillant wisdom, I became user
user (sudo) and did this:
%cd ~kelli
%chown kelli:adm .*

Now very bad things happened. No one could
log into the server. I had to fix the
/opt/home directorie permisson from
root:root to root:common.

My question is what is the purpose of these
dot files, you can't look at them and they
seem to be very dangerous to change permissions
on.

TIA,
Laurie

How can you make the world a better place
0 Kudos
Reply
11 REPLIES 11
Sridhar Bhaskarla
Honored Contributor

тАО07-17-2002 07:52 AM

тАО07-17-2002 07:52 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Laurie,

. is current directory

.. is the parent directory

They are not files. So changing permissions on them will change the permissions on the 'corresponding' directories.

Very bad things can happen particularly if they are not dealt carefully.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Martin Johnson
Honored Contributor

тАО07-17-2002 07:54 AM

тАО07-17-2002 07:54 AM

Re: What's the deal with Dot Files and why are they so dangerous?

.. points to the parent directory. When you did "chown kelli:adm .*" you changed the ownership of the parent directory. Do "cd ../" to get the the parent directory. You may need to look at a backup listing to determine the orignal owner.

HTH
Marty
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО07-17-2002 07:57 AM

тАО07-17-2002 07:57 AM

Re: What's the deal with Dot Files and why are they so dangerous?

The answer to your question is found inside your question. Note what you had to change in order to fix the problem - directories. '.' is the local directory and '..' is the parent.
.* matched BOTH of these in addition to any regular files (.profile,.dtprofile). It was changing the permission of the parent directory that really killed you. This was a case of that dumb computer doing just what it was told.
If it ain't broke, I can fix that.
0 Kudos
Reply
steven Burgess_2
Honored Contributor

тАО07-17-2002 07:57 AM

тАО07-17-2002 07:57 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Laurie

The . files are reference to your current directory . and .. is a reference to the parent directory of the current directory

so if you are in /home/ dir and you want to get to another users home dir you can use

cd ../

or if you are in

/var/local/scheduler/config/window1

and wish to get to

/var/local/scheduler/bin

cd ../../bin

An example of the . usage to execute a programme

cd /var/opt/ignite/bin

./make_recovery -ACv

instead of

/opt/ignite/bin/make_recovery -Acv

HTH

Steve
take your time and think things through
0 Kudos
Reply
Tom Maloy
Respected Contributor

тАО07-17-2002 07:58 AM

тАО07-17-2002 07:58 AM

Solution

Re: What's the deal with Dot Files and why are they so dangerous?

Dot files (files that start with a period) are "hidden" files. They do not show up in a normal listing (ls), although they are easy to see (ls -a).

Hidden files are generally used for configuration and startup files, like .profile, .kshrc, .hosts. They are also used to hide things. So hackers use them, and some folks use them for history (copy /etc/syslog.conf to /etc/.old.syslog.conf).

There are two files (. and ..) that appear in every long listing. The first (.) is the current working directory. The second (..) is the parent directory. So if you are in /tmp/testing, and you "cd .", you will wind up in /tmp/testing. If you "cd ..", you will wind up in /tmp.

When you did chown on .*, you changed the parent directory. So if you were in /home/kelli, you changed ownership of /home. The user should not own /home.

Tom
Carpe diem!
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-17-2002 07:59 AM

тАО07-17-2002 07:59 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Hi Laurie,

chmod kelli:adm .* changed permissions for the parent directory, in this case for the directory /opt/home.

"." and ".." are special entries in each directory, "." stands for the directory itself, and ".." for the parent directory. You cannot remove these entries out of a directory because they are used to find files and directories and to check permissions which user is allowed to do something. So if you do a chown on .. you change permissions for the parent directory.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
Reply
S.K. Chan
Honored Contributor

тАО07-17-2002 08:31 AM

тАО07-17-2002 08:31 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Just want to add one more thing ..

% cd ~kelli
% ls .*
% ls .[a-z]*

You'll see the difference here (I'm assuming all the "dot" files in your home directory only uses alphabetical chars).
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-17-2002 08:37 AM

тАО07-17-2002 08:37 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Hi again Laurie,

one thing i forgot to mention:

ls -a directory_name (-a show all entries)

--> shows all files and directory entries, together with "." and ".."

ls -A directory_name (-A show allmost all entries)

--> shows all files and directory entries, but without "." and ".."

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-17-2002 03:51 PM

тАО07-17-2002 03:51 PM

Re: What's the deal with Dot Files and why are they so dangerous?

To clarify the question:

It is not dot files that are dangerous, it is .*

Remember that the shell is preprocessing what you typee *before* it sends it to the command. So .* does not produce a list of only dot files. The shell interprets * as ZERO or more matches of anything, including more dots.

The best way to learn about shell filename expansion (or globbing) is to use echo *BEFORE* you type a dangerous command. I do it this way:

echo chown kelli:adm .*

Notice that the shell has replaced .* with all the filenames that match--and the critical file is .. which is the parent directory.

NEVER use .* and you'll be safe. Many new sysadmins have destroyed their user directories by:

cd /home/user1
rm -r * .*

The first * is OK...it matches all the files and directories in /home/user1, but the second will return (among all the local dot files): rm -r .. and that means: remove the entire /home directory and every subdirectory in it! Big oops!

Get in the habit of never using .* in the shell when you mean: all dotfiles, and use something like this:

echo .[a-zA-Z0-9]*

which means: find all files that start with . followed by any alphanumeric character. Note, this will miss a file such as: .% but I wouldn't want those filenames in my directories anyways.


Bill Hassell, sysadmin
Reply
Ralph Grothe
Honored Contributor

тАО07-18-2002 12:18 AM

тАО07-18-2002 12:18 AM

Re: What's the deal with Dot Files and why are they so dangerous?

Although your answer has already been thoroughly answered I just couldn't resist the urge to add something.

Please, even if you understand the shell's globbing and substitution mechanisms, before an rm (especially as root) always double check with an ls or echo before how the shell is expanding the meta characters.

For instance if you only want to get the dot files (which are a user's personal configuration files, and might contain hours of elaborate work!) you can use this:

# ls -d .[!.]*
.ICEauthority .cpan .profile .ssh
.TTauthority .dt .hh .q4rc.pl .sw
.Xauthority .dtprofile .inputrc .rhosts .vbtrc
.adsmrc .elm .kshrc .rhosts.org
.bashrc .exrc .netscape .sh_history

The square brackets [ ] contain character sets, and the bang or exclamation mark negates the chosen set (unfortunatley in most regular expressions the carret ^is used to signify the inversion of a set.
The asterisk * is expanded by the shells globbing mechanism to anything.

Some promoted .[a-zA-Z0-9]*
but as far as I know the underscore also is a valid identifier character.
Madness, thy name is system administration
Reply
Trond Haugen
Honored Contributor

тАО07-18-2002 01:32 AM

тАО07-18-2002 01:32 AM

Re: What's the deal with Dot Files and why are they so dangerous?

As you question had already been answered I would just like to add that normally the /home (or /opt/home in your case) is owned by root root (seems it was mike common on your system) and have the accessrights drwxr-xr-x. I'm not sure of your privliges when doing the chown, but with the above only root could have done it.

Regards,
Trond
Regards,
Trond Haugen
LinkedIn
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.