[unix-history] / usr / src / usr.sbin / mtree / mtree.8

.\" Copyright (c) 1989, 1990, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" %sccs.include.redist.roff%
.\"
.\"     @(#)mtree.8	8.2 (Berkeley) %G%
.\"
.Dd 
.Dt MTREE 8
.Os
.Sh NAME
.Nm mtree
.Nd map a directory hierarchy
.Sh SYNOPSIS
.Nm mtree
.Op Fl cderux
.Op Fl f Ar spec
.Op Fl K Ar keywords
.Op Fl k Ar keywords
.Op Fl p Ar path
.Op Fl s Ar seed
.Sh DESCRIPTION
The utility
.Nm mtree
compares the file hierarchy rooted in the current directory against a
specification read from the standard input.
Messages are written to the standard output for any files whose
characteristics do not match the specifications, or which are
missing from either the file hierarchy or the specification.
.Pp
The options are as follows:
.Bl -tag -width flag
.It Fl c
Print a specification for the file hierarchy to the standard output.
.It Fl d
Ignore everything except directory type files.
.It Fl e
Don't complain about files that are in the file hierarchy, but not in the
specification.
.It Fl f
Read the specification from
.Ar file  ,
instead of from the standard input.
.It Fl K
Add the specified (whitespace or comma separated) keywords to the current
set of keywords.
.It Fl k
Use the ``type'' keyword plus the specified (whitespace or comma separated)
keywords instead of the current set of keywords.
.It Fl p
Use the file hierarchy rooted in
.Ar path  ,
instead of the current directory.
.It Fl r
Remove any files in the file hierarchy that are not described in the
specification.
.It Fl s
Display a single checksum to the standard error output that represents all
of the files for which the keyword
.Cm cksum
was specified.
The checksum is seeded with the specified value.
.It Fl u
Modify the owner, group, and permissions of existing files to match
the specification and create any missing directories.
User, group, and permissions must all be specified for missing directories
to be created.
.It Fl x
Don't descend below mount points in the file hierarchy.
.El
.Pp
Specifications are mostly composed of ``keywords'', i.e. strings that
that specify values relating to files.
No keywords have default values, and if a keyword has no value set, no
checks based on it are performed.
.Pp
Currently supported keywords are as follows:
.Bl -tag -width Cm
.It Cm cksum
The checksum of the file using the default algorithm specified by
the
.Xr cksum 1
utility.
.It Cm ignore
Ignore any file hierarchy below this file.
.It Cm gid
The file group as a numeric value.
.It Cm gname
The file group as a symbolic name.
.It Cm mode
The current file's permissions as a numeric (octal) or symbolic
value.
.It Cm nlink
The number of hard links the file is expected to have.
.It Cm uid
The file owner as a numeric value.
.It Cm uname
The file group as a symbolic name.
.It Cm size
The size, in bytes, of the file.
.It Cm link
The file the symbolic link is expected to reference.
.It Cm time
The last modification time of the file.
.It Cm type
The type of the file; may be set to any one of the following:
.sp
.Bl -tag -width Cm -compact
.It Cm block
block special device
.It Cm char
character special device
.It Cm dir
directory
.It Cm fifo
fifo
.It Cm file
regular file
.It Cm link
symbolic link
.It Cm socket
socket
.El
.El
.Pp
The default set of keywords are
.Cm gid ,
.Cm mode ,
.Cm nlink ,
.Cm size ,
.Cm slink ,
.Cm time ,
and
.Cm uid .
.Pp
There are four types of lines in a specification.
.Pp
The first type of line sets a global value for a keyword, and consists of
the string ``/set'' followed by whitespace, followed by sets of keyword/value
pairs, separated by whitespace.
Keyword/value pairs consist of a keyword, followed by an equals sign
(``=''), followed by a value, without whitespace characters.
Once a keyword has been set, its value remains unchanged until either
reset or unset.
.Pp
The second type of line unsets keywords and consists of the string
``/unset'', followed by whitespace, followed by one or more keywords,
separated by whitespace.
.Pp
The third type of line is a file specification and consists of a file
name, followed by whitespace, followed by zero or more whitespace
separated keyword/value pairs.
The file name may be preceded by whitespace characters.
The file name may contain any of the standard file name matching
characters (``['', ``]'', ``?'' or ``*''), in which case files
in the hierarchy will be associated with the first pattern that
they match.
.Pp
Each of the keyword/value pairs consist of a keyword, followed by an
equals sign (``=''), followed by the keyword's value, without
whitespace characters.
These values override, without changing, the global value of the
corresponding keyword.
.Pp
All paths are relative.
Specifying a directory will cause subsequent files to be searched
for in that directory hierarchy.
Which brings us to the last type of line in a specification: a line
containing only the string
.Dq Nm \&..
causes the current directory
path to ascend one level.
.Pp
Empty lines and lines whose first non-whitespace character is a hash
mark (``#'') are ignored.
.Pp
The
.Nm mtree
utility exits with a status of 0 on success, 1 if any error occurred,
and 2 if the file hierarchy did not match the specification.
.Sh EXAMPLES
To detect system binaries that have been ``trojan horsed'', it is recommended
that
.Nm mtree
be run on the file systems, and a copy of the results stored on a different
machine, or, at least, in encrypted form.
The seed for the
.Fl s
option should not be an obvious value and the final checksum should not be
stored on-line under any circumstances!
Then, periodically,
.Nm mtree
should be run against the on-line specifications and the final checksum
compared with the previous value.
While it is possible for the bad guys to change the on-line specifications
to conform to their modified binaries, it shouldn't be possible for them
to make it produce the same final checksum value.
If the final checksum value changes, the off-line copies of the specification
can be used to detect which of the binaries have actually been modified.
.Pp
The
.Fl d
and
.Fl u
options can be used in combination to create directory hierarchies
for distributions and other such things.
.Sh FILES
.Bl -tag -width /etc/mtree -compact
.It Pa /etc/mtree
system specification directory
.El
.Sh SEE ALSO
.Xr chmod 1 ,
.Xr chown 1 ,
.Xr chgrp 1 ,
.Xr cksum 1 ,
.Xr stat 2 ,
.Xr fts 3 ,
.Sh HISTORY
The
.Nm mtree
utility appeared in
.Bx 4.3 Reno .
Commit	Line	Data
47d3c023 KB	1	.\" Copyright (c) 1989, 1990, 1993
47d3c023 KB	2	.\" The Regents of the University of California. All rights reserved.
25f14064	3	.\"
804e6434	4	.\" %sccs.include.redist.roff%
25f14064	5	.\"
653ba8b6	6	.\" @(#)mtree.8 8.2 (Berkeley) %G%
25f14064	7	.\"
b5dc1377 CL	8	.Dd
b5dc1377 CL	9	.Dt MTREE 8
ee9b0a0a	10	.Os
b5dc1377 CL	11	.Sh NAME
	12	.Nm mtree
	13	.Nd map a directory hierarchy
	14	.Sh SYNOPSIS
	15	.Nm mtree
	16	.Op Fl cderux
	17	.Op Fl f Ar spec
275bb093 KB	18	.Op Fl K Ar keywords
275bb093 KB	19	.Op Fl k Ar keywords
b5dc1377	20	.Op Fl p Ar path
275bb093	21	.Op Fl s Ar seed
b5dc1377	22	.Sh DESCRIPTION
804e6434 CL	23	The utility
804e6434 CL	24	.Nm mtree
275bb093 KB	25	compares the file hierarchy rooted in the current directory against a
	26	specification read from the standard input.
	27	Messages are written to the standard output for any files whose
653ba8b6	28	characteristics do not match the specifications, or which are
275bb093	29	missing from either the file hierarchy or the specification.
b5dc1377	30	.Pp
25f14064	31	The options are as follows:
8d03b40e	32	.Bl -tag -width flag
804e6434	33	.It Fl c
275bb093	34	Print a specification for the file hierarchy to the standard output.
804e6434	35	.It Fl d
f33455dd	36	Ignore everything except directory type files.
804e6434	37	.It Fl e
275bb093 KB	38	Don't complain about files that are in the file hierarchy, but not in the
275bb093 KB	39	specification.
804e6434	40	.It Fl f
f33455dd	41	Read the specification from
b5dc1377	42	.Ar file ,
275bb093 KB	43	instead of from the standard input.
	44	.It Fl K
	45	Add the specified (whitespace or comma separated) keywords to the current
	46	set of keywords.
	47	.It Fl k
	48	Use the ``type'' keyword plus the specified (whitespace or comma separated)
	49	keywords instead of the current set of keywords.
804e6434	50	.It Fl p
275bb093	51	Use the file hierarchy rooted in
b5dc1377	52	.Ar path ,
f33455dd	53	instead of the current directory.
804e6434	54	.It Fl r
275bb093	55	Remove any files in the file hierarchy that are not described in the
25f14064	56	specification.
275bb093 KB	57	.It Fl s
	58	Display a single checksum to the standard error output that represents all
	59	of the files for which the keyword
	60	.Cm cksum
	61	was specified.
	62	The checksum is seeded with the specified value.
804e6434	63	.It Fl u
f33455dd	64	Modify the owner, group, and permissions of existing files to match
275bb093 KB	65	the specification and create any missing directories.
	66	User, group, and permissions must all be specified for missing directories
	67	to be created.
804e6434	68	.It Fl x
275bb093	69	Don't descend below mount points in the file hierarchy.
804e6434	70	.El
b5dc1377	71	.Pp
f33455dd KB	72	Specifications are mostly composed of ``keywords'', i.e. strings that
f33455dd KB	73	that specify values relating to files.
275bb093	74	No keywords have default values, and if a keyword has no value set, no
f33455dd	75	checks based on it are performed.
b5dc1377	76	.Pp
25f14064	77	Currently supported keywords are as follows:
804e6434 CL	78	.Bl -tag -width Cm
804e6434 CL	79	.It Cm cksum
275bb093 KB	80	The checksum of the file using the default algorithm specified by
	81	the
	82	.Xr cksum 1
	83	utility.
804e6434	84	.It Cm ignore
275bb093 KB	85	Ignore any file hierarchy below this file.
	86	.It Cm gid
	87	The file group as a numeric value.
	88	.It Cm gname
	89	The file group as a symbolic name.
804e6434	90	.It Cm mode
275bb093 KB	91	The current file's permissions as a numeric (octal) or symbolic
275bb093 KB	92	value.
804e6434	93	.It Cm nlink
f33455dd	94	The number of hard links the file is expected to have.
275bb093 KB	95	.It Cm uid
	96	The file owner as a numeric value.
	97	.It Cm uname
	98	The file group as a symbolic name.
804e6434	99	.It Cm size
f33455dd	100	The size, in bytes, of the file.
804e6434	101	.It Cm link
275bb093	102	The file the symbolic link is expected to reference.
804e6434	103	.It Cm time
0af6fb71	104	The last modification time of the file.
804e6434	105	.It Cm type
f33455dd	106	The type of the file; may be set to any one of the following:
275bb093	107	.sp
8d03b40e	108	.Bl -tag -width Cm -compact
804e6434	109	.It Cm block
f33455dd	110	block special device
804e6434	111	.It Cm char
f33455dd	112	character special device
804e6434	113	.It Cm dir
f33455dd	114	directory
804e6434	115	.It Cm fifo
f33455dd	116	fifo
804e6434	117	.It Cm file
f33455dd	118	regular file
804e6434	119	.It Cm link
f33455dd	120	symbolic link
804e6434	121	.It Cm socket
f33455dd	122	socket
804e6434 CL	123	.El
804e6434 CL	124	.El
b5dc1377	125	.Pp
275bb093 KB	126	The default set of keywords are
	127	.Cm gid ,
	128	.Cm mode ,
	129	.Cm nlink ,
	130	.Cm size ,
	131	.Cm slink ,
	132	.Cm time ,
	133	and
	134	.Cm uid .
	135	.Pp
f33455dd	136	There are four types of lines in a specification.
b5dc1377	137	.Pp
275bb093 KB	138	The first type of line sets a global value for a keyword, and consists of
	139	the string ``/set'' followed by whitespace, followed by sets of keyword/value
	140	pairs, separated by whitespace.
	141	Keyword/value pairs consist of a keyword, followed by an equals sign
	142	(``=''), followed by a value, without whitespace characters.
f33455dd	143	Once a keyword has been set, its value remains unchanged until either
275bb093	144	reset or unset.
b5dc1377	145	.Pp
275bb093	146	The second type of line unsets keywords and consists of the string
f33455dd KB	147	``/unset'', followed by whitespace, followed by one or more keywords,
f33455dd KB	148	separated by whitespace.
b5dc1377	149	.Pp
f33455dd KB	150	The third type of line is a file specification and consists of a file
	151	name, followed by whitespace, followed by zero or more whitespace
	152	separated keyword/value pairs.
275bb093	153	The file name may be preceded by whitespace characters.
f33455dd KB	154	The file name may contain any of the standard file name matching
	155	characters (``['', ``]'', ``?'' or ``*''), in which case files
	156	in the hierarchy will be associated with the first pattern that
	157	they match.
b5dc1377	158	.Pp
f33455dd	159	Each of the keyword/value pairs consist of a keyword, followed by an
275bb093 KB	160	equals sign (``=''), followed by the keyword's value, without
275bb093 KB	161	whitespace characters.
f33455dd	162	These values override, without changing, the global value of the
25f14064	163	corresponding keyword.
b5dc1377	164	.Pp
25f14064	165	All paths are relative.
f33455dd KB	166	Specifying a directory will cause subsequent files to be searched
f33455dd KB	167	for in that directory hierarchy.
25f14064	168	Which brings us to the last type of line in a specification: a line
b5dc1377 CL	169	containing only the string
	170	.Dq Nm \&..
	171	causes the current directory
f33455dd	172	path to ascend one level.
b5dc1377	173	.Pp
f33455dd KB	174	Empty lines and lines whose first non-whitespace character is a hash
f33455dd KB	175	mark (``#'') are ignored.
b5dc1377	176	.Pp
275bb093 KB	177	The
	178	.Nm mtree
	179	utility exits with a status of 0 on success, 1 if any error occurred,
	180	and 2 if the file hierarchy did not match the specification.
	181	.Sh EXAMPLES
	182	To detect system binaries that have been ``trojan horsed'', it is recommended
	183	that
	184	.Nm mtree
	185	be run on the file systems, and a copy of the results stored on a different
	186	machine, or, at least, in encrypted form.
	187	The seed for the
	188	.Fl s
	189	option should not be an obvious value and the final checksum should not be
	190	stored on-line under any circumstances!
	191	Then, periodically,
	192	.Nm mtree
	193	should be run against the on-line specifications and the final checksum
	194	compared with the previous value.
	195	While it is possible for the bad guys to change the on-line specifications
	196	to conform to their modified binaries, it shouldn't be possible for them
	197	to make it produce the same final checksum value.
	198	If the final checksum value changes, the off-line copies of the specification
	199	can be used to detect which of the binaries have actually been modified.
	200	.Pp
	201	The
	202	.Fl d
	203	and
	204	.Fl u
	205	options can be used in combination to create directory hierarchies
	206	for distributions and other such things.
b5dc1377	207	.Sh FILES
804e6434 CL	208	.Bl -tag -width /etc/mtree -compact
804e6434 CL	209	.It Pa /etc/mtree
b5dc1377	210	system specification directory
804e6434	211	.El
b5dc1377 CL	212	.Sh SEE ALSO
	213	.Xr chmod 1 ,
	214	.Xr chown 1 ,
	215	.Xr chgrp 1 ,
	216	.Xr cksum 1 ,
b5dc1377 CL	217	.Xr stat 2 ,
b5dc1377 CL	218	.Xr fts 3 ,
b5dc1377	219	.Sh HISTORY
804e6434 CL	220	The
	221	.Nm mtree
	222	utility appeared in
	223	.Bx 4.3 Reno .