usr.sbin/mtree/mtree.8

.\"	$NetBSD: mtree.8,v 1.12 1999/11/07 20:23:01 wennmach Exp $
.\"
.\" Copyright (c) 1989, 1990, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)mtree.8	8.2 (Berkeley) 12/11/93
.\"
.Dd December 11, 1993
.Dt MTREE 8
.Os
.Sh NAME
.Nm mtree
.Nd map a directory hierarchy
.Sh SYNOPSIS
.Nm ""
.Op Fl cderUux
.Bk -words
.Op Fl i | Fl m
.Ek
.Bk -words
.Op Fl f Ar spec
.Ek
.Bk -words
.Op Fl K Ar keywords
.Ek
.Bk -words
.Op Fl k Ar keywords
.Ek
.Bk -words
.Op Fl p Ar path
.Ek
.Bk -words
.Op Fl s Ar seed
.Ek
.Sh DESCRIPTION
The utility
.Nm
compares the file hierarchy rooted in the current directory against a
specification read from the standard input.
Messages are written to the standard output for any files whose
characteristics do not match the specification, or which are
missing from either the file hierarchy or the specification.
.Pp
The options are as follows:
.Bl -tag -width flag
.It Fl c
Print a specification for the file hierarchy to the standard output.
.It Fl d
Ignore everything except directory type files.
.It Fl e
Don't complain about files that are in the file hierarchy, but not in the
specification.
.It Fl f
Read the specification from
.Ar file  ,
instead of from the standard input.
.It Fl i
If specified, set the schg and/or sappnd flags.
.It Fl K
Add the specified (whitespace or comma separated) keywords to the current
set of keywords.
.It Fl k
Use the ``type'' keyword plus the specified (whitespace or comma separated)
keywords instead of the current set of keywords.
.It Fl m
If the schg and/or sappnd flags are specified, reset these flags. Note that
this is only possible with securelevel less than 1 (i. e. in single user mode
or while the system is running in insecure mode). See
.Xr init 8
for information on security levels.
.It Fl p
Use the file hierarchy rooted in
.Ar path  ,
instead of the current directory.
.It Fl r
Remove any files in the file hierarchy that are not described in the
specification.
.It Fl s
Display a single checksum to the standard error output that represents all
of the files for which the keyword
.Cm cksum
was specified.
The checksum is seeded with the specified value.
.It Fl U
Modify the owner, group, permissions, and flags of existing files to match
the specification and create any missing directories.
User, group, and permissions must all be specified for missing directories
to be created.
Note that unless the
.Fl i
option is given, the schg and sappnd flags will not be set, even if
specified. If
.Fl m
is given, these flags will be reset.
Exit with a status of 0 on success, 1 if any error occurred;
a mismatch is not considered to be an error if it was corrected.
.It Fl u
Same as
.Fl U
except a status of 2 is returned if the file hierarchy did not match
the specification.
.It Fl x
Don't descend below mount points in the file hierarchy.
.El
.Pp
Specifications are mostly composed of ``keywords'', i.e. strings that
that specify values relating to files.
No keywords have default values, and if a keyword has no value set, no
checks based on it are performed.
.Pp
Currently supported keywords are as follows:
.Bl -tag -width Cm
.It Cm cksum
The checksum of the file using the default algorithm specified by
the
.Xr cksum 1
utility.
.It Cm flags
The file flags as a symbolic name.  See
.Xr chflags 1
for information on these names.  If no flags are to be set the string
.Dq none
may be used to override the current default.
Note that the schg and sappnd flags are treated specially (see the
.Fl i
and
.Fl m
options).
.It Cm ignore
Ignore any file hierarchy below this file.
.It Cm gid
The file group as a numeric value.
.It Cm gname
The file group as a symbolic name.
.It Cm link
The file the symbolic link is expected to reference.
.It Cm md5
The MD5 cryptographic checksum of the file.
.It Cm mode
The current file's permissions as a numeric (octal) or symbolic
value.
.It Cm nlink
The number of hard links the file is expected to have.
.It Cm optional
The file is optional; don't complain about the file if it's
not in the file hierarchy.
.It Cm uid
The file owner as a numeric value.
.It Cm uname
The file owner as a symbolic name.
.It Cm size
The size, in bytes, of the file.
.It Cm time
The last modification time of the file.
.It Cm type
The type of the file; may be set to any one of the following:
.sp
.Bl -tag -width Cm -compact
.It Cm block
block special device
.It Cm char
character special device
.It Cm dir
directory
.It Cm fifo
fifo
.It Cm file
regular file
.It Cm link
symbolic link
.It Cm socket
socket
.El
.El
.Pp
The default set of keywords are
.Cm flags ,
.Cm gid ,
.Cm link ,
.Cm mode ,
.Cm nlink ,
.Cm size ,
.Cm time ,
and
.Cm uid .
.Pp
There are four types of lines in a specification.
.Pp
The first type of line sets a global value for a keyword, and consists of
the string ``/set'' followed by whitespace, followed by sets of keyword/value
pairs, separated by whitespace.
Keyword/value pairs consist of a keyword, followed by an equals sign
(``=''), followed by a value, without whitespace characters.
Once a keyword has been set, its value remains unchanged until either
reset or unset.
.Pp
The second type of line unsets keywords and consists of the string
``/unset'', followed by whitespace, followed by one or more keywords,
separated by whitespace.
.Pp
The third type of line is a file specification and consists of a file
name, followed by whitespace, followed by zero or more whitespace
separated keyword/value pairs.
The file name may be preceded by whitespace characters.
The file name may contain any of the standard file name matching
characters (``['', ``]'', ``?'' or ``*''), in which case files
in the hierarchy will be associated with the first pattern that
they match.
.Nm
uses strvis(3) (in VIS_CSTYLE format) to encode file names containing
non-printable characters. Whitespace characters are encoded as
``\es'' (space), ``\et'' (tab), and ``\en'' (new line).
``#'' characters in file names are escaped by a preceding backslash (``\e'')
to distinguish them from comments.
.Pp
Each of the keyword/value pairs consist of a keyword, followed by an
equals sign (``=''), followed by the keyword's value, without
whitespace characters.
These values override, without changing, the global value of the
corresponding keyword.
.Pp
All paths are relative.
Specifying a directory will cause subsequent files to be searched
for in that directory hierarchy.
Which brings us to the last type of line in a specification: a line
containing only the string
.Dq Nm \&..
causes the current directory
path to ascend one level.
.Pp
Empty lines and lines whose first non-whitespace character is a hash
mark (``#'') are ignored.
.Pp
The
.Nm
utility exits with a status of 0 on success, 1 if any error occurred,
and 2 if the file hierarchy did not match the specification.
.Sh EXAMPLES
To detect system binaries that have been ``trojan horsed'', it is recommended
that
.Nm
be run on the file systems, and a copy of the results stored on a different
machine, or, at least, in encrypted form.
The seed for the
.Fl s
option should not be an obvious value and the final checksum should not be
stored on-line under any circumstances!
Then, periodically,
.Nm
should be run against the on-line specifications and the final checksum
compared with the previous value.
While it is possible for the bad guys to change the on-line specifications
to conform to their modified binaries, it shouldn't be possible for them
to make it produce the same final checksum value.
If the final checksum value changes, the off-line copies of the specification
can be used to detect which of the binaries have actually been modified.
.Pp
The
.Fl d
and
.Fl u
options can be used in combination to create directory hierarchies
for distributions and other such things.
.Sh FILES
.Bl -tag -width /etc/mtree -compact
.It Pa /etc/mtree
system specification directory
.El
.Sh SEE ALSO
.Xr chflags 1 ,
.Xr chgrp 1 ,
.Xr chmod 1 ,
.Xr cksum 1 ,
.Xr md5 1 ,
.Xr stat 2 ,
.Xr strvis 3 ,
.Xr fts 3 ,
.Xr chown 8
.Sh HISTORY
The
.Nm
utility appeared in
.Bx 4.3 Reno .