1

man locate says:

 The locate database is typically built by user ``nobody'' and the
 locate.updatedb(8) utility skips directories which are not readable for
 user ``nobody'', group ``nobody'', or world.  For example, if your HOME
 directory is not world-readable, none of your files are in the database.

Since it's better for security to have a non-world-readable home directory, how do I make my home directory searchable (for me only)?

Obviously, I can just work around it by adding find ~ -type f > .locate in crontab and then do grep <search> ~/.locate, but is there a standard way of doing this using the built-in locate?

forthrin
  • 2,289
  • Why wouldn't you run updatedb as user owning the home directory, output to a non-default db and then search that db with locate. (or add this db to search path using LOCATE_PATH) ? – tonioc Jun 03 '18 at 11:01
  • @tonioc: This is the way the script runs by default. – forthrin Jun 03 '18 at 14:04

2 Answers2

4

Most distributions will ship with the locate tools from findutils in a package along with a script invoked from crontab which will run updatedb as user nobody. You just have to find this script (eg: on Debian 9 it's in /etc/cron.daily/locate) and adapt it to remove user handling as well as change the database file. So it the end a basic form could just boil down to:

updatedb --output="$HOME/locatedb" --localpaths="$HOME"

This should probably be put in a crontab.

And the usage would then be:

locate --database="$HOME/locatedb" somefilepattern

you'll have to add more options if you are using network mounts and want to index them etc.

If you have root access on your system, and ponder possible security/privacy issues, you can simplify your life and use the alternate mlocate tools probably available in most distributions too, which behave exactly as the locate tools, except they index everything as root (thus never failing to index the world unreadable directories) to a database not accessible directly by the user, but use a setuid/setgid locate command that will read it and will allow to display results to a given user only if this user could access the results in the first place.

A.B
  • 36,364
  • 2
  • 73
  • 118
  • Thanks for getting me on the right track. See my own answer, and see if you can contribute to simplifying it. – forthrin Jun 03 '18 at 13:56
0

/usr/libexec/locate.updatedb on my system (a BSD variant) doesn't seem to have the options A.B suggests. Instead it does:

: ${FCODES:=/var/db/locate.database}
: ${SEARCHPATHS:="/"}

So I had to do this:

export SEARCHPATHS=$HOME
export FCODES=$HOME/locatedb
/usr/libexec/locate.updatedb

Then:

$ locate -d ~/locatedb <pattern>

Is there a way around setting environment variables on my system?

forthrin
  • 2,289
  • just create wrapper scripts in your PATH before the actual commands (probably /usr/local/bin) ? both wrappers would source a common file with the config and exec /usr/... "$@" – A.B Jun 03 '18 at 13:58