2015-12-20 18:30:36 +0000, James Youngman: > On Fri, Dec 18, 2015 at 11:43 PM, Stephane Chazelas > <stephane.chaze...@gmail.com> wrote: > > > At that Q&A, we also discuss the behaviour of GNU find when both > > -L and -execdir are used for which I think at least the > > documentation could benefit from some clarification. > > Could you be more specific? [...]
Hi James Well what I wrote at the link was quite explicit. But to expand a bit: -execdir cmd {} is a feature introduced by BSDs and there, is explicitely documented to run cmd from within dirname(file) and where {} is expanded basename(file). In the GNU find documentation, it's less clearly stated, but it mostly says the same thing. What -execdir does is more described in the -exec section: -- Action: -exec command ; This insecure variant of the '-execdir' action is specified by POSIX. The main difference is that the command is executed in the directory from which 'find' was invoked, meaning that '{}' is expanded to a relative path starting with the name of one of the starting directories, rather than just the basename of the matched file. It says with -execdir, {} is the basename of the file which (without -L) is not completely true as it's "./" concatenated with the basename of the file. With -L (and it's not documented except in a comment in the code, again see http://unix.stackexchange.com/a/250194), cmd is not run from dirname(file), and {} is not "./" basename(file), it's mostly the same as -exec. /tmp/test$ mkdir -p 1/2/3 /tmp/test$ find . -exec pwd \; -exec echo {} \; /tmp/test . /tmp/test ./1 /tmp/test ./1/2 /tmp/test ./1/2/3 /tmp/test$ find . -execdir pwd \; -execdir echo {} \; /tmp/test ./. /tmp/test ./1 /tmp/test/1 ./2 /tmp/test/1/2 ./3 /tmp/test$ find -L . -execdir pwd \; -execdir echo {} \; /tmp/test ./. /tmp/test ././1 /tmp/test ././1/2 /tmp/test ././1/2/3 Ideally, I'd say it would be better if GNU find behaviour was the same as BSD's (where above you'd get the same output with and without -L. If not (as I agree it won't make much difference from a security point of view as we're following links anyway), IMO the behaviour should be documented (along with the fact that it diverges from the original BSD implementation). The case should probably also be considered in the section that covers the security implication of using -exec/-execdir. -- Stephane