Re: Why do UID values of system users matter?

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Fri, Aug 16, 2019 at 11:42:12PM -0500, David Wright wrote:
> Difficult to say. My reaction would be to check the ownership of all
> non-root-owned files. Because of the potential for trouble like the
> above, I routinely keep a list on each system.
> 
> # find / -mount \( ! -group 0 -o ! -user 0 \) -ls | awk '{printf "%s	%s	%s\n", $5, $6, $11}' | sort -k 3 > /root/non-root-owned-files

The use of $11 here assumes the filename doesn't contain any whitespace.
It'll break if one does.  You'd be better off using GNU find's -printf
features, than parsing the output of -ls with awk.

Looks like you want the username, groupname, and filename.  So that would
be:

find / -mount \( ! group 0 -o ! -user 0 \) -printf '%u  %g  %p\n' |
    sort -k 3 > /root/non-root-owned-files