What's the best way to check file permissions before moving files if needed?

Hello,
I would like to know if it's a good practice to check the file permissions of the contents of a directory before moving them. For example:

mv -- "$directory"/* "$directory"/.[!.]* "$directory"/..?* "$destination"

The variables $directory and $destination contain the path to an existing directory. The problem is that I don't have control of the user's directory who runs the script so, in theory, the files may not have the needed permissions to be moved, and the directory is required to be empty. What's a good way to check if every file was moved successfully?

The first thing that came to mind is to check the exit status of the command:

mv -- "$directory"/* "$directory"/.[!.]* "$directory"/..?* "$destination" || exit 1

However, this doesn't mean a file couldn't be moved, because it can also exit because of a non-existing directory entry as a result of the glob. I also thought of checking if the directory is actually empty:

for entry in "$directory"/* "$directory"/.[!.]* "$directory"/..?*
do
    if [ -e "$entry" ] || [ -L "$entry" ]
    then
        printf "A file couldn't be moved.\n" 1>&2
        exit 1
    fi
done

But I'd like to know if this check is unnecessary. I also thought about checking if every single file has the needed permissions before using the mv command, but I'm afraid that would be superfluous.
Thanks in advance.

You should ALWAYS check user input - consider it toxic if that helps.

If you use linux the -empty test works for what you want - you do not mention your system or shell
i.e.,

# check if it is a directory && check check empty "" need in case the $directory variable has spaces 
if [[ -d /path/to/directory"$directory"  &&  find /path/to/directory -type d -name "$directory"  -empty ]] ; then
      echo "ok"
else
     echo "not ok"
fi

You can also use the ls command more globally

if [ -z "$(ls -A $directory)" ]; then
   echo "Empty"
else
   echo "Not Empty"
fi
1 Like

In order to move a file the directory is modified i.e
must be writable. The file permissions do not really matter, while in an interactive shell the mv might become interactive i.e. ask.
So either test

if [ -w "$directory" ] && [ -w "$destination" ]
then
  mv -v ... "$destination/"
else
  echo "dir not writable!"
fi

Or make them writable

if chmod u+w "$directory/" "$destination/"
then
  mv -v ... "$destination/"
else
  echo "dir not writable"
fi

A trailing / will automatically follow a symlink and test for a directory.
The chmod and the -d test always follow a symlink.
(Nevertheless the chmod targets should have trailing / to ensure they are not files.)
The -v (verbose) option can be captured in a file or a variable.

--- Post updated at 10:26 ---

Won't work correctly - find does not give a suitable exit status!
EDIT: now I see the find is within the [[ ]] - won't run unless it is in $( ) .
I try a correction:

if [[ -n $(find -maxdepth 0 -type d "$directory" -empty) ]]; then echo "$directory is an empty directory."; fi

Note: unlike the [[ ]] , in [ ] you should quote the sub shell's output "$( )" .

1 Like

This is something I always do. Like I said, the variables contain the path to existing directories. They're checked before using the mv , but I skipped that part in order to focus on the permissions question.

You're right, I'm sorry I didn't mention it. My shell is Bash, and I use GNU coreutils, but the script is meant to be POSIX-compliant, hence the use of the single square bracket test.

I know this is off-topic, but this is also one of the cases I don't know what the best practice is, because the standard states that the -A "writes out all directory entries, including those whose names begin with a <period> ( '.' ) but excluding the entries dot and dot-dot (if they exist)". But then there's the HP-UX ls , where "for a user with appropriate privileges, this flag defaults to on, and is turned off by -A". What should I do in this case?

I see. But if the variables are checked with [ -d "$directory" ] && [ -d "$destination" ] , the railing slash is not needed, right?

With this method, the mask for file names will not be needed

[ "$(ls -A "$destination")" ] && exit
mv $(compgen -f "$derectory"/) "$destination"

Right. A trailing / would cause a double-check. Is technically okay though.

For Posix-compatibility you should stick to "$(ls -A)" and test it for being null or non-null. Generally better for correctly counting crazy filenames is "$(ls -qA)" .
In HP-UX you can do

UNIX95=1; export UNIX95

that tells many commands to become Posix-compliant.
In Solaris you can prefix /usr/xpg4/bin to the PATH. The following should work pretty much everywhere:

PATH=/usr/xpg4/bin:/bin:/usr/bin:/usr/sbin:/sbin UNIX95=1
export PATH UNIX95
# all Posix commands and options should work now
1 Like

You might also consider the test options for files ( man test for more detail)

Another alternative might be to use stat to get the value you need. Jim is right though, you don't just need to check the files, but the directory permissions too to ensure you can write to them. The update needed will create or remove the ile as part of the move. It can also be a nice way to get around sensitive data input in a particular place that supposedly has been locked down, i.e. the file payroll-input.txt might have RW for the owner, Read for a group you are not in and nothing for the rest, but if you have access to update the directory, you can remove or rename the file then create your own.

:eek: I'm not advocating it, but it is something consider and make everyone panic about simple security :eek:

The output from stat -c '%a %U %G' might give you the basics of what you need and you might parse them to decide if you should continue.

There are, however, lots of probably better suggestions before mine, such as that from MadeInGermany.

Just more options.

Kind regards,
Robin