OpenBSD manual page server

Manual Page Search Parameters
MTREE(8) System Manager's Manual MTREE(8)

mtreemap a directory hierarchy

mtree [-cdeilnqrtUux] [-f spec] [-K keywords] [-k keywords] [-p path] [-s seed]

The utility mtree compares the file hierarchy rooted in the current directory against a specification read from the standard input. Messages are written to the standard output for any files whose characteristics do not match the specification, or which are missing from either the file hierarchy or the specification. For an explanation of the directory hierarchy, see hier(7).

The options are as follows:

Print a specification for the file hierarchy to the standard output.
Ignore everything except directory type files.
Don't complain about files that are in the file hierarchy, but not in the specification.
spec
Read the specification from file spec, instead of from the standard input.
Indents the output 4 spaces each time a directory level is descended when creating a specification with the -c option. This does not affect either the /set statements or the comment before each directory. It does however affect the comment before the close of each directory.
keywords
Add the specified (whitespace or comma separated) keywords to the current set of keywords.
keywords
Use the “type” keyword plus the specified (whitespace or comma separated) keywords instead of the current set of keywords.
Do “loose” permissions checks, in which more stringent permissions will match less stringent ones. For example, a file marked mode 0444 will pass a check for mode 0644. “Loose” checks apply only to read, write and execute permissions -- in particular, if other bits like the sticky bit or suid/sgid bits are set either in the specification or the file, exact checking will be performed. This flag may not be set at the same time as the -u or -U flags.
Do not emit pathname comments when creating a specification. Normally a comment is emitted before each directory and before the close of that directory when using the -c option.
path
Use the file hierarchy rooted in path, instead of the current directory.
Quiet mode. Do not complain when a “missing” directory cannot be created because it already exists. This occurs when the directory is a symbolic link.
Remove any files in the file hierarchy that are not described in the specification.
seed
Display a single checksum to the standard error output that represents all of the files for which the keyword cksum was specified. The checksum is seeded with the specified value.
If a file's timestamp is different from the specification, “touch” it to match the specification (and list as modified).
Modify the owner, group, and permissions of existing files to match the specification and create any missing directories. User, group, and permissions must all be specified for missing directories to be created. Exit with a status of 0 on success, 1 if any error occurred; a mismatch is not considered an error if it was corrected.
Same as the -U option except a status of 2 is returned if the file hierarchy did not match the specification.
Don't descend below mount points in the file hierarchy.

Specifications are mostly composed of “keywords” (i.e., strings that specify values relating to files). No keywords have default values, and if a keyword has no value set, no checks based on it are performed.

Currently supported keywords are as follows:

The checksum of the file using the default algorithm specified by the cksum(1) utility.
The current file's flags (whitespace or comma separated) in symbolic form as specified by chflags(1). The string “none” may be used to indicate that no flags should be set on the file.
The file group as a numeric value.
The file group as a symbolic name.
Ignore any file hierarchy below this file.
The file the symbolic link is expected to reference.
The MD5 message digest of the file.
The current file's permissions as a numeric (octal) or symbolic value.
The number of hard links the file is expected to have.
Do not change the attributes (owner, group, mode, etc) on a file or directory.
The file is optional; don't complain about the file if it's not in the file hierarchy.
The RIPEMD-160 message digest of the file.
The SHA-1 message digest of the file.
The SHA-256 message digest of the file.
The size, in bytes, of the file.
The last modification time of the file.
The type of the file; may be set to any one of the following:

block special device
character special device
directory
FIFO
regular file
symbolic link
socket
The file owner as a numeric value.
The file owner as a symbolic name.

The default set of keywords are gid, mode, nlink, size, link, time, and uid.

There are four types of lines in a specification.

The first type of line sets a global value for a keyword, and consists of the string “/set” followed by whitespace, followed by sets of keyword/value pairs, separated by whitespace. Keyword/value pairs consist of a keyword, followed by an equals sign (‘=’), followed by a value, without whitespace characters. Once a keyword has been set, its value remains unchanged until either reset or unset.

The second type of line unsets keywords and consists of the string “/unset”, followed by whitespace, followed by one or more keywords, separated by whitespace.

The third type of line is a file specification and consists of a file name, followed by whitespace, followed by zero or more whitespace separated keyword/value pairs. The file name may be preceded by whitespace characters. The file name may contain any of the standard file name matching characters (“[”, “]”, “?”, or “*”), in which case files in the hierarchy will be associated with the first pattern that they match.

Each of the keyword/value pairs consist of a keyword, followed by an equals sign, followed by the keyword's value, without whitespace characters. These values override, without changing, the global value of the corresponding keyword.

All paths are relative. Specifying a directory will cause subsequent files to be searched for in that directory hierarchy. Which brings us to the last type of line in a specification: a line containing only the string “..” causes the current directory path to ascend one level.

Empty lines and lines whose first non-whitespace character is a hash mark (‘#’) are ignored.

/etc/mtree
system specification directory

The mtree utility exits with a status of 0 on success, 1 if any error occurred, and 2 if the file hierarchy did not match the specification. A status of 2 is converted to a status of 0 if the -U option is used.

To detect system binaries that have been “trojan horsed”, it is recommended that mtree -cK sha256digest be run on the file systems, and a copy of the results stored on a different machine or, at least, in encrypted form. The output file itself should be digested using the sha256(1) utility. Then, periodically, mtree and sha256(1) should be run against the on-line specifications. While it is possible for the bad guys to change the on-line specifications to conform to their modified binaries, it is believed to be impractical for them to create a modified specification which has the same SHA-256 digest as the original.

The -d and -u options can be used in combination to create directory hierarchies for distributions and other such things; the files in /etc/mtree were used to create almost all directories in a normal binary distribution.

chgrp(1), chmod(1), cksum(1), md5(1), stat(2), fts_open(3), MD5Init(3), RMD160Init(3), SHA1Init(3), SHA256Init(3), hier(7), chown(8)

The mtree utility appeared in 4.3BSD-Reno.

September 2, 2019 OpenBSD-6.8