slocate is a secure implementation of the traditional Unix
locate program. It was created by Kevin Lindsay and is freely
available under the GNU General Public License.
The traditional locate is a tool for quickly finding files based
upon parts of their filenames. It uses a database which is created by
updatedb; thus, the results it returns may be out of date. The
database updates are usually handled by an overnight cron job
— the disk activity created by going over every filesystem is
significant.
Unfortunately, having a single database has security implications. If user
fred has a directory named ~/private/ which is not group
or world readable or executable, any user can find the filenames in this
directory by using locate fred/private. Because the database is
usually made by a privileged user, it will contain entries for every file, even
those not normally visible to ordinary users.
This is slocate's major feature — it includes additional
checks to ensure that it only displays files which the user would ordinarily be
able to see. The command runs as setgid, which means the database can be set
to not be readable by ordinary users except via the slocate
program. The mechanism is not perfect, especially when ACLs or other non-traditional-Unix permissions systems are used, but it is
an improvement over traditional locate.
slocate also has a few other special features. It supports
regular expression filename matching and can easily be configured to not
include special, removable or network filesystems in the database.
Neither locate nor slocate can find files based
upon their contents; however, they can easily be combined with
xargs and grep
to handle queries like "find me .txt files which contain the string
'monkey' or the string 'soy'":
slocate -r '.txt$' | xargs grep -l 'monkey\|soy'
For more flexible queries, the find tool is often more
appropriate but significantly slower.
References:
slocate README,
http://www.geekreview.org/slocate/