This script was used on Debian Squeeze 6.0.6!

ChangeLog

17 March 2013

  • Added checking if users and groups exist before applying permissions.

Shortnote

OSX users are familiar with the "fix file permissions" feature of the Disk Utility. The concept behind restoring file permissions is trivial to Unix users since restoring the file permissions will enforce a default template to the filesystem. This is useful, even from other perspectives, other than security, because certain packages expect specific files to have certain permission mask.

The script below adopts the permissions restoring function from OSX to Linux by creating a template and then using a cron-based script to restore permissions every week. In this particular case, we use a Debian system but the solution can be adapted to other Linux distributions.

How to Generate the Template

The template is best generated by using a Virtual Machine and installing a full or complete version of your distribution. This Virtual Machine will be used separately, to extract the user, group and permission mark from every file on the filesystem.

Once the Virtual Machine is up and running, the following commands will generate a list of permissions:

cd /
find . -exec stat --format="%n %U %G %a" '{}' >~/permissions \;

Then the permissions file can be transferred out of the VM. The lines created by the command above will look something like this:

/lib root root 755
/lib/libcrypt-2.11.3.so root root 644
/lib/libdbus-1.so.3.4.0 root root 644
/lib/libBrokenLocale-2.11.3.so root root 644
/lib/libcap.so.2.19 root root 644
...

and is easily read from the bash script provided in the code section below.

For Debian squeeze, the following file can be donwloaded, renamed to permissions and placed at /etc/default/permissions:

FilenameFilesizeLast modified
debian_file_permissions.txt22.9 MiB2014/12/19 22:41

Fix File Permissions

In order to use this script, place the permissions file generated above in the /etc/default/ directory. Then download this file and run it. Alternatively, this shell script is best placed in /etc/cron.weekly so it runs every week.

fix-file-permissions.sh
#!/bin/sh
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
##  rights of fair usage, the disclaimer and warranty conditions.        ##
###########################################################################
 
PERMISSIONS_FILE=/etc/default/permissions
cat $PERMISSIONS_FILE | while read p; do
  FILE=`echo $p | awk '{ print $1 }'`
  T_USER=`echo $p | awk '{ print $2 }'`
  T_GROUP=`echo $p | awk '{ print $3 }'`
  T_PERM=`echo $p | awk '{ print $4 }'`
 
  if [ ! -e "$FILE" ]; then 
    continue
  fi
 
  USER_CHECK=`grep "^${T_USER}:" /etc/passwd`
  if [ -z "$USER_CHECK" ]; then
    continue
  fi
  GROUP_CHECK=`grep "^${T_GROUP}:" /etc/group`
  if [ -z "$GROUP_CHECK" ]; then
    continue
  fi
 
  C_STAT=`stat --format="%U %G %a" $FILE`
  C_USER=`echo $C_STAT | awk '{ print $1 }'`
  if [ $T_USER != $C_USER ]; then
    chown $T_USER $FILE
  fi
  C_GRUP=`echo $C_STAT | awk '{ print $2 }'`
  if [ $T_GROUP != $C_GRUP ]; then
    chgrp $T_GROUP $FILE
  fi 
  C_PERM=`echo $C_STAT | awk '{ print $3 }'`
  if [ $T_PERM != $C_PERM ]; then
    chmod $T_PERM $FILE
  fi
 
done

unix/fix_file_permissions.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.