chkperm


chkperm was inspired by SuSEs chkstat utility. It is a tool to automatically check and set file permissions and -ownership.

Content

  1. Content (this section)
  2. About
  3. Getting the source
  4. Security considerations

About

chkperm parses its configuration file and sets or verifies permissions and ownership according to the statements found in the file.

Synopsis

chkperm [options] [permission-file]

If no permission-file is provided at the command line, a default configuration is loaded from SYSCONFDIR

general options

       -s, --set
              This option enables setting the file permissions, the default is
              to check and warn only.

       -r, --read
              with  this  option  chkperm  will  read  permissions  for  every
              file/directory  it  reads  in  the config file and print them on
              screen in a format it can read as a config file (to re-set  them
              later)

       -d, --dead
              with this option, chkperm will remove any dead symbolic links it
              encounters

       -h, --help
              Show a little help screen.

Config file format

Every line of the configuration file consists of a single directive. Lines starting with a #-character are ignored. A directive has the following syntax:

[CMDSPEC] FILEPATH OWNER.GROUP MODE

with the following meaning:

   cmdspec
       is one of "recursivedirs"s, "recursivefiles", "recursiveall", "alldirs",
       "allfiles" or "all".

       recursivedirs will read the given directory and step through every sub‐
       directory, but only touches directories but no files.

       recursivefiles will read the given directory  and  step  through  every
       subdirectory, but only touches files but no directories.

       recursiveall  will read the given directory and step through every sub‐
       directory, it will touch every file and every directory.

       alldirs will read the given directory and touch every directory but  no
       files. It will not step through subdirectories.

       allfiles  will  read  the  given  directory and touch every file but no
       directories. It will not step through subdirectories.

       all will read the given directory and touch every file and every direc‐
       tory. It will not step through subdirectories.

       if  cmdspec  is left out, exactly 'path' is checked and no recursion is
       done.

       if chkperm finds any dead symbolic links and -s or --set was specified,
       chkperm will remove them automatically.

       if  chkperm  should  recursively  step through directories, it will not
       follow symlinks

   FILEPATH
       is any valid path of the filesystem.  Wildcards are not  supported  for
       the filepath. Lines starting with '#' are used as comments.

   OWNER.GROUP
       is  a  valid  systemuser  and  -group combination. Either numeric or by
       name. If user is - (minus) no  userchange  is  made.  Same  applies  to
       group.

   MODE
       is any valid oktal-mode described by chmod(1). If MODE is - (minus), no
       modechange is made.

If the permission files contain multiple entries for a single file or directory, the first entry found will be used.

Example configuration
recursivedirs   /test   oliver:oliver   755                                                                         
recursivefiles  /test   oliver:oliver   644

All directories in /test (including the directory itself and all subdirectories) will get oliver:oliver as the owner an 755 as permission.

All files in /test (and all subdirectories) will get oliver:oliver as the owner an 644 as permission.

↑ Top of page ↑

Getting the source

Clone the git reprository:

# git clone git://git.code.sf.net/p/chkperm/code chkperm

and change to the created directory. Type

# ./autogen.sh

# ./configure

# make

to build the binary. ↑ Top of page ↑

Security considerations

There is an issue with hard links. Consider the following situation: User Peter has a file /home/peter/peter1 and user Paul creates a hard link to peter1 as /home/paul/paul1. If you now configure chkperm to change owners in /home/peter to peter:peter and in /home/paul to paul:paul you would accidently change the ownership of the same file twice, possibly giving the file to Paul finally.

For that reason chkperm will print a warning message if the target is a hard link and change nothing.

There still is a problem with hard links, though. Consider what happens if Peter removes /home/peter/peter1
In this case /home/paul/paul1 will no longer be a hard link and chkperm will happy gift paul with a new file.



copyright © 1997-2018  Oliver Schroeder (remove XYZ)