cancel
Showing results for 
Search instead for 
Did you mean: 

File permission tracking

 
SOLVED
Go to solution
Francis Noël
Regular Advisor

File permission tracking

Hello forum people.

I have a set of directory trees with funky (i.e. customized to please certain apps) access permissions. The "problem" is that OS and App patches will sometimes reset file permissions, which results in App breakage.

What I'm looking for is a script or tool or idea I could code myself that would generate a list of file/permission pairs for a directory tree, allowing me to diff the results after a patch in order to restore the permissions the App needs to run.

Any ideas ?
Thanks !
7 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: File permission tracking

Hi Francis:

You could do:

# perl -MFile::Find -le 'find(sub{printf "%04o %s\n",((stat)[2])&0777,$File::Find::name},@ARGV)' /path

Regards!

...JRF...
Francis Noël
Regular Advisor

Re: File permission tracking

Holy perl, Batman!

Thanks James, this is exactly what I needed.

Tingli
Esteemed Contributor

Re: File permission tracking

find /file_system -type dir -exec ls -ld {} \;
James R. Ferguson
Acclaimed Contributor

Re: File permission tracking

Hi (again):

Ooops, I missed a "7".

# # perl -MFile::Find -le 'find(sub{printf "%04o %s\n",((stat)[2])&07777,$File::Find::name},@ARGV)' /path

Regards!

...JRF...
Francis Noël
Regular Advisor

Re: File permission tracking

Thanks for being such a perfectionist.

Dennis Handly
Acclaimed Contributor

Re: File permission tracking

>The "problem" is that OS and App patches will sometimes reset file permissions, which results in App breakage.

HP-UX patches shouldn't do this. Do you have an example permission change you have?
Francis Noël
Regular Advisor

Re: File permission tracking

Hi Dennis

You are right the HP-UX patches do not directly cause this.

Here is a more precise description of what happens.

A proprietary App is installed on an HP-UX Box.

The App uses an Oracle 10gR2 DB, Oracle Application Server, Java, Oracle ProCOBOL and some straight COBOL through Microfocus.

Yeah, its a nightmare.

Some administratives instances in the company have insisted that the App's files, RDBMS files and OAS files belong to three separate users IDs.

The App manufacturer uses only one user ( the oracle user ) to drive everything.
This has led to security "compromises" in the form of loosening lib folder permissions both in OAS and RDBMS, crossed groups, context switching scripts and other nastiness.

When an HP-UX QPK is applied, standard procedure mandates that the Oracle binaries and libraries be relinked.

The Oracle relink scripts will reset library and binary file permissions to their correct, default values. THIS results in App breakage, in the described environment.

The HP-UX standard patch bundles are therefore not to blame, nor are the Oracle relink scripts.

The cause of all this wears a tie, sits in a closed office and does not know what "SMTP" means.

I hope this clears it up :)