HPE Community
Operating System - HP-UX
1835033 Members
2394 Online
110073 Solutions
New Discussion

Re: auditing file permissions

 
UNIX Engr
Advisor

‎05-24-2006 09:06 AM

‎05-24-2006 09:06 AM

auditing file permissions

Greetings,
I have been tasked with eliminating the rwx permissions, if possible, for the world user from files on my HPUX 11.i server.
I need a way to:
1 - Find every file with RWX for world on the server.
2 - Record the file name/permissions in case I need to restore them.
3 - A way to restore just the permissions of a file.

Any suggestions?

Thanks!
Steve
0 Kudos
Reply
4 REPLIES 4
Joseph C. Denman
Honored Contributor

‎05-24-2006 09:29 AM

‎05-24-2006 09:29 AM

Re: auditing file permissions

To get a listing of the files, you could do something like this:

cp /dev/null /tmp/global.txt
find / -perm a=rwx -exec ll {} >> /tmp/global.txt \;


Restoring the permissions may be a little tricky? I'll have to think about that one. However, I'm leaving for the evening. Hopefully I can get back to this tomorrow.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎05-24-2006 09:36 AM

‎05-24-2006 09:36 AM

Re: auditing file permissions

Hi Steve:

Do something like this:

# cd /path
# find . -type f -perm -o+x -exec ls -l {} \;

...substitute "-o+r" and "-o+w for read and write permission for "others". Alternately, you can do:

# cd /path
# find . -type f \( -perm -o+x -o -perm -o+r -o -perm -o+w \) -exec ls

This will offer any file that has *either* execure, read, or write permissions for "others".

You can redirect the output to a file that you can reference.

Regards!

...JRF...
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎05-24-2006 09:44 AM

‎05-24-2006 09:44 AM

Re: auditing file permissions

I think that the right command will be:

find . -perm -0007 -exec ls -lad {} \;

Because a ls -l or ll in for a directory will display the files on that directory, with incorrect results, and you should not use -type f if you want to find directories also.

Redirect the command to a file if you want a list of the files.

find . -perm -0007 -exec ls -lad {} \; > filelist.out
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎05-24-2006 09:45 AM

‎05-24-2006 09:45 AM

Re: auditing file permissions

Hi (again) Steve:

Oh, and the last question of restoration.

If you create a simple archive of file names in each category like:

# cd /path && find . -type f -perm -o+x -print > /tmp/xonlyfiles

...Then to remove the e(x)ecute permission for "others":

while read LINE
do
chmod o-x ${LINE}
done < /tmp/xonlfiles

...and to restore the e(x)ecute permissions:

while read LINE
do
chmod o+x ${LINE}
done < /tmp/xonlfiles

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.