Operating System - HP-UX
1833883 Members
1655 Online
110063 Solutions
New Discussion

is there a way to reset default file/directory permissions?

 
SOLVED
Go to solution
Anthony_141
Regular Advisor

is there a way to reset default file/directory permissions?

We had an application problem and in order to get it working ended up trying to open up permissions on several directories/files.

Is there any tool we can use to go through a system and reset directories/files back to their standard (default) permissions?

12 REPLIES 12
spex
Honored Contributor

Re: is there a way to reset default file/directory permissions?

Hi Anthony,

If you have a second system with the same configuration, you can clone permissions from it.

System 2
============
find /filesystem -print | xargs ll -d | awk '{print $9,$3,$4}' > /tmp/perm.out

System 1
============
# cat fixperm.sh
#!/usr/bin/sh
while :
do
read f u g
echo ${u}:${g} ${f}
chown ${u}:${g} ${f}
done < perm.out
exit 0

If you have a backup of the affected filesystem, you could use a similar method.

PCS
James R. Ferguson
Acclaimed Contributor

Re: is there a way to reset default file/directory permissions?

Hi Anthony:

# swverify -F \*

Regards!

...JRF...
spex
Honored Contributor
Solution

Re: is there a way to reset default file/directory permissions?

I just realized you said your permissions were fouled up, and I gave you a procedure for correcting user and group ownership.

Let's try this again...

System 2
============
find /filesystem -print | xargs perl -e 'printf("%04o %s\n",(stat($ARGV[0]))[2]&07777,$ARGV[0]);' > /tmp/perm.out

System 1
============
# cat fixperm.sh
#!/usr/bin/sh
while :
do
read p f
echo "Attempting: chmod ${p} ${f}"
chmod ${p} ${f}
done < perm.out
exit 0
A. Clay Stephenson
Acclaimed Contributor

Re: is there a way to reset default file/directory permissions?

About as good as it gets is:
swverify -F \*
although that will not work for anything (e.g. oracle) that was not installed via the standard HP-UX installation tools.

There is no assurance that another "good" machine is either "good" or compatible/applicable to your target machine.

What you should have done before the dreaded 777 disease struck was done something like a find exec'ing ls -l to produce a list of file modes, owner, and groups before you starting "fixing" the system.
If it ain't broke, I can fix that.
A. Clay Stephenson
Acclaimed Contributor

Re: is there a way to reset default file/directory permissions?

One of the key questions that you need to learn to ask yourself before doing anything is "How can I get myself out of trouble almost as fast as I got myself in?". I can't tell you the number of times that principle has saved me from my own formidable stupidity.
If it ain't broke, I can fix that.
Anthony_141
Regular Advisor

Re: is there a way to reset default file/directory permissions?

the swverify -F \* doesn't appear to fix permissions on files\directoires under /var for some reason (though it fixed /var itself).
A. Clay Stephenson
Acclaimed Contributor

Re: is there a way to reset default file/directory permissions?

... and your point is? Again, swverify can only do so much and almost all of the files/directories in /var were not actually created during a swinstall but rather after swinstall had finished and the actual applications had started. Moreover, any software not installed via swinstall would not be fixed using an "swxxxx" command.

You really need a backup image to compare against. Depending upon the types of backup you do, it is probably easy to get a listing showing file ownerships, groups, and modes without actually doing a restore. You then can scan the list and compare those values
to those as they now exist on your system and make any changes. This sounds a whole lot like a script is needed. Perl? Awk?
If it ain't broke, I can fix that.
Steven E. Protter
Exalted Contributor

Re: is there a way to reset default file/directory permissions?

Shalom,

The /var filesystem is for variable content, logs and such and can be changed by a script.

There is no automatic, magic wand to solve this problem.

A number of commands were used to create it and a number of poor systems administrations practices led to it.

Suggestion:
1) Make umask consistent for all users including root.
2) Go through the /var filesystem manually and set rational permissions.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Anthony_141
Regular Advisor

Re: is there a way to reset default file/directory permissions?

I corrected the issue by:

1) getting the permissions from our Ignite backup (gunzip/tar commands) (we make Ignite backups a lot so we know we have a good restore path)
2) wrote a script to run through this list and look for the same file in /var and update the permissions

Anthony_141
Regular Advisor

Re: is there a way to reset default file/directory permissions?

problem resolved
James R. Ferguson
Acclaimed Contributor

Re: is there a way to reset default file/directory permissions?

Hi (again):

In the future, please be more specific as to what directories and/or files you have butchered. Asking "Is there a way to reset default file/directory permissions" infers that you mean standard HP-UX ones convered by the Software Distributer (SD) tools. Hence our offering of 'swverify -F'. Had you not had a similar server to compare to, you might have found that useful knowledge.

Regards!

...JRF...
spex
Honored Contributor

Re: is there a way to reset default file/directory permissions?

>This sounds a whole lot like a script is
>needed. Perl? Awk?

Schedule the following script to run nightly:

# cat rebuild_locate_db.sh
#!/usr/bin/sh
LOCDB=/var/opt/locate/loc.db
find / -local -exec ls -ld {} \; 1> ${LOCDB} 2> /dev/null
exit 0

And then to search for a file:

# locate '\/ls$'
-r-xr-xr-x 7 bin bin 28672 May 5 2003 /usr/bin/ls

# alias locate
locate='cat /var/opt/locate/loc.db | grep'

'loc.db' should also be integrated into your backup routine, as it can be used to recover file attributes.

PCS