Save a directory trees permissions and then restore them

One Web Site Admin problem…

Login

Blog History

One Web Site Admin problem that I have found to be annoying is when you want to secure your webserver by making only what is required writeable and leave the rest unwriteable by the web server process. As soon as you go to perform an update of a module then the content management system complains it can't write to where it wants to.

Typically to allow access you either chmod -R 777 . (which is an insecure way of allowing access because the 'other' or 'world' group has full access to write to you web site files) or you can make www-data the owner or group chown www-data:www-data . and then make the permissions so that it can write where it needs to find . -type d | xargs chmod 775.

The problem is you may not want to waste alot of time trial-and-erroring the opening of permissions and just make the whole webroot writeable and then return to the permissions you had set earlier.

So I was wondering if there was a utility to snapshot permissions, temporarily change permissions or ownership, and restore them once you had finished with the update process.

I Googled but didn't find a Linux Utility that matched my search terms. So I wrote my own in Perl. https://github.com/jmcd73/directory-perm-save-and-restore

A perl script that finds all the files/folders in the current directory and below and then stores that in a file with the format:

file_or_directory_name_and_path:perms:uid:gid

e.g.

./pdf/Tax Invoice 70089 for NET12 from JMITS.pdf:0644:501:80

When you run perm_saver.pl store it writes the file with the current permissions. When you run the script with the perm_saver.pl restore argument it will reset it all back to what it was when you ran the script with the store argument

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.