Check file permissions and ownership and set it back to default values
Hello All,
Today I asked myself if there is any way to check the file permissions and ownerships on my system, compare them to the values from point of installation and reset them if needed.
I thought about the following case. When installing a RPM-Package which installs libraries and configuration files the initial file mode and ownership is specified in the RPM. If someone is messing up with chmod and chown I could get into some trouble if files in /etc or /usr for example were changed. In this case I would like to have some mechanism or tool to check which files differ from the default values and reset them.
Do somebody know if there already is such a mechanism? If not, is it worth to write a RFE to get it?
I'm not sure if there was a case discussing this topic, already. But I could not find it. So if there is already a thread, please point my nose to it.
Best regards,
Joerg
Responses
hello
to check which files have changed comparing to initial installation; you can run: rpm -Va to get the package name for a file : rpm -qf /path/to/file/name to reset permissions for a package: rpm --setperms package_name to reset ownership for a package: rpm --setugids package_name to reset permissions and ownership for all installed packages: for packages in $(rpm -qa); do rpm --setperms $packages; done for packages in $(rpm -qa); do rpm --setugids $packages; done
In my opinion this safe to do for binary files and configurations (/etc , /usr , /bin /sbin) unless there a special customizations in the server. (you should take a backup first )
best regards Lotfi
Guru
9715 points
Hi Jörg,
Maybe this Knowledgebase article provides the solution you are looking for ... hope I pointed your nose into the right direction. :)
Regards,
Christian
Expert
1228 points
Thanks for your replies,
The commands Lotfi posted were those I was looking for. Thanks Christian for the KB article. It covers a part of my question and gives you the right idea where to look for further information. With that information I got to some easier commands to fix all packages:
rpm --setperms -a
rpm --setugids -a
Thanks, Joerg
I noticed that the the yum plugin "yum-plugin-verify" is another nice one which can tell what files have got changed and what attribute etc,. with original details showing for comparison, which looks like an advanced version of "rpm -V" command:
[root@managed1 ~]# yum verify-all redhat-release-server
Loaded plugins: verify
==================== Installed Packages ====================
redhat-release-server.x86_64 : Red Hat Enterprise Linux Server release file
File: /etc/os-release
Tags: configuration
Problem: checksum does not match
Current: sha256:fb165f9336602db72686bd44b6aae8fd838534fe050cc9d49c0604915034e09a
Original: sha256:16b5fe059f9416bdbc55d2875d61b129893beeb897da9340d30efa8c48f054f6
--------
Problem: size does not match
Current: 483
Original: 507
--------
Problem: mtime does not match
Current: Fri Aug 18 13:46:00 2017 (165 days, 2:20:18 later)
Original: Mon Mar 6 11:25:42 2017
Error: verify-all done
[root@managed1 ~]# rpm -V redhat-release-server
S.5....T. c /etc/os-release
Need to install "yum-plugin-verify" to get this feature working.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.