Linux:Zugriffsrechte:Kopieren

Aus ITWiki
Zur Navigation springen Zur Suche springen

Here is a tip on how to backup file permissions in Linux using getfacl. This is very useful technique if you want to prevent someone or you to change file permissions of certain set of files or directories. By using a getfacl command we can take a snapshot of file permissions :

getfacl -R /var/www/myweb > permissions.acl

This will backup permissions of all files and directories within /var/www/myweb and myweb directory itself. -R ensures that the /var/www/myweb will be traversed recursively to include all files and directories.

Now, that we have set of permissions stored in a single file permissions.acl we can restore them by:

setfacl --restore=permissions.acl

Since file permissions.acl contains a full path to all files and directories within /var/www/myweb there is no need to specify where a path to where permissions should be restored.

The following two commands getfacl and setfacl are very handy tools as they allow Linux administrators to take a snapshot of any current permissions settings of any directory and if needed re-apply those permissions back recursively. Let's have a look at the following example:

$ tree -p
.
├── [dr---w----]  dir1
│   └── [drwxr-xr-x]  dir2
│       ├── [dr--r-xrw-]  dir3
│       └── [---x--x--x]  file1
├── [drwxr-xr-x]  dir4
│   └── [-rw-r--r--]  file3
└── [-rwxrwxrwx]  file2

4 directories, 3 files

The above output list all files and directories in a tree like structure along with all relevant permissions for each file and directory. Now we use getfacl command in order to make a backup of all permissions for each file and directory:

$ getfacl -R . > permissions_backup

The above command saved all permissions including an ownership for each file and directory recursively into a file called permissions_backup.

# cat permissions_backup 
# file: .
# owner: lubos
# group: lubos
user::rwx
group::r-x
other::r-x

# file: file2
# owner: lubos
# group: lubos
user::rwx
group::rwx
other::rwx

# file: dir4
# owner: lubos
# group: lubos
user::rwx
group::r-x
other::r-x

# file: dir4/file3
# owner: lubos
# group: lubos
user::rw-
group::r--
other::r--

# file: dir1
# owner: lubos
# group: lubos
user::r--
group::-w-
other::---

# file: dir1/dir2
# owner: lubos
# group: lubos
user::rwx
group::r-x
other::r-x

# file: dir1/dir2/dir3
# owner: lubos
# group: lubos
user::r--
group::r-x
other::rw-

# file: dir1/dir2/file1
# owner: lubos
# group: lubos
user::--x
group::--x
other::--x

Next, we change all permissions:

$ chmod -R 777 .
$ tree -p
.
├── [drwxrwxrwx]  dir1
│   └── [drwxrwxrwx]  dir2
│       ├── [drwxrwxrwx]  dir3
│       └── [-rwxrwxrwx]  file1
├── [drwxrwxrwx]  dir4
│   └── [-rwxrwxrwx]  file3
├── [-rwxrwxrwx]  file2

As we can see all permissions are changed and now we can use setfacl command along with our permissions backup file generated previously to restore former permission settings:

$ setfacl --restore=permissions_backup 
$ tree -p
.
├── [dr---w----]  dir1
│   └── [drwxr-xr-x]  dir2
│       ├── [dr--r-xrw-]  dir3
│       └── [---x--x--x]  file1
├── [drwxr-xr-x]  dir4
│   └── [-rw-r--r--]  file3
├── [-rwxrwxrwx]  file2

Quellen