|
6 years ago | |
---|---|---|
doc | 6 years ago | |
src/permwatcher | 6 years ago | |
.gitignore | 6 years ago | |
LICENSE.txt | 6 years ago | |
README.md | 6 years ago | |
setup.py | 6 years ago |
README.md
permwatcher
permatcher is a daemon to reset linux filesystem permissions. It's clearly a technical solution for a social problem: Many users do a chmod 777
"because it solves the problem". chmod
ing a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (777
is actually 0777
which drops the setgid bit for example).
I finally gave up explaining why its bad to do chmod 777
and decided to just reset the permissions.
requirements
permwatcher
needs
- Python 3.x (2.7 may work, but haven't tested with)
- pyinotify
Usage
The permwatcher daemon is controlled by a single configuration file, typically installed in /etc/permwatcher.cfg
.
The configuration file contains one ore more sections. A minimal configuration section looks like this:
[webroots]
directories = /var/www
The name of the section doesn't really matter - it's just an identifier.
The directories
option takes a space-separated list of directories to watch for changes.
Other options:
exclude
: Space-separated glob patterns. Objects matching one of these patterns will be ignored by pyinotify.remove_file_masks
: Name of masks from the stat module to remove from files. Defaults toS_IXUSR S_IXGRP S_IWOTH S_IXOTH
remove_dir_masks
: Name of masks from the stat module to remove from directories. Defaults toS_IWOTH
keep_setgid
: re-add the setgid bit if it is set on the parent directorykeep_setuid
: re-add the setuid bit if it is set on the parent directory