|Johann Schmitz c8d1997e72||5 years ago|
|doc||5 years ago|
|src/permwatcher||5 years ago|
|.gitignore||5 years ago|
|LICENSE.txt||5 years ago|
|README.md||5 years ago|
|setup.py||5 years ago|
permatcher is a daemon to reset linux filesystem permissions. It’s clearly a technical solution for a social problem: Many users do a
chmod 777 “because it solves the problem”.
chmoding a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (
777 is actually
0777 which drops the setgid bit for example).
I finally gave up explaining why its bad to do
chmod 777 and decided to just reset the permissions.
The permwatcher daemon is controlled by a single configuration file, typically installed in
The configuration file contains one ore more sections. A minimal configuration section looks like this:
[webroots] directories = /var/www
The name of the section doesn’t really matter - it’s just an identifier.
directories option takes a space-separated list of directories to watch for changes.
exclude: Space-separated glob patterns. Objects matching one of these patterns will be ignored by pyinotify.
remove_file_masks: Name of masks from the stat module to remove from files. Defaults to
S_IXUSR S_IXGRP S_IWOTH S_IXOTH
remove_dir_masks: Name of masks from the stat module to remove from directories. Defaults to
keep_setgid: re-add the setgid bit if it is set on the parent directory
keep_setuid: re-add the setuid bit if it is set on the parent directory