Johann Schmitz
c8d1997e72
Fixed imports, added setup.py
|
4 years ago | |
|---|---|---|
| doc | 4 years ago | |
| src/permwatcher | 4 years ago | |
| .gitignore | 4 years ago | |
| LICENSE.txt | 4 years ago | |
| README.md | 4 years ago | |
| setup.py | 4 years ago |
README.md
permwatcher
permatcher is a daemon to reset linux filesystem permissions. It’s clearly a technical solution for a social problem: Many users do a chmod 777 “because it solves the problem”. chmoding a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (777 is actually 0777 which drops the setgid bit for example).
I finally gave up explaining why its bad to do chmod 777 and decided to just reset the permissions.
requirements
permwatcher needs
- Python 3.x (2.7 may work, but haven’t tested with)
- pyinotify
Usage
The permwatcher daemon is controlled by a single configuration file, typically installed in /etc/permwatcher.cfg.
The configuration file contains one ore more sections. A minimal configuration section looks like this:
[webroots]
directories = /var/www
The name of the section doesn’t really matter - it’s just an identifier.
The directories option takes a space-separated list of directories to watch for changes.
Other options:
exclude: Space-separated glob patterns. Objects matching one of these patterns will be ignored by pyinotify.remove_file_masks: Name of masks from the stat module to remove from files. Defaults toS_IXUSR S_IXGRP S_IWOTH S_IXOTHremove_dir_masks: Name of masks from the stat module to remove from directories. Defaults toS_IWOTHkeep_setgid: re-add the setgid bit if it is set on the parent directorykeep_setuid: re-add the setuid bit if it is set on the parent directory