Browse Source

Added README.md

master
Johann Schmitz 6 years ago
parent
commit
d7e3372d8b
Signed by: ercpe GPG Key ID: A084064277C501ED
  1. 34
      README.md

34
README.md

@ -0,0 +1,34 @@
# permwatcher
permatcher is a daemon to reset linux filesystem permissions. It's clearly a technical solution for a social problem: Many users do a `chmod 777` "because it solves the problem". `chmod`ing a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (`777` is actually `0777` which drops the setgid bit for example).
I finally gave up explaining why its bad to do `chmod 777` and decided to just reset the permissions.
## requirements
`permwatcher` needs
* Python 3.x (2.7 may work, but haven't tested with)
* pyinotify
## Usage
The permwatcher daemon is controlled by a single configuration file, typically installed in `/etc/permwatcher.cfg`.
The configuration file contains one ore more sections. A minimal configuration section looks like this:
[webroots]
directories = /var/www
The name of the section doesn't really matter - it's just an identifier.
The `directories` option takes a space-separated list of directories to watch for changes.
Other options:
* `exclude`: Space-separated [glob patterns](https://docs.python.org/3.4/library/glob.html). Objects matching one of these patterns will be ignored by pyinotify.
* `remove_file_masks`: Name of masks from the [stat module](https://docs.python.org/3.4/library/stat.html) to remove from files. Defaults to `S_IXUSR S_IXGRP S_IWOTH S_IXOTH`
* `remove_dir_masks`: Name of masks from the [stat module](https://docs.python.org/3.4/library/stat.html) to remove from directories. Defaults to `S_IWOTH`
* `keep_setgid`: re-add the setgid bit if it is set on the parent directory
* `keep_setuid`: re-add the setuid bit if it is set on the parent directory