Browse Source

Added README.md

tags/0.1
Johann Schmitz 5 years ago
parent
commit
d7e3372d8b
Signed by: ercpe <johann@j-schmitz.net> GPG Key ID: A084064277C501ED
1 changed files with 34 additions and 0 deletions
  1. +34
    -0
      README.md

+ 34
- 0
README.md View File

@@ -0,0 +1,34 @@
# permwatcher

permatcher is a daemon to reset linux filesystem permissions. It's clearly a technical solution for a social problem: Many users do a `chmod 777` "because it solves the problem". `chmod`ing a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (`777` is actually `0777` which drops the setgid bit for example).

I finally gave up explaining why its bad to do `chmod 777` and decided to just reset the permissions.

## requirements

`permwatcher` needs

* Python 3.x (2.7 may work, but haven't tested with)
* pyinotify


## Usage

The permwatcher daemon is controlled by a single configuration file, typically installed in `/etc/permwatcher.cfg`.

The configuration file contains one ore more sections. A minimal configuration section looks like this:

[webroots]
directories = /var/www

The name of the section doesn't really matter - it's just an identifier.
The `directories` option takes a space-separated list of directories to watch for changes.

Other options:

* `exclude`: Space-separated [glob patterns](https://docs.python.org/3.4/library/glob.html). Objects matching one of these patterns will be ignored by pyinotify.
* `remove_file_masks`: Name of masks from the [stat module](https://docs.python.org/3.4/library/stat.html) to remove from files. Defaults to `S_IXUSR S_IXGRP S_IWOTH S_IXOTH`
* `remove_dir_masks`: Name of masks from the [stat module](https://docs.python.org/3.4/library/stat.html) to remove from directories. Defaults to `S_IWOTH`
* `keep_setgid`: re-add the setgid bit if it is set on the parent directory
* `keep_setuid`: re-add the setuid bit if it is set on the parent directory


Loading…
Cancel
Save