Linux Filesystem Permissions Watcher
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.

1.7 KiB


permatcher is a daemon to reset linux filesystem permissions. It's clearly a technical solution for a social problem: Many users do a chmod 777 "because it solves the problem". chmoding a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (777 is actually 0777 which drops the setgid bit for example).

I finally gave up explaining why its bad to do chmod 777 and decided to just reset the permissions.


permwatcher needs

  • Python 3.x (2.7 may work, but haven't tested with)
  • pyinotify


The permwatcher daemon is controlled by a single configuration file, typically installed in /etc/permwatcher.cfg.

The configuration file contains one ore more sections. A minimal configuration section looks like this:

directories = /var/www

The name of the section doesn't really matter - it's just an identifier. The directories option takes a space-separated list of directories to watch for changes.

Other options:

  • exclude: Space-separated glob patterns. Objects matching one of these patterns will be ignored by pyinotify.
  • remove_file_masks: Name of masks from the stat module to remove from files. Defaults to S_IXUSR S_IXGRP S_IWOTH S_IXOTH
  • remove_dir_masks: Name of masks from the stat module to remove from directories. Defaults to S_IWOTH
  • keep_setgid: re-add the setgid bit if it is set on the parent directory
  • keep_setuid: re-add the setuid bit if it is set on the parent directory