Linux Filesystem Permissions Watcher
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
Johann Schmitz c8d1997e72
Fixed imports, added
doc Added example config; add syslog/console logging option 5年前
src/permwatcher Fixed imports, added 5年前
.gitignore Initial setup 5年前
LICENSE.txt Initial setup 5年前 Added 5年前 Fixed imports, added 5年前


permatcher is a daemon to reset linux filesystem permissions. It's clearly a technical solution for a social problem: Many users do a chmod 777 “because it solves the problem”. chmoding a file to 777 not only opens a big security hole, but also cause any other file system permission bits to be dropped (777 is actually 0777 which drops the setgid bit for example).

I finally gave up explaining why its bad to do chmod 777 and decided to just reset the permissions.


permwatcher needs

  • Python 3.x (2.7 may work, but haven't tested with)
  • pyinotify


The permwatcher daemon is controlled by a single configuration file, typically installed in /etc/permwatcher.cfg.

The configuration file contains one ore more sections. A minimal configuration section looks like this:

directories = /var/www

The name of the section doesn't really matter - it's just an identifier. The directories option takes a space-separated list of directories to watch for changes.

Other options:

  • exclude: Space-separated glob patterns. Objects matching one of these patterns will be ignored by pyinotify.
  • remove_file_masks: Name of masks from the stat module to remove from files. Defaults to S_IXUSR S_IXGRP S_IWOTH S_IXOTH
  • remove_dir_masks: Name of masks from the stat module to remove from directories. Defaults to S_IWOTH
  • keep_setgid: re-add the setgid bit if it is set on the parent directory
  • keep_setuid: re-add the setuid bit if it is set on the parent directory