Sunday, July 10, 2016

How to back up and restore file permissions on Linux

http://ask.xmodulo.com/backup-restore-file-permissions-linux.html

Question: I want to back up the file permissions of the local filesystem, so that if I accidentally mess up the file permissions, I can restore them to the original state. Is there an easy way to back up and restore file permissions on Linux?
You may have heard of a tragic mistake of a rookie sysadmin who accidentally typed "chmod -R 777 /" and wreaked havoc to his/her Linux system. Sure, there are backup tools (e.g., cp, rsync, etckeeper) which can back up files along with their file permissions. If you are using such backup tools, no worries about corrupted file permissions.
But there are cases where you want to temporarily back up file permissions alone (not files themselves). For example, you want to prevent the content of some directory from being overwritten, so you temporarily remove write permission on all the files under the directory. Or you are in the middle of troubleshooting file permission issues, so running chmod on files here and there. In these cases, it will be nice to be able to back up the original file permissions before the change, so that you can recover the original file permissions later when needed. In many cases, full file backup is an overkill when all you really want is to back up file permissions.
On Linux, it is actually straightforward to back up and restore file permissions using access control list (ACL). The ACL defines access permissions on individual files by different owners and groups on a POSIX-compliant filesystem.
Here is how to back up and restore file permissions on Linux using ACL tools.
First of all, make sure that you have ACL tools installed.
On Debian, Ubuntu or Linux Mint:
$ sudo apt-get install acl
On CentOS, Fedora or RHEL:
$ sudo yum install acl
To back up the file permissions of all the files in the current directory (and all its sub directories recursively), run the following command.
$ getfacl -R . > permissions.txt
This command will export ACL information of all the files into a text file named permissions.txt.

For example, the following is a snippet of permissions.txt generated from the directory shown in the screenshot.
# file: .
# owner: dan
# group: dan
user::rwx
group::rwx
other::r-x

# file: tcpping
# owner: dan
# group: dan
# flags: s--
user::rwx
group::rwx
other::r-x

# file: uda20-build17_1.ova
# owner: dan
# group: dan
user::rw-
group::rw-
other::r--
Now go ahead and change the file permissions as you want. For example:
$ chmod -R a-w .
To restore the original file permissions, go to the directory where permissions.txt was generated, and simply run:
$ setfacl --restore=permissions.txt
Verify that the original file permissions have been restored.
Download this article as ad-free PDF (made possible by your kind donation):  Download PDF

No comments:

Post a Comment