check file permissions in a script

cambie · 09-17-2004, 11:09 AM

I am working on some scripts that will be run to make sure certain files are set to the right permission within a RHEL2.1AS system. Is there any program that will return a file or directory's permission settings in the format of 766 or similar? I could hack away at an ls -ls output with text editing commands to dig out the permissions on drwxrwxrwx format, but there's gotta be a better way. Any help?

zulfilee · 09-17-2004, 11:32 AM

Go for
stat filename

stat -c %a Filename
- For octal values i.e 644 etc

stat -c %A filename
- for human readable values rwx

Cheers
Z

Tinkster · 09-17-2004, 11:47 AM

find -printf "%m\t%P\n"

Cheers,
Tink

cambie · 09-20-2004, 09:01 AM

forgive me if I am showing my "newbieness" here, but I can't get either of those commands to work. the stat command seems like exactly what I need, except that when I run it as instructed, I get an error saying the -c option is invalid. All the other options give me so much output i'd still have to do alot of parsing to get the info I need. Did I mess something up or is there another option?

zulfilee · 09-20-2004, 10:11 AM

First tell me what shell are you using ?

And its stat -c [small case not upper case]

Also try

man stat

to get the exact syntax

Cheers
Z

Tinkster · 09-20-2004, 03:21 PM

This may be a silly question, but if you only
want to make sure that certain files do have certain
permissions, why do you need to check them
first? :} ... It would be enough to set the script
up to just force them ;)

Cheers,
Tink

cambie · 09-20-2004, 03:35 PM

i'm using a bash shell. The man page for stat only lists the options as -l, f, v, and t as options, all lowercase. I'm not sure what the c options is suppose to give me, but I just realized what I was doing with the find command and have gotten thatt to work. Problem solved i suppose.

cambie · 09-21-2004, 02:16 PM

Quote:

Originally posted by Tinkster
This may be a silly question, but if you only
want to make sure that certain files do have certain
permissions, why do you need to check them
first? :} ... It would be enough to set the script
up to just force them

Cheers,
Tink

the script is being written to test security compliance. According to guidelines, certain files, such as /etc/passwd are to be set to a certain mode. Natually, the default is correct on most installs, but i'd like for the script to check anyway just in case somehow something changed it.

Tinkster · 09-21-2004, 02:40 PM

In that case (auditing) you probably want to be looking
at tripwire or AIDE, or would that be overkill?

Cheers,
Tink

zulfilee · 09-22-2004, 12:13 AM

But tripwire will give you enough data to make you crazy.
Even miniscule changes will be reported and you`ll not get what you exactly need
such as permission of file changed .etc. [ If thats the only thing you are looking forward to do]

Cheers
Z