Hi,

At my work we are using a SuseLinux box custom tailored to run various apps. We have this same image that gets loaded when we setup a new store then modify it to suit the new unique store.

Anyway, we update the software occasionally with an automatic update setup that opens the package, runs a permission fixing utility in a safe area, then copies the files to replace or add to the existing file structure.

The permission fixing utility we have right now needs to be reworked, and I was hoping to find a different way to go about this. our utility as it is is basically a shell script that manually sets permissions on a long list of files. What I am hoping to find is a utility that i can run on our basic gold image to create a template file. Then transfer that file to all the locations, and run a utility that will match permissions according to the template file. Is there already such a beast out there?

Thanks

If you update using package management then RPM should set the permissions, no need for further mucking about. So are you? Or are you running some homebrewn update kludge?

homebrew. we send the update, which can load sent data into the DB, deliver new code to compile or deliver non code files (OS changes). So we will need something that we can run to fix permissions across the board based on custom setups so i cant just use a standard utility that can fix Suse OS file permissions, i need to make a template I can update easily.

I've got no idea at all. Maybe it could help those here who have if you elaborate: are you talking about something like updates on in-store POS or suchlike systems? Are those systems remotely manageable? What percentage of an update is similar across systems? What are unique changes based on? Location? Software (version)? Please add anything else that you think could help your fellow LQ members help you.

Okay, I am speaking somewhat generally due to security constraints but ill try to give more specific information.

We have a customized two server setup (Primary and secondary) running suselinux. We have a gold image that every store begins as, and anything that makes it unique is going to be in a database (Progress) that runs the POS application. The database gets data updates daily, but that has nothing to do with this issue. Occasionally we will send an update down that delivers changes to code in the App, delivers shell script changes or binaries in and outside of the database directory. we do this by opening the archive in the database directory and any changes that need to go outside the database directory are located in a subdirectory inside the database directory, which we then copy to the / mounts after running a program to make sure the permissions match as they should be.

The script we use now is very cumbersome and I'm looking for something to replace it. The script was originally designed to only set permissions inside the database directory before anything that goes outside it is copied, so basically its a list of everything that we have so far added to the systems in an update. However this potentially could grow to include any file across the OS and any update where we have a change that isnt in this script already, it needs to be added to.

What im looking for is something I can use to build a template list of every file on the gold image (With permissions) and either
1) use a grep whenever files are delivered by updates to verify permissions from the template and correct if needed.
or
2) find a tool that can build and use this list to quickly correct/set permissions based on this template.
or
2) lock permissions across the OS based on the template and this way, I will only have to make changes if we need to specifically change permissions or add new files to the OS.

Thanks