Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-05-2010, 03:12 PM   #1
LQ Newbie
Registered: Jul 2010
Posts: 2

Rep: Reputation: 0
Script for discovering improper permissions

I am trying to determine best method for monitoring filesystem for invalid file permissions, 777 or on NFS share but owned by root etc. Any suggestions? Thanks!
Old 08-05-2010, 04:00 PM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
The definition of "best" depends on what causes invalid permissions and what the effect will be. For instance if directories and files are read-only, are created once a night by automated exports and are only accessible by a select group of authorized users then running a post-export checking script could do. However if directory names are created on the fly by human users and need to be corrected immediately then you obviously need to detect and respond likewise. Your method of implementing watches depends on what the file system can handle: as far as I understand NFS protocol (which is decidedly limited) it doesn't hand out file descriptors directly but some kind of "reference". Practically speaking NFSv4.1 has "directory notifications" so dnotify() could work (but then again the "modern" inotify variety won't AFAIK), file descriptors (like fopen) get logged so an Auditd watch (or FUSE LoggedFS) may or may not work and need to be paired with a real-time script to hand off changing permissions (in a sensible and error-free way). Maybe one of the NFS gurus could chip in their POV?..
Old 08-13-2010, 09:37 AM   #3
LQ Newbie
Registered: Jul 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Senisible and error free

Thanks! I am looking into notify (new one for me) but currently, there are some major apps that are not playing well here and I am working with vendor on that solution, but meantime there are a lot of user created violations that I spend a lot of time trying to fix. A "sensible and error free" script is what I want. Problem is, we are a NetApps shop and do not want to alter file in such a way that triggers backup prematurely.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Discovering Script Directory Path WayneK Programming 9 07-14-2008 09:18 AM
Discovering IP address XavierOnassis Linux - General 8 02-14-2008 03:24 PM
Modify Perl script to work with txt - Permissions script joangopan Programming 4 09-14-2007 09:20 PM
discovering hosts splat Linux - Networking 1 09-24-2003 08:58 AM
Discovering your version... Stephanie Linux - General 4 01-09-2002 08:21 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:13 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration