==== Example 1 ====
#!/bin/ksh93
#set -x
# save previous file permissions in a file that can be executer to recover permissions
# support for stick bit on files or folder
logpath=./logs
DATE=$(date "+%Y%m%d-%H%M%S")
list_files=$logpath/list_files.txt
tmpfile=$logpath/tmpfile
recover_perm=$logpath/recover_file_permissions.$DATE.txt
new_perm=$logpath/new_file_permissions.txt
convert_perm_file ()
{
for file in $(ls $*)
do
if [ -f $file ]
then
ls -l $file | awk 'BEGIN {
v["r1"]=400; v["w2"]=200; v["x3"]=100; v["s3"]=4100; v["S3"]=4000
v["r4"]=40 ; v["w5"]=20 ; v["x6"]=10 ; v["s6"]=2010; v["S6"]=2000
v["r7"]=4 ; v["w8"]=2 ; v["x9"]=1 ; v["t9"]=1001; v["T9"]=1000}
{val=0
for (i=1;i<=9;i++) val=val+v[substr($0,i+1,1)i]
printf "%4d %s\n",val,$NF}' > $tmpfile
usr=$(ls -l $file | awk '{print $3"."$4}')
perm1=$(cat $tmpfile | awk '{print $1}')
echo "chown $usr $file" >> $recover_perm
echo "chmod $perm1 $file" >> $recover_perm
fi
done
}
convert_perm_dir ()
{
dir=$(echo $1)
ls -ld $dir | awk 'BEGIN {
v["r1"]=400; v["w2"]=200; v["x3"]=100; v["s3"]=4100; v["S3"]=4000
v["r4"]=40 ; v["w5"]=20 ; v["x6"]=10 ; v["s6"]=2010; v["S6"]=2000
v["r7"]=4 ; v["w8"]=2 ; v["x9"]=1 ; v["t9"]=1001; v["T9"]=1000}
{val=0
for (i=1;i<=9;i++) val=val+v[substr($0,i+1,1)i]
printf "%4d %s\n",val,$NF}' > $tmpfile
usr=$(ls -ld $dir | awk '{print $3"."$4}')
perm1=$(cat $tmpfile | awk '{print $1}')
echo "chown $usr $dir" >> $recover_perm
echo "chmod $perm1 $dir" >> $recover_perm
}
cat << EOF > $list_files
f /usr/bin/rcp root system 000
f /usr/bin/rlogin root bin 000
f /usr/bin/rsh root system 000
f /usr/sbin/rlogind root system 000
f /usr/sbin/rshd root system 000
f /usr/sbin/tftpd root system 000
f /etc/ssh/sshd_config root system 600
f /etc/ssh/ssh_config root system 644
f /etc/security/passwd root security 600
d /etc/security root security 750
f /etc/group root security 644
f /etc/passwd root security 644
d /etc/security/audit root audit 750
d /audit audit audit 750
f /root/smit.log root system 640
f /var/adm/cron/log root cron 660
f /var/adm/cron/cron.allow 640
f /var/adm/cron/at.allow bin cron 640
d /var/spool/cron/crontabs root cron 770
f /etc/motd bin bin 444
#f /var/adm/ras/* - - o-r
f /var/ct/RMstart.log root system 640
f /var/tmp/dpid2.log root system 640
f /var/tmp/hostmibd.log root system 640
f /var/tmp/snmpd.log root system 640
d /var/adm/sa adm adm 766
EOF
printf "\E[32;1m""# Before change""$1\E[0m\n" > $recover_perm
printf "\E[32;1m""# After change""$1\E[0m\n" > $new_perm
cat $list_files | while read type full owner group perm
do
if [ $type = "f" ]
then
if [ -f $full ]
then
echo "chown $owner.$group $full" >> $new_perm
echo "chmod $perm $full" >> $new_perm
convert_perm_file "$full"
fi
else
if [ $type = "d" ]
then
echo "chown $owner.$group $full" >> $new_perm
echo "chmod $perm $full" >> $new_perm
convert_perm_dir "$full"
fi
fi
done
sdiff -w 200 $recover_perm $new_perm
echo;printf "\E[32;1m""The file to change all permissions is $new_perm"" - $1\E[0m\n"
echo "\033[0;31m\033[1mTo change\033[0m"
sdiff -w 200 $recover_perm $new_perm | grep '|' | cut -d'|' -f2-
==== Example 2 ====
#!/bin/bash
# This script will create files that can be executed to recover unix rights
# On AIX use /opt/freeware/bin/find
TMPDIR=/tmp
FIND=/usr/bin/find
read_perm ()
{
for obj in boot dev etc home media mnt opt proc root run software srv sys tmp usr var
do
echo "#Reading /$obj"
$FIND /$obj -depth -printf '%m:%u:%g:%p\0:\n' > $TMPDIR/$obj.rights
done
}
create_scr ()
{
for file1 in $(ls $TMPDIR/*.rights)
do
echo "#Processing $file1"
cat $file1 | sed 's/\ /\|/g' | sed -e 's/:/\ /1' -e 's/:/\ /1' -e 's/:/\ /1' | while read p u g f
do
f1=$(echo $f | rev | cut -c1- | rev | sed 's/|/\ /g')
echo "chmod $p $f1; chown $u.$g $f1"
done > $file1.restore
done
}
read_perm
create_scr