wiki

<box 100% blue |root@nim - /root/scripts # cat save_file_permissions.sh></box>

#!/bin/ksh93
#set -x
# save previous file permissions in a file that can be executer to recover permissions
# support for stick bit on files or folder

logpath=./logs
DATE=$(date "+%Y%m%d-%H%M%S")
list_files=$logpath/list_files.txt
tmpfile=$logpath/tmpfile
recover_perm=$logpath/recover_file_permissions.$DATE.txt
new_perm=$logpath/new_file_permissions.txt

convert_perm_file ()
{
for file in $(ls $*)
do
  if [ -f $file ]
  then
  ls -l $file | awk 'BEGIN {
v["r1"]=400; v["w2"]=200; v["x3"]=100; v["s3"]=4100; v["S3"]=4000
v["r4"]=40 ; v["w5"]=20 ; v["x6"]=10 ; v["s6"]=2010; v["S6"]=2000
v["r7"]=4  ; v["w8"]=2  ; v["x9"]=1  ; v["t9"]=1001; v["T9"]=1000}
{val=0
    for (i=1;i<=9;i++) val=val+v[substr($0,i+1,1)i]
    printf "%4d %s\n",val,$NF}' > $tmpfile
    usr=$(ls -l $file | awk '{print $3"."$4}')
    perm1=$(cat $tmpfile | awk '{print $1}')
    echo "chown $usr $file" >> $recover_perm
    echo "chmod $perm1 $file" >> $recover_perm
  fi
done
}

convert_perm_dir ()
{
dir=$(echo $1)
ls -ld $dir | awk 'BEGIN {
v["r1"]=400; v["w2"]=200; v["x3"]=100; v["s3"]=4100; v["S3"]=4000
v["r4"]=40 ; v["w5"]=20 ; v["x6"]=10 ; v["s6"]=2010; v["S6"]=2000
v["r7"]=4  ; v["w8"]=2  ; v["x9"]=1  ; v["t9"]=1001; v["T9"]=1000}
{val=0
    for (i=1;i<=9;i++) val=val+v[substr($0,i+1,1)i]
    printf "%4d %s\n",val,$NF}' > $tmpfile
    usr=$(ls -ld $dir | awk '{print $3"."$4}')
    perm1=$(cat $tmpfile | awk '{print $1}')
    echo "chown $usr $dir" >> $recover_perm
    echo "chmod $perm1 $dir" >> $recover_perm
}

cat << EOF > $list_files
f /usr/bin/rcp root system 000
f /usr/bin/rlogin root bin 000
f /usr/bin/rsh root system 000
f /usr/sbin/rlogind root system 000
f /usr/sbin/rshd root system 000
f /usr/sbin/tftpd root system  000
f /etc/ssh/sshd_config root system 600
f /etc/ssh/ssh_config root system 644
f /etc/security/passwd root security 600
d /etc/security root security 750
f /etc/group root security 644
f /etc/passwd root security 644
d /etc/security/audit root audit 750
d /audit audit audit 750
f /root/smit.log root system 640
f /var/adm/cron/log root cron 660
f /var/adm/cron/cron.allow 640
f /var/adm/cron/at.allow bin cron 640
d /var/spool/cron/crontabs root cron 770
f /etc/motd bin bin 444
#f /var/adm/ras/* - - o-r
f /var/ct/RMstart.log root system 640
f /var/tmp/dpid2.log root system 640
f /var/tmp/hostmibd.log root system 640
f /var/tmp/snmpd.log root system 640
d /var/adm/sa adm adm 766
EOF

printf "\E[32;1m""# Before change""$1\E[0m\n" > $recover_perm
printf "\E[32;1m""# After change""$1\E[0m\n" > $new_perm
cat $list_files | while read type full owner group perm
do
  if [ $type = "f" ]
  then
    if [ -f $full ]
    then
      echo "chown $owner.$group $full" >> $new_perm
      echo "chmod $perm $full" >> $new_perm
      convert_perm_file "$full"
    fi
  else
    if [ $type = "d" ]
    then
      echo "chown $owner.$group $full" >> $new_perm
      echo "chmod $perm $full" >> $new_perm
      convert_perm_dir "$full"
    fi
  fi
done

sdiff -w 200 $recover_perm $new_perm
echo;printf "\E[32;1m""The file to change all permissions is $new_perm"" - $1\E[0m\n"

echo "\033[0;31m\033[1mTo change\033[0m"
sdiff -w 200 $recover_perm $new_perm | grep '|' | cut -d'|' -f2-

<box 100% blue |root@nim - /root/scripts # cat save_file_permissions2.sh></box>

#!/bin/bash
# This script will create files that can be executed to recover unix rights
# On AIX use /opt/freeware/bin/find

TMPDIR=/tmp
FIND=/usr/bin/find
read_perm ()
{
for obj in boot dev etc home media mnt opt proc root run software srv sys tmp usr var
do
  echo "#Reading /$obj"
  $FIND /$obj -depth -printf '%m:%u:%g:%p\0:\n' > $TMPDIR/$obj.rights
done
}

create_scr ()
{
for file1 in $(ls $TMPDIR/*.rights)
do
  echo "#Processing $file1"
  cat $file1 | sed 's/\ /\|/g' | sed -e 's/:/\ /1' -e 's/:/\ /1' -e 's/:/\ /1' | while read p u g f
  do
    f1=$(echo $f | rev | cut -c1- | rev | sed 's/|/\ /g')
    echo "chmod $p $f1; chown $u.$g $f1" 
  done > $file1.restore
done
}

read_perm
create_scr