jperms.pl
recursively set permissions and ownerships according to pattern rules
OPTIONS
jperms.pl [options]
Options:
-dir {dir} directory to descend
-file {file} permission rules file
-no_change don't make changes, just show what would change
-verbosity repeat to increase
-man full documentation
-help|-? help
Note: options can be abbreviated, e.g. -f instead of -file.
DESCRIPTION
jperms.pl descends the specified directory tree applying permissions and ownerships to each file or directory found according to a set of permission rules.
PERMISSION RULES
Permission rules are specified as lines in a file, optionally preceded by whitespace. Lines starting with a '#' are treated as comments and ignored.
Each line consists of 5 fields separated by whitespace:
pattern owner group dir_mode file_mode
A value of '-' for any field except pattern means the field should be ignored and the corresponding attribute for a matching file is to remain un-altered.
- pattern
-
- pattern is a regex (NOT a fileglob!) to be matched against each path found during the tree descent.
- patterns are automatically surrounded by ^ and $ when matching; a pattern must match the whole of the current path (not just part of it).
- file paths include the start directory exactly as specified on the command line, so a pattern to match a relative top level directory (e.g. "./dir") must also match the dot (".") at the start of the path (e.g. with "\./dir")
- paths are compared against each pattern in turn (in order) until the first match is found. Permissions are then applied to the matchedd path as per the rule, and process continues with the next file or directory.
- owner and group
-
- must be names; numeric ids are not supported
- an owner or group which does not exist on the host will cause an error message to be printed and the field will have no effect, i.e. it will be treated as if it were '-'
- files with numeric owner or group ids (i.e. the user or group does not exist on the host), are treated like any other file; i.e. new owner and/or group will be applied as normal if a rules matches.
- dir_mode and file_mode
-
- both specify absolute permissions and are not applied through any kind of mask.
- must be octal; leading zero is not required
- a value of 0 (or any string which evaluates to zero when converted to a number) is treated as a '-'
- dir_mode is only ever applied to directories, and file_mode is only applied to files
OUTPUT
By default jperms.pl prints only a summary upon completion with the following details:
- inspected: the number of objects (files or directories) inspected
- changed: the number of objects changed. Note: change of owner, group or mode, or all three counts as a single change
- failed: the number of objects on which a changed failed. Note: failure to chmod or chown (or both) counts as a single failure
- pending: the number of objects which need to be changed, but weren't changed either due to error or -no_change mode.
Other output is controlled by the -verbosity level:
0 summary
1 objects & changes needed
2 all objects (even if no change required)
3 commands used to make changes
3 permission rules
4 debug (patterns, current/target perms, filename)
5 internal data structures
EXAMPLE
Example rules.txt file:
# pattern owner group dmode fmode
\./test/data.*/proj/cards appuser grp2 770 -
\./test/data.*/proj/r/r_import appuser grp2 770 -
\./test/data.*/proj/outbound appuser adm 2770 -
\./test/data.*/proj/.*/inbox appuser grp2 770 -
\./test/data.*/proj/[^/]+ appuser grp2 750 -
\./test/data[^/]*/proj appuser adm 750 -
\./test/data.*/tws/logs appuser grp2 770 -
\./test/data.*/tws appuser grp2 750 -
\./test/data.*/logs appuser grp2 770 -
\./test/data.*/scripts root adm 750 -
\./test/data.* appuser grp2 770 660
\./test/.* - - - -
\./test appuser appgrp 775 -
Run the above permission rules recursively to directory ./test in -no_change mode, i.e. report the changes needed without making any changes:
jperms.pl -f patterns.txt -d ./test -n
Sample output (suitable for parsing as CSV):
type,path,mode,owner,group
d,./test/data,mode(0775->0770),,
d,./test/data/scripts,mode(0777->0750),,group(docker->kvm)
d,./test/data/proj,mode(0776->0750),,
d,./test/data/proj/r,mode(0777->0750),,
d,./test/data/proj/r/r_import,mode(0777->0770),,group(john->docker)
f,./test/data/proj/r/r_import/f1,mode(0777->0660),,
d,./test/data/tws,mode(0777->0750),,
d,./test/data/tws/logs,mode(0677->0770),,
d,./test/data-2,mode(0757->0770),,
Summary: inspected=11, changed=0, failed=0, pending=9