/jperms

recursively set permissions and ownerships according to pattern rules

Primary LanguagePerlGNU General Public License v2.0GPL-2.0

jperms.pl

recursively set permissions and ownerships according to pattern rules

OPTIONS

jperms.pl [options]

Options:
  -dir {dir}      directory to descend
  -file {file}    permission rules file
  -no_change      don't make changes, just show what would change
  -verbosity      repeat to increase
  -man            full documentation
  -help|-?        help

Note: options can be abbreviated, e.g. -f instead of -file.

DESCRIPTION

jperms.pl descends the specified directory tree applying permissions and ownerships to each file or directory found according to a set of permission rules.

PERMISSION RULES

Permission rules are specified as lines in a file, optionally preceded by whitespace. Lines starting with a '#' are treated as comments and ignored.

Each line consists of 5 fields separated by whitespace:

pattern   owner   group   dir_mode   file_mode

A value of '-' for any field except pattern means the field should be ignored and the corresponding attribute for a matching file is to remain un-altered.

pattern

- pattern is a regex (NOT a fileglob!) to be matched against each path found during the tree descent.

- patterns are automatically surrounded by ^ and $ when matching; a pattern must match the whole of the current path (not just part of it).

- file paths include the start directory exactly as specified on the command line, so a pattern to match a relative top level directory (e.g. "./dir") must also match the dot (".") at the start of the path (e.g. with "\./dir")

- paths are compared against each pattern in turn (in order) until the first match is found. Permissions are then applied to the matchedd path as per the rule, and process continues with the next file or directory.

owner and group

- must be names; numeric ids are not supported

- an owner or group which does not exist on the host will cause an error message to be printed and the field will have no effect, i.e. it will be treated as if it were '-'

- files with numeric owner or group ids (i.e. the user or group does not exist on the host), are treated like any other file; i.e. new owner and/or group will be applied as normal if a rules matches.

dir_mode and file_mode

- both specify absolute permissions and are not applied through any kind of mask.

- must be octal; leading zero is not required

- a value of 0 (or any string which evaluates to zero when converted to a number) is treated as a '-'

- dir_mode is only ever applied to directories, and file_mode is only applied to files

OUTPUT

By default jperms.pl prints only a summary upon completion with the following details:

- inspected: the number of objects (files or directories) inspected

- changed: the number of objects changed. Note: change of owner, group or mode, or all three counts as a single change

- failed: the number of objects on which a changed failed. Note: failure to chmod or chown (or both) counts as a single failure

- pending: the number of objects which need to be changed, but weren't changed either due to error or -no_change mode.

Other output is controlled by the -verbosity level:

0 summary
1 objects & changes needed
2 all objects (even if no change required)
3 commands used to make changes
3 permission rules
4 debug (patterns, current/target perms, filename)
5 internal data structures

EXAMPLE

Example rules.txt file:

# pattern                      owner   group  dmode  fmode

\./test/data.*/proj/cards      appuser grp2    770   -
\./test/data.*/proj/r/r_import appuser grp2    770   -
\./test/data.*/proj/outbound   appuser adm    2770   -
\./test/data.*/proj/.*/inbox   appuser grp2    770   -
\./test/data.*/proj/[^/]+      appuser grp2    750   -
\./test/data[^/]*/proj         appuser adm     750   -
\./test/data.*/tws/logs        appuser grp2    770   -
\./test/data.*/tws             appuser grp2    750   -
\./test/data.*/logs            appuser grp2    770   -
\./test/data.*/scripts         root    adm     750   -
\./test/data.*                 appuser grp2    770   660
\./test/.*                     -       -       -     -
\./test                        appuser appgrp  775   -

Run the above permission rules recursively to directory ./test in -no_change mode, i.e. report the changes needed without making any changes:

jperms.pl -f patterns.txt -d ./test -n

Sample output (suitable for parsing as CSV):

type,path,mode,owner,group
d,./test/data,mode(0775->0770),,
d,./test/data/scripts,mode(0777->0750),,group(docker->kvm)
d,./test/data/proj,mode(0776->0750),,
d,./test/data/proj/r,mode(0777->0750),,
d,./test/data/proj/r/r_import,mode(0777->0770),,group(john->docker)
f,./test/data/proj/r/r_import/f1,mode(0777->0660),,
d,./test/data/tws,mode(0777->0750),,
d,./test/data/tws/logs,mode(0677->0770),,
d,./test/data-2,mode(0757->0770),,
Summary: inspected=11, changed=0, failed=0, pending=9