A tutorial on setting the permissions of backup and recovery files in Linux system

Time:2020-2-13

You may have heard or encountered such a thing: a rookie system administrator accidentally input “chmod-r 777 /” which led to a huge tragedy, causing serious damage to the whole system. In daily management, we have many tools to back up file permissions, such as CP, Rsync, etckeeper, etc. If you use this backup tool, you really don’t need to worry about changing file permissions.

But if you just want to temporarily back up the file permissions (rather than the file itself), for example, in order to prevent the contents of some directories from being overwritten, you need to temporarily remove all the file write permissions under the directory; or you need to Chmod the file during the process of removing the file permissions. In these cases, we can back up the original file before the permission changes, and restore the original permission later when we need it. In many cases, if you just want to back up the file permissions, then a full file backup is unnecessary.

On Linux, it’s actually easy to use access control lists (ACLS) to back up and restore file permissions. ACL defines the permissions of a single file on a POSIX compatible file system according to different owners and groups.

Here’s how to use the ACL tool to back up and restore file permissions for Linux

1. Install ACL tool

On Debian, Ubuntu, Linux MINT

Copy code

The code is as follows:

$ sudo apt-get install acl

On CentOS, Fedora, RHEL

Copy code

The code is as follows:

$ sudo yum install acl

2. Permission to back up all files in the current directory (including subdirectories)

Copy code

The code is as follows:

[[email protected]linuxprobe tmp]# ls -l

total 8
-rwxr–r–. 1 root root  0 Mar  3 04:40 install.txt
-rwxr-xr-x. 1 root root  0 Mar  3 04:41 linuxprobe.txt

Copy code

The code is as follows:

[[email protected] tmp]# getfacl -R . > permissions.txt


This command writes the ACL information of all files to the file named permissions.txt.

Here are some directory information in the generated permissions.txt file

Copy code

The code is as follows:

[[email protected] tmp]# cat permissions.txt

# file: .
# owner: root
# group: root
# flags: –t
user::rwx
group::rwx
other::rwx
# file: install.txt
# owner: root
# group: root
user::rwx
group::r–
other::r–
# file: linuxprobe.txt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: permissions.txt
# owner: root
# group: root
user::rw-
group::r–
other::r–

3. Modify the permissions of a file, such as linuxprobe.txt and install.txt

Copy code

The code is as follows:

[[email protected] tmp]# chmod 733 linuxprobe.txt
[[email protected] tmp]# chmod 573 install.txt
[[email protected] tmp]# ls -l

total 8
-r-xrwx-wx. 1 root root    0 Mar  3 04:40 install.txt
-rwx-wx-wx. 1 root root    0 Mar  3 04:41 linuxprobe.txt
-rw-r–r–. 1 root root 4361 Mar  3 04:41 permissions.txt
……

4. Restore the original authority

1) CD to the directory where permissions.txt was created
2) Execute the following command:

Copy code

The code is as follows:

setfacl –restore=permissions.txt

You can see that the permissions of linuxprobe.txt and install.txt are restored

Copy code

The code is as follows:

[[email protected] tmp]# setfacl –restore=permissions.txt
[[email protected] tmp]# ls -l

total 8
-rwxr–r–. 1 root root    0 Mar  3 04:40 install.txt
-rwxr-xr-x. 1 root root    0 Mar  3 04:41 linuxprobe.txt
-rw-r–r–. 1 root root 4361 Mar  3 04:41 permissions.txt
……