How to backup and restore Linux file permissions

You may have heard or come across something like this: a novice system administrator accidentally typed "chmod-R 777 /", resulting in a huge tragedy that caused serious damage to the entire system. In daily management, we have many tools for backing up file permissions, such as cp, rsync, etckeeper, and so on. If you use this backup tool, you really don't need to worry about changing file permissions.

But if you just want to temporarily back up the file permissions (not the file itself), for example: to prevent the contents of some directory from being overwritten, temporarily remove the permissions of all files in the directory; Or you may need to perform chmod command operations on the file in the process of eliminating file permissions. In these cases, we can back up the original file before it changes permissions, and restore the original permissions when we need them. In many cases, a full backup of the file is not necessary if you just want the permissions to backup the file.

On Linux, it is actually easy to back up and restore file permissions using access control lists (ACL). ACL defines the permissions for a single file on an posix compliant file system based on the different genus master and genus groups.

Following is a demonstration of how to back up and restore file permissions for Linux using the ACL tool

1. Install the ACL tool

On Debian, Ubuntu, Linux Mint

$ sudo apt-get install acl

On CentOS, Fedora, RHEL

$ sudo yum install acl

2. Back up the permissions of all files in the current directory (including subdirectories)

[root@linuxprobe tmp]# ls -l
total 8
-rwxr--r--. 1 root root 0 Mar 3 04:40 install.txt
-rwxr-xr-x. 1 root root 0 Mar 3 04:41 linuxprobe.txt
[root@linuxprobe tmp]# getfacl -R . > permissions.txt
...

This command writes the ACL information for all files to a file named permissions.txt.

The following is part of the directory information in the generated permissions.txt file

[root@linuxprobe tmp]# cat permissions.txt
# file: .
# owner: root
# group: root
# flags: --t
user::rwx
group::rwx
other::rwx
# file: install.txt
# owner: root
# group: root
user::rwx
group::r--
other::r--
# file: linuxprobe.txt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: permissions.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--
...

3. Modify the permissions of a certain file, such as: modify the permissions of linuxprobe.txt and install.txt

[root@linuxprobe tmp]# chmod 733 linuxprobe.txt 
[root@linuxprobe tmp]# chmod 573 install.txt 
[root@linuxprobe tmp]# ls -l
total 8
-r-xrwx-wx. 1 root root  0 Mar 3 04:40 install.txt
-rwx-wx-wx. 1 root root  0 Mar 3 04:41 linuxprobe.txt
-rw-r--r--. 1 root root 4361 Mar 3 04:41 permissions.txt
......

4. Restore the original authority

1) cd to the directory where permissions.txt was created

2) execute the following commands:

setfacl --restore=permissions.txt

You can see that the linuxprobe.txt and install.txt permissions have been restored

[root@linuxprobe tmp]# setfacl --restore=permissions.txt
[root@linuxprobe tmp]# ls -l
total 8
-rwxr--r--. 1 root root  0 Mar 3 04:40 install.txt
-rwxr-xr-x. 1 root root  0 Mar 3 04:41 linuxprobe.txt
-rw-r--r--. 1 root root 4361 Mar 3 04:41 permissions.txt
......