0

I want all files in every user's home directory to be 0740 or less permissive.

Let's say a user has perms like this:

-rwxr----- 1 doej users 321 Jan 6 2013 file1.txt
-rwxrwx--- 1 doej users 555 Jan 6 2013 file2.txt
-rwxr-xr-x 1 doej users 875 Jan 6 2013 file3.txt
-r--r--r-- 1 doej users 875 Jan 6 2013 file4.txt
-rwxr----x 1 doej users 875 Jan 6 2013 file5.txt
-r--r----x 1 doej users 875 Jan 6 2013 file6.txt
-r-------- 1 doej users 875 Jan 6 2013 file7.txt
-rwxrwxrwx 1 doej users 875 Jan 6 2013 file8.txt

I'm looking for the ability to:

  • change files like file8.txt to chmod 740
  • leave alone files like file7.txt
  • change files like file6.txt to chmod 440

Essentially, reduce excessive permissions without adding more permissions.

If I do this, it will add excessive permissions to files which are below the requirements:

sudo chmod 0740 /home/*

Is there a command to do this? Does it require a bash script?

davidhaskins
  • 113

2 Answers2

1

chmod g-wx,o-rwx … will remove wx for the group and rwx for others; it will not alter anything for the user (owner) nor the state of r for the group.

Notes:

Kamil Maciorowski
  • 81,893
0

Use find with the perm argument, defined as:

 -perm -mode
          All of the permission bits mode are set for the file.
          Symbolic modes are accepted in this form, and this is
          usually the way in which you would want to use them.  You
          must specify `u', `g' or `o' if you use a symbolic mode.

With the parameter -perm -740 you will search for all files that have at least 740 permissions, like this:

sudo find . -perm -740 -type f -exec chmod 740 {} \;

(You will be setting files that have exactly 740 also to 740, but that's not a problem.)

For more information see How to audit permissions with the find command.

harrymc
  • 498,455