It can tell you if another user is able to access your files or not, or when used with sudo, check for access of files not owned by you, for any other user on the system. Native permissions (chmod) are shown in uppercase to distinguish them from ACL permissions (setfacl), which are lowercase.
Let's start with a Usage Example. I naively give user nobody access to t.pl, but as $HOME directories are closed and secure, the actual access is prevented:
fbrm@debian:~$ setfacl -m u:nobody:r ~/CODE/PERL/t.pl fbrm@debian:~$ find $HOME/CODE/PERL -name '*.pl' | USR=nobody ./showpe +rms.pl | column -t DEBUG: Testing permissions against user 'nobody' / OTHER::r-x /home/ OTHER::r-x /home/fbrm/ --- /home/fbrm/CODE/ OTHER::r-x /home/fbrm/CODE/PERL/ OTHER::r-x /home/fbrm/CODE/PERL/showperms.pl OTHER::r-x /home/fbrm/CODE/PERL/t.pl user:nobody:r-- fbrm@debian:~$ find $HOME/CODE/PERL -name '*.pl' | ./showperms.pl | co +lumn -t DEBUG: Testing permissions against user 'fbrm' / OTHER::r-x /home/ OTHER::r-x /home/fbrm/ USER:fbrm:rwx /home/fbrm/CODE/ USER:fbrm:rwx GROUP:fbrm:r-x /home/fbrm/CODE/PERL/ USER:fbrm:rwx GROUP:fbrm:rwx /home/fbrm/CODE/PERL/showperms.pl USER:fbrm:rwx GROUP:fbrm:rwx /home/fbrm/CODE/PERL/t.pl USER:fbrm:rw- GROUP:fbrm:rw-
TIP: Instead of a find, you can also cat a file with fully qualified files, or echo a file.
#!/usr/bin/perl use strict; use warnings; my $DEBUG = 1; my $u = $ENV{USR} || $ENV{USER}; # Set default user to check permissio +ns for warn "DEBUG: Testing permissions against user '$u'\n" if $DEBUG; my $g; my $o; my %P; my $file; while( $file = <STDIN> ) { chomp($file); if ($file && -e $file) { my @F = split /\//, $file; while(@F){ $P{ join("/", @F) || "/" } = 0; # Build a list of Fully Qu +alified paths. Deduplicated. pop @F; $F[-1] .= "/" if @F; # also add the root path to check }; }else{ warn "Could not find file '$file' (maybe run this as root to g +et access to the file?)\n"; } } for my $k (sort keys %P) { my @A = `getfacl "$k" 2>/dev/null | grep -v -e default: -e file:`; + # grab output ($o) = map { /# owner: (\S+)/ } @A; # Get the file owner ($g) = map { /# group: (\S+)/ } @A; # Get the file group grep { s/user::/USER:$o:/} @A; # make native Linux dir/file permis +sions uppercase grep { s/group::/GROUP:$g:/} @A; # idem grep { s/other::/OTHER::/} @A; # idem $P{$k} = join "\n", grep { !/^#/ && /$u|^other/i } @A; $P{$k} =~ s/:[^:]+effective:/:/; # consider only effective permiss +ions $P{$k} =~ s/\S+:---//g; #remove empty permissions $P{$k} =~ s/(?:user|group):[\s\S]*\K(other:.*)//mi; $P{$k} =~ s/[\n\r\s]+/ /g; # remove newlines $P{$k} = '---' if $P{$k} eq " "; # if no permissions, default to - +-- }; for my $k (sort keys %P){ print "$k $P{$k}\n"; }
In reply to Linux Show Permissions: traverse file access by FreeBeerReekingMonk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |