Your function prototypes probably aren't that useful.
Why use pattern matching for $type in validator instead of just eq?
Why the system-specific tests for root and wheel?
configurator can easily leave a partial config file if something goes wrong. You may want to write to a temp file then rename it if everything goes well.
I would explicitly set permissions on the config file in
configurator. If your script is ever used to set permissions, a user with write permissions to the config file effectively 0wns the system, so extra care is warranted.
Why do you exit before close CONFIG in configurator?
Using a global variable for the CONFIG filehandle is a little messy. Maybe better to use a FileHandle object.
If you can't change the owner/group, you probably shouldn't change the mode.
In test_mode, == may be a better way to compare modes than eq.
In the handler for $opt{t} and in other places, using while(my($key,$val)each(%hash)) may be cleaner than foreach my $key (keys %hash).
A more general comment: with some files in /etc it's dangerous to have bad permissions even briefly. You may want to consider checking files out into a "staging" directory, then copy them into the real area simultaneously setting their permissions.