1. Manuals
  2. Tumbleweed
  3. permissions-config
  4. permissions(5)

Scroll to navigation

PERMISSIONS(5) PERMISSIONS(5)

NAME

permission - default permission settings

SYNOPSIS

The chkstat program sets permissions and ownerships according to the permission files.

DESCRIPTION

- The files /usr/share/permissions/permissions.* are line based and space delimited.
- Lines starting with '#' are comments.
- The first column specifies the file name. Directory names have to end with a slash.
- The second column specifies the owner and group.
- The third column specifies the file mode.
- The special value +capabilities in the first column extends the information of the previous line with file capabilites.

The file name in the first column can contain contain variables as defined in the variables.conf file.
A variable expands to one or more alternative path segments that relate to the same program or file. chkstat will look in each possible path resulting from the variable expansion and apply the permissions accordingly.

The variables.conf file will ignore empty lines, whitespace only lines or comment lines starting with '#'. All other lines must contain variable definitions that follow the syntax myvar = /path/1 /path/2. This example will declare a variable identified as myvar that will expand to both specified path segments.
Path segments appearing in variable assignments need to be separated by whitespace characters. The path values cannot contain whitespace themselves. The variable identifier is limited to alphanumeric characters and the underscore '_' character.

To reference a variable in a permissions file it needs to be dereferenced using the %{myvar} syntax. The variable needs to appear as a single path component and cannot be mixed with other literal characters. Multiple variables per path are allowed. The following are valid variable uses:

- %{myvar}/sub/path
- /parent/path/%{myvar}
- /parent/path/%{myvar}/sub/path
- %{var1}/path/%{var2}

While the following are invalid:

- /prefix/pre%{myvar}suf/suffix
- /%{var}text/path
- /path/text%{var}

EXAMPLES

A specification like this:

# in variables.conf
lib_dirs = /lib /lib64
sub_dirs = prog_v1 prog_v2

# in a permissions profile
%{lib_dirs}/%{sub_dirs}/libsomething.so root:root 04755

Will cause chkstat to try and apply the given permission to all of the following paths:

- /lib/prog_v1/libsomething.so
- /lib64/prog_v1/libsomething.so
- /lib/prog_v2/libsomething.so
- /lib64/prog_v2/libsomething.so

FILES

/usr/share/permissions/permissions
/usr/share/permissions/permissions.easy
/usr/share/permissions/permissions.secure
/usr/share/permissions/permissions.paranoid
/usr/share/permissions/packages.d/* /usr/share/permissions/permissions.d/* (deprecated)
/usr/share/permissions/variables.conf
/etc/permissions.local

SEE ALSO

chkstat(8)

AUTHOR

Written by Ludwig Nussel

REPORTING BUGS

Report bugs to https://bugzilla.suse.com/

07/11/2010