March 3, 2016

How to Easily Back Up and Restore Linux File Permissions

You’ve done an outstanding job of setting up a backup for your files and folders. Your system is running like a champ, and all is smooth sailing. But truth be told, there’s this guy named Murphy...and he has a habit of wreaking havoc when you least expect it.


 The format of the permissions file created by acl.
Figure 1: The format of the permissions file created by acl.

One such instance of havoc can happen when you’re tweaking file system permissions (on that directory hierarchy you’ve worked so hard on). One wrong tweak and the script is flipped. This is especially true when you’re not one hundred percent sure what you’re doing -- for example, accidentally running chmod -R 777 on a crucial folder. You know what happens next...things take a turn for the tragic.

Fortunately, there’s a way for you to back up only the permissions of files and folders before you work your monstrous sysadmin magic and fubar the folder. Thanks to Access Control Lists (ACL), this is really quite simple.

Let me show you the way. I will demonstrate on an Ubuntu 16.04 daily build.

Install ACL

The first thing you must do is to install the acl tool. The installation of acl on most modern Linux systems is easy. For Ubuntu, the process goes like this:

  • Open a terminal window (hit the key combination Ctrl+Alt+T)

  • Type the command sudo apt-get install acl

  • Type your sudo password and hit Enter

  • When prompted type y and hit Enter

  • Allow the installation to complete

The installation on other systems will be similar (only substituting apt-get for your package manager of choice -- such as, dnf install acl, zypper install acl, or yum install acl).

Backing Up Permissions

Once you have acl installed, you can use it to back up folder permissions. I’ve created a folder called TEST that contains five files:

  • test1

  • test2

  • test3

  • test4

  • test5

The original permissions of the folder are rwxrwxr-x and the permissions of the files are rw-rw-r--. The first thing to do is back up the permissions into a text file. To do this, follow these steps:

  1. Open up a terminal window

  2. Type the command getfacl -R TEST > test_permissions.txt

  3. Hit Enter

The above command will create the file test_permissions.txt that contains all the permissions of the folder and files within. The format of the created file is shown in Figure 1 above.

Restoring File Permissions

Say you’ve issued the command chmod -R ugo-rw TEST. This will cause no end of problems with the contained files. At this point, the permissions for that folder (and its contained files will be --x--x--x). Issue the command ls -l to make sure the permissions are, in fact, fubar’d. Not much going on there now.

So, how can you fix this problem? You restore the permissions with the help of acl and the backup file you just created. To do, follow these steps:

  1. Open up a terminal window

  2. Change into the directory containing the folder with the wonky permissions (I’ll assume the permissions backup file is in the same location)

  3. Type the command setfacl --restore=test_permissions.txt

  4. Hit Enter

  5. Type the command ls -l to ensure the permissions have, in fact, returned to their original state

This system is so powerful, it can backup/restore permissions of a folder, no matter how badly they are botched. The one caveat to this would be if, by some odd chance, the permissions of the /usr/bin folder were wrecked to the point you couldn’t issue the commands getfacl or setfacl. But, even if that did happen, you could probably get around the issue by mounting the affected drive on another system and running the setfacl command to restore the permissions (assuming you had a backup in the first place).

A Major Word of Warning

Do exercise caution when using this method. To test the limits of this system, I backed up the permissions of the /etc directory and then issued sudo chmod -R ugo-w /etc (knowing it would cause systemic problems across the board). When I attempted to run the restore, the command failed (unable to locate certain files). The problem with /etc is that it contains files like the sudoers list. Break the permissions of that file and you break the system. This clearly indicates backing up and restoring permissions with the acl tool isn’t infallible. So, avoid changing  permissions on system files/folders at all costs.

Cron That Task

Now, say you have a particular folder that’s of crucial importance...down to the file permissions. You might want to make sure you get a regular backup of those permissions, just in case. And, suppose you have a folder (we’ll call it SITE) in /var/www/ that is the lifeblood of your company. Not only do you want to ensure that folder is backed up daily, but you’ll want a regular backup of its permissions. To make this happen, you’ll take advantage of the Linux cron tool. Here’s how.

First, you’ll want to create a folder to house the permissions backup file. For the sake of example, I’ll create the folder in my external drive /media/jlwallen/DATA/ and the folder will be called PERMISSIONS. Next, I open cron in edit mode with the command crontab -e. I want to set this backup to run daily, so I enter the following line crontab:

0 0 * * * getfacl -R /var/www/SITE > /media/jlwallen/DATA/PERMISSIONS/SITE_permissions_backup.txt

NOTE: The above must be all one line.

Save the file and you’re good to go. You should start seeing a daily backup of the /var/www/SITE permissions in /media/jlwallen/DATA/PERMISSIONS/.

Should the permissions of that SITE folder change (on any given day), you now have the power to restore it.

Not Foolproof, But a Must-Know

This is clearly not a foolproof system, but it’s one every Linux admin should know. File/folder permissions change and, when they do, bad things can occur. Having the ability to backup and restore those permissions could save you a world of headaches.

Click Here!