Expose issues with file ownership / permissions / attributes (Ideally as part of "Scheduled Validation")

[marclaporte]

It would be nice to know what it solved. It would be even nicer to have this as part of the scheduled validation. So we could quickly be alerted about issues (Usually, the sooner we know, the easier it is to address the root cause)

Many times, we have wasted time because someone worked as root and forgot to chown a file, or a script running as root created some files, some files were migrated from another site, and we forgot to change the owner, etc.

I realize it could be super slow to do this. So maybe it should be a check box in scheduled validation "Also validate file permissions".

[iliajie]

Hey Marc!

This feature makes sense. However, it would imply that we won't be able to use chown as we do now for this, since it only returns the number of files affected and not the list of files that was affected.

I don't recall at the moment if we also apply chmod, but if not, it could also be optionally added and done based on umask settings.

We will need to wait for Jamie's comment on this.

[jcameron]

Checking permissions on all the files that Fix Permissions fixes could be really slow, so I don't think we could do this as part of scheduled validation.

[marclaporte]

could be really slow, so I don't think we could do this as part of scheduled validation

I understand.

However, it would imply that we won't be able to use chown as we do now for this, since it only returns the number of files affected and not the list of files that was affected.

Even just the number of files affected would be nice because it's a hint of the presence or absence of an issue.

I have an idea: chown [-c|--changes] "displays information about files that are actually changed. For example: changed ownership of 'dir/dir1/file1' from hope:neil to hope:hope"

Source: https://www.computerhope.com/unix/uchown.htm

[iliajie]

We use Perl's chown for this purpose. We either need to shell out to use chown with the --changes flag or by stating files like:

my ($orig_uid, $orig_gid) = (stat $file)[4, 5];
if ($orig_uid != $uid || $orig_gid != $gid) {
    if (chown($uid, $gid, $file)) {
        push @changed_files, $file;
        }
    }

[jcameron]

We could certainly show the list of files that were changed on the Fix Permissions page..

[iliajie]

Yeah, I know. But I think we should make a new Virtualmin 7.20.0 release and keep this particular feature for later!

We also need to wrap up Webmin and Usermin next week, as after that I need to finish the WordPress Workbench and start reworking Cloudmin. The time has come!

[marclaporte]

Yeah, I know. But I think we should make a new Virtualmin 7.20.0 release and keep this particular feature for later!

Sure, let's keep as a nice-to-have one day. I look forward to 7.20.0!

[marclaporte]

7.20.x is doing well now :-)

• https://forum.virtualmin.com/t/virtualmin-virtual-server-module-version-7-20-2/128150/
• https://forum.virtualmin.com/t/webmin-version-2-202-released/128615
• https://forum.virtualmin.com/t/usermin-version-2-102-released/128616

[iliajie]

Can this ticket be closed?

[marclaporte]

No yet. We are still missing:

We could certainly show the list of files that were changed on the Fix Permissions page..

[iliajie]

No yet. We are still missing:

We could certainly show the list of files that were changed on the Fix Permissions page..

Ah, that's right!