Created
July 21, 2011 02:24
-
-
Save tobert/1096381 to your computer and use it in GitHub Desktop.
permissions rules format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Default Linux filesystem permission rules. | |
| # | |
| # This is an experimental configuration format for applying filesystem permissions | |
| # after pushing fs data from git. Since git doesn't support more than very simple permissions | |
| # something like this is needed afterwards. The goals here are to be terse, parseable at a glance, | |
| # and comprehensive for basic unix. The "unix" prefix is there so that other models like "pacl" | |
| # (POSIX ACL) can be added in later if it becomes necessary. | |
| # | |
| # format: unix <path>:<dir mode>:<file mode>:<owner>:<group>:<depth> | |
| # path, required, a path on the filesystem, must start with / | |
| # directory mode, optional, in octal | |
| # file mode, optional, in octal | |
| # owner, optional - default root, user id or name, multiple names can be separated by pipes | |
| # group, optional - default root, group id or name, multiple names can be separated by pipes | |
| # depth, optional - default 1, * means recursive, within a single filesystem | |
| # | |
| # * multiple names are looked up in order via NSS until one exists and that one is used, always in order | |
| # * whitespace is stripped - if you need some, use %20 | |
| # * rules are _always_ processed in order and will be condensed ahead of time so permissions don't flap | |
| # * permissions are checked before applying to prevent unnecessary inode writes | |
| # ** this also makes logging changes for audit a natural outcome | |
| # * filesystem boundaries are never crossed on recurse (where detectable, and every effort is made to do so) | |
| # | |
| unix / 555::0:0: | |
| unix /lost+found 700:400:0:0:* | |
| unix /bin 755:755:0:0:* | |
| unix /sbin 755:755:0:0:* | |
| unix /lib 755:755:0:0:* | |
| unix /lib64 755:755:0:0:* | |
| unix /lib32 755:755:0:0:* | |
| unix /lib/firmware 755:644:0:0:* | |
| unix /usr/bin 755:755:0:0:* | |
| unix /usr/sbin 755:755:0:0:* | |
| unix /usr/lib 755:755:0:0:* | |
| unix /usr/lib64 755:755:0:0:* | |
| unix /usr/lib32 755:755:0:0:* | |
| unix /usr/local/bin 755:755:0:0:* | |
| unix /usr/local/sbin 755:755:0:0:* | |
| unix /usr/local/lib 755:755:0:0:* | |
| unix /usr/local/lib64 755:755:0:0:* | |
| unix /usr/local/lib32 755:755:0:0:* | |
| unix /etc 755:644:0:0:* | |
| unix /etc/ssl/private 700:600:0:0 | |
| unix /etc/sudoers.d 750:640:0:sre|root:* | |
| unix /etc/skel/.ssh 700:600:0:0:* | |
| unix /etc/shadow :400:0:0: | |
| unix /tmp 1777: :0:0:1 | |
| unix /usr 755:644:0:0:* | |
| unix /opt 755: :0:0:1 | |
| unix /proc 555: :0:0:1 | |
| unix /root 700: :0:0:1 | |
| unix /root/.ssh 750: :0:sre|wheel|admin:1 | |
| unix /root/.ssh/authorized_keys :600:0:0: | |
| unix /srv 755::0:0:1 | |
| unix /var 755:644:0:0:* | |
| unix /var/tmp 1777::0:0:1 | |
| unix /var/lock 775::0:0:1 | |
| unix /var/db/sudo 700:0:0 | |
| unix /var/cache/ldconfig 700:0:0 | |
| unix /var/lib/xend/storage 700:0:0 | |
| unix /var/lib/xend/domains 700:0:0 | |
| unix /var/lib/ntp 755:ntp:ntp | |
| unix /var/run/xend 700:0:0 | |
| unix /var/run/openldap 755:ldap|openldap:ldap|openldap | |
| unix /var/run/screen 775:0:eng|sre|wheel|admin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment