compare_perms — Audit and correct file permissions
Theme: Configure
Who Is It For? System Administrator
What is it?
compare_perms checks the current permissions and ownership of agent files against a saved baseline, and optionally corrects any differences it finds.
Use compare_perms after an unexpected permission change on agent files, after a system upgrade that may have reset ownership or modes, or as part of a routine security audit to verify that agent file permissions have not drifted from their expected values.
compare_perms is used with list_perms, which generates the baseline file that compare_perms reads.
Syntax
compare_perms <input_file> [CHECK|CORRECT]
| Argument | Description |
|---|---|
<input_file> | Path to the baseline file generated by list_perms |
[CHECK|CORRECT] | Operation mode. CHECK reports differences without making changes (default). CORRECT applies the baseline permissions and ownership to files that differ. |
Baseline file format
The baseline file is generated by piping find output through list_perms. Each file produces four lines in the baseline:
<octal_mode>
<gid>
<uid>
<filename>
Generate a baseline of all files in the current agent installation:
find . -name "*" | list_perms > /tmp/agent_baseline.txt
Then check current permissions against the baseline:
compare_perms /tmp/agent_baseline.txt CHECK
To automatically correct any differences:
compare_perms /tmp/agent_baseline.txt CORRECT
The baseline file must be generated on the same machine and from the same agent installation as the one being checked. User and group ID numbers vary across systems. A baseline generated on one machine is not valid for checking permissions on another machine.
Exit codes
| Code | Condition |
|---|---|
0 | CHECK mode: no differences found. CORRECT mode: permissions corrected successfully. |
10 | Wrong number of arguments, baseline file not found, or differences detected in CHECK mode. |