How to: Linux reset the permissions of the installed rpm packages with –setperms option
Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.
For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.
Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.
RPM syntax to fix permission
To set permissions of files in a package, enter:
rpm --setperms {packagename}
RPM syntax to fix file ownership
To set user/group ownership of files in a package, enter:
rpm --setugids {packagename}
List installed package
You can list all installed package with rpm -qa command:
rpm -qa
Output:
basesystem-8.0-5.1.1.el5.centos glibc-2.5-12 expat-1.95.8-8.2.1 db4-4.3.29-9.fc6 cyrus-sasl-lib-2.1.22-4 libusb-0.1.12-5.1 libgcrypt-1.2.3-1 perl-5.8.8-10 gmp-4.1.4-10.el5 perl-DBI-1.52-1.fc6 perl-URI-1.35-3 wireless-tools-28-2.el5 libXdmcp-1.0.1-2.1 perl-IO-Zlib-1.04-4.2.1 perl-String-CRC32-1.4-2.fc6 perl-HTML-Tagset-3.10-2.1.1 libattr-devel-2.4.32-1.1 zip-2.31-1.2.2 ..... .. ...
List individual package file permission
You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done
Output:
-rwxr-xr-x 1 root root 75308 Jan 9 2007 /usr/bin/zip -rwxr-xr-x 1 root root 31264 Jan 9 2007 /usr/bin/zipcloak -rwxr-xr-x 1 root root 28336 Jan 9 2007 /usr/bin/zipnote -rwxr-xr-x 1 root root 30608 Jan 9 2007 /usr/bin/zipsplit total 188 -rw-r--r-- 1 root root 3395 Dec 14 1996 algorith.txt -rw-r--r-- 1 root root 356 Dec 14 1996 BUGS -rw-r--r-- 1 root root 60168 Mar 9 2005 CHANGES -rw-r--r-- 1 root root 2692 Apr 10 2000 LICENSE -rw-r--r-- 1 root root 40079 Feb 28 2005 MANUAL -rw-r--r-- 1 root root 8059 Feb 27 2005 README -rw-r--r-- 1 root root 3149 Feb 21 2005 TODO -rw-r--r-- 1 root root 2000 Mar 9 2005 WHATSNEW -rw-r--r-- 1 root root 19032 Apr 19 2000 WHERE -rw-r--r-- 1 root root 356 Dec 14 1996 /usr/share/doc/zip-2.31/BUGS -rw-r--r-- 1 root root 60168 Mar 9 2005 /usr/share/doc/zip-2.31/CHANGES -rw-r--r-- 1 root root 2692 Apr 10 2000 /usr/share/doc/zip-2.31/LICENSE -rw-r--r-- 1 root root 40079 Feb 28 2005 /usr/share/doc/zip-2.31/MANUAL -rw-r--r-- 1 root root 8059 Feb 27 2005 /usr/share/doc/zip-2.31/README -rw-r--r-- 1 root root 3149 Feb 21 2005 /usr/share/doc/zip-2.31/TODO -rw-r--r-- 1 root root 2000 Mar 9 2005 /usr/share/doc/zip-2.31/WHATSNEW -rw-r--r-- 1 root root 19032 Apr 19 2000 /usr/share/doc/zip-2.31/WHERE -rw-r--r-- 1 root root 3395 Dec 14 1996 /usr/share/doc/zip-2.31/algorith.txt -rw-r--r-- 1 root root 12854 Jan 9 2007 /usr/share/man/man1/zip.1.gz
Reset the permissions of the all installed RPM packages
You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done
Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.
A note about Debian / Ubuntu Linux distributions
Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.
Solaris command example
Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt
Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk
You may also be interested in other helpful articles:
- Howto Setup yum repositories to update or install package from ISO CDROM Image
- Howto: Add a new yum repository to install software under CentOS / Redhat Linux
- Security Update for Red Hat Linux Kernel
- CentOS 4 / Redhat Enterprise Linux 4 iSCSI Installation and Configuration ( iscsi initiators )
- How to: Configure Linux to track and log failed login attempt recoreds
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: CentOS, fedora, fix_package_permission, package_management, pkgchk_command, rhel, rpm_command, solaris_package_permission, UNIX
nice tip. Here is how I verified by changing tar packag perms to raj:raj and again restored back the same:
“ are back-ticks not single quotes (look under the tidle (~) character.)
babai!
I would like to add another usefull related rpm option: Verify. The verify rpm option could tell you what file was changed since it was installed.
For instance,
rpm -qV opensshtells you what and how the files from openssh package are different from the original installation:root@bigslam:~>rpm -qV openssh
S.5....T c /etc/ssh/ssh_config
S.5....T c /etc/ssh/sshd_config
root@bigslam:~>
In this case, the
cindicates a configuration file. TheSindicates the size differs, the5indicates a MD5SUM differs, and theTindicates the mTime differs. Other characters,MDLUG, could indicates the Mode differs, the Device major/minor differs, a Link differs, and the User and/or Group differs.@raj and Miguel,
Thanks for sharing your tips
Thanks for the tips. Will rpm –setperms`rpm -qa` work as well?
A HUGE thank you for saving me hours of time.
Just finished installing a Centos 5.1 server, and stupidly executed a CHMOD -R 770 * in the / directory.
You’d be amazed at how many things that will break! (well, I was).
This article saved me doing a rebuild. THANK YOU!!
-Adam