How to: Linux reset the permissions of the installed rpm packages with –setperms option

by on August 28, 2007 · 18 comments· LAST UPDATED August 28, 2007

in , ,

Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.

For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.

Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.

RPM syntax to fix permission

To set permissions of files in a package, enter:

rpm --setperms {packagename}

RPM syntax to fix file ownership

To set user/group ownership of files in a package, enter:

rpm --setugids {packagename}

List installed package

You can list all installed package with rpm -qa command:
rpm -qa
Output:

basesystem-8.0-5.1.1.el5.centos
glibc-2.5-12
expat-1.95.8-8.2.1
db4-4.3.29-9.fc6
cyrus-sasl-lib-2.1.22-4
libusb-0.1.12-5.1
libgcrypt-1.2.3-1
perl-5.8.8-10
gmp-4.1.4-10.el5
perl-DBI-1.52-1.fc6
perl-URI-1.35-3
wireless-tools-28-2.el5
libXdmcp-1.0.1-2.1
perl-IO-Zlib-1.04-4.2.1
perl-String-CRC32-1.4-2.fc6
perl-HTML-Tagset-3.10-2.1.1
libattr-devel-2.4.32-1.1
zip-2.31-1.2.2
.....
..
...

List individual package file permission

You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done
Output:

-rwxr-xr-x 1 root root 75308 Jan  9  2007 /usr/bin/zip
-rwxr-xr-x 1 root root 31264 Jan  9  2007 /usr/bin/zipcloak
-rwxr-xr-x 1 root root 28336 Jan  9  2007 /usr/bin/zipnote
-rwxr-xr-x 1 root root 30608 Jan  9  2007 /usr/bin/zipsplit
total 188
-rw-r--r-- 1 root root  3395 Dec 14  1996 algorith.txt
-rw-r--r-- 1 root root   356 Dec 14  1996 BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 CHANGES
-rw-r--r-- 1 root root  2692 Apr 10  2000 LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 MANUAL
-rw-r--r-- 1 root root  8059 Feb 27  2005 README
-rw-r--r-- 1 root root  3149 Feb 21  2005 TODO
-rw-r--r-- 1 root root  2000 Mar  9  2005 WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 WHERE
-rw-r--r-- 1 root root 356 Dec 14  1996 /usr/share/doc/zip-2.31/BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 /usr/share/doc/zip-2.31/CHANGES
-rw-r--r-- 1 root root 2692 Apr 10  2000 /usr/share/doc/zip-2.31/LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 /usr/share/doc/zip-2.31/MANUAL
-rw-r--r-- 1 root root 8059 Feb 27  2005 /usr/share/doc/zip-2.31/README
-rw-r--r-- 1 root root 3149 Feb 21  2005 /usr/share/doc/zip-2.31/TODO
-rw-r--r-- 1 root root 2000 Mar  9  2005 /usr/share/doc/zip-2.31/WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 /usr/share/doc/zip-2.31/WHERE
-rw-r--r-- 1 root root 3395 Dec 14  1996 /usr/share/doc/zip-2.31/algorith.txt
-rw-r--r-- 1 root root 12854 Jan  9  2007 /usr/share/man/man1/zip.1.gz

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.

A note about Debian / Ubuntu Linux distributions

Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.

Solaris command example

Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt

Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 18 comments… read them below or add one }

1 raj August 28, 2007 at 10:13 am

nice tip. Here is how I verified by changing tar packag perms to raj:raj and again restored back the same:

f=`rpm -ql tar`
for p in $f; do chmod raj:raj $p; done
for p in $f; do ll $p; done
for p in `rpm -qa`; do rpm --setugids $p; done

“ are back-ticks not single quotes (look under the tidle (~) character.)

babai!

Reply

2 Miguel Rozsas August 29, 2007 at 5:17 pm

I would like to add another usefull related rpm option: Verify. The verify rpm option could tell you what file was changed since it was installed.
For instance, rpm -qV openssh tells you what and how the files from openssh package are different from the original installation:

root@bigslam:~>rpm -qV openssh
S.5....T c /etc/ssh/ssh_config
S.5....T c /etc/ssh/sshd_config
root@bigslam:~>

In this case, the c indicates a configuration file. The S indicates the size differs, the 5 indicates a MD5SUM differs, and the T indicates the mTime differs. Other characters, MDLUG, could indicates the Mode differs, the Device major/minor differs, a Link differs, and the User and/or Group differs.

Reply

3 nixCraft August 29, 2007 at 5:48 pm

@raj and Miguel,

Thanks for sharing your tips :)

Reply

4 Imran M Yousuf November 11, 2007 at 10:44 am

Thanks for the tips. Will rpm –setperms`rpm -qa` work as well?

Reply

5 Adam April 15, 2008 at 12:29 am

A HUGE thank you for saving me hours of time.

Just finished installing a Centos 5.1 server, and stupidly executed a CHMOD -R 770 * in the / directory.

You’d be amazed at how many things that will break! (well, I was).

This article saved me doing a rebuild. THANK YOU!!

-Adam

Reply

6 Magnus December 1, 2008 at 2:13 pm

Thank you for publishing this information you saved me a bounch of hours of work :)

Thanks

Reply

7 James January 14, 2009 at 4:45 pm

You may want to flip the order in which you change mod and u/gid since setting a mode like 2755 will be undone if you change the u/gid.

Run

for p in $(rpm -qa); do rpm –setugids $p; done

before

for p in $(rpm -qa); do rpm –setperms $p; done

Reply

8 Paul Reiber November 23, 2011 at 7:38 pm

…let’s change that to _definitely_ rather than “may”.

You DEFINITELY want to flip the order in which you run these.

Permissions corrections enacted by –setperms will get blown away by subsequent u/g corrections enacted by –setugids.

Getting the order correct, and combining this into a one-liner, we have:

for p in $(rpm -qa); do rpm –setugids $p; rpm –setperms $p; done

Reply

9 Semi April 14, 2009 at 5:30 am

I prefer “rpm –setperms -a” to restore permissions of ALL packaged files.

Reply

10 Paul March 31, 2010 at 4:06 am

Thanks very much for this! Saved me a lot of time and effort!

Reply

11 Chris August 28, 2010 at 11:14 am

Thank you so much, your post has saved my server!

Reply

12 Pedro Sousa May 10, 2011 at 9:23 am

Almost middle of 2011 and your effort is still saving servers.

Thank you Vivek.

Reply

13 Bryan Sutherland June 4, 2011 at 11:32 pm

Thanks for this article Vivek :D :D
As noted above, this saved me tonnes of time and a rebuild that I really didn’t want to take on today :P

Reply

14 marc September 29, 2011 at 8:44 pm

for p in $(rpm -qa); do rpm –setugids $p; done
saves my ass !
after a wrong “chmod 440 /” i was’nt able to ssh to the machine just root login works
this fix’d it.

Reply

15 Tux Amit November 28, 2011 at 10:36 am

Gr8 work !!

Could you pls let us know.. how the rpm command gets installed rpm’s files default permission details .. there must some rpm db which will having permission details ..

Reply

16 Kevin Andrews December 19, 2011 at 10:02 pm

Thanks for taking the time to put this solution together… I was on my CentOS VPS changing permissions to secure down a drupal install and forgot for a moment that “/” meant the root of the server not the directory i was cd’d to… I accidently started chmoding the entire server to 777 :-( not good..

SSH stopped working so i went onto the VPS web-based serial console and ran your commands… everything including ssh started working again!

Nearing the end of 2011 and yet again you’ve saved a server :) thanks very much!

Reply

17 Maju July 27, 2012 at 10:27 pm

I got a question for you then.. what if I do chmod -x /bin/chmod ??? None of the rpm –setperms commands you listed won’t work… My questions is how can I repair the permission of /bin/chmod with RPM ??

PS: it’s a production server and I cannot go to rescue mode… I know the work around using perl but expecting an answer how to fix via RPM only..

Reply

18 Anonymous User January 13, 2014 at 9:23 pm

So both apt and dpkg don’t support this feature – Can I just install rpm on Ubuntu so that I can use it, or can it then only keep track of files I installed with rpm?

Reply

Leave a Comment

Tagged as: , , , , , , , ,

Previous post:

Next post: