How to: Linux reset the permissions of the installed rpm packages with –setperms option

Posted on in Categories CentOS, File system, Howto, Linux, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, Tips, Troubleshooting last updated August 28, 2007

Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.

For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.

Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.

RPM syntax to fix permission

To set permissions of files in a package, enter:

rpm --setperms {packagename}

RPM syntax to fix file ownership

To set user/group ownership of files in a package, enter:

rpm --setugids {packagename}

List installed package

You can list all installed package with rpm -qa command:
rpm -qa


List individual package file permission

You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done

-rwxr-xr-x 1 root root 75308 Jan  9  2007 /usr/bin/zip
-rwxr-xr-x 1 root root 31264 Jan  9  2007 /usr/bin/zipcloak
-rwxr-xr-x 1 root root 28336 Jan  9  2007 /usr/bin/zipnote
-rwxr-xr-x 1 root root 30608 Jan  9  2007 /usr/bin/zipsplit
total 188
-rw-r--r-- 1 root root  3395 Dec 14  1996 algorith.txt
-rw-r--r-- 1 root root   356 Dec 14  1996 BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 CHANGES
-rw-r--r-- 1 root root  2692 Apr 10  2000 LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 MANUAL
-rw-r--r-- 1 root root  8059 Feb 27  2005 README
-rw-r--r-- 1 root root  3149 Feb 21  2005 TODO
-rw-r--r-- 1 root root  2000 Mar  9  2005 WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 WHERE
-rw-r--r-- 1 root root 356 Dec 14  1996 /usr/share/doc/zip-2.31/BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 /usr/share/doc/zip-2.31/CHANGES
-rw-r--r-- 1 root root 2692 Apr 10  2000 /usr/share/doc/zip-2.31/LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 /usr/share/doc/zip-2.31/MANUAL
-rw-r--r-- 1 root root 8059 Feb 27  2005 /usr/share/doc/zip-2.31/README
-rw-r--r-- 1 root root 3149 Feb 21  2005 /usr/share/doc/zip-2.31/TODO
-rw-r--r-- 1 root root 2000 Mar  9  2005 /usr/share/doc/zip-2.31/WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 /usr/share/doc/zip-2.31/WHERE
-rw-r--r-- 1 root root 3395 Dec 14  1996 /usr/share/doc/zip-2.31/algorith.txt
-rw-r--r-- 1 root root 12854 Jan  9  2007 /usr/share/man/man1/zip.1.gz

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.

A note about Debian / Ubuntu Linux distributions

Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.

Solaris command example

Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt

Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk

20 comment

  1. nice tip. Here is how I verified by changing tar packag perms to raj:raj and again restored back the same:

    f=`rpm -ql tar`
    for p in $f; do chmod raj:raj $p; done
    for p in $f; do ll $p; done
    for p in `rpm -qa`; do rpm --setugids $p; done

    “ are back-ticks not single quotes (look under the tidle (~) character.)


  2. I would like to add another usefull related rpm option: Verify. The verify rpm option could tell you what file was changed since it was installed.
    For instance, rpm -qV openssh tells you what and how the files from openssh package are different from the original installation:

    [email protected]:~>rpm -qV openssh
    S.5....T c /etc/ssh/ssh_config
    S.5....T c /etc/ssh/sshd_config
    [email protected]:~>

    In this case, the c indicates a configuration file. The S indicates the size differs, the 5 indicates a MD5SUM differs, and the T indicates the mTime differs. Other characters, MDLUG, could indicates the Mode differs, the Device major/minor differs, a Link differs, and the User and/or Group differs.

  3. A HUGE thank you for saving me hours of time.

    Just finished installing a Centos 5.1 server, and stupidly executed a CHMOD -R 770 * in the / directory.

    You’d be amazed at how many things that will break! (well, I was).

    This article saved me doing a rebuild. THANK YOU!!


  4. You may want to flip the order in which you change mod and u/gid since setting a mode like 2755 will be undone if you change the u/gid.


    for p in $(rpm -qa); do rpm –setugids $p; done


    for p in $(rpm -qa); do rpm –setperms $p; done

    1. …let’s change that to _definitely_ rather than “may”.

      You DEFINITELY want to flip the order in which you run these.

      Permissions corrections enacted by –setperms will get blown away by subsequent u/g corrections enacted by –setugids.

      Getting the order correct, and combining this into a one-liner, we have:

      for p in $(rpm -qa); do rpm –setugids $p; rpm –setperms $p; done

    2. yes this is absolutely necessary.
      keep in mind that not just chown but also chgrp drops both SUID and SGID bit although you change just the group and not the owner.
      note also, that this procedure does not affect files in directories like /var /tmp /dev /proc etc. Permissions in directories with variable data must be restored manually or may be restored by restarting the machine.

  5. for p in $(rpm -qa); do rpm –setugids $p; done
    saves my ass !
    after a wrong “chmod 440 /” i was’nt able to ssh to the machine just root login works
    this fix’d it.

  6. Gr8 work !!

    Could you pls let us know.. how the rpm command gets installed rpm’s files default permission details .. there must some rpm db which will having permission details ..

  7. Thanks for taking the time to put this solution together… I was on my CentOS VPS changing permissions to secure down a drupal install and forgot for a moment that “/” meant the root of the server not the directory i was cd’d to… I accidently started chmoding the entire server to 777 :-( not good..

    SSH stopped working so i went onto the VPS web-based serial console and ran your commands… everything including ssh started working again!

    Nearing the end of 2011 and yet again you’ve saved a server :) thanks very much!

  8. I got a question for you then.. what if I do chmod -x /bin/chmod ??? None of the rpm –setperms commands you listed won’t work… My questions is how can I repair the permission of /bin/chmod with RPM ??

    PS: it’s a production server and I cannot go to rescue mode… I know the work around using perl but expecting an answer how to fix via RPM only..

  9. So both apt and dpkg don’t support this feature – Can I just install rpm on Ubuntu so that I can use it, or can it then only keep track of files I installed with rpm?

Leave a Comment