How to back up and restore file permissions on Linux

Question: I want to back up the file permissions of the local filesystem, so that if I accidentally mess up the file permissions, I can restore them to the original state. Is there an easy way to back up and restore file permissions on Linux?

You may have heard of a tragic mistake of a rookie sysadmin who accidentally typed "chmod -R 777 /" and wreaked havoc to his/her Linux system. Sure, there are backup tools (e.g., cp, rsync, etckeeper) which can back up files along with their file permissions. If you are using such backup tools, no worries about corrupted file permissions.

But there are cases where you want to temporarily back up file permissions alone (not files themselves). For example, you want to prevent the content of some directory from being overwritten, so you temporarily remove write permission on all the files under the directory. Or you are in the middle of troubleshooting file permission issues, so running chmod on files here and there. In these cases, it will be nice to be able to back up the original file permissions before the change, so that you can recover the original file permissions later when needed. In many cases, full file backup is an overkill when all you really want is to back up file permissions.

On Linux, it is actually straightforward to back up and restore file permissions using access control list (ACL). The ACL defines access permissions on individual files by different owners and groups on a POSIX-compliant filesystem.

Here is how to back up and restore file permissions on Linux using ACL tools.

First of all, make sure that you have ACL tools installed.

On Debian, Ubuntu or Linux Mint:

$ sudo apt-get install acl

On CentOS, Fedora or RHEL:

$ sudo yum install acl

To back up the file permissions of all the files in the current directory (and all its sub directories recursively), run the following command.

$ getfacl -R . > permissions.txt

This command will export ACL information of all the files into a text file named permissions.txt.

For example, the following is a snippet of permissions.txt generated from the directory shown in the screenshot.

# file: .
# owner: dan
# group: dan
user::rwx
group::rwx
other::r-x

# file: tcpping
# owner: dan
# group: dan
# flags: s--
user::rwx
group::rwx
other::r-x

# file: uda20-build17_1.ova
# owner: dan
# group: dan
user::rw-
group::rw-
other::r--

Now go ahead and change the file permissions as you want. For example:

$ chmod -R a-w .

To restore the original file permissions, go to the directory where permissions.txt was generated, and simply run:

$ setfacl --restore=permissions.txt

Verify that the original file permissions have been restored.

Download this article as ad-free PDF (made possible by your kind donation): 
Download PDF

Subscribe to Ask Xmodulo

Do you want to receive Linux related questions & answers published at Ask Xmodulo? Enter your email address below, and we will deliver our Linux Q&A straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

6 thoughts on “How to back up and restore file permissions on Linux

  1. Great post - so simple - yet so powerful. Takes about a minute to do a typical server and seconds to do a home directory - and restores are even quicker. Now I backup up my permissions daily - thanks:

    1. $ sudo mkdir /backup/permissions
    2. $ sudo crontab -e
    1 1 * * * getfacl -R / > /backup/bkup.permissions.root
    1 1 * * * getfacl -R /home/mydir/ > /backup/permissions/bkup.permissions.mydir

    Is it really this simple - I should have done this years ago 😉

  2. Thx Dan for this. Good point!
    Now after reading this and the post of @djf, I think it is worth changing your script like this:

    - manually save your acl's in a file like baseline.$date (and even chattr +i on this file)
    - run from cron a job which will save your acl's like $today
    - compare with diff the last baseline.$date with $today
    - if there are differences, take some action (send an alert mail, restore the acl's from baseline.$date, and so on)

    This would be more useful, for example when your system is under some attack, or a piece of software is running in a wrong way.

    Ps. gpg sign this file and make a copy on a remote host.

    Happy ACLs to all 🙂

    • Yes, Kaushik, you can if you have done a backup before you started to modify your settings. But why would you like to do that?

      Better/proper approach is to make your installation automatic with some tools like fai, cfengine2, chef, salt, etc. Then you can set up your system from scratch to your wanted settings within minutes, which is the time to install your machine and make all changes. It also means that you have to make scripts automatically install and set up your software when you add that to your machine.

Leave a comment

Your email address will not be published. Required fields are marked *