SUMMARY: Fixing Permissions on /

From: Roy Erickson <>
Date: Wed Dec 08 2010 - 14:45:38 EST
Sunmanagers .....

Thanks to all that replied (over a dozen)!

Basically the consensus can be summarized by Sal's response sent today:
 You can use 'pkgchk -nf' to "fix" file permissions, but it will not
fix suid/sgid and/or sticky bits.  For that, you'll have to run 'pkgchk
-n' and manually modify any files that have incorrect permissions.  You
will get errors about anything that doesn't match the package map,
including ownership, timestamps and checksums for any files that have
changed.  You'd expect certain things to come up as errors, but I
suggest you study this list if the entire system is 777.

Pkgchk understands the -R /alternate-root.  I suggest you boot from a
cdrom or alternate BE and make modifications without messing up a
running system.  I wouldn't want to mess with permissions on a box while
it's trying to fix itself.  You may want to run this per-package
('pkgchk -nf SUNWpkg") to get a feel for what you're getting into before
running it on the entire system.

Good luck,

An inventory of all files that belong to packages is kept in
/var/sadm/install/contents. It lists the file name, the type, the install
class, permissions, user, group, file size, checksum, timestamp, and package
name. You can script a permission fixer easily with this file and a few lines
of Perl.

- - Michael
[yoda1d] # grep /etc/passwd /var/sadm/install/contents
/etc/passwd e passwd 0644 root sys 672 56039 1252002148 SUNWcsr

So passwd should be 0644.

You could probably write a script to do it if pkgchk doesn't do what you

-- Brian
And some script  from a previous SUMMARY sent by Jerry:

"I had to do this once so I wrote a simple script.
You will need to go to a good system and take a snapshot of the files and
e.g. ls -lR from / directory, dump the output to a file, make sure that
you only see
filenames, if you need directories to chmod, then you will need to modify
my scrip a
little. Here is the script:
# probably you will need to run this only once.
# will change owner:group of file according to feeded file in format
# owner:group:filename
for name in `cat list`
        tUSER=`echo $name | cut -d : -f1`
        tGRP=`echo $name | cut -d : -f2-`
        FILE=`echo $name | cut -d : -f3-`
        if [ -f $FILE ]; then
# the following line works if echoed but may not work if echo
# is taken out, you can redirect the output to a file and run
# that output file
        echo        /usr/bin/chown $TUSER:$tGRP $FILE

Thanks a lot,


Thanks again.... Roy

This e-mail is intended only for the named person or entity to which it is
addressed and contains valuable business information that is proprietary,
privileged, confidential and/or otherwise protected from disclosure. If you
received this e-mail in error, any review, use, dissemination, distribution or
copying of this e-mail is strictly prohibited. Please notify us immediately of
the error via e-mail to <ifpostmaster> and
please delete the e-mail from your system, retaining no copies in any media.
We appreciate your cooperation.
sunmanagers mailing list
Received on Wed Dec 8 14:47:08 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST