Compare commits
8 Commits
0.2.0
...
4a4cb8183f
| Author | SHA1 | Date | |
|---|---|---|---|
| 4a4cb8183f | |||
20a0dca080
|
|||
|
7c391b8dbc
|
|||
| aafad81bb6 | |||
|
9658f534ea
|
|||
|
5af28d21ca
|
|||
| b0395a432f | |||
|
603e2ac0c6
|
2
.gitignore
vendored
2
.gitignore
vendored
@@ -85,7 +85,7 @@ ipython_config.py
|
||||
# pyenv
|
||||
# For a library or package, you might want to ignore these files since the code is
|
||||
# intended to run in multiple environments; otherwise, check them in:
|
||||
# .python-version
|
||||
.python-version
|
||||
|
||||
# pipenv
|
||||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
||||
|
||||
38
README.md
38
README.md
@@ -5,7 +5,7 @@
|
||||
# chguard
|
||||
|
||||
<div align="center">
|
||||
<img src="chguard.png" alt="chguard logo" width="256" />
|
||||
<img src="https://git.sysmd.uk/guardutils/chguard/raw/branch/main/chguard.png" alt="chguard logo" width="256" />
|
||||
</div>
|
||||
|
||||
|
||||
@@ -30,6 +30,31 @@ A single confirmation prompt at the end of a restore (default: **No**).
|
||||
### Dry-run mode
|
||||
Preview restore operations without prompting or applying changes.
|
||||
|
||||
### Wrapper mode (automatic snapshots)
|
||||
|
||||
`chguard` can also run as a wrapper around ownership and permission commands.
|
||||
In this mode, `chguard` automatically saves a snapshot before the command runs, so the user can easily restore the previous state if needed.
|
||||
|
||||
#### Supported commands
|
||||
|
||||
Wrapper mode is intentionally limited to commands that modify filesystem metadata only:
|
||||
|
||||
* `chown`
|
||||
* `chmod`
|
||||
* `chgrp`
|
||||
|
||||
Other commands are rejected to avoid giving a _false sense of protection_.
|
||||
|
||||
#### Automatic snapshot names
|
||||
|
||||
Snapshots created in wrapper mode are named automatically, for example:
|
||||
|
||||
```
|
||||
auto-20251230-161301
|
||||
```
|
||||
|
||||
Auto-generated snapshots are visually distinguished in the output so they are easy to identify.
|
||||
|
||||
### Scope control
|
||||
Restore:
|
||||
* both ownership and permissions (default)
|
||||
@@ -55,7 +80,6 @@ Restore:
|
||||
|
||||
It only concerns itself with **ownership** and **permissions**.
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
### From GuardUtils package repo
|
||||
@@ -179,6 +203,16 @@ chguard --restore app-baseline --permissions
|
||||
chguard --restore app-baseline --owner
|
||||
```
|
||||
|
||||
### Wrapper mode
|
||||
|
||||
Use `--` to separate `chguard` arguments from the wrapped command:
|
||||
|
||||
```
|
||||
chguard -- chown user:group file
|
||||
chguard -- chmod 755 file
|
||||
chguard -- chgrp staff file
|
||||
```
|
||||
|
||||
## Privilege model
|
||||
|
||||
`chguard` never escalates privileges automatically
|
||||
|
||||
133
chguard/cli.py
133
chguard/cli.py
@@ -8,6 +8,7 @@ import sys
|
||||
import stat
|
||||
import pwd
|
||||
import grp
|
||||
import subprocess
|
||||
from collections import Counter, defaultdict
|
||||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
@@ -37,7 +38,6 @@ def get_version():
|
||||
|
||||
|
||||
def _uid_to_name(uid: int) -> str:
|
||||
"""Return username for uid, or uid as string if unknown."""
|
||||
try:
|
||||
return pwd.getpwuid(uid).pw_name
|
||||
except KeyError:
|
||||
@@ -45,7 +45,6 @@ def _uid_to_name(uid: int) -> str:
|
||||
|
||||
|
||||
def _gid_to_name(gid: int) -> str:
|
||||
"""Return group name for gid, or gid as string if unknown."""
|
||||
try:
|
||||
return grp.getgrgid(gid).gr_name
|
||||
except KeyError:
|
||||
@@ -53,12 +52,10 @@ def _gid_to_name(gid: int) -> str:
|
||||
|
||||
|
||||
def _format_owner(uid: int, gid: int) -> str:
|
||||
"""Format uid/gid as username:group."""
|
||||
return f"{_uid_to_name(uid)}:{_gid_to_name(gid)}"
|
||||
|
||||
|
||||
def _mode_to_rwx(mode: int) -> str:
|
||||
"""Convert numeric mode to rwx-style permissions."""
|
||||
bits = (
|
||||
stat.S_IRUSR,
|
||||
stat.S_IWUSR,
|
||||
@@ -88,7 +85,6 @@ def _mode_to_rwx(mode: int) -> str:
|
||||
|
||||
|
||||
def _is_root() -> bool:
|
||||
"""Return True if running as root."""
|
||||
return os.geteuid() == 0
|
||||
|
||||
|
||||
@@ -105,6 +101,17 @@ def complete_state_names(prefix, parsed_args, **kwargs):
|
||||
return []
|
||||
|
||||
|
||||
def _extract_paths_from_command(cmd: list[str]) -> list[Path]:
|
||||
paths = []
|
||||
for arg in cmd:
|
||||
if arg.startswith("-"):
|
||||
continue
|
||||
p = Path(arg)
|
||||
if p.exists():
|
||||
paths.append(p.resolve())
|
||||
return paths
|
||||
|
||||
|
||||
def main() -> None:
|
||||
"""
|
||||
Entry point for the CLI.
|
||||
@@ -116,12 +123,33 @@ def main() -> None:
|
||||
- Symlinks are skipped during scanning
|
||||
"""
|
||||
|
||||
wrapper_cmd = None
|
||||
if "--" in sys.argv:
|
||||
idx = sys.argv.index("--")
|
||||
wrapper_cmd = sys.argv[idx + 1 :]
|
||||
sys.argv = sys.argv[:idx]
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
prog="chguard",
|
||||
description="Snapshot and restore filesystem ownership and permissions.",
|
||||
)
|
||||
|
||||
actions = parser.add_mutually_exclusive_group(required=True)
|
||||
parser = argparse.ArgumentParser(
|
||||
prog="chguard",
|
||||
description="Snapshot and restore filesystem ownership and permissions.",
|
||||
epilog=(
|
||||
"Wrapper mode:\n"
|
||||
" chguard -- chown [OPTIONS] PATH...\n"
|
||||
" chguard -- chmod [OPTIONS] PATH...\n"
|
||||
" chguard -- chgrp [OPTIONS] PATH...\n\n"
|
||||
"In wrapper mode, chguard automatically saves a snapshot of ownership\n"
|
||||
"and permissions for the affected paths before running the command.\n"
|
||||
"Only chown, chmod, and chgrp are supported."
|
||||
),
|
||||
formatter_class=argparse.RawDescriptionHelpFormatter,
|
||||
)
|
||||
|
||||
actions = parser.add_mutually_exclusive_group(required=wrapper_cmd is None)
|
||||
|
||||
parser.add_argument(
|
||||
"--version",
|
||||
@@ -216,11 +244,84 @@ def main() -> None:
|
||||
|
||||
argcomplete.autocomplete(parser)
|
||||
args = parser.parse_args()
|
||||
|
||||
if wrapper_cmd is not None:
|
||||
if not wrapper_cmd:
|
||||
raise SystemExit("No command provided after '--'")
|
||||
|
||||
cmd = Path(wrapper_cmd[0]).name
|
||||
|
||||
if cmd not in ("chown", "chmod", "chgrp"):
|
||||
raise SystemExit(
|
||||
"Wrapper mode only supports chown, chmod, and chgrp"
|
||||
)
|
||||
|
||||
console = Console()
|
||||
|
||||
conn = connect(Path(args.db).expanduser().resolve() if args.db else None)
|
||||
init_db(conn)
|
||||
|
||||
if wrapper_cmd:
|
||||
paths = _extract_paths_from_command(wrapper_cmd)
|
||||
if paths:
|
||||
auto_name = f"auto-{datetime.now().strftime('%Y%m%d-%H%M%S')}"
|
||||
with conn:
|
||||
root_path = str(Path(paths[0]).resolve())
|
||||
state_id = create_state(
|
||||
conn, auto_name, root_path, os.getuid(), commit=False
|
||||
)
|
||||
|
||||
for path in paths:
|
||||
if path.is_dir():
|
||||
for entry in scan_tree(path):
|
||||
if entry.uid == 0 and not _is_root():
|
||||
raise SystemExit(
|
||||
"This command affects root-owned files.\n"
|
||||
"Please re-run with sudo."
|
||||
)
|
||||
conn.execute(
|
||||
"""
|
||||
INSERT INTO entries (state_id, path, type, mode, uid, gid)
|
||||
VALUES (?, ?, ?, ?, ?, ?)
|
||||
""",
|
||||
(
|
||||
state_id,
|
||||
entry.path,
|
||||
entry.type,
|
||||
entry.mode,
|
||||
entry.uid,
|
||||
entry.gid,
|
||||
),
|
||||
)
|
||||
else:
|
||||
st = path.lstat()
|
||||
if st.st_uid == 0 and not _is_root():
|
||||
raise SystemExit(
|
||||
"This command affects root-owned files.\n"
|
||||
"Please re-run with sudo."
|
||||
)
|
||||
conn.execute(
|
||||
"""
|
||||
INSERT INTO entries (state_id, path, type, mode, uid, gid)
|
||||
VALUES (?, ?, ?, ?, ?, ?)
|
||||
""",
|
||||
(
|
||||
state_id,
|
||||
str(path),
|
||||
"file",
|
||||
stat.S_IMODE(st.st_mode),
|
||||
st.st_uid,
|
||||
st.st_gid,
|
||||
),
|
||||
)
|
||||
|
||||
console.print(
|
||||
f"Saved pre-command snapshot: [cyan]{auto_name}[/cyan]"
|
||||
)
|
||||
|
||||
proc = subprocess.run(wrapper_cmd)
|
||||
sys.exit(proc.returncode)
|
||||
|
||||
if args.list:
|
||||
rows = conn.execute(
|
||||
"SELECT name, root_path, created_at FROM states ORDER BY created_at DESC"
|
||||
@@ -233,7 +334,10 @@ def main() -> None:
|
||||
for name, root, created in rows:
|
||||
dt = datetime.fromisoformat(created)
|
||||
ts = dt.strftime("%Y-%m-%d %H:%M:%S %z")
|
||||
console.print(f"{name}\t{root}\t[dim]{ts}[/dim]")
|
||||
if name.startswith("auto-"):
|
||||
console.print(f"[cyan]{name}[/cyan]\t{root}\t{ts}")
|
||||
else:
|
||||
console.print(f"{name}\t{root}\t{ts}")
|
||||
return
|
||||
|
||||
if args.delete:
|
||||
@@ -248,14 +352,19 @@ def main() -> None:
|
||||
|
||||
root = normalize_root(args.save)
|
||||
|
||||
try:
|
||||
with conn: # start transaction
|
||||
if state_exists(conn, args.name):
|
||||
if not args.overwrite:
|
||||
raise SystemExit(
|
||||
f"State '{args.name}' already exists (use --overwrite)"
|
||||
)
|
||||
delete_state(conn, args.name)
|
||||
# if the new save fails, this delete_state step will also roll back
|
||||
delete_state(conn, args.name, commit=False)
|
||||
|
||||
state_id = create_state(conn, args.name, str(root), os.getuid())
|
||||
state_id = create_state(
|
||||
conn, args.name, str(root), os.getuid(), commit=False
|
||||
)
|
||||
|
||||
# Abort early if root-owned files exist and user is not root.
|
||||
# This prevents creating snapshots that cannot be meaningfully restored.
|
||||
@@ -281,10 +390,12 @@ def main() -> None:
|
||||
),
|
||||
)
|
||||
|
||||
conn.commit()
|
||||
console.print(f"Saved state '{args.name}' for {root}")
|
||||
return
|
||||
|
||||
except SystemExit:
|
||||
raise
|
||||
|
||||
if args.restore:
|
||||
if not args.state:
|
||||
parser.error("STATE is required with --restore")
|
||||
@@ -339,7 +450,7 @@ def main() -> None:
|
||||
] = f"{_format_owner(bu, bg)} → {_format_owner(au, ag)}"
|
||||
counts["owner"] += 1
|
||||
|
||||
if au != current_uid:
|
||||
if ch.path.stat().st_uid != current_uid:
|
||||
needs_root = True
|
||||
|
||||
elif ch.kind == "mode" and restore_permissions:
|
||||
|
||||
@@ -61,18 +61,27 @@ def state_exists(conn: sqlite3.Connection, name: str) -> bool:
|
||||
|
||||
|
||||
def create_state(
|
||||
conn: sqlite3.Connection, name: str, root_path: str, created_by_uid: int
|
||||
conn: sqlite3.Connection,
|
||||
name: str,
|
||||
root_path: str,
|
||||
created_by_uid: int,
|
||||
*,
|
||||
commit: bool = True,
|
||||
) -> int:
|
||||
cur = conn.execute(
|
||||
"INSERT INTO states (name, root_path, created_at, created_by_uid) VALUES (?, ?, ?, ?)",
|
||||
(name, root_path, utc_now_iso(), created_by_uid),
|
||||
)
|
||||
if commit:
|
||||
conn.commit()
|
||||
return int(cur.lastrowid)
|
||||
|
||||
|
||||
def delete_state(conn: sqlite3.Connection, name: str) -> int:
|
||||
def delete_state(
|
||||
conn: sqlite3.Connection, name: str, commit: bool = True
|
||||
) -> int:
|
||||
cur = conn.execute("DELETE FROM states WHERE name = ?", (name,))
|
||||
if commit:
|
||||
conn.commit()
|
||||
return cur.rowcount
|
||||
|
||||
|
||||
2
poetry.lock
generated
2
poetry.lock
generated
@@ -289,4 +289,4 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess
|
||||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = ">=3.10,<4.0"
|
||||
content-hash = "aa4ded468b14fc02b90fdb2a0b1bd446195d02affc359c045b6bbb93858aa747"
|
||||
content-hash = "4a5c993fcc16fe3739c43eb00bed750ce0803d45e37c7a786aa0b83bb4930267"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[tool.poetry]
|
||||
name = "chguard"
|
||||
version = "0.2.0"
|
||||
version = "0.3.0"
|
||||
description = "Safety-first tool to snapshot and restore filesystem ownership and permissions."
|
||||
authors = ["Marco D'Aleo <marco@marcodaleo.com>"]
|
||||
license = "GPL-3.0-or-later"
|
||||
@@ -12,8 +12,8 @@ repository = "https://git.sysmd.uk/guardutils/chguard"
|
||||
python = ">=3.10,<4.0"
|
||||
rich = ">=12"
|
||||
argcomplete = ">=2"
|
||||
platformdirs = "^4.5.1"
|
||||
filelock = "^3.20.1"
|
||||
platformdirs = ">=4.5.1"
|
||||
filelock = ">=3.20.1"
|
||||
|
||||
[tool.poetry.scripts]
|
||||
chguard = "chguard.cli:main"
|
||||
|
||||
Reference in New Issue
Block a user