On Tue, May 18, 2021 at 11:46:38PM +0000, Andy Smith wrote: > I can't think of an easy way if you don't have backups. If you have > another system you could get a list of all its permissions like so: > > # find /usr -xdev -printf '%p %m\0' | sort -z > good-perms > > Then on your suspect machine: > > # find /usr -xdev -printf '%p %m\0' | sort -z > suspect-perms > > And then run this perl script: > > https://gist.github.com/grifferz/1c478ea5eb789b2a1d1a3e49d2a9345c
The serialization format you're using (pathname followed by mode) is not ideal for parsing. I'd suggest putting the mode *first*, because it's in a known, fixed format, and then the pathname second. Obviously this would require changing the script that's doing the parsing, as well as the sort command (e.g. sort -z -k2), but it should be easier that way.
