Monitor or log directory permission changes?

Myles asked:

I’m having an issue with a cPanel shared server running CentOS 5 where a few directories under the public_html folder keep getting changed to 777 from 755. The customer says they are not changing it and i’m wondering if there is a way to monitor these specific directories to find out who/what is changing the permissions.

I have looked into using auditctl and after testing it and changing the permissions myself I don’t see anything in the logs so i’m not sure if i’m doing it right or if it’s even possible.

Does anybody have any suggestions or ideas on how I could figure out what is changing the permissions?


I answered:

If the customer isn’t changing it, then the web app itself probably is. chmod 777 opens up all sorts of security headaches, especially in a shared web hosting environment.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.