Fix Unix Perms

License: PRO+ (Professional Edition or higher)
Plugin Type: File Action
Author: Diskover Data, Inc.

Overview

The Fix Unix Perms file action lets you change Unix file permissions (chmod) on files and directories indexed by Diskover—all from a simple web interface. Instead of logging into servers and running command-line tools, you can select files directly in Diskover and apply permission changes with a few clicks.

This is especially useful when you need to:

Standardize permissions across large directory structures
Fix permission problems after data migrations
Quickly lock down or open up access to specific files
Ensure directories meet security compliance requirements

Key Features:

Octal permission setting – Configure target permissions using familiar Unix notation (755, 644, etc.)
Recursive operations – Apply permissions to entire directory trees with one action
Batch processing – Modify multiple files and directories in a single operation
Background processing – Large operations run asynchronously so you can continue working
Complete audit trail – See exactly which files were modified when the task completes

Use Cases

For System Administrators:

Post-migration cleanup – After moving data from Windows or cloud storage, files often arrive with inconsistent permissions (commonly 777). Use Fix Unix Perms to quickly standardize them to secure defaults.
Incident response – Immediately lock down compromised directories by removing world access, or restore permissions after a security event.

For Data Managers and Storage Teams:

Shared workspace setup – Configure project directories with appropriate group permissions so team members can collaborate effectively.
Compliance enforcement – Ensure directories containing sensitive data (financial records, healthcare information) have properly restricted access.

For All Users:

Permission drift correction – Over time, files created by different users with varying umask settings can create inconsistent permissions. Batch-fix entire directories to restore order.

Understanding Unix Permissions

If you're not deeply familiar with Unix permissions, here's a quick primer to help you choose the right settings.

Unix permissions control who can read, write, and execute files. They're typically expressed as a three-digit octal number (like 755 or 644), where each digit represents permissions for a different group:

Position	Who It Affects
First digit	Owner – the user who owns the file
Second digit	Group – users in the file's assigned group
Third digit	Others – everyone else

Each digit is a sum of permission values:

Value	Permission	Meaning
4	Read	Can view file contents or list directory
2	Write	Can modify file or create/delete files in directory
1	Execute	Can run file as program or access directory

Common Permission Combinations:

Octal	Symbolic	Best Used For
755	rwxr-xr-x	Directories, executable scripts
750	rwxr-x---	Secure directories (no public access)
700	rwx------	Private directories (owner only)
644	rw-r--r--	Regular files (documents, data)
640	rw-r-----	Secure files (no public read)
600	rw-------	Private files, credentials, keys
775	rwxrwxr-x	Group-shared directories
664	rw-rw-r--	Group-shared files

Special Permissions:

Octal	Name	Purpose
2775	Setgid	New files inherit the directory's group (great for shared projects)
1777	Sticky bit	Only file owners can delete their files (used for /tmp)

Tip: When in doubt, 755 for directories and 644 for files is a safe, standard choice that allows reading while protecting against unauthorized modifications.

Requirements

Diskover Requirements:

Diskover PRO+ license or higher
Diskover Web and Admin components installed
Celery task workers configured and running

Storage Requirements:

The Celery worker process must have filesystem access to the indexed storage
The worker must run as a user with permission to modify files on the target storage

Installation & Setup

Install the File Action Package

dnf install diskover-file-actions-fixperms

Restart Services

After installation, restart the necessary services:

# On the Diskover Web host
systemctl restart diskover-admin

# On all Diskover Task Worker hosts
systemctl restart celery

Configure the File Action

Log into Diskover Admin
Navigate to Configuration > Plugins > File Actions > Fix Permissions
Configure your desired default permission settings (see Configuration section below)
Save the configuration

Verify Installation

Log into the Diskover web interface
Select any file or directory
Click the Actions menu
Confirm that fix permissions appears in the list

Configuration

Configure the Fix Unix Perms file action through the Diskover Admin interface.

Location: Diskover Admin > Configuration > Plugins > File Actions > Fix Permissions

Setting	Default	Description
`name`	fix permissions	Display name shown in the Actions menu
`destination_perms`	777	Target permissions in octal notation. This is the permission value that will be applied to all selected files and directories.
`recursive`	True	When enabled, permissions are applied to all contents within selected directories, not just the directories themselves.

⚠️ Important: The default value of 777 (full access for everyone) is intentionally permissive for testing purposes. For production use, configure a more restrictive default such as 755 for directories or 644 for files.

Configuration Examples

Standard Secure Configuration (Recommended):

Setting	Value	Result
destination_perms	755	Owner: full access, Group/Others: read and execute
recursive	True	Applies to all contents

This is appropriate for most directory structures where files should be readable but not modifiable by non-owners.

Restrictive Configuration:

Setting	Value	Result
destination_perms	750	Owner: full access, Group: read and execute, Others: no access
recursive	True	Applies to all contents

Use this for directories containing sensitive data that should not be accessible to general users.

Group Collaboration Configuration:

Setting	Value	Result
destination_perms	2775	Setgid + group writable
recursive	True	Applies to all contents

Ideal for shared project directories where team members need to create and modify files.

Usage Guide

Basic Workflow

Step 1: Select Files or Directories

Log into the Diskover web interface
Navigate to the index containing your target files
Use search or browse to locate the items you want to modify
Select items using the checkboxes:
- Select individual files for targeted changes
- Select directories to modify entire folder structures (when recursive mode is enabled)
- You can select a mix of both files and directories

Step 2: Launch the File Action

With your items selected, click the Actions button in the toolbar
Select fix permissions from the dropdown menu

Step 3: Review and Submit

The Fix Permissions form displays showing:
- Assigned Worker – The Celery worker that will process your request
- Target Permissions – The permission value from your configuration
- Selected Items – A table listing all files and directories you selected
Review the list to confirm you've selected the correct items
Click Submit to start the operation

Step 4: Monitor Progress

After submitting, you're redirected to the task status page
The page shows the current state:
- PENDING – Task is queued, waiting for a worker
- STARTED – Worker is actively processing
- SUCCESS – All permissions have been changed
- FAILURE – An error occurred (check the error message)

Step 5: Review Results

When the task completes successfully, the results page displays all modified paths. For recursive operations on large directories, this list can be extensive.

Working with Individual Files

When you need precise control over which files are modified:

Use Diskover's search to find specific files (by name, extension, size, etc.)
Select only the files you want to change
Submit the fix permissions action

This approach is useful when:

You need to fix permissions on scattered files
Different files in the same directory need different permissions
You want to avoid modifying certain files

Working with Directories (Recursive Mode)

When you need to standardize permissions across entire directory trees:

Select the parent directory (or multiple directories)
Ensure recursive is enabled in the configuration
Submit the action

The worker will:

Apply the configured permissions to the selected directory
Traverse all subdirectories and files within
Apply the same permissions to every item found

Note: Large directories with thousands of files may take several minutes to process. The task runs in the background, so you can navigate away and check results later.

Common Tasks

Securing a project directory after migration:

Search for the project directory path
Select the top-level project folder
Run fix permissions with 755 configured
Verify with the results showing all modified paths

Preparing a shared workspace:

Navigate to the shared directory location
Select the directories that need group write access
Ensure configuration is set to 775 or 2775
Submit and verify team members can now create files

Emergency lockdown:

Quickly locate the affected directory
Select it (recursive mode will secure all contents)
With 700 configured, submit immediately
Verify only the owner can now access the directory

Security Considerations

Permission Value Selection

Choose permission values carefully based on your security requirements:

Scenario	Recommended	Avoid
General data directories	755	777
Configuration files	640 or 600	644 (if sensitive)
Shared project folders	775 or 2775	777
Credential files	600	Any group/world access
Web application uploads	750	777

Recursive Operation Awareness

When recursive mode is enabled, a single action can modify permissions on thousands or millions of files. Before submitting:

Verify you've selected the correct directory
Understand that changes are applied immediately
Note that original permissions are not automatically backed up

Access Control

Consider limiting access to this file action to administrators and trusted users who understand Unix permissions. Incorrectly applied permissions can:

Break application functionality
Expose sensitive data
Lock users out of their files

Troubleshooting

Common Issues

Issue	Cause	Solution
"Worker not set in session" error	Session expired or worker not assigned	Log out and log back in; verify worker assignment in admin
Task fails with "Permission denied"	Celery worker lacks filesystem privileges	Ensure worker runs as user with appropriate access
Task fails with "No such file or directory"	File was moved/deleted since indexing	Re-index the storage and retry
Task fails with "Read-only file system"	Target storage is mounted read-only	Check mount options; remount with write access
Permissions unchanged after success	Verification on wrong system	Confirm you're checking the same storage the worker accessed

Verifying Permission Changes

After a task completes, verify the changes were applied:

# Check a single file
ls -la /path/to/file

# Check permissions in octal format
stat -c "%a %n" /path/to/file

# Check all files in a directory
find /path/to/directory -maxdepth 1 -exec stat -c "%a %n" {} \;

Debug Logging

For detailed troubleshooting, check the following log files:

Diskover Admin logs:

/var/log/diskover/diskover-admin.log

Celery worker logs:

/var/log/celery/worker.log

Web server logs (Nginx):

/var/log/nginx/error.log

To enable more detailed output, set the log level to DEBUG in your Diskover configuration.

NFS and Network Storage

If you're working with NFS-mounted storage and encounter issues:

Verify the NFS mount is read-write: mount | grep nfs
Check NFS export options on the server (especially no_root_squash if worker runs as root)
Test permission changes directly on the worker host before using the file action

Support

Documentation: https://docs.diskoverdata.com
Support Portal: https://support.diskoverdata.com

Last Updated: January 2026
Diskover Data, Inc.