Unix Perms
License: PRO+ (Professional Edition or higher)
Plugin Type: Index Plugin
Author: Diskover Data, Inc.
Overview
The Unix Perms plugin extracts and indexes Unix file system permission attributes during Diskover indexing. It adds a unix_perms field containing the octal representation of file and directory permissions (e.g., "755", "644"), enabling powerful search and analysis capabilities for permission-based queries.
The plugin also automatically tags files and directories that have overly permissive settings (permissions 777 or 666), making it easy to identify potential security risks across your file systems.
Note: This plugin is designed for Unix-like file systems (Linux, macOS, NFS mounts, etc.). For Windows environments, see the Windows Owner plugin for NTFS ownership and permission information.
What Gets Indexed
Field | Description |
|---|---|
| Three-digit octal permission string (e.g., "755", "644") |
| Automatic tags added to files with insecure permissions (777 or 666) |
Use Cases
Security Auditing
Identify files and directories with overly permissive access that could pose security risks.
Workflow:
Run scheduled scans of sensitive file systems
Search for
unix_perms:(777 OR 666)ortags:ugo+rwxExport results for security team review
Track remediation progress over time
Example queries:
World-writable files:
unix_perms:666Sensitive files with wrong permissions:
extension:(pem OR key) AND NOT unix_perms:600
Compliance Verification
Ensure file permissions meet regulatory requirements such as PCI-DSS, HIPAA, or SOC2.
Example queries:
Files that should be restricted:
parent_path:*confidential* AND NOT unix_perms:(600 OR 640)Log files accessible to world:
extension:log AND unix_perms:*44
Troubleshooting Access Issues
Diagnose file access problems by analyzing permission patterns.
Example queries:
Directories missing execute permission (inaccessible):
type:directory AND unix_perms:(6* OR 4*)Recently modified files with restrictive permissions:
unix_perms:600 AND mtime:[now-7d TO now]
Understanding Unix Permissions
Unix permissions control who can read, write, or execute files and directories. Understanding the octal format will help you write effective search queries and interpret results.
Octal Format Explained
Unix permissions are represented as a three-digit octal (base-8) number. Each digit represents permissions for a different user class:
Position | User Class | Description |
|---|---|---|
First digit | User (u) | The file owner |
Second digit | Group (g) | Members of the file's group |
Third digit | Other (o) | Everyone else |
Each digit is calculated by adding permission values together:
Value | Permission | Symbol | Meaning |
|---|---|---|---|
4 | Read | r | View file contents / list directory |
2 | Write | w | Modify file / create or delete in directory |
1 | Execute | x | Run file / access directory |
Reading a Permission Value
Here's how to decode an octal permission like 754:
7 (User) = 4 + 2 + 1 = rwx (read, write, execute) 5 (Group) = 4 + 0 + 1 = r-x (read, execute) 4 (Other) = 4 + 0 + 0 = r-- (read only)
Common Permission Values
Octal | Symbolic | Typical Use |
|---|---|---|
755 | rwxr-xr-x | Directories, executable scripts |
644 | rw-r--r-- | Regular files, documents |
700 | rwx------ | Private directories |
600 | rw------- | Private files, SSH keys, config files with passwords |
775 | rwxrwxr-x | Shared directories (user + group writable) |
664 | rw-rw-r-- | Shared files (user + group writable) |
777 | rwxrwxrwx | ⚠️ INSECURE - World writable directory |
666 | rw-rw-rw- | ⚠️ INSECURE - World writable file |
Requirements
System Requirements
Diskover PRO+ license or higher
Unix-like file system (Linux, macOS, NFS mounts, etc.)
Python 3.x (included with Diskover installation)
Dependencies
This plugin has no external dependencies—it uses only Python's standard library (os.stat).
Installation
Step 1: Enable the Plugin
Navigate to Diskover Admin > Plugins > Index Plugins > Unix Perms
Enable the plugin
Save the configuration
Step 2: Enable in Index Task Configuration
Navigate to Diskover > Configurations > select your configuration (e.g., Default)
Scroll to the bottom to find Index Plugins Enablement
Enable the Unix Perms plugin
Save the configuration
The plugin will now run automatically during scans using this configuration.
Configuration
The Unix Perms plugin requires no configuration—it works automatically once enabled. The plugin:
Processes all files and directories
Extracts permission octals from file system metadata
Automatically tags files with 777 or 666 permissions as security risks
Indexed Fields
Elasticsearch Field Mapping
Field Path | ES Type | Description |
|---|---|---|
| keyword | Three-digit octal permission string (e.g., "755", "644") |
The keyword type enables exact-match queries on the permission string.
Auto-Tagging Behavior
Files and directories with permissions 777 or 666 are automatically tagged:
Tag | Meaning |
|---|---|
| Identifies items tagged by this plugin |
| Indicates user, group, and other all have read/write access |
Example Document
{
"name": "shared_data.csv",
"type": "file",
"unix_perms": "666",
"tags": ["unixperms-plugin", "ugo+rwx"]
}
Searching in Diskover
Basic Permission Searches
Query | Description |
|---|---|
| Standard executable directories |
| Standard readable files |
| Private directories (owner-only access) |
| Private files (owner-only access) |
Security Audit Searches
Query | Description |
|---|---|
| World-writable directories (security risk) |
| World-writable files (security risk) |
| All insecurely permissioned items |
| Items tagged as insecure by the plugin |
Wildcard Searches
Query | Description |
|---|---|
| Owner has full access (read/write/execute) |
| Group and other have full access |
| Non-standard permissions |
Combined Searches
Query | Description |
|---|---|
| World-writable files in shared directories |
| Private key files with correct permissions |
| Directories with unusual permissions |
| Config files with write access for group/other |
Troubleshooting
Issue | Cause | Solution |
|---|---|---|
| Plugin not enabled or not processing | Verify plugin is enabled in both Admin Plugins and Index Task Configuration |
Incorrect permission values | File system mounted with special options | Check mount options; some mounts override permissions |
Tags not appearing on 777/666 files | Permissions not exactly matching | Verify actual permissions with |
Permissions show "000" | Insufficient read access | Ensure Diskover service account can read file metadata |
Network share permissions wrong | NFS/CIFS permission translation | Network mounts may report different permissions; check server-side settings |
Diagnostic Commands
Use these commands to verify permissions outside of Diskover:
Linux:
# View permissions on a file ls -la /path/to/file # View octal permissions directly stat -c "%a %n" /path/to/file # Find world-writable files (compare with Diskover results) find /path -type f -perm -o+w -ls # Verify Diskover service account can read permissions sudo -u diskover stat /path/to/file
Debug Logging
To enable verbose logging for troubleshooting:
Check Diskover logs for plugin-related messages
Log location (Linux):
/var/log/diskover/diskover.logLook for entries containing "unix_perms" or "UnixPerms"
Support
Last Updated: January 2025
Diskover Data, Inc.
Comments
0 comments
Please sign in to leave a comment.