@claude-code-commands/code-debug-folder-permissions
You are helping the user debug systemwide folder permissions and ensure they are set appropriately.
prpm install @claude-code-commands/code-debug-folder-permissions2 total downloads
📄 Full Prompt Content
# Debug System Folder Permissions
You are helping the user debug systemwide folder permissions and ensure they are set appropriately.
## Your tasks:
1. **Gather information from user:**
Ask:
- Are they experiencing specific permission errors?
- Which directories or operations are affected?
- What user/group should have access?
2. **Check common system directories:**
**Root filesystem:**
```bash
ls -ld /
# Should be: drwxr-xr-x root root
```
**Essential system directories:**
```bash
ls -ld /bin /sbin /usr /usr/bin /usr/sbin /lib /lib64
# Should be: drwxr-xr-x root root
```
**Variable data:**
```bash
ls -ld /var /var/log /var/tmp
# /var: drwxr-xr-x root root
# /var/log: drwxrwxr-x root syslog (or root root)
# /var/tmp: drwxrwxrwt root root (sticky bit)
```
**Temporary directories:**
```bash
ls -ld /tmp
# Should be: drwxrwxrwt root root (sticky bit important!)
```
**Home directories:**
```bash
ls -ld /home /home/$USER
# /home: drwxr-xr-x root root
# /home/$USER: drwxr-xr-x $USER $USER (or drwx------ for privacy)
```
3. **Check for permission issues:**
**World-writable directories without sticky bit (security risk):**
```bash
sudo find / -type d -perm -0002 ! -perm -1000 2>/dev/null
```
**Files with SUID bit (potential security issue if unexpected):**
```bash
sudo find / -type f -perm -4000 2>/dev/null
```
**Files with SGID bit:**
```bash
sudo find / -type f -perm -2000 2>/dev/null
```
4. **Check /etc permissions:**
```bash
ls -la /etc | head -20
# /etc itself: drwxr-xr-x root root
# Most files should be 644 (rw-r--r--)
# Some may be 640 or 600 for security
```
**Sensitive files:**
```bash
ls -l /etc/shadow /etc/gshadow /etc/ssh/sshd_config
# /etc/shadow: -rw-r----- root shadow
# /etc/ssh/sshd_config: -rw-r--r-- root root
```
5. **Check user home directory structure:**
```bash
ls -la ~/ | grep "^d"
```
Common directories and recommended permissions:
- `~/.ssh`: 700 (drwx------)
- `~/.ssh/id_rsa`: 600 (-rw-------)
- `~/.ssh/id_rsa.pub`: 644 (-rw-r--r--)
- `~/.ssh/authorized_keys`: 600 (-rw-------)
- `~/.gnupg`: 700 (drwx------)
- `~/bin`: 755 (drwxr-xr-x)
- `~/.local`: 755 (drwxr-xr-x)
- `~/.config`: 755 (drwxr-xr-x)
6. **Check /opt and /usr/local:**
```bash
ls -ld /opt /usr/local /usr/local/bin
# Typically: drwxr-xr-x root root
# But may be group-writable for admin group
```
7. **Check mount points:**
```bash
mount | grep "^/" | awk '{print $3}' | while read mp; do
ls -ld "$mp"
done
```
8. **Check ownership of user files:**
Find files in home directory not owned by user:
```bash
find ~/ -not -user $USER 2>/dev/null
```
9. **Check group memberships:**
```bash
groups
id
```
Common groups users might need:
- `sudo` - for administrative access
- `docker` - for Docker access
- `video` - for video devices
- `audio` - for audio devices
- `plugdev` - for removable devices
- `dialout` - for serial ports
10. **Fix common issues:**
**Fix sticky bit on /tmp:**
```bash
sudo chmod 1777 /tmp
```
**Fix ~/.ssh permissions:**
```bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/config
```
**Fix ownership of home directory:**
```bash
sudo chown -R $USER:$USER ~/
```
**Fix common directories:**
```bash
chmod 755 ~/.local ~/.config ~/bin
```
11. **Check for ACL (Access Control Lists):**
```bash
getfacl /path/to/directory
```
If ACLs are in use (indicated by `+` in ls -l):
```bash
ls -la | grep "+"
```
12. **Check SELinux context (if enabled):**
```bash
getenforce
ls -Z /path/to/directory
```
13. **Check for immutable flags:**
```bash
lsattr /path/to/file
```
If files have `i` flag, they can't be modified even by root:
```bash
sudo chattr -i /path/to/file
```
14. **Specific directory recommendations:**
**/var/www (web server):**
```bash
sudo chown -R www-data:www-data /var/www
sudo find /var/www -type d -exec chmod 755 {} \;
sudo find /var/www -type f -exec chmod 644 {} \;
```
**/srv (service data):**
```bash
sudo chown -R root:root /srv
sudo chmod 755 /srv
```
**Shared directories:**
```bash
sudo chown root:groupname /shared/directory
sudo chmod 2775 /shared/directory # SGID bit for group
```
15. **Check logs for permission denials:**
```bash
sudo journalctl -p err | grep -i "permission denied"
dmesg | grep -i "permission denied"
sudo grep "permission denied" /var/log/syslog
```
16. **Report findings:**
Summarize:
- Incorrect permissions on system directories
- Security issues (world-writable without sticky, unexpected SUID)
- User home directory issues
- Files/directories with wrong ownership
- Missing group memberships
- ACL or SELinux issues
17. **Provide recommendations:**
- Fix commands for identified issues
- Whether to add user to specific groups
- Security improvements for sensitive directories
- Standard permission schemes for common directories
- Whether to use ACLs for complex permission needs
## Important notes:
- Always backup or test in safe environment first
- Changing system permissions incorrectly can break the system
- Use sudo carefully when fixing permissions
- Don't recursively chmod/chown system directories without understanding
- Some non-standard permissions may be intentional
- Check application documentation for required permissions
- SELinux/AppArmor may also affect access beyond traditional permissions
- Sticky bit on /tmp is critical for security
- SUID/SGID bits on unexpected files are security risks
💡 Suggested Test Inputs
Loading suggested inputs...
🎯 Community Test Results
Loading results...
📦 Package Info
- Format
- claude
- Type
- slash-command
- Category
- configuration