Distributed under the GNU GPL
Or see the file ./COPYING
Monitors file-changes happened in the directory set in experms.conf. If changes
happened, it adjusts the file-permissions and ownership/group.
You can either define directories (and also sub-directories) with different
ownerships and permissions.
It also allows exclusions based on directories or patterns (regex).
Further it is able to restore all the ownerships and permissions of all files
based on the config-file.
experms needs to be run with root-permissions.
experms depends on:
- python2-pyinotify (name can vary on different Linux distributions)
- systemd (optional)
You can start and/or enable experms with systemd:
# systemctl start experms # systemctl enable experms
Following arguments are available:
usage: experms [-h] [-c CONFIG] [-r] [-t] [-v] [-d] experms optional arguments: -h, --help show this help message and exit -c CONFIG, --config CONFIG Configuration file to use -r, --restore Just restore all the permissions and exit -t, --total Count the directories to watch and exit -v, --version Print the version and exit -d, --debug Print debug-messages
Note: You need to edit the configuration file before running experms for the
The Configuration File
experms.conf is located under /etc/experms.conf
You can use another file with the argument '--config'.
If changes happened to experms.conf, it is necessary to restart
# # /etc/experms.conf # [general] log_activities = no restore = no [DEFAULT] chmodd = 755 [directory_1] path = /first/directory user = first-user group = first-group chmodf = 640 chmodd = g+w excludepath = /first/directory/exclude1,/first/directory/subdir/exclude2 [directory_2] path = /second/directory group = second-group chmodf = 0644 excludepattern = .txt$|.TXT$|.sh$|.SH$ [directory_3] path = /second/directory/subdirectory group = third-group chmodf = g+w,o-r chmodd = g+w,o-rx
log_activities = yes | no
Decide, if experms should print a log.
restore = yes | no
Decide, if experms should restore all the ownerships and permissions
of all files based on the config-file. In case there were changes
while experms was not running.
Rules that should apply to all directory sections. They can be over‐
written inside a directory section.
path = /path/to/watch/dir
Set the directory where your rules should apply.
owner = username|UID
Set the owner of all the files and directories.
group = groupname|GID
Set the group of all the files and directories.
chmodf = permissions
Set the permission for all the files.
Accepted is octal (0777) or symbolic mode (comma separated list).
Symbolic mode has limited functionality and only supports
You can use set-UID, set-GID and sticky-bit if you wish to. E.g. 4660.
chmodd = permissions
Set the permission of all the directories.
See chmodf above.
excludepath = /path/to/exclude/dir,/path/to/exclude/file...
Exclude some directories and files from the rules (comma seperated).
excludepattern = regular expression
Exclude files (and only files) based on a pattern.
experms uses inotify to monitor the directories.
Inotify allows only a limited number of directories to watch per user.
Per default this is set to 8192.
You can increase this number by writing to
To make this change permanent, the following line should be added to
/etc/sysctl.conf or /etc/sysctl.d/99-sysctl.conf
fs.inotify.max_user_watches=8192 (your amount of directories)
You can check the amount of directories recursively with:
# experms --total