Permission Guard

File Information

Property	Value
Binary Name	permission-guard
Version	9.0.1
File Size	1.4MB
Author	Warith Al Maawali
License	Proprietary
Category	File Permission Management
Description	A robust permission management service for Kodachi OS that monitors and corrects file ownership to p...
JSON Data	View Raw JSON

SHA256 Checksum

dc8e325925898f25ec3829c54be013f7e5dc8557567924cbae82819bb852ae8b

---

Key Features

Permission Protection

Feature	Description
Automatic Monitoring	Watches directories for permission problems
Instant Correction	Fixes root-owned files as they appear
Smart Exclusions	Ignores system files that should remain root-owned
Daemon Mode	Runs continuously in background

Why Permission Guard is Essential

Benefit	Description
Prevents Lockouts	No more "Permission denied" on your own files
Workflow Protection	Keeps your work uninterrupted by permission issues
Security Compliance	Maintains proper user/system separation
Automatic Recovery	Self-heals permission problems without intervention

---

TL;DR - Essential Commands

# Start continuous monitoring (daemon mode - monitors current directory by default)
sudo permission-guard watch

# Start monitoring specific directory
sudo permission-guard watch /path/to/directory

# Scan and fix permissions once (scans current directory by default)
sudo permission-guard scan --fix

# Scan specific directory with fixes
sudo permission-guard scan /path/to/directory --fix

# Check current status
permission-guard status

# View configuration
permission-guard config show

---

Understanding Permission Issues

The Root-Owned File Problem

When you run commands with sudo, any files created become owned by root:

# Example problem:
sudo echo "config" > ~/myconfig.txt
ls -l ~/myconfig.txt
# -rw-r--r-- 1 root root 7 Jan 1 12:00 myconfig.txt
# Result: You can't edit your own file!

Permission Guard prevents this by automatically changing ownership back to you.

How Permission Guard Works

# Start monitoring your home directory
sudo permission-guard watch

# What it does:
# 1. Watches for new/modified files
# 2. Detects root ownership in user directories
# 3. Automatically changes ownership to correct user
# 4. Logs all corrections for audit

Scanning for Issues

One-time scan to find and fix existing problems:

# Scan with automatic fixing
sudo permission-guard scan

# Preview what would be fixed (dry run)
sudo permission-guard scan --dry-run

# Scan specific directory
sudo permission-guard scan ~/documents

Daemon Mode (Continuous Protection)

Run as a background service:

# Start daemon
sudo permission-guard watch -d

# Custom PID file location
sudo permission-guard watch -d --pid-file /var/run/pguard.pid

# Check daemon status
permission-guard --daemon-status

# Stop daemon
sudo permission-guard --stop-daemon

Configuration Management

# View current configuration
permission-guard config

# Edit configuration
permission-guard config --edit

# Use custom config file
permission-guard scan -c /path/to/config.json

Default Configuration:

Setting	Value	Description
Monitor Scope	User home directories	Watches user-owned directories only
Exclusions	.cache, .tmp, system dirs	Ignores temporary and system files
Fix Mode	Automatic	Immediately corrects ownership issues
Check Interval	5 seconds	Time between permission scans
Auto-start	Enabled via online-auth	Starts during authentication

Status Monitoring

# Check current status
permission-guard status

# Get JSON output for scripts
permission-guard status --json

# Verbose status with details
permission-guard status --verbose

Smart Exclusions

Permission Guard intelligently ignores:

Type	Description
System directories	/etc, /var, /sys
Temporary files	.tmp, .cache
Root-required files	System configs
Symbolic links	Links to system files

User Override

For multi-user systems:

# Monitor for specific user
sudo permission-guard watch --user-override alice

# Fix permissions for user by UID
sudo permission-guard scan --user-override 1001

---

Automatic Integration with Online-Auth

Permission Guard daemon starts automatically during online-auth authentication.

Manual Management Commands

Action	Command
Check daemon	permission-guard --daemon-status
Stop daemon	sudo permission-guard --stop-daemon

How It Works

When you authenticate:

sudo online-auth authenticate
# Permission-guard automatically:
# → Starts daemon in background
# → Monitors current directory
# → Fixes permission issues every 15 seconds

Default Configuration

Setting	Value
Directory	Current working directory
Scan Interval	15 seconds
Mode	Continuous daemon
Auto-fix	Enabled

Opting Out of Auto-Start

If you prefer manual control over permission-guard:

# Stop auto-started daemon
sudo permission-guard --stop-daemon

# Disable auto-start (modify online-auth behavior)
# Note: This requires configuration changes - contact support

Service lifecycle

# Verify overall system status including permission-guard
./online-auth check-all-status

# Check if daemon is running
permission-guard status                    # Show daemon status
ps aux | grep permission-guard             # Process check

# Start daemon manually (if auto-start disabled)
sudo permission-guard watch -d

# Monitor daemon activity
tail -f /var/log/permission-guard.log      # Watch daemon logs
permission-guard status --verbose          # Detailed status

# Stop daemon
sudo permission-guard --stop-daemon

Manual Control Scenarios

Manual control is needed for:

Scenario	Description
Custom Directories	Monitor specific paths beyond working directory
Configuration Changes	Adjust scan intervals or exclusions
One-time Scans	Quick permission checks without daemon
Maintenance	Stop daemon for system work
Opt-out Usage	Users who prefer manual control

Note

For normal usage, authentication starts protection automatically.

---

Advanced Commands

For advanced users who need access to all available commands and options, please refer to the auto-generated command reference which includes:

Feature	Description
Exclusion Patterns	Custom exclusion patterns
Recursive Depth	Recursive depth settings
Performance Tuning	Performance tuning options
Daemon Controls	Advanced daemon controls
Audit Logs	Audit log management
JSON Filtering	JSON filtering options
CLI Reference	All command-line flags and parameters

---

Security Notes

Important Security Practices:

Practice	Description
Directory Scope	Only monitor user directories, not system directories
Log Review	Review logs regularly for unexpected changes
Sensitive Files	Use exclusion patterns for sensitive files
Minimal Privileges	Run with minimal privileges when possible
Config Security	Keep configuration files secure

---

Performance

Metric	Value
Scan Speed	~1000 files/second
Memory Usage	~15MB active, < 5MB idle
CPU Usage	< 2% during monitoring
Check Interval	5 seconds default
Fix Time	< 100ms per file

---

Support

Resource	Link
Website	digi77.com
Anonymity Verifier	kodachi.cloud
Discord Support	discord.gg/KEFErEx
GitHub	github.com/WMAL

---