DEV Community: Nedim Hadzimahmutovic

FREE EBOOK: Master Linux File Permissions 🐧

Nedim Hadzimahmutovic — Thu, 23 Oct 2025 05:13:14 +0000

Updated my book with extra diagrams and examples in this second revision! Because I love this community, I'm giving the updated version away for free! Go get it!

Master Special Permissions in Linux While Your Coffee Brews

Nedim Hadzimahmutovic — Fri, 31 Jan 2025 04:28:01 +0000

This is the fourth and last article from a series compiled from my notes while taking the LPI exams.

The three special permissions are:

The Sticky bit,
the SUID bit, and
the SGID bit.

These permissions can be specified using:

symbolic mode: they are represented by letters (t, s, S), or
numeric mode: they are represented by numbers (1, 2, 4).

The Sticky Bit

The sticky bit is also known as the restricted deletion flag. It does not affect individual files, but when set at the directory level it prevents users from removing or renaming files. Only the owner and the root user can remove files in that directory.

The sticky bit on files is ignored on the modern versions of Linux.

Identifying the Sticky Bit

Example: the /tmp directory.

A well-known system directory with the sticky bit set on it is the
/tmp directory as shown below. Since this directory is word-readable and world-writable it prevents users from deleting files unless they own the parent directory.

ls -ld /tmp
drwxrwxrwt 35 root root 4096 Dec 25 19:09 /tmp

Notice the t at the last place in the permissions.

Setting the Sticky Bit

Symbolic mode

In symbolic mode, the sticky bit is represented by a "t" within the other's permissions.

To enable it, use "+t".
To disable it, use "-t".

For example set the sticky bit for mytmp.

chmod +t mytmp

To check the directory permissions use the following command.

ls -ld ./mytmp
drwxrwxrwt 2 root root 4096 Dec 25 19:37 ./mytmp

Numeric Mode

In numeric mode, we will use the four-digit notation and set the first digit to "1" which sets the sticky bit.

Example where the execute permission is set.

chmod 1771 mytmp
ls -ld ./mytmp
drwxrwx--t 2 root root 4096 Dec 25 19:37 ./mytmp

Example where the execute permission is set.

chmod 1777 mytmp
ls -ld ./mytmp
drwxrwxrwt 2 root root 4096 Dec 25 19:37 ./mytmp

Example where the execute permission is NOT set.

chmod 1774 mytmp
ls -ld ./mytmp
drwxrwxr-T 2 root root 4096 Dec 25 19:37 ./mytmp

Example where the execute permission is NOT set.

chmod 1770 mytmp
ls -ld ./mytmp
drwxrwx--T 2 root root 4096 Dec 25 19:37 ./mytmp

The sticky bit is represented with t when the execution permission
is enabled, and as T when the execute permission is missing.

The /tmp and /var/tmp directories often have the sticky bit set to prevent unauthorized users from deleting or modifying files created by other users.

SUID

SUID (Set User ID) is a special permission that allows a file to be executed with the privileges of the user who owns the file. When a SUID is set on a file where the owner is root then the user that is running the file can execute that file with root privileges. This means that the user running the program will temporarily inherit the root permissions.

Identifying `SUID`

Files with SUID bit show a letter 's' replacing the 'x' on the user permissions filed, as shown in the following diagram and examples.

SUID can only be set on files, not directories.

Example: the password command.

1. We will check the file permissions using the ls command.

ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 64152 May 30  2024 /usr/bin/passwd

2. Next, we check the permissions with stat to show the
permissions in octal and human-readable formats.

stat -c "File %n has %a and %A permissions" /usr/bin/passwd
File /usr/bin/passwd has 4755 and -rwsr-xr-x permissions

Notice the s in the user ownership field in the permissions.

Setting `SUID`

Symbolic Mode

In symbolic mode, SUID is set by using the letter "s" in the user permission field.

To enable it, use "u+s".
To disable it, use "u-s".

Examples where we add only the SUID without any other user permissions.

chmod u+s myfile
ls -l myfile
---S------ 1 root root 0 Oct 24 13:05 myfile

u+s,u-rwx myfile
ls -l myfile
---S------ 1 root root 0 Dec 30 17:46 myfile

Please notice the capital letter S. That means the execute user
permissions are missing.

In this example where we add the SUID bit, read, write, and execute user permissions.

chmod u+rwxs myfile
ls -l myfile
-rws------ 1 root root 0 Oct 24 13:05 myfile

If the user permission section shows "s" instead of "x", then the SUID bit is set.

Numeric Mode

The octal value of SUID is 4, therefore we add 4 to the user permissions.

Here is an example where we set the SUID only, without any other user permissions.

chmod 4000 myfile
root@nedim-IdeaPad-box:~/emptydir# ls -l myfile
---S------ 1 root root 0 Oct 24 13:05 myfile

In this example, we set SUID and grant 755 permissions.

chmod 4755 myfile
ls -l myfile
-rwsr-xr-x 1 root root 0 Oct 24 13:05 myfile

SGID

Set GID, also known as SGID or Set Group ID bit, is a permission that can be applied to both executable files and directories.

This special permission has the following functions:

When applied to executable files, once a user executes the file it grants the resulting process permissions of the group that owns the file.
When applied to directories, it makes every file or directory created under it inherit the group from the parent directory.

As we explained previously, when the SGID bit is set on a folder, any new files created inside that folder will automatically belong to the same group as the folder itself. It doesn't matter who created the file.
This can be helpful when you want all files in a folder to belong to a specific group, even if different people create those files.

Identifying `SGID`

Files with SGID bit show a letter "s" replacing the "x" on the group permissions. Please see the following diagram and examples.

Setting `SGID`

You need to be careful when using the SGID bit because it can create security problems. For example, if a folder with the SGID bit is set it can be written to by anyone who is a member of that group. Anyone in that group could create files within that folder. These files would belong to the group, which could give them access to data they shouldn't
have.

It's usually better to use group ownership and permissions correctly instead of relying on the SGID bit.

Symbolic Mode

To set the SGID bit on a directory, in symbolic mode, we use the command demonstrated below.

chmod g+s mydirectory
ls -ld mydirectory
drwxr-sr-x 2 root root 4096 Dec 30 19:47 mydirectory

To set the SGID bit on a file in symbolic mode, we use the command demonstrated below.

chmod g+s,g+rwx myfile
ls -l myfile
----rws--- 1 root root 0 Dec 30 17:46 myfile

To set the SGID bit on a file in symbolic mode, with missing execute permissions, we use the command demonstrated below.

chmod g+s,g+rw,g-x myfile
ls -l myfile
----rwS--- 1 root root 0 Dec 30 17:46 myfile

Please notice the capital letter S. That means the execute group permissions are missing.

Numeric Mode

The octal value of SGID is 2, therefore we add 2 to the group permissions.

To set the SGID bit on a directory, in numeric mode, we use the command demonstrated below.

chmod 2755 mydirectory
ls -ld mydirectory
drwxr-sr-x 2 root root 4096 Dec 30 19:47 mydirectory

To set the SGID bit on a file, in numeric mode, we use the command demonstrated below.

chmod 2755 myfile
ls -l myfile
-rwxr-sr-x 1 root root 0 Dec 30 17:46 myfile

Special Directories

Understanding Temporary Files

Temporary files are files used by programs for short-term data storage. They can be used for various purposes, such as storing process data and logs. The Filesystem Hierarchy Standard (FHS) defines standard locations for temporary files, as shown in the table below.

Both /tmp and /var/tmp are used for temporary files but have different behaviors.
Files in /tmp are typically erased during system boot-up, while files in /var/tmp are usually preserved between reboots.
The /run directory is used for run-time variable data used by running processes, such as process identifier files (PID). It is intended to be cleared during system boot-up.

Securing Temporary Files

The most widely used location for storing temp files is the /tmp
directory. It is a system-wide temporary directory that any user can write and read from. Managing permissions for this directory is a challenge as the correct access permissions need to be set to make sure that users cannot erase or modify files created by others. In short, choosing /tmp to store and execute your files can be very dangerous.

To implement security to the /tmp directory, the sticky bit is used. When set for a directory, the sticky bit prevents users from removing or renaming a file within that directory unless they own the file.

Identifying the Sticky bit on `/tmp`

To check the permissions on /tmp use the ls command, as follows.

ls -ldh /tmp/ /var/tmp/
drwxrwxrwt 392 root root  28K Dec  2 08:42 /tmp/
drwxrwxrwt  14 root root 4.0K Dec  2 08:39 /var/tmp/

The sticky bit is indicated by a "t" replacing the "x" in the
permission for others.

The sticky bit helps to protect files created by other users from being accidentally or maliciously deleted or modified.

Summary

In Linux, everything you interact with, such as files, folders, and even devices like your keyboard or mouse, is considered a file. This might seem unusual the first time you start working on Linux, but it's a core concept that makes Linux incredibly flexible and powerful.

In this article series, we learned about the different types of files, from regular files to special files that represent hardware or are used for communication. We also learned about links, which are shortcuts to files, and how to identify them.

One of the most important aspects of Linux is security. File permissions determine who can access and modify your files. This is crucial in a multi-user environment, where you usually share a computer with other people. We learned how to use commands like ls and chmod to view and change these permissions, giving you control over your data.

Special permissions, like the Sticky bit, SUID, and SGID, provide extra layers of security. For example, the Sticky bit can prevent other users from deleting files in shared directories.

Understanding file types and permissions is a must for any Linux user. It allows you to manage your system efficiently and protect your data.

I hope the effort I put into this book, especially the graphics makes this topic as simplified as possible. Let me know if you'd like any specific parts explained further.

Please do not hesitate to contact me, via the links below.

This article is part of my book:

Master Linux File Ownership While Your Coffee Brews

Nedim Hadzimahmutovic — Sun, 19 Jan 2025 13:52:11 +0000

This is the third article from a series compiled from my notes while taking the LPI exams.

File ownership is a very important security aspect of the Linux operating system. The chown command lets you change who owns a file or folder. This is very helpful when administrators need to give or take away access to certain files. This chapter introduces how to use the chown command.

Identify File Ownership

To view the file ownership for /etc/passwd do as follows.

ls -l /etc/passwd
-rw-r--r-- 1 root root 3274 Dec 22 16:13 /etc/passwd

The `chown` command

The chown command is used to modify file ownership. The syntax for the chown is:

chown user_name:group_name file_name

To view the current ownership of a file use the ls -l command to list files with detailed information.

ls -l target_file.txt
-rw-r--r-- 1 root root 0 Nov  6 12:23 target_file.txt

Change the Owner

Following is an example of how to change the owner of a file.

First, we create the myfile file and list the current ownership details.

touch myfile
ls -l myfile
-rw-r--r-- 1 root root 0 Jan  1 22:36 myfile

The next step is to change the owner from root to user kulin.

chown -v kulin myfile
changed ownership of 'myfile' from root to kulin

The last step is to list the new ownership information.

ls -l myfile
-rw-r--r-- 1 kulin root 0 Jan  1 22:36 myfile

To view only the username of the owner you can use the stat command as follows.

stat -c "The username %U is the owner for the file %n" myfile
The username kulin is the owner for the file myfile

Change the Owner Group

Following is an example of how to change the group ownership of a file.

First we list the current ownership information.

ls -l myfile
-rw-r--r-- 1 kulin root 0 Jan  1 22:36 myfile

Next, we change the group of the owner.

chown -v :kulin myfile
changed ownership of 'myfile' from kulin:root to :kulin

The last step is to list the new ownership information.

ls -l myfile
-rw-r--r-- 1 kulin kulin 0 Jan  1 22:36 myfile

To view the only group of the owner you can use the stat command as follows.

stat -c "The group name of the owner is %G for the file %n" myfile
The group name of the owner is kulin for the file myfile

To change both user and group at the same time follow the next example.

chown -v kulin:kulin myfile

To change the ownership of a directory and all its contents recursively, use the -R option as demonstrated in the next example.

chown -R username:groupname directory

Check out the man pages for more info.

man chown

This article is part of my book:

Master Linux File Permissions While Your Coffee Brews

Nedim Hadzimahmutovic — Sat, 18 Jan 2025 04:24:52 +0000

This is the second article from a series compiled from my notes while taking the LPI exams.

Linux allows multiple users to access and use the system simultaneously. File permissions are crucial in a multi-user system to protect user privacy. It ensures that only authorized users can access and modify files.

The three sets of permissions are:

Owner permissions: Apply to the user who owns the file.
Group permissions: Apply to group members that own the file.
Other permissions: Apply to all other users who are not the owner or a member of the group.

The `ls` command

The ls by default is used to list the contents of a directory.

Example to display contents of the current directory

ls

ls .

However, it can list file permissions and ownerships or find hidden files and directories.

Example to check the permissions of files

You can use the -l option which is known as long listing format. The complete command would be ls -l.

ls -l

total 552
-rw-rw-r-- 1 coolin coolin 493743 Oct 23 10:58 book.pdf
drwxrwxr-x 5 coolin coolin   4096 Oct 15 08:27 chapters

Infographics that explain each column in a long listing representation

For example the following case.

drwxrwxr-x 5 coolin coolin   4096 Oct 15 08:27 chapters

Access the man page for more info.

man ls

Hidden Files

To view hidden files in a directory use the -a or --all option with the ls command. This option tells ls to list all files, including those that are hidden.

An example can be found below

ls -a ~
.  ..  .bash_history  .bashrc  .profile

ls -a -l ~
total 76
drwx------  8 root root  4096 Oct 23 14:47 .
drwxr-xr-x 23 root root  4096 Aug  5 17:07 ..
-rw-------  1 root root 24062 Oct 22 21:20 .bash_history
-rw-r--r--  1 root root   161 Apr 22  2024 .profile

Refer to the ls command's manual pages for more details.

man ls

Directory Permissions

Directories are file types that are marked with the letter d. You set the permissions the same way as with files, but directories behave differently than files when it comes to permissions.

The Read Permission

Allows a user to view the contents of a directory, such as listing files and subdirectories.
A user with 'r' permission can not read the contents of individual files within a directory.
The 'r' permission only grants access to the directory's contents, not the individual files.

The Write Permission

Allows a user to modify the contents of a directory, including creating, deleting, and renaming files.
A user with 'w' permission can change the permissions of any file within a directory, regardless of their permissions or ownership.
The 'w' permission grants the ability to change file permissions within the directory.

The Execute Permission

Allows a user to enter or access a directory.
The 'x' permission does not grant access to listing the contents of a directory.
The 'x' permission only allows entry into the directory. To list the contents, the 'r' permission is also required.

To remove all permissions use the command below.

chmod 0000 myfile

File Permissions

To understand security, you need to master Linux file permissions. As
they control who can access files, and modify them it is crucial to
understand how they work and how to correctly set file permissions.

A dash (-) represents the lack of a particular permission.

The `chmod` command

Using the chmod command you change file mode bits meaning you can
modify file permissions.

There are two modes to change permissions:

Symbolic mode,
Numeric mode.

Symbolic Mode

In this mode, permissions are represented by letters. The symbolic mode
offers a detailed approach to modifying permissions, allowing you to add
or remove specific permissions.

In this example we will make a file readable and executable by everyone, you would use the following example

chmod a+rx file.txt

This is an example of how you use the symbolic mode to add read and write permissions for the user and group, but revoke all permissions for others

chmod ug+rw-x,o-rwx text.txt

To check if permissions were set correctly use the following command.

ls -al text.txt
-rw-rw---- 1 kulin kulin 0 Dec 24 20:16 text.txt

Numeric Mode

In this mode, permissions are represented using numbers. In this mode
permissions are represented as follows: read is 4, write is
2, and execute is 1.

Basic Overview of Permissions

A basic permissions demonstration can be found in the next table.

Detailed Overview of Permissions

A demonstration of detailed permissions can be found in the next table.

Commonly Used Permissions

A common practice when setting permissions to files and directories is
as follows:

Directories: 755 or 750,
Files: 644 or 640,
Sensitive files containing credentials: 600.

- Warning

The 777 is a world-readable type of permission meaning everyone gets all permissions. It should be used with extreme caution.

Refer to the chmod command's manual pages for more details.

man chmod

The `stat` command

This command is used to status files. We will cover the basic use cases
that are useful in the context of this chapter.

Display Permissions in Octal Mode

Example to easily get a file's permissions in octal mode

stat -c %a /etc/passwd
644

Display Permissions in Human Readable Form

Example to easily get a file's permissions in human-readable form

stat -c %A /etc/passwd
-rw-r--r--

You can combine stat options as shown below.

stat -c "%n is a %F, permissions are %A, in octal %a" /etc/passwd
/etc/passwd is a regular file, permissions are -rw-r--r--, in octal 644

Refer to the stat command's manual pages for more details.

man stat

This article is part of my book:

Master Linux File Types While Your Coffee Brews

Nedim Hadzimahmutovic — Thu, 16 Jan 2025 07:42:16 +0000

This is the first article from a series compiled from my notes while taking the LPI exams.

A well-known expression says that everything in Linux is considered a file. In the following diagram, you can find a map that shows the most common file types.

Common File Types

The three most common file types are:

Regular files: A Regular file can contain any data and can be modified, moved, copied, or deleted.
Directories: A directory is a special file containing other files or directories, helping to organize the file system.
Links: A link is a pointer to another file or directory elsewhere in the same file system.

Less Common File Types

Block devices: A block device represents a virtual or physical device, typically a disk or other storage device.
Character devices: A character device represents a virtual or physical device, such as terminals or serial ports.
Sockets: A socket is a channel for communication between two programs.

Identify File Types

The easiest way to identify a file's type is to use the ls command,
using the long listing format.

Refer to the following table for more information.

File Type	Symbol	Permissions
Regular File	-	-rw-------
Directory	d	drwxr-xr-x
Symbolic Link	l	lrwxrwxrwx
Block Device	b	brw-rw----
Character Device	c	crw-rw----
Socket	s	srw-rw----

Example of using the stat command to identify the file type.

 stat -c "%n is a %F" /etc/passwd
/etc/passwd is a regular file

Identify Regular Files

Regular files are marked with the - symbol.

This is an example of using ls to identify a regular file, is where the first letter in the output of ls -l represents the file type.

ls -l /etc/passwd
-rw-r--r-- 1 root root 3274 Dec 22 16:13 /etc/passwd

Identify Directories

Directories are marked with the d letter.

Example of using ls to identify directories.

ls -ld /etc/
drwxr-xr-x 168 root root 12288 Jan  1 15:12 /etc/

Identify Block Devices

Block devices are marked with the b letter.

This is an example of using ls to identify a block device.

ls -l /dev/nvme0n1
brw-rw---- 1 root disk 259, 0 Jan  3 12:52 /dev/nvme0n1

Identify Character Devices

Character devices are marked with the c letter.

An example of using ls to identify a character device.

ls -l /dev/tty
crw-rw-rw- 1 root tty 5, 0 Jan  7 18:22 /dev/tty

Identify Socket Devices

Sockets are marked with the s letter.

An example of using ls to identify a socket device.

ls -l /run/systemd/notify
srwxrwxrwx 1 root root 0 Jan  3 12:52 /run/systemd/notify

Links

Links are special types of files and there are two types:

Symbolic links: These types of links point to other files or
directories.
Hard links: These types of links point to the same place on the
disk, known as inode, just as the original file.

Symbolic Links

A symbolic link is a special type of file pointing to another file's path. It's like a shortcut or alias.

Identify Symbolic Links

Symbolic links are marked with the l letter.

Example of using ls to identify a symbolic link.

ls -l /dev/core
lrwxrwxrwx 1 root root 11 Jan  3 12:52 /dev/core -> /proc/kcore

Creating Symbolic links

The command used to create a symbolic link is ln but with the -s
option.

Example that demonstrates how to create a symbolic file.

touch target_file.txt
ln -s target_file.txt the_soft_link.txt

To check the results use the command ls -l as follows.

ls -l
-rw-r--r-- 1 root root  0 Nov  6 12:23 target_file.txt
lrwxrwxrwx 1 root root 15 Nov  6 11:54 the_soft_link.txt -> target_file.txt

Notes

Symbolic links can point to a file or directory.
You can create symbolic links on different partitions.
You can create a symbolic link to a non-existent file.
Symbolic links are useful when you need to create a link to a file or directory that is located on a different file system.
You can identify a symbolic link in the output of ls, where the first character on the permissions for a symbolic link is 'l'.

Access the man page for more info.

man ln

Hard Links

Hard links are pointers to the same inode on the disk. This means that
two different hard links can point to the same data.

The TARGET file must exist before creating a hard link.
If you do not specify a the_link_name a hard link with the same name as the target_file will be created in the current directory.
When the target_file or the_link_name are not in the current directory then use full path also known as absolute paths.

Creating Hard Links

The command used to create hard links is the ln command.

The basic syntax is shown below.

ln target_file the_link_name

In this example we create a new file named myfile and a new link named mylink.

echo "Hi, there." > myfile
ln myfile mylink

Identify Hard Links

Hard links do not have a special symbol that we can use to identify
them. They are regular files. To identify hard links we use
ls with the -i option.

In this step, we check the inodes to make sure both files have the same inode.

ls -il myfile
2027339 -rw-r--r-- 2 root root 11 Dec 31 08:29 myfile
ls -il mylink
2027339 -rw-r--r-- 2 root root 11 Dec 31 08:29 mylink

Notice the number 2. That means two files point to the same inode.

Another way to check that both files have the same inodes is using the stat command as follows.

stat -c "%n is a %F with inode %i" mylink
mylink is a regular file with inode 2027339

stat -c "%n is a %F with inode %i" myfile
myfile is a regular file with inode 2027339

Notes on Hard Links

Hard links can be deleted using the rm command. However, deleting a hard link does not delete the underlying data as long as other hard links are pointing to it.
The mv command can rename or move hard links. Since they point to the same inode, they can be relocated freely without affecting the data.
There is no risk of "breaking" a hard link when moving it. As long
as the inode remains accessible on the filesystem, the hard link
will continue to point to the same data.
You can NOT create a hard link to a directory.
You can NOT create a hard link to a file that is located on a
different filesystem.

Access the man page for more info.

man ln

This article is part of my book:

Howto build Rootspace locally with buildx and bake

Nedim Hadzimahmutovic — Sun, 26 Mar 2023 07:55:32 +0000

Lately, we have experimented with building Docker images for Rootspace with Docker buildx and bake since there is a great need to support multiple architectures.

It is a significant improvements to the Docker build process as you create a build file definition and just invoke the build process.

To start the project locally please follow the steps below.

Clone the project

git clone git@github.com:clearview/rootspace.git

Build the images locally

docker buildx bake local --load

Check if the images have been built

docker image ls | grep root

Copy the .env files

cp .env.example .env && cp api/.env.example api/.env && cp web/.env.example web/.env

Start the docker-compose local version

docker compose -f docker-compose.yml -f docker-compose-local.yml up --force-recreate

The project should be up.

Monit to Slack notifications with Ansible

Nedim Hadzimahmutovic — Thu, 27 Oct 2022 13:40:38 +0000

This post is a quick one where I share my Ansible playbook which installs Monit on the server, add space usage alerts with Slack notifications.

---
- hosts: all
  gather_facts: yes
  environment:
    PATH: /usr/local/rbenv/shims:{{ ansible_env.PATH }}
  roles:
  - role: zzet.rbenv
    tags: ['rbenv']
    rbenv_clean_up: false
    rbenv:
      env: system
      version: v1.2.0
      default_ruby: 3.0.4
      rubies:
        - version: 3.0.4
  - role: pgolm.monit
    tags: ['monit']
    vars:
      slack_webhook: "'https://hooks.slack.com/services/xxxx/xxxx/xxxx'"
      monit2slack_path: "/usr/local/rbenv/shims/monit2slack"
      monit_cycle: 120
      monit_webinterface_enabled: false
      monit_services:
      - name: disk_usage
        type: filesystem
        target: /
        rules:
          - 'if space usage > 90%
          then exec "{{monit2slack_path}} --webhook {{slack_webhook}} --status error"
          else if succeeded then exec "{{monit2slack_path}} --webhook {{slack_webhook}} --status ok"'
          - 'if inode usage > 90%
          then exec "{{monit2slack_path}} --webhook {{slack_webhook}} --status error"
          else if succeeded then exec "{{monit2slack_path}} --webhook {{slack_webhook}} --status ok"'
  tasks:
    - name: Update system gem
      command: gem update --system
      become: yes
      become_method: su
      become_user: root
      environment:
        PATH: "/usr/local/rbenv/bin:/usr/local/rbenv/shims:{{ ansible_env.PATH }}"

    - name: Install latest version of monit2slack
      gem:
        name: monit2slack
        state: latest
      environment:
        PATH: "/usr/local/rbenv/bin:/usr/local/rbenv/shims:{{ ansible_env.PATH }}"

    - name: Install monit2slack gem
      command: gem install monit2slack
      become: yes
      become_method: su
      become_user: root
      environment:
        PATH: "/usr/local/rbenv/bin:/usr/local/rbenv/shims:{{ ansible_env.PATH }}"

```

`

Get a Slack notification when your SSL certificate is about to expire

Nedim Hadzimahmutovic — Fri, 20 Sep 2019 18:08:14 +0000

I was tasked to finish a script to check the expiration of SSL certificates and post the notifications to our Slack channel. I wrote an Ansible playbook just to spice up everything. I had fun doing this so I will share the code hoping someone else might find it useful.

Configure the Ansible playbook

You must define slack_webhook and domains as both variables are required.

Optionally configurable variables

ssl_port - standard is 443,
ssl_expiry_days_check - the script starts warning if certificate is expiring in less than this period,
cron_period_check - when the cron job shuld be run.

Example ansible_ssl_check.yml playbook .

---
- hosts: server_name
  roles:
    - user_group_directories
    - rvm
    - whenever
  vars:
    slack_webhook: "https://hooks.slack.com/services/xxxxxxx/xxxxxxx/xxxxxxxx"
    domains:
      - github.com
      - gitlab.com

Testing

If you want to test things out, and get some false positives, then change following variables

ssl_expiry_days_check to something high like '300',
cron_period_check to 'hourly'.

Run the playbook

Add the server to Ansible inventory file and then run the command below.

ansible-playbook -i hosts playbok.yml
```

`

This command assumes the hosts inventory file is in the current directory.

### Slack notifications

Your notifications will look like this.

![Alt Text](https://thepracticaldev.s3.amazonaws.com/i/9iqwr9ylae8xj3fpybp5.png)

### Code repository

You can find the Gitub repo [here](https://github.com/neidiom/ansible_ssl_expiry_check).

DEV Community: Nedim Hadzimahmutovic

FREE EBOOK: Master Linux File Permissions 🐧

Master Special Permissions in Linux While Your Coffee Brews

The Sticky Bit

Identifying the Sticky Bit

Setting the Sticky Bit

Symbolic mode

Numeric Mode

SUID

Identifying SUID

Setting SUID

Symbolic Mode

Numeric Mode

SGID

Identifying SGID

Setting SGID

Symbolic Mode

Numeric Mode

Special Directories

Understanding Temporary Files

Securing Temporary Files

Identifying the Sticky bit on /tmp

Summary

Master Linux File Ownership While Your Coffee Brews

Identify File Ownership

The chown command

Change the Owner

Change the Owner Group

Master Linux File Permissions While Your Coffee Brews

The ls command

Hidden Files

Directory Permissions

The Read Permission

The Write Permission

The Execute Permission

File Permissions

The chmod command

Symbolic Mode

Numeric Mode

Basic Overview of Permissions

Detailed Overview of Permissions

Commonly Used Permissions

The stat command

Display Permissions in Octal Mode

Display Permissions in Human Readable Form

Master Linux File Types While Your Coffee Brews

Common File Types

Less Common File Types

Identify File Types

Identify Regular Files

Identify Directories

Identify Block Devices

Identify Character Devices

Identify Socket Devices

Links

Symbolic Links

Identify Symbolic Links

Creating Symbolic links

Notes

Hard Links

Creating Hard Links

Identify Hard Links

Notes on Hard Links

Howto build Rootspace locally with buildx and bake

Monit to Slack notifications with Ansible

Get a Slack notification when your SSL certificate is about to expire

Configure the Ansible playbook

Testing

Run the playbook

Identifying `SUID`

Setting `SUID`

Identifying `SGID`

Setting `SGID`

Identifying the Sticky bit on `/tmp`

The `chown` command

The `ls` command

The `chmod` command

The `stat` command