Version: 1.5.1

Unix Permission

Parse Security

Synopsis

Extracts and decodes Unix file permission information.

Schema

- unix_permission:
    field: <ident>
    target_field: <string>
    format: <string>
    add_security_notes: <boolean>
    add_commands: <boolean>
    expand_special: <boolean>
    description: <text>
    if: <script>
    ignore_failure: <boolean>
    ignore_missing: <boolean>
    on_failure: <processor[]>
    on_success: <processor[]>
    tag: <string>

Configuration

The following fields are used to define the processor:

Field	Required	Default	Description
`field`	Y	-	Source field containing Unix permission data (string, int, or array of strings)
`target_field`	N	`{field}_decoded`	Target field to store decoded permission information
`format`	N	`auto`	Input format: `auto`, `octal`, `symbolic`, `numeric`
`add_security_notes`	N	`false`	Add security risk warnings for dangerous permissions
`add_commands`	N	`false`	Add chmod command examples to output
`expand_special`	N	`false`	Add detailed descriptions for special permission bits
`description`	N	-	Explanatory note
`if`	N	-	Condition to run
`ignore_failure`	N	`false`	Continue processing if decoding fails
`ignore_missing`	N	`false`	Skip processing if referenced field doesn't exist
`on_failure`	N	-	See Handling Failures
`on_success`	N	-	See Handling Success
`tag`	N	-	Identifier

Details

Decodes Unix file permissions from various formats including octal notation (755), symbolic notation (rwxr-xr-x), and decimal values. The processor extracts owner, group, and other permissions along with special permission bits.

The processor supports automatic format detection through the format field set to auto, or explicit format specification using octal, symbolic, or numeric values. Auto-detection analyzes the input pattern to determine the appropriate format parser.

Unix permissions consist of three sets of three bits each: owner (user), group, and other. Each set contains read (r), write (w), and execute (x) permissions. Special bits include setuid, setgid, and sticky bit.

When add_security_notes is enabled, the processor analyzes permission combinations and adds security risk warnings to the output. Dangerous permission patterns like world-writable files (777) or setuid binaries with write permissions trigger security advisories.

When add_commands is enabled, the processor generates chmod command examples in the output, providing ready-to-use Unix commands for setting the decoded permissions.

When expand_special is enabled, the processor adds detailed descriptions for special permission bits (setuid, setgid, sticky bit), explaining how these bits affect file and directory behavior in Unix systems.

warning

If the input permission data is malformed or contains invalid permission values, the processor will fail unless ignore_failure is set to true.

Examples

Octal Permission Decoding

Decoding octal permission notation...

{
  "file_mode": "755"
}

- unix_permission:
    field: file_mode
    target_field: permissions

extracts detailed permission breakdown:

{
  "file_mode": "755",
  "permissions": {
    "octal": "755",
    "symbolic": "rwxr-xr-x",
    "owner": {
      "read": true,
      "write": true,
      "execute": true
    },
    "group": {
      "read": true,
      "write": false,
      "execute": true
    },
    "other": {
      "read": true,
      "write": false,
      "execute": true
    }
  }
}

Symbolic Permission Input

Processing symbolic permission notation...

{
  "file_perms": "rw-r--r--"
}

- unix_permission:
    field: file_perms
    format: symbolic
    target_field: perm_info

converts to detailed format:

{
  "file_perms": "rw-r--r--",
  "perm_info": {
    "octal": "644",
    "symbolic": "rw-r--r--",
    "owner": {
      "read": true,
      "write": true,
      "execute": false
    },
    "group": {
      "read": true,
      "write": false,
      "execute": false
    },
    "other": {
      "read": true,
      "write": false,
      "execute": false
    }
  }
}

Special Permissions

Expanding special permission bits...

{
  "exec_mode": "4755"
}

- unix_permission:
    field: exec_mode
    expand_special: true
    target_field: exec_perms

decodes setuid bit with descriptions:

{
  "exec_mode": "4755",
  "exec_perms": {
    "octal": "4755",
    "symbolic": "rwsr-xr-x",
    "special_bits": {
      "setuid": true,
      "setuid_description": "Executes with owner privileges",
      "setgid": false,
      "sticky": false
    },
    "owner": {
      "read": true,
      "write": true,
      "execute": true
    }
  }
}

Security Risk Analysis

Adding security warnings for dangerous permissions...

{
  "file_mode": "777"
}

- unix_permission:
    field: file_mode
    add_security_notes: true
    target_field: perms

includes security risk warnings:

{
  "file_mode": "777",
  "perms": {
    "octal": "777",
    "symbolic": "rwxrwxrwx",
    "security_warnings": [
      "World-writable: any user can modify file",
      "World-executable: security risk for binaries"
    ],
    "owner": {
      "read": true,
      "write": true,
      "execute": true
    }
  }
}

Command Generation

Generating chmod commands...

{
  "dir_mode": "2775"
}

- unix_permission:
    field: dir_mode
    add_commands: true
    target_field: dir_perms

includes ready-to-use chmod commands:

{
  "dir_mode": "2775",
  "dir_perms": {
    "octal": "2775",
    "symbolic": "rwxrwsr-x",
    "commands": {
      "octal": "chmod 2775 filename",
      "symbolic": "chmod u=rwx,g=rws,o=rx filename"
    }
  }
}

Synopsis​

Schema​

Configuration​

Details​

Examples​

Octal Permission Decoding​

Symbolic Permission Input​

Special Permissions​

Security Risk Analysis​

Command Generation​