chguard

When sudo is required

• Save fails if root-owned files are present and you’re not root.
• Restore fails if the changes require elevated privileges.
• Preview / dry-run never require sudo.

Practical tip

# take snapshot as root when the tree includes root-owned files
sudo chguard --save /srv/app --name app-baseline

What’s stored

Snapshots are stored in a local SQLite database containing:

• relative path
• file type (file or directory)
• numeric uid / gid
• numeric mode

Usernames and permission strings are resolved only for display.

Restore scope control

Choose what kind of metadata to restore.

chguard --restore app-baseline              # owner + perms (default)
chguard --restore app-baseline --permissions
chguard --restore app-baseline --owner

Dry-run

chguard --restore app-baseline --dry-run