This can be done any time, but it's probably a best practice to create a backup on initial install and update occasionally afterwards.
This procedure uses utiltiies in the acl package, which should be installed by default.
To backup:
$ cd /
$ sudo getfacl -R . >/tmp/root-perms.txtTo restore:
$ cd /
$ sudo setfacl --restore=/tmp/root-perms.txtBecause this could ruin your day if not done carefully, it may be best to break up the process into chunks. For example, by backing up specific subdirectories separately:
$ cd /
$ sudo getfacl -R usr >/tmp/root/usr-perms.txtRecently I had mistakenly mucked up some permissions under /usr (by unarchivng a .tar.gz over it that contained mucked up permissions) on a server and desktop. I restored the default perms by backing up from two newly created virtual machines: one a server, the other a desktop.
Because the permissions set in any given release are not documented, I have decided not to make the resulting files available here, lest someone be misled by the eccentricies of a specific build -- and because those backups reflect my personalization of those builds during install (user accounts, etc).
Nice article on this process in Jack Wallen, How to Easily Back Up and Restore Linux File Permissions (2016). Accessed 11 May 2019.
NOTE Every Ubuntu Server and Desktop shares one glaring security flaw: user home directories (other than root) are permissioned with read and execute rights for "other". Before going any further (and from this point forward until Canonical fixes this), be sure to reset these permissions on all user home directories:
$ sudo chmod o-rx /home/*