3 # ----------------------------------------------------------------------
4 # AlternC - Web Hosting System
5 # Copyright (C) 2000-2012 by the AlternC Development Team.
7 # ----------------------------------------------------------------------
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License (GPL)
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # To read the license please visit http://www.gnu.org/copyleft/gpl.html
21 # ----------------------------------------------------------------------
22 # Purpose of file: Fix permission, ACL and ownership of AlternC's files
23 # ----------------------------------------------------------------------
25 red () { echo -e "\e[31m$@ \e[0m" ; }
27 [[ -n "$@" ]] && red "$@\n"
29 Four optionals argument to chose from
30 -l string : a specific login to fix
31 -u integer : a specific uid to fix
32 -f string : a specific file to fix according to a given uid
33 -d string : a specific subdirectory to fix according to a given uid
35 The u and l switch are used to fix a given user whole directory including his base directory ($ALTERNC_HTML/<letter>/<login>/
36 The f and d switch are used to fix a given file or directory under the user's base directory. They use the base directory to get the permissions they should use.
37 Be sure to have correct base directory permissions before attemplting to fix use those two switch
41 query="SELECT uid,login FROM membres ORDER BY login"
44 LOCK_FIXPERMS="/etc/alternc/disable_all_fixperms"
46 if [ -f "$LOCK_FIXPERMS" ] ; then
49 ------------------------------------
51 The fixperms script is disabled
52 To enable it, delete $LOCK_FIXPERMS
53 ------------------------------------
59 while getopts "hl:u:f:d:" optname
66 if [[ "$OPTARG" =~ ^[a-zA-Z0-9_]+$ ]] ; then
67 query="SELECT uid,login FROM membres WHERE login LIKE '$OPTARG' ORDER BY login"
69 usage "Bad login provided"
73 if [[ "$OPTARG" =~ ^[0-9]+$ ]] ; then
74 query="SELECT uid,login FROM membres WHERE uid LIKE '$OPTARG' ORDER BY login"
76 usage "Bad uid provided"
80 #Is this kinf of escaping enough ?
81 file=$(printf %q $OPTARG)
85 #Is this kinf of escaping enough ?
86 sub_dir=$(printf %q $OPTARG)
90 usage "Unknown option $OPTARG - stop processing"
93 usage "No argument value for option $OPTARG - stop processing"
97 usage "Unknown error while processing options"
103 PATH=/sbin:/bin:/usr/sbin:/usr/bin
106 CONFIG_FILE="/usr/lib/alternc/functions.sh"
107 if [ ! -r "$CONFIG_FILE" ]; then
108 echo "Can't access $CONFIG_FILE."
111 source "$CONFIG_FILE"
113 if [ `id -u` -ne 0 ]; then
114 echo "$0 must be launched as root"
120 read GID LOGIN || true
121 while [ "$LOGIN" ] ; do
122 if [ "$DEBUG" ]; then
123 echo "Setting rights and ownership for user $LOGIN having gid $GID"
125 REP="$(get_html_path_by_name "$LOGIN")"
127 # Clean the line, then add a ligne indicating current working directory
128 printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
129 printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"
131 # Set the file readable only for the AlternC User
133 chown -R $GID:$GID "$REP"
136 # # Delete existings ACL
137 # # Set the defaults acl on all the files
138 # setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$GID:rwx -m d:g:$GID:rwx -m d:o::--- -m d:mask:rwx\
139 # -Rm g:alterncpanel:rwx -m u:$GID:rwx -m g:$GID:rwx -m mask:rwx\
141 setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::---\
142 -m d:u:www-data:r-x -m u:www-data:r-x\
143 -m d:u:$GID:rwx -m d:g:$GID:rwx -m u:$GID:rwx -m g:$GID:rwx -m d:mask:rwx -m mask:rwx "$REP"
146 read GID LOGIN || true
152 if [ "$DEBUG" ]; then
153 echo "Setting rights with fixdir"
158 # We assume that the owner of the directory should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>)
159 REP_ID="$(get_uid_by_path "$REP")"
160 # Clean the line, then add a ligne indicating current working directory
161 printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
162 printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"
164 # Set the file readable only for the AlternC User
166 chown -R $REP_ID:$REP_ID "$REP"
168 # Delete existings ACL
169 # Set the defaults acl on all the files
170 # setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m d:o::--- -m d:mask:rwx\
171 # -Rm g:alterncpanel:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m mask:rwx\
173 setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::---\
174 -m d:u:www-data:r-x -m u:www-data:r-x\
175 -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m d:mask:rwx -m mask:rwx "$REP"
183 local REP=$(get_html_path_by_name $(get_name_by_uid $REP_ID))
185 if [ "$REP/tmp" == "/tmp" ] ; then
190 test -d "$REP/tmp" || ( mkdir "$REP/tmp" && setfacl -bkn -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::--- -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m d:mask:rwx -m mask:rwx "$REP" )
196 /usr/bin/setfacl -bk "$file"
197 # We assume that the owner of the file should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>)
198 REP_ID="$(get_uid_by_path "$file")"
199 chown $REP_ID:$REP_ID "$file"
201 /usr/bin/setfacl -m u:$REP_ID:rw- -m g:$REP_ID:rw- -m u:alterncpanel:rw- -m g:alterncpanel:rw- "$file"
202 echo file ownership and ACLs changed
206 echo -e "\n***** INTERRUPT *****"
207 echo "$0 was interrupted. Default is to return an error code."
208 echo "Do you want to *ignore* the error code (y/n)?"
209 echo "(default is n)"
223 #Start of the script actions
224 if [[ "$file" != "" ]]; then # if we are dealing with a file
225 if [ -e "$file" ]; then
228 echo "file not found"
230 elif [[ "$sub_dir" != "" ]]; then #if we are dealing with a directory
231 if [ -d "$sub_dir" ]; then
237 #we are fixing the whole html directory
238 #either for all user (default) or a specific one ( -u or -l switch )
239 mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "$query" |doone