Alternc  latest
Alternc logiel libre pour l'hébergement
fixperms.sh
Go to the documentation of this file.
1 #!/bin/bash -e
2 #
3 # ----------------------------------------------------------------------
4 # AlternC - Web Hosting System
5 # Copyright (C) 2000-2012 by the AlternC Development Team.
6 # https://alternc.org/
7 # ----------------------------------------------------------------------
8 # LICENSE
9 #
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License (GPL)
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or (at your option) any later version.
14 #
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
19 #
20 # To read the license please visit http://www.gnu.org/copyleft/gpl.html
21 # ----------------------------------------------------------------------
22 # Purpose of file: Fix permission, ACL and ownership of AlternC's files
23 # ----------------------------------------------------------------------
24 #
25 red () { echo -e "\e[31m$@ \e[0m" ; }
26 usage () {
27  [[ -n "$@" ]] && red "$@\n"
28  cat<<End-of-message
29 Four optionals argument to chose from
30  -l string : a specific login to fix
31  -u integer : a specific uid to fix
32  -f string : a specific file to fix according to a given uid
33  -d string : a specific subdirectory to fix according to a given uid
34 
35  The u and l switch are used to fix a given user whole directory including his base directory ($ALTERNC_HTML/<letter>/<login>/
36  The f and d switch are used to fix a given file or directory under the user's base directory. They use the base directory to get the permissions they should use.
37  Be sure to have correct base directory permissions before attemplting to fix use those two switch
38 End-of-message
39  exit 1
40 }
41 query="SELECT uid,login FROM membres ORDER BY login"
42 sub_dir=""
43 file=""
44 LOCK_FIXPERMS="/etc/alternc/disable_all_fixperms"
45 
46 if [ -f "$LOCK_FIXPERMS" ] ; then
47 
48  usage "
49 ------------------------------------
50 /!\ WARNING /!\
51 The fixperms script is disabled
52 To enable it, delete $LOCK_FIXPERMS
53 ------------------------------------
54 "
55 
56 fi
57 
58 
59 while getopts "hl:u:f:d:" optname
60 do
61  case "$optname" in
62  "h") usage
63  ;;
64 
65  "l")
66  if [[ "$OPTARG" =~ ^[a-zA-Z0-9_]+$ ]] ; then
67  query="SELECT uid,login FROM membres WHERE login LIKE '$OPTARG' ORDER BY login"
68  else
69  usage "Bad login provided"
70  fi
71  ;;
72  "u")
73  if [[ "$OPTARG" =~ ^[0-9]+$ ]] ; then
74  query="SELECT uid,login FROM membres WHERE uid LIKE '$OPTARG' ORDER BY login"
75  else
76  usage "Bad uid provided"
77  fi
78  ;;
79  "f")
80  #Is this kinf of escaping enough ?
81  file=$(printf %q $OPTARG)
82  echo $file
83  ;;
84  "d")
85  #Is this kinf of escaping enough ?
86  sub_dir=$(printf %q $OPTARG)
87  echo $sub_dir
88  ;;
89  "?")
90  usage "Unknown option $OPTARG - stop processing"
91  ;;
92  ":")
93  usage "No argument value for option $OPTARG - stop processing"
94  ;;
95  *)
96  # Should not occur
97  usage "Unknown error while processing options"
98  ;;
99  esac
100 done
101 
102 
103 PATH=/sbin:/bin:/usr/sbin:/usr/bin
104 umask 022
105 
106 CONFIG_FILE="/usr/lib/alternc/functions.sh"
107 if [ ! -r "$CONFIG_FILE" ]; then
108  echo "Can't access $CONFIG_FILE."
109  exit 1
110 fi
111 source "$CONFIG_FILE"
112 
113 if [ `id -u` -ne 0 ]; then
114  echo "$0 must be launched as root"
115  exit 1
116 fi
117 
118 
119 doone() {
120  read GID LOGIN || true
121  while [ "$LOGIN" ] ; do
122  if [ "$DEBUG" ]; then
123  echo "Setting rights and ownership for user $LOGIN having gid $GID"
124  fi
125  REP="$(get_html_path_by_name "$LOGIN")"
126 
127  # Clean the line, then add a ligne indicating current working directory
128  printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
129  printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"
130 
131  # Set the file readable only for the AlternC User
132  mkdir -p "$REP"
133  chown -R $GID:$GID "$REP"
134  chmod 2770 -R "$REP"
135 
136 # # Delete existings ACL
137 # # Set the defaults acl on all the files
138 # setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$GID:rwx -m d:g:$GID:rwx -m d:o::--- -m d:mask:rwx\
139 # -Rm g:alterncpanel:rwx -m u:$GID:rwx -m g:$GID:rwx -m mask:rwx\
140 # "$REP"
141  setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::---\
142  -m d:u:www-data:r-x -m u:www-data:r-x\
143  -m d:u:$GID:rwx -m d:g:$GID:rwx -m u:$GID:rwx -m g:$GID:rwx -m d:mask:rwx -m mask:rwx "$REP"
144 
145  fixtmp $GID
146  read GID LOGIN || true
147  done
148  echo -e "\nDone"
149 }
150 
151 fixdir() {
152  if [ "$DEBUG" ]; then
153  echo "Setting rights with fixdir"
154  fi
155 
156  # sub_dir is global
157  REP="$sub_dir"
158  # We assume that the owner of the directory should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>)
159  REP_ID="$(get_uid_by_path "$REP")"
160  # Clean the line, then add a ligne indicating current working directory
161  printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
162  printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"
163 
164  # Set the file readable only for the AlternC User
165  mkdir -p "$REP"
166  chown -R $REP_ID:$REP_ID "$REP"
167 
168  # Delete existings ACL
169  # Set the defaults acl on all the files
170 # setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m d:o::--- -m d:mask:rwx\
171 # -Rm g:alterncpanel:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m mask:rwx\
172 # "$REP"
173  setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::---\
174  -m d:u:www-data:r-x -m u:www-data:r-x\
175  -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m d:mask:rwx -m mask:rwx "$REP"
176 
177  fixtmp $REP_ID
178  echo -e "\nDone"
179 }
180 
181 fixtmp() {
182  REP_ID=$1
183  local REP=$(get_html_path_by_name $(get_name_by_uid $REP_ID))
184 
185  if [ "$REP/tmp" == "/tmp" ] ; then
186  echo ERROR
187  exit 0
188  fi
189 
190  test -d "$REP/tmp" || ( mkdir "$REP/tmp" && setfacl -bkn -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::--- -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m d:mask:rwx -m mask:rwx "$REP" )
191 
192  chmod 777 "$REP/tmp"
193 }
194 
195 fixfile() {
196  /usr/bin/setfacl -bk "$file"
197  # We assume that the owner of the file should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>)
198  REP_ID="$(get_uid_by_path "$file")"
199  chown $REP_ID:$REP_ID "$file"
200  chmod 0770 "$file"
201  /usr/bin/setfacl -m u:$REP_ID:rw- -m g:$REP_ID:rw- -m u:alterncpanel:rw- -m g:alterncpanel:rw- "$file"
202  echo file ownership and ACLs changed
203 }
204 
205 ctrl_c() {
206  echo -e "\n***** INTERRUPT *****"
207  echo "$0 was interrupted. Default is to return an error code."
208  echo "Do you want to *ignore* the error code (y/n)?"
209  echo "(default is n)"
210  read -N 1 ans
211  case "$ans" in
212  y|Y )
213  exit 0
214  ;;
215  * )
216  exit -5
217  ;;
218  esac
219 }
220 
221 trap ctrl_c SIGINT
222 
223 #Start of the script actions
224 if [[ "$file" != "" ]]; then # if we are dealing with a file
225  if [ -e "$file" ]; then
226  fixfile
227  else
228  echo "file not found"
229  fi
230 elif [[ "$sub_dir" != "" ]]; then #if we are dealing with a directory
231  if [ -d "$sub_dir" ]; then
232  fixdir
233  else
234 echo "dir not found"
235  fi
236 else
237  #we are fixing the whole html directory
238  #either for all user (default) or a specific one ( -u or -l switch )
239  mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "$query" |doone
240 fi