shell-base/modules/utility/security.lib

226 lines
5.4 KiB
Plaintext
Raw Permalink Normal View History

2021-02-11 18:32:57 -08:00
#!/bin/bash
################## BEGIN: MODULE security ###############
2021-02-11 18:32:57 -08:00
module_load confirm
module_load helpers
2023-02-07 11:21:38 -08:00
alias aud="acladduserdir"
2021-02-11 18:32:57 -08:00
#source ${BASH_SOURCE[0]}/confirm.sh
# Usage:
# adding: acladduserdir <user> <directory>
# deleting: acladduserdir -d <user> <directory>
# add -s flag to force run as sudo
# Note: script operates recursively on given directory!, use with caution
acladduserdir() {
module_load confirm
local uid
local usesudo
local del
local write
2021-02-11 18:32:57 -08:00
local spec
local dir
local opts
local optsd
2021-02-11 18:32:57 -08:00
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'wds' OPTION; do
2021-02-11 18:32:57 -08:00
# echo $OPTION $OPTARG
case "$OPTION" in
d)
del=true
;;
w)
write="w"
;;
2021-02-11 18:32:57 -08:00
s)
usesudo="sudo"
;;
*)
echo unknown option $OPTION
;;
esac
done
shift $((OPTIND - 1))
if [[ $del ]]; then
echo deleting an acl entries for $1
opts="-R -x"
optsd="-dR -x"
spec="u:$1"
else
opts="-R -m "
optsd="-dR -m"
spec="u:$1:r${write}X"
2021-02-11 18:32:57 -08:00
fi
[[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1
dir=$2
uid=$(id -u $1 2>/dev/null)
[[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2
[[ ! -d $2 ]] && echo no such directory $2 && return 3
if [[ ! -w $2 ]]; then
echo $2 not writable by current user $USER
if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then
echo user does not have sudo privilges, aborting
return 4
else
confirm "do you want to elevate to root and continue?" || return 5
usesudo="sudo"
fi
fi
echo these are the acl commands that you will run
echo '******************'
echo $usesudo setfacl $opts $spec $dir
echo $usesudo setfacl $optsd $spec $dir
echo '******************'
confirm Double Check. Do you want to continue? || return 6
$usesudo setfacl $opts $spec $dir
$usesudo setfacl $optsd $spec $dir
echo '*** new acl entries ***'
$usesudo getfacl -p --omit-header $2 | grep $1
}
# Usage:
# share_dir [ -o <owner> -g <group> ] <directory> <list of space delimited users names/uid>
# -o forces own for directory, default is $USER
# -g forces group name for directory, default is "users" and if not available then $USER
# use . for current directory
# Note: script operates recursively on given directory!, use with caution
share_dir() {
[[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4
local group
local owner=$USER
local opts=""
2021-02-11 18:32:57 -08:00
[[ $(getent group users) ]] && group=users || group=$USER
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'wsg:o:' OPTION; do
2021-02-11 18:32:57 -08:00
# echo $OPTION $OPTARG
case "$OPTION" in
o)
owner=$OPTARG
;;
g)
group=$OPTARG
;;
*)
# echo adding pass through option $OPTION
opts="${opts} -${OPTION}"
2021-02-11 18:32:57 -08:00
;;
esac
done
shift $((OPTIND - 1))
local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1)
if [[ ! -d $dir ]]; then
confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6
fi
shift
confirm share directory $dir with users: $@ ? confirm || return 6
for user in "$@"; do
echo adding acl user $user
acladduserdir -s $opts $user $dir
2021-02-11 18:32:57 -08:00
done
echo done adding acl users $@
echo these are the chown/chmod commands that you will run
echo '******************'
echo sudo chown -R $owner:$group $dir
echo sudo chmod -R u+rwX $dir
echo sudo chmod -R g+rwX $dir
echo sudo find $dir -type d -exec chmod g+s {} +
echo '******************'
confirm Double Check. Do you want to continue? || return 6
sudo chown -R $owner:$group $dir
sudo chmod -R u+rwX $dir
sudo find $dir -type d -exec chmod g+s {} +
echo all done!
ls -la $dir
getfacl -p $dir
}
chmodr () {
# Generic Script for recursively setting permissions for directories and files
# to defined or default permissions using chmod.
#
# Takes a path to recurse through and options for specifying directory and/or
# file permissions.
# Outputs a list of affected directories and files.
#
# If no options are specified, it recursively resets all directory and file
# permissions to the default for most OSs (dirs: 755, files: 644).
usage()
{
echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS"
echo "Arguments:"
echo "PATH: path to the root directory you wish to modify permissions for"
echo "Options:"
echo " -d DIRPERMS, directory permissions"
echo " -f FILEPERMS, file permissions"
return 1
}
# Check if user entered arguments
if [ $# -lt 1 ] ; then
usage
return 1
fi
# Get options
while getopts d:f: opt
do
case "$opt" in
d) DIRPERMS="$OPTARG";;
f) FILEPERMS="$OPTARG";;
\?) usage;;
esac
done
# Shift option index so that $1 now refers to the first argument
shift $(($OPTIND - 1))
# Default directory and file permissions, if not set on command line
if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then
DIRPERMS=755
FILEPERMS=644
fi
# Set the root path to be the argument entered by the user
ROOT=$1
# Check if the root path is a valid directory
if [ ! -d $ROOT ] ; then
echo "$ROOT does not exist or isn't a directory!" ; return 2
fi
# Recursively set directory/file permissions based on the permission variables
if [ -n "$DIRPERMS" ] ; then
find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS
fi
if [ -n "$FILEPERMS" ] ; then
find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS
fi
}
################## END: MODULE dirs ###############