shell-base/modules/utility/security.lib

#!/bin/bash
################## BEGIN: MODULE security ###############

module_load confirm
module_load helpers
#source ${BASH_SOURCE[0]}/confirm.sh

# Usage: 
#  adding: acladduserdir <user> <directory>
#  deleting: acladduserdir -d <user> <directory>
# add -s flag to force run as sudo
#  Note: script operates recursively on given directory!, use with caution

acladduserdir() {

  module_load confirm
  local uid
  local usesudo
  local del
  local write
  local spec
  local dir
  local opts
  local optsd
  
  declare OPTION
  declare OPTARG
  declare OPTIND

  while getopts 'wds' OPTION; do
    # echo $OPTION $OPTARG
    case "$OPTION" in
    d)
      del=true
      ;;
    w)
      write="w"
      ;;
    s)
      usesudo="sudo"
      ;;
    *)
      echo unknown option $OPTION
      ;;
    esac
  done

  shift $((OPTIND - 1))

  if [[ $del ]]; then
    echo deleting an acl entries for $1
    opts="-R  -x"
    optsd="-dR  -x"
    spec="u:$1"
  else
    opts="-R  -m "
    optsd="-dR  -m"
    spec="u:$1:r${write}X"
  fi
  [[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1
  dir=$2
  uid=$(id -u $1 2>/dev/null)
  [[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2
  [[ ! -d $2 ]] && echo no such directory $2 && return 3
  if [[ ! -w $2 ]]; then
    echo $2 not writable by current user $USER
    if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then
      echo user does not have sudo privilges, aborting
      return 4
    else
      confirm "do you want to elevate to root and continue?" || return 5
      usesudo="sudo"
    fi
  fi
  echo these are the acl commands that you will run
  echo '******************'
  echo $usesudo setfacl $opts $spec $dir
  echo $usesudo setfacl $optsd $spec $dir
  echo '******************'
  confirm Double Check. Do you want to continue? || return 6
  $usesudo setfacl $opts $spec $dir
  $usesudo setfacl $optsd $spec $dir
  echo '*** new acl entries ***'
  $usesudo getfacl -p --omit-header $2 | grep $1

}

# Usage: 
#  share_dir [ -o <owner> -g <group> ] <directory> <list of space delimited users names/uid>
# -o forces own for directory, default is $USER
# -g forces group name for directory, default is "users" and if not available then $USER
# use . for current directory
#  Note: script operates recursively on given directory!, use with caution

share_dir() {
  [[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4
  local group
  local owner=$USER
  local opts=""
  [[ $(getent group users) ]] && group=users || group=$USER

  declare OPTION
  declare OPTARG
  declare OPTIND


  while getopts 'wsg:o:' OPTION; do
    # echo $OPTION $OPTARG
    case "$OPTION" in
    o)
      owner=$OPTARG
      ;;
    g)
      group=$OPTARG
      ;;
    *)
      # echo adding pass through option $OPTION
      opts="${opts} -${OPTION}" 
      ;;
    esac
  done

  shift $((OPTIND - 1))
  
  local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1)
  if [[ ! -d $dir ]]; then
    confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6
  fi
  shift
  confirm share directory $dir with users: $@ ? confirm || return 6
  for user in "$@"; do
    echo adding acl user $user
    acladduserdir -s $opts $user $dir
  done
  echo done adding acl users $@
  echo these are the chown/chmod commands that you will run
  echo '******************'
  echo sudo chown -R $owner:$group $dir
  echo sudo chmod -R u+rwX $dir
  echo sudo chmod -R g+rwX $dir
  echo sudo find $dir -type d -exec chmod g+s {} +
  echo '******************'
  confirm Double Check. Do you want to continue? || return 6
  sudo chown -R $owner:$group $dir
  sudo chmod -R u+rwX $dir
  sudo find $dir -type d -exec chmod g+s {} +
  echo all done!
  ls -la $dir
  getfacl -p $dir

}




chmodr () {

# Generic Script for recursively setting permissions for directories and files
# to defined or default permissions using chmod.
#
# Takes a path to recurse through and options for specifying directory and/or 
# file permissions.
# Outputs a list of affected directories and files.
# 
# If no options are specified, it recursively resets all directory and file
# permissions to the default for most OSs (dirs: 755, files: 644).

usage()
{
  echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS"
  echo "Arguments:"
  echo "PATH: path to the root directory you wish to modify permissions for"
  echo "Options:"
  echo " -d DIRPERMS, directory permissions"
  echo " -f FILEPERMS, file permissions"
  return 1

}

# Check if user entered arguments
if [ $# -lt 1 ] ; then
 usage
 return 1
fi

# Get options
while getopts d:f: opt
do
  case "$opt" in
    d) DIRPERMS="$OPTARG";;
    f) FILEPERMS="$OPTARG";;
    \?) usage;;
  esac
done

# Shift option index so that $1 now refers to the first argument
shift $(($OPTIND - 1))

# Default directory and file permissions, if not set on command line
if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then
  DIRPERMS=755
  FILEPERMS=644
fi

# Set the root path to be the argument entered by the user
ROOT=$1

# Check if the root path is a valid directory
if [ ! -d $ROOT ] ; then
 echo "$ROOT does not exist or isn't a directory!" ; return 2
fi

# Recursively set directory/file permissions based on the permission variables
if [ -n "$DIRPERMS" ] ; then
  find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS
fi

if [ -n "$FILEPERMS" ] ; then
  find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS
fi

}

################## END: MODULE dirs ###############