added acl and dirs modules

master
Kebler Network System Administrator 2021-02-11 18:32:57 -08:00
parent a21b588d08
commit ca7d7a5a0d
2 changed files with 230 additions and 0 deletions

142
modules/acl.lib Normal file
View File

@ -0,0 +1,142 @@
#!/bin/bash
module_load confirm
module_load helpers
#source ${BASH_SOURCE[0]}/confirm.sh
# Usage:
# adding: acladduserdir <user> <directory>
# deleting: acladduserdir -d <user> <directory>
# add -s flag to force run as sudo
# Note: script operates recursively on given directory!, use with caution
acladduserdir() {
module_load confirm
local uid
local usesudo
local del
local spec
local dir
local cmd="-R -m "
local cmdd="-dR -m"
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'ds' OPTION; do
# echo $OPTION $OPTARG
case "$OPTION" in
d)
del=true
;;
s)
usesudo="sudo"
;;
*)
echo unknown option $OPTION
;;
esac
done
shift $((OPTIND - 1))
if [[ $del ]]; then
echo deleting an acl entries for $1
opts="-R -x"
optsd="-dR -x"
spec="u:$1"
else
opts="-R -m "
optsd="-dR -m"
spec="u:$1:rwX"
fi
[[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1
dir=$2
uid=$(id -u $1 2>/dev/null)
[[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2
[[ ! -d $2 ]] && echo no such directory $2 && return 3
if [[ ! -w $2 ]]; then
echo $2 not writable by current user $USER
if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then
echo user does not have sudo privilges, aborting
return 4
else
confirm "do you want to elevate to root and continue?" || return 5
usesudo="sudo"
fi
fi
echo these are the acl commands that you will run
echo '******************'
echo $usesudo setfacl $opts $spec $dir
echo $usesudo setfacl $optsd $spec $dir
echo '******************'
confirm Double Check. Do you want to continue? || return 6
$usesudo setfacl $opts $spec $dir
$usesudo setfacl $optsd $spec $dir
echo '*** new acl entries ***'
$usesudo getfacl -p --omit-header $2 | grep $1
}
# Usage:
# share_dir [ -o <owner> -g <group> ] <directory> <list of space delimited users names/uid>
# -o forces own for directory, default is $USER
# -g forces group name for directory, default is "users" and if not available then $USER
# use . for current directory
# Note: script operates recursively on given directory!, use with caution
share_dir() {
[[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4
local group
local owner=$USER
[[ $(getent group users) ]] && group=users || group=$USER
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'g:o:' OPTION; do
# echo $OPTION $OPTARG
case "$OPTION" in
o)
owner=$OPTARG
;;
g)
group=$OPTARG
;;
*)
echo unknown option $OPTION
;;
esac
done
shift $((OPTIND - 1))
local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1)
if [[ ! -d $dir ]]; then
confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6
fi
shift
confirm share directory $dir with users: $@ ? confirm || return 6
for user in "$@"; do
echo adding acl user $user
acladduserdir -s $user $dir
done
echo done adding acl users $@
echo these are the chown/chmod commands that you will run
echo '******************'
echo sudo chown -R $owner:$group $dir
echo sudo chmod -R u+rwX $dir
echo sudo chmod -R g+rwX $dir
echo sudo find $dir -type d -exec chmod g+s {} +
echo '******************'
confirm Double Check. Do you want to continue? || return 6
sudo chown -R $owner:$group $dir
sudo chmod -R u+rwX $dir
sudo find $dir -type d -exec chmod g+s {} +
echo all done!
ls -la $dir
getfacl -p $dir
}

88
modules/utility/dirs.sh Normal file
View File

@ -0,0 +1,88 @@
# find /path/to/base/dir -type d -exec chmod 755 {} +
# To recursively give files read privileges:
# find /path/to/base/dir -type f -exec chmod 644 {} +
# Or, if there are many objects to process:
# chmod 755 $(find /path/to/base/dir -type d)
# chmod 644 $(find /path/to/base/dir -type f)
# Or, to reduce chmod spawning:
# find /path/to/base/dir -type d -print0 | xargs -0 chmod 755
# find /path/to/base/dir -type f -print0 | xargs -0 chmod 644
# chmodr.sh
#
# author: Francis Byrne
# date: 2011/02/12
#
# Generic Script for recursively setting permissions for directories and files
# to defined or default permissions using chmod.
#
# Takes a path to recurse through and options for specifying directory and/or
# file permissions.
# Outputs a list of affected directories and files.
#
# If no options are specified, it recursively resets all directory and file
# permissions to the default for most OSs (dirs: 755, files: 644).
# Usage message
chmodr () {
usage()
{
echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS"
echo "Arguments:"
echo "PATH: path to the root directory you wish to modify permissions for"
echo "Options:"
echo " -d DIRPERMS, directory permissions"
echo " -f FILEPERMS, file permissions"
exit 1
}
# Check if user entered arguments
if [ $# -lt 1 ] ; then
usage
fi
# Get options
while getopts d:f: opt
do
case "$opt" in
d) DIRPERMS="$OPTARG";;
f) FILEPERMS="$OPTARG";;
\?) usage;;
esac
done
# Shift option index so that $1 now refers to the first argument
shift $(($OPTIND - 1))
# Default directory and file permissions, if not set on command line
if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then
DIRPERMS=755
FILEPERMS=644
fi
# Set the root path to be the argument entered by the user
ROOT=$1
# Check if the root path is a valid directory
if [ ! -d $ROOT ] ; then
echo "$ROOT does not exist or isn't a directory!" ; exit 1
fi
# Recursively set directory/file permissions based on the permission variables
if [ -n "$DIRPERMS" ] ; then
find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS
fi
if [ -n "$FILEPERMS" ] ; then
find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS
fi
}