#!/bin/bash ################## BEGIN: MODULE security ############### module_load confirm module_load helpers #source ${BASH_SOURCE[0]}/confirm.sh # Usage: # adding: acladduserdir # deleting: acladduserdir -d # add -s flag to force run as sudo # Note: script operates recursively on given directory!, use with caution acladduserdir() { module_load confirm local uid local usesudo local del local write local spec local dir local opts local optsd declare OPTION declare OPTARG declare OPTIND while getopts 'wds' OPTION; do # echo $OPTION $OPTARG case "$OPTION" in d) del=true ;; w) write="w" ;; s) usesudo="sudo" ;; *) echo unknown option $OPTION ;; esac done shift $((OPTIND - 1)) if [[ $del ]]; then echo deleting an acl entries for $1 opts="-R -x" optsd="-dR -x" spec="u:$1" else opts="-R -m " optsd="-dR -m" spec="u:$1:r${write}X" fi [[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1 dir=$2 uid=$(id -u $1 2>/dev/null) [[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2 [[ ! -d $2 ]] && echo no such directory $2 && return 3 if [[ ! -w $2 ]]; then echo $2 not writable by current user $USER if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then echo user does not have sudo privilges, aborting return 4 else confirm "do you want to elevate to root and continue?" || return 5 usesudo="sudo" fi fi echo these are the acl commands that you will run echo '******************' echo $usesudo setfacl $opts $spec $dir echo $usesudo setfacl $optsd $spec $dir echo '******************' confirm Double Check. Do you want to continue? || return 6 $usesudo setfacl $opts $spec $dir $usesudo setfacl $optsd $spec $dir echo '*** new acl entries ***' $usesudo getfacl -p --omit-header $2 | grep $1 } # Usage: # share_dir [ -o -g ] # -o forces own for directory, default is $USER # -g forces group name for directory, default is "users" and if not available then $USER # use . for current directory # Note: script operates recursively on given directory!, use with caution share_dir() { [[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4 local group local owner=$USER local opts="" [[ $(getent group users) ]] && group=users || group=$USER declare OPTION declare OPTARG declare OPTIND while getopts 'wsg:o:' OPTION; do # echo $OPTION $OPTARG case "$OPTION" in o) owner=$OPTARG ;; g) group=$OPTARG ;; *) # echo adding pass through option $OPTION opts="${opts} -${OPTION}" ;; esac done shift $((OPTIND - 1)) local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1) if [[ ! -d $dir ]]; then confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6 fi shift confirm share directory $dir with users: $@ ? confirm || return 6 for user in "$@"; do echo adding acl user $user acladduserdir -s $opts $user $dir done echo done adding acl users $@ echo these are the chown/chmod commands that you will run echo '******************' echo sudo chown -R $owner:$group $dir echo sudo chmod -R u+rwX $dir echo sudo chmod -R g+rwX $dir echo sudo find $dir -type d -exec chmod g+s {} + echo '******************' confirm Double Check. Do you want to continue? || return 6 sudo chown -R $owner:$group $dir sudo chmod -R u+rwX $dir sudo find $dir -type d -exec chmod g+s {} + echo all done! ls -la $dir getfacl -p $dir } chmodr () { # Generic Script for recursively setting permissions for directories and files # to defined or default permissions using chmod. # # Takes a path to recurse through and options for specifying directory and/or # file permissions. # Outputs a list of affected directories and files. # # If no options are specified, it recursively resets all directory and file # permissions to the default for most OSs (dirs: 755, files: 644). usage() { echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS" echo "Arguments:" echo "PATH: path to the root directory you wish to modify permissions for" echo "Options:" echo " -d DIRPERMS, directory permissions" echo " -f FILEPERMS, file permissions" return 1 } # Check if user entered arguments if [ $# -lt 1 ] ; then usage return 1 fi # Get options while getopts d:f: opt do case "$opt" in d) DIRPERMS="$OPTARG";; f) FILEPERMS="$OPTARG";; \?) usage;; esac done # Shift option index so that $1 now refers to the first argument shift $(($OPTIND - 1)) # Default directory and file permissions, if not set on command line if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then DIRPERMS=755 FILEPERMS=644 fi # Set the root path to be the argument entered by the user ROOT=$1 # Check if the root path is a valid directory if [ ! -d $ROOT ] ; then echo "$ROOT does not exist or isn't a directory!" ; return 2 fi # Recursively set directory/file permissions based on the permission variables if [ -n "$DIRPERMS" ] ; then find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS fi if [ -n "$FILEPERMS" ] ; then find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS fi } ################## END: MODULE dirs ###############