shell-base/modules/acl.lib

150 lines
3.7 KiB
Bash
Executable File

#!/bin/bash
module_load confirm
module_load helpers
#source ${BASH_SOURCE[0]}/confirm.sh
# Usage:
# adding: acladduserdir <user> <directory>
# deleting: acladduserdir -d <user> <directory>
# add -s flag to force run as sudo
# Note: script operates recursively on given directory!, use with caution
acladduserdir() {
module_load confirm
local uid
local usesudo
local del
local write
local spec
local dir
local opts
local optsd
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'wds' OPTION; do
# echo $OPTION $OPTARG
case "$OPTION" in
d)
del=true
;;
w)
write="w"
;;
s)
usesudo="sudo"
;;
*)
echo unknown option $OPTION
;;
esac
done
shift $((OPTIND - 1))
if [[ $del ]]; then
echo deleting an acl entries for $1
opts="-R -x"
optsd="-dR -x"
spec="u:$1"
else
opts="-R -m "
optsd="-dR -m"
spec="u:$1:r${write}X"
fi
[[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1
dir=$2
uid=$(id -u $1 2>/dev/null)
[[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2
[[ ! -d $2 ]] && echo no such directory $2 && return 3
if [[ ! -w $2 ]]; then
echo $2 not writable by current user $USER
if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then
echo user does not have sudo privilges, aborting
return 4
else
confirm "do you want to elevate to root and continue?" || return 5
usesudo="sudo"
fi
fi
echo these are the acl commands that you will run
echo '******************'
echo $usesudo setfacl $opts $spec $dir
echo $usesudo setfacl $optsd $spec $dir
echo '******************'
confirm Double Check. Do you want to continue? || return 6
$usesudo setfacl $opts $spec $dir
$usesudo setfacl $optsd $spec $dir
echo '*** new acl entries ***'
$usesudo getfacl -p --omit-header $2 | grep $1
}
# Usage:
# share_dir [ -o <owner> -g <group> ] <directory> <list of space delimited users names/uid>
# -o forces own for directory, default is $USER
# -g forces group name for directory, default is "users" and if not available then $USER
# use . for current directory
# Note: script operates recursively on given directory!, use with caution
share_dir() {
[[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4
local group
local owner=$USER
local opts=""
[[ $(getent group users) ]] && group=users || group=$USER
declare OPTION
declare OPTARG
declare OPTIND
while getopts 'wsg:o:' OPTION; do
# echo $OPTION $OPTARG
case "$OPTION" in
o)
owner=$OPTARG
;;
g)
group=$OPTARG
;;
*)
# echo adding pass through option $OPTION
opts="${opts} -${OPTION}"
;;
esac
done
shift $((OPTIND - 1))
local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1)
if [[ ! -d $dir ]]; then
confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6
fi
shift
confirm share directory $dir with users: $@ ? confirm || return 6
for user in "$@"; do
echo adding acl user $user
acladduserdir -s $opts $user $dir
done
echo done adding acl users $@
echo these are the chown/chmod commands that you will run
echo '******************'
echo sudo chown -R $owner:$group $dir
echo sudo chmod -R u+rwX $dir
echo sudo chmod -R g+rwX $dir
echo sudo find $dir -type d -exec chmod g+s {} +
echo '******************'
confirm Double Check. Do you want to continue? || return 6
sudo chown -R $owner:$group $dir
sudo chmod -R u+rwX $dir
sudo find $dir -type d -exec chmod g+s {} +
echo all done!
ls -la $dir
getfacl -p $dir
}