224 lines
5.4 KiB
Bash
224 lines
5.4 KiB
Bash
#!/bin/bash
|
|
################## BEGIN: MODULE security ###############
|
|
|
|
module_load confirm
|
|
module_load helpers
|
|
#source ${BASH_SOURCE[0]}/confirm.sh
|
|
|
|
# Usage:
|
|
# adding: acladduserdir <user> <directory>
|
|
# deleting: acladduserdir -d <user> <directory>
|
|
# add -s flag to force run as sudo
|
|
# Note: script operates recursively on given directory!, use with caution
|
|
|
|
acladduserdir() {
|
|
|
|
module_load confirm
|
|
local uid
|
|
local usesudo
|
|
local del
|
|
local write
|
|
local spec
|
|
local dir
|
|
local opts
|
|
local optsd
|
|
|
|
declare OPTION
|
|
declare OPTARG
|
|
declare OPTIND
|
|
|
|
while getopts 'wds' OPTION; do
|
|
# echo $OPTION $OPTARG
|
|
case "$OPTION" in
|
|
d)
|
|
del=true
|
|
;;
|
|
w)
|
|
write="w"
|
|
;;
|
|
s)
|
|
usesudo="sudo"
|
|
;;
|
|
*)
|
|
echo unknown option $OPTION
|
|
;;
|
|
esac
|
|
done
|
|
|
|
shift $((OPTIND - 1))
|
|
|
|
if [[ $del ]]; then
|
|
echo deleting an acl entries for $1
|
|
opts="-R -x"
|
|
optsd="-dR -x"
|
|
spec="u:$1"
|
|
else
|
|
opts="-R -m "
|
|
optsd="-dR -m"
|
|
spec="u:$1:r${write}X"
|
|
fi
|
|
[[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1
|
|
dir=$2
|
|
uid=$(id -u $1 2>/dev/null)
|
|
[[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2
|
|
[[ ! -d $2 ]] && echo no such directory $2 && return 3
|
|
if [[ ! -w $2 ]]; then
|
|
echo $2 not writable by current user $USER
|
|
if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then
|
|
echo user does not have sudo privilges, aborting
|
|
return 4
|
|
else
|
|
confirm "do you want to elevate to root and continue?" || return 5
|
|
usesudo="sudo"
|
|
fi
|
|
fi
|
|
echo these are the acl commands that you will run
|
|
echo '******************'
|
|
echo $usesudo setfacl $opts $spec $dir
|
|
echo $usesudo setfacl $optsd $spec $dir
|
|
echo '******************'
|
|
confirm Double Check. Do you want to continue? || return 6
|
|
$usesudo setfacl $opts $spec $dir
|
|
$usesudo setfacl $optsd $spec $dir
|
|
echo '*** new acl entries ***'
|
|
$usesudo getfacl -p --omit-header $2 | grep $1
|
|
|
|
}
|
|
|
|
# Usage:
|
|
# share_dir [ -o <owner> -g <group> ] <directory> <list of space delimited users names/uid>
|
|
# -o forces own for directory, default is $USER
|
|
# -g forces group name for directory, default is "users" and if not available then $USER
|
|
# use . for current directory
|
|
# Note: script operates recursively on given directory!, use with caution
|
|
|
|
share_dir() {
|
|
[[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4
|
|
local group
|
|
local owner=$USER
|
|
local opts=""
|
|
[[ $(getent group users) ]] && group=users || group=$USER
|
|
|
|
declare OPTION
|
|
declare OPTARG
|
|
declare OPTIND
|
|
|
|
|
|
while getopts 'wsg:o:' OPTION; do
|
|
# echo $OPTION $OPTARG
|
|
case "$OPTION" in
|
|
o)
|
|
owner=$OPTARG
|
|
;;
|
|
g)
|
|
group=$OPTARG
|
|
;;
|
|
*)
|
|
# echo adding pass through option $OPTION
|
|
opts="${opts} -${OPTION}"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
shift $((OPTIND - 1))
|
|
|
|
local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1)
|
|
if [[ ! -d $dir ]]; then
|
|
confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6
|
|
fi
|
|
shift
|
|
confirm share directory $dir with users: $@ ? confirm || return 6
|
|
for user in "$@"; do
|
|
echo adding acl user $user
|
|
acladduserdir -s $opts $user $dir
|
|
done
|
|
echo done adding acl users $@
|
|
echo these are the chown/chmod commands that you will run
|
|
echo '******************'
|
|
echo sudo chown -R $owner:$group $dir
|
|
echo sudo chmod -R u+rwX $dir
|
|
echo sudo chmod -R g+rwX $dir
|
|
echo sudo find $dir -type d -exec chmod g+s {} +
|
|
echo '******************'
|
|
confirm Double Check. Do you want to continue? || return 6
|
|
sudo chown -R $owner:$group $dir
|
|
sudo chmod -R u+rwX $dir
|
|
sudo find $dir -type d -exec chmod g+s {} +
|
|
echo all done!
|
|
ls -la $dir
|
|
getfacl -p $dir
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
chmodr () {
|
|
|
|
# Generic Script for recursively setting permissions for directories and files
|
|
# to defined or default permissions using chmod.
|
|
#
|
|
# Takes a path to recurse through and options for specifying directory and/or
|
|
# file permissions.
|
|
# Outputs a list of affected directories and files.
|
|
#
|
|
# If no options are specified, it recursively resets all directory and file
|
|
# permissions to the default for most OSs (dirs: 755, files: 644).
|
|
|
|
usage()
|
|
{
|
|
echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS"
|
|
echo "Arguments:"
|
|
echo "PATH: path to the root directory you wish to modify permissions for"
|
|
echo "Options:"
|
|
echo " -d DIRPERMS, directory permissions"
|
|
echo " -f FILEPERMS, file permissions"
|
|
return 1
|
|
|
|
}
|
|
|
|
# Check if user entered arguments
|
|
if [ $# -lt 1 ] ; then
|
|
usage
|
|
return 1
|
|
fi
|
|
|
|
# Get options
|
|
while getopts d:f: opt
|
|
do
|
|
case "$opt" in
|
|
d) DIRPERMS="$OPTARG";;
|
|
f) FILEPERMS="$OPTARG";;
|
|
\?) usage;;
|
|
esac
|
|
done
|
|
|
|
# Shift option index so that $1 now refers to the first argument
|
|
shift $(($OPTIND - 1))
|
|
|
|
# Default directory and file permissions, if not set on command line
|
|
if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then
|
|
DIRPERMS=755
|
|
FILEPERMS=644
|
|
fi
|
|
|
|
# Set the root path to be the argument entered by the user
|
|
ROOT=$1
|
|
|
|
# Check if the root path is a valid directory
|
|
if [ ! -d $ROOT ] ; then
|
|
echo "$ROOT does not exist or isn't a directory!" ; return 2
|
|
fi
|
|
|
|
# Recursively set directory/file permissions based on the permission variables
|
|
if [ -n "$DIRPERMS" ] ; then
|
|
find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS
|
|
fi
|
|
|
|
if [ -n "$FILEPERMS" ] ; then
|
|
find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS
|
|
fi
|
|
|
|
}
|
|
|
|
################## END: MODULE dirs ############### |