From ca7d7a5a0d7252ca4219f825ae37a9b6612336dd Mon Sep 17 00:00:00 2001 From: "kebler.net" Date: Thu, 11 Feb 2021 18:32:57 -0800 Subject: [PATCH] added acl and dirs modules --- modules/acl.lib | 142 ++++++++++++++++++++++++++++++++++++++++ modules/utility/dirs.sh | 88 +++++++++++++++++++++++++ 2 files changed, 230 insertions(+) create mode 100644 modules/acl.lib create mode 100644 modules/utility/dirs.sh diff --git a/modules/acl.lib b/modules/acl.lib new file mode 100644 index 0000000..5c94a3b --- /dev/null +++ b/modules/acl.lib @@ -0,0 +1,142 @@ +#!/bin/bash +module_load confirm +module_load helpers +#source ${BASH_SOURCE[0]}/confirm.sh + +# Usage: +# adding: acladduserdir +# deleting: acladduserdir -d +# add -s flag to force run as sudo +# Note: script operates recursively on given directory!, use with caution + +acladduserdir() { + + module_load confirm + local uid + local usesudo + local del + local spec + local dir + local cmd="-R -m " + local cmdd="-dR -m" + + declare OPTION + declare OPTARG + declare OPTIND + + while getopts 'ds' OPTION; do + # echo $OPTION $OPTARG + case "$OPTION" in + d) + del=true + ;; + s) + usesudo="sudo" + ;; + *) + echo unknown option $OPTION + ;; + esac + done + + shift $((OPTIND - 1)) + + if [[ $del ]]; then + echo deleting an acl entries for $1 + opts="-R -x" + optsd="-dR -x" + spec="u:$1" + else + opts="-R -m " + optsd="-dR -m" + spec="u:$1:rwX" + fi + [[ ! $2 ]] && echo acluserdir: both user and direcotory must be passed && return 1 + dir=$2 + uid=$(id -u $1 2>/dev/null) + [[ $uid -lt 1000 ]] && echo no such regular user $1 && return 2 + [[ ! -d $2 ]] && echo no such directory $2 && return 3 + if [[ ! -w $2 ]]; then + echo $2 not writable by current user $USER + if [[ ! $(sudo -l -U $USER 2>/dev/null) ]]; then + echo user does not have sudo privilges, aborting + return 4 + else + confirm "do you want to elevate to root and continue?" || return 5 + usesudo="sudo" + fi + fi + echo these are the acl commands that you will run + echo '******************' + echo $usesudo setfacl $opts $spec $dir + echo $usesudo setfacl $optsd $spec $dir + echo '******************' + confirm Double Check. Do you want to continue? || return 6 + $usesudo setfacl $opts $spec $dir + $usesudo setfacl $optsd $spec $dir + echo '*** new acl entries ***' + $usesudo getfacl -p --omit-header $2 | grep $1 + +} + +# Usage: +# share_dir [ -o -g ] +# -o forces own for directory, default is $USER +# -g forces group name for directory, default is "users" and if not available then $USER +# use . for current directory +# Note: script operates recursively on given directory!, use with caution + +share_dir() { + [[ ! $(sudo -l -U $USER 2>/dev/null) ]] && echo current user does not have sudo privilges, aborting && return 4 + local group + local owner=$USER + [[ $(getent group users) ]] && group=users || group=$USER + + declare OPTION + declare OPTARG + declare OPTIND + + while getopts 'g:o:' OPTION; do + # echo $OPTION $OPTARG + case "$OPTION" in + o) + owner=$OPTARG + ;; + g) + group=$OPTARG + ;; + *) + echo unknown option $OPTION + ;; + esac + done + + shift $((OPTIND - 1)) + + local dir=$([[ ! $1 == /* ]] && echo $(adirname $1)/)$([[ $1 == . ]] && echo "" || echo $1) + if [[ ! -d $dir ]]; then + confirm no such directory $dir, create it? && sudo mkdir -p $dir || return 6 + fi + shift + confirm share directory $dir with users: $@ ? confirm || return 6 + for user in "$@"; do + echo adding acl user $user + acladduserdir -s $user $dir + done + echo done adding acl users $@ + echo these are the chown/chmod commands that you will run + echo '******************' + echo sudo chown -R $owner:$group $dir + echo sudo chmod -R u+rwX $dir + echo sudo chmod -R g+rwX $dir + echo sudo find $dir -type d -exec chmod g+s {} + + echo '******************' + confirm Double Check. Do you want to continue? || return 6 + sudo chown -R $owner:$group $dir + sudo chmod -R u+rwX $dir + sudo find $dir -type d -exec chmod g+s {} + + echo all done! + ls -la $dir + getfacl -p $dir + +} diff --git a/modules/utility/dirs.sh b/modules/utility/dirs.sh new file mode 100644 index 0000000..1ffe580 --- /dev/null +++ b/modules/utility/dirs.sh @@ -0,0 +1,88 @@ + +# find /path/to/base/dir -type d -exec chmod 755 {} + +# To recursively give files read privileges: + +# find /path/to/base/dir -type f -exec chmod 644 {} + +# Or, if there are many objects to process: + +# chmod 755 $(find /path/to/base/dir -type d) +# chmod 644 $(find /path/to/base/dir -type f) +# Or, to reduce chmod spawning: + +# find /path/to/base/dir -type d -print0 | xargs -0 chmod 755 +# find /path/to/base/dir -type f -print0 | xargs -0 chmod 644 + + + +# chmodr.sh +# +# author: Francis Byrne +# date: 2011/02/12 +# +# Generic Script for recursively setting permissions for directories and files +# to defined or default permissions using chmod. +# +# Takes a path to recurse through and options for specifying directory and/or +# file permissions. +# Outputs a list of affected directories and files. +# +# If no options are specified, it recursively resets all directory and file +# permissions to the default for most OSs (dirs: 755, files: 644). + +# Usage message + +chmodr () { + +usage() +{ + echo "Usage: $0 PATH -d DIRPERMS -f FILEPERMS" + echo "Arguments:" + echo "PATH: path to the root directory you wish to modify permissions for" + echo "Options:" + echo " -d DIRPERMS, directory permissions" + echo " -f FILEPERMS, file permissions" + exit 1 +} + +# Check if user entered arguments +if [ $# -lt 1 ] ; then + usage +fi + +# Get options +while getopts d:f: opt +do + case "$opt" in + d) DIRPERMS="$OPTARG";; + f) FILEPERMS="$OPTARG";; + \?) usage;; + esac +done + +# Shift option index so that $1 now refers to the first argument +shift $(($OPTIND - 1)) + +# Default directory and file permissions, if not set on command line +if [ -z "$DIRPERMS" ] && [ -z "$FILEPERMS" ] ; then + DIRPERMS=755 + FILEPERMS=644 +fi + +# Set the root path to be the argument entered by the user +ROOT=$1 + +# Check if the root path is a valid directory +if [ ! -d $ROOT ] ; then + echo "$ROOT does not exist or isn't a directory!" ; exit 1 +fi + +# Recursively set directory/file permissions based on the permission variables +if [ -n "$DIRPERMS" ] ; then + find $ROOT -type d -print0 | xargs -0 chmod -v $DIRPERMS +fi + +if [ -n "$FILEPERMS" ] ; then + find $ROOT -type f -print0 | xargs -0 chmod -v $FILEPERMS +fi + +} \ No newline at end of file