AlternC/src/fixperms.sh

#!/bin/bash -e
set -x
#
# ----------------------------------------------------------------------
# AlternC - Web Hosting System
# Copyright (C) 2000-2012 by the AlternC Development Team.
# https://alternc.org/
# ----------------------------------------------------------------------
# LICENSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License (GPL)
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# To read the license please visit http://www.gnu.org/copyleft/gpl.html
# ----------------------------------------------------------------------
# Purpose of file: Fix permission, ACL and ownership of AlternC's files
# ----------------------------------------------------------------------
#

# four optionals argument to chose from
# -l string : a specific login to fix
# -u integer : a specific uid to fix
# -f string : a specific file to fix according to a given uid 
# -d string : a specific subdirectory to fix according to a given uid 

# The u and l switch are used to fix a given user whole directory including his base directory ($ALTERNC_HTML/<letter>/<login>/
# The f and d switch are used to fix a given file or directory under the user's base directory. They use the base directory to get the permissions they should use.
# Be sure to have correct base directory permissions before attemplting to fix use those two switch 

query="SELECT uid,login FROM membres"
sub_dir=""
file=""

while getopts "l:u:f:d:" optname
do
  case "$optname" in
  "l")
    if [[ "$OPTARG" =~ ^[a-zA-Z0-9_]+$ ]] ; then
      query="SELECT uid,login FROM membres WHERE login LIKE '$OPTARG'"
    else	
      echo "Bad login provided"
      exit
    fi
  ;;
  "u")
    if [[ "$OPTARG" =~ ^[0-9]+$ ]] ; then
      query="SELECT uid,login FROM membres WHERE uid LIKE '$OPTARG'"
    else
      echo "Bad uid provided"
      exit
    fi
  ;;
  "f")
    #Is this kinf of escaping enough ?
    file=$(printf %q $OPTARG)
    echo $file
  ;;
  "d")
    #Is this kinf of escaping enough ?
    sub_dir=$(printf %q $OPTARG)
    echo $sub_dir
  ;;
  "?")
    echo "Unknown option $OPTARG - stop processing"
    exit
  ;;
  ":")
    echo "No argument value for option $OPTARG - stop processing"
    exit
  ;;
  *)
    # Should not occur
    echo "Unknown error while processing options"
    exit
  ;;
  esac
done


PATH=/sbin:/bin:/usr/sbin:/usr/bin
umask 022

CONFIG_FILE="/usr/lib/alternc/functions.sh"
if [ ! -r "$CONFIG_FILE" ]; then
    echo "Can't access $CONFIG_FILE."
    exit 1
fi
source "$CONFIG_FILE"

if [ `id -u` -ne 0 ]; then
    echo "$0 must be launched as root"
    exit 1
fi


doone() {
    read GID LOGIN || true
    while [ "$LOGIN" ] ; do
      if [ "$DEBUG" ]; then
        echo "Setting rights and ownership for user $LOGIN having gid $GID"
      fi
      REP="$(get_html_path_by_name "$LOGIN")"
  
      # Clean the line, then add a ligne indicating current working directory
      printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
      printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"

      # Set the file readable only for the AlternC User
      mkdir -p "$REP"
      chown -R $GID:$GID "$REP"
      chmod 2770 -R "$REP"

      # Delete existings ACL
      # Set the defaults acl on all the files
      setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$GID:rwx -m d:g:$GID:rwx -m d:o::--- -m d:mask:rwx\
                    -Rm   g:alterncpanel:rwx -m u:$GID:rwx -m g:$GID:rwx -m mask:rwx\
               "$REP"

      read GID LOGIN || true
    done
    echo -e "\nDone" 
}

fixdir() {
      if [ "$DEBUG" ]; then
        echo "Setting rights and ownership for user $LOGIN having gid $GID"
      fi
      REP="$sub_dir"
      # We assume that the owner of the directory should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>) 
      REP_ID="$(get_uid_by_path "$REP")"
      # Clean the line, then add a ligne indicating current working directory
      printf '\r%*s' "${COLUMNS:-$(tput cols)}" ''
      printf "\r%${COLUMNS}s" "AlternC fixperms.sh -> working on $REP"

      # Set the file readable only for the AlternC User
      mkdir -p "$REP"
      chown -R $REP_ID:$REP_ID "$REP"
      chmod 2770 -R "$REP"

      # Delete existings ACL
      # Set the defaults acl on all the files
      setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$REP_ID:rwx -m d:g:$REP_ID:rwx -m d:o::--- -m d:mask:rwx\
                    -Rm   g:alterncpanel:rwx -m u:$REP_ID:rwx -m g:$REP_ID:rwx -m mask:rwx\
               "$REP"
      echo -e "\nDone" 
}

fixfile() {
      /usr/bin/setfacl -bk "$file"
      # We assume that the owner of the file should be the one from the html user base directory ( $ALTERNC_HTML/<letter>/<login>) 
      REP_ID="$(get_uid_by_path "$file")"
      chown $REP_ID:$REP_ID "$file"
      chmod 0770 "$file"
      /usr/bin/setfacl  -m u:$REP_ID:rw- -m g:$REP_ID:rw- -m g:alterncpanel:rw- -m u:$REP_ID:rw- -m g:$REP_ID:rw- "$file"
      echo file ownership and ACLs changed
}

#Start of the script actions
if [[ "$file" != "" ]]; then # if we are dealing with a file
	if [ -e "$file" ]; then
	  fixfile
	else
		echo "file not found"
	fi
elif [[ "$sub_dir" != "" ]]; then #if we are dealing with a directory
	if [ -d "$sub_dir" ]; then
	  fixdir
	else
		echo "dir not found"
	fi
else
  #we are fixing the whole html directory
  #either for all user (default) or a specific one ( -u or -l switch )
	mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "$query" |doone
fi