Last active
April 20, 2024 13:31
-
-
Save Konfekt/c4b28cc924e10deb6e7e9aa701b1708a to your computer and use it in GitHub Desktop.
change permissions to be sane or safe inside a $dir by chmod-sane/safe $dir
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Change file permissions to be sane or safe inside a directory $dir by | |
| # chmod-sane/safe $dir | |
| # For example, ~/.gnupg better be safe whereas ~/.cache can be sane. | |
| # Set permissions in a specified directory to a | |
| # standard, reasonable setting where directories are executable and readable by | |
| # all users (755), and files are readable and writable by the owner, and readable | |
| # by others (644). Additionally, files with execute permissions set for any user | |
| # (u, g, or o) are adjusted to be executable by all (755). | |
| _chmod_sane() { | |
| DIR_PATH="${1:-.}" | |
| [ -d "$DIR_PATH" ] && [[ "$DIR_PATH" != */ ]] && DIR_PATH="$DIR_PATH/" | |
| find -L "$DIR_PATH" -type d -print0 -exec chmod -v 755 {} + | |
| find -L "$DIR_PATH" -type f -print0 -exec chmod -v 644 {} + | |
| # # -excutable checks current user's environment and effective permissions, | |
| # # potentially including ACLs (Access Control Lists), while | |
| # # -perm /u=x,g=x,o=x strictly checks the file's permission bits | |
| # # without considering who the user is or additional ACLs. | |
| # find -L "$DIR_PATH" -type f -executable -print0 -exec chmod -v 755 {} + | |
| # find -L "$DIR_PATH" -type f ! -executable -print0 -exec chmod -v 644 {} + | |
| find -L "$DIR_PATH" -type f -perm /u=x,g=x,o=x -exec chmod -v +111 {} + | |
| } | |
| # Set folders to be accessible only by the owner (700), and files are set to be | |
| # readable and writable only by the owner (600). | |
| # Executable files are also set to 700. | |
| _chmod_safe() { | |
| DIR_PATH="{$1:-.}" | |
| [ -d "$DIR_PATH" ] && [[ "$DIR_PATH" != */ ]] && DIR_PATH="$DIR_PATH/" | |
| find -L "$DIR_PATH" -type d -print0 -exec chmod -v 700 {} + | |
| # -excutable checks current user's environment and effective permissions, | |
| # potentially including ACLs (Access Control Lists), while | |
| # -perm /u=x,g=x,o=x strictly checks the file's permission bits | |
| # without considering who the user is or additional ACLs. | |
| find -L "$DIR_PATH" -type f -executable -print0 -exec chmod -v 700 {} + | |
| find -L "$DIR_PATH" -type f ! -executable -print0 -exec chmod -v 600 {} + | |
| # find -L "$DIR_PATH" -type f -perm /u=x -exec chmod -v +111 {} + | |
| } | |
| alias chmod-sane=_chmod_sane | |
| alias chmod-safe=_chmod_safe |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment