Last active
March 16, 2019 13:31
-
-
Save epcim/9f356ece726b5709c908b842f3004090 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $# -lt 2 -o $# -gt 3 ]; then | |
echo | |
echo 'Please provide 2 or 3 arguments.' | |
echo | |
echo 'USAGE: permissions.sh action username directory' | |
echo 'actions: grant, revoke-app, revoke-all' | |
echo 'eg: permissions.sh grant joe $HOME/webapps/django' | |
echo | |
echo 'Currently only works for directories in /home/username/webapps.' | |
echo | |
exit | |
fi | |
PRIMARY_USER=`whoami` | |
ACTION=$1 | |
SECONDARY_USER=$2 | |
APP_DIR=$3 | |
DIR_ARRAY=$3 | |
# Parse the supplied directory path | |
i=0 | |
while [ "$DIR_ARRAY" != "/" ];do | |
i=$(($i+1)) | |
parse[$i]="$(basename "$DIR_ARRAY")" | |
DIR_ARRAY="$(dirname "$DIR_ARRAY")" | |
if [ "$DIR_ARRAY" != "/home" -a "$DIR_ARRAY" != "/" ]; then | |
[ "$DIR_ARRAY" = "." ] && DIR_ARRAY="$(pwd -P)" | |
fi | |
done | |
if [ $ACTION == "grant" -a $# == 3 ]; then | |
if [[ $APP_DIR != $HOME/webapps/* ]]; then | |
echo | |
echo "This script currently only works with $HOME/webapps" | |
echo | |
exit | |
fi | |
echo 'Granting permissions to' $APP_DIR 'for user' $SECONDARY_USER'.' | |
if [ ! `getfacl -p $HOME | grep user:$SECONDARY_USER:--x` ]; then | |
# Grant secondary user access to the primary account's home directory | |
# for navigational purposes only. | |
setfacl -m u:$SECONDARY_USER:--x $HOME | |
# Disallow ALL access to all direcories for secondary user. | |
setfacl -R -m u:$SECONDARY_USER:--- $HOME/webapps/* | |
fi | |
DIR_PATH="" | |
while [ $i -gt 0 ]; do | |
DIR_PATH=$DIR_PATH/"${parse[$i]}" | |
if [ "$DIR_PATH" != "/home" -a "$DIR_PATH" != "/" ]; then | |
if [ "$DIR_PATH" != "$HOME" -a "$DIR_PATH" != "$HOME/webapps" ]; then | |
if [ $i == 1 ]; then | |
# Grant secondary user permissions to specified directory. | |
setfacl -R -m u:$SECONDARY_USER:rwx $DIR_PATH | |
# Grant secondary user permissions to new directories created | |
# in specified directory. | |
setfacl -R -m d:u:$SECONDARY_USER:rwx $DIR_PATH | |
# Ensure all new directories and files are owned by the primary | |
# account's group. | |
chmod g+s $DIR_PATH | |
# Make sure the primary account user continues to have full access | |
# to all files and directories. | |
setfacl -R -m d:u:$PRIMARY_USER:rwx $DIR_PATH | |
else | |
# Grant secondary user permissions to navigate to specified directory. | |
setfacl -R -m u:$SECONDARY_USER:--x $DIR_PATH | |
fi | |
fi | |
fi | |
i=$(($i-1)) | |
done | |
elif [ $ACTION == "revoke-app" ]; then | |
echo 'Revoking permissions for user' $SECONDARY_USER 'to' $APP_DIR | |
setfacl -R -x u:$SECONDARY_USER $APP_DIR | |
setfacl -R -x d:u:$SECONDARY_USER $APP_DIR | |
elif [ $ACTION == "revoke-all" ]; then | |
echo 'Revoking ALL permissions for' $SECONDARY_USER'.' | |
setfacl -x u:$SECONDARY_USER $HOME | |
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/* | |
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/* | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
extra_user=$1 | |
extra_user_apps="$2 $3 $4 $5 $6 $7" | |
echo Setting $extra_user access to your home... | |
setfacl -m u:$extra_user:--x $HOME | |
echo Removing $extra_user access to webapps... | |
setfacl -R -m u:$extra_user:--- $HOME/webapps/* | |
setfacl -R -m d:u:$extra_user:--- $HOME/webapps/* | |
echo Setting $extra_user access to webapps... | |
for i in `echo $extra_user_apps | xargs`;do | |
echo -e "\t $i" | |
setfacl -R -m u:$extra_user:rwx $HOME/webapps/$i; | |
setfacl -R -m d:u:$extra_user:rwx $HOME/webapps/$i; | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# set permissions on webfaction.com | |
#!/bin/bash | |
if [ $# -lt 2 ]; then | |
echo 'Too few arguments.\n' | |
echo 'USAGE: permissions.sh action username app_name' | |
echo 'eg: permissions.sh grant joe django' | |
echo 'actions: grant, revoke-app, revoke-all' | |
exit | |
fi | |
PRIMARY_USER=`whoami` | |
ACTION=$1 | |
SECONDARY_USER=$2 | |
APP_DIR=$3 | |
if [ $ACTION == "grant" -a $# == 3 ]; then | |
echo 'Granting permissions to' $APP_DIR 'for user' $SECONDARY_USER'.' | |
if [ ! `getfacl -p $HOME | grep user:$SECONDARY_USER:--x` ]; then | |
# Grant secondary user access to the primary account's home directory | |
# for navigational purposes only. | |
setfacl -m u:$SECONDARY_USER:--x $HOME | |
# Disallow ALL access to all direcories for secondary user. | |
setfacl -R -m u:$SECONDARY_USER:--- $HOME/webapps/* | |
fi | |
# Grant secondary user permissions to specified app directory. | |
setfacl -R -m u:$SECONDARY_USER:rwx $HOME/webapps/$APP_DIR | |
# Grant secondary user permissions to new directories created | |
# in specified app directory. | |
setfacl -R -m d:u:$SECONDARY_USER:rwx $HOME/webapps/$APP_DIR | |
# Ensure all new directories and files are owned by the primary | |
# account's group. | |
chmod g+s $HOME/webapps/$APP_DIR | |
# Make sure the primary account user continues to have full access | |
# to all files and directories. | |
setfacl -R -m d:u:$PRIMARY_USER:rwx $HOME/webapps/$APP_DIR | |
elif [ $ACTION == "revoke-app" ]; then | |
echo 'Revoking permissions for user' $SECONDARY_USER 'to' $APP_DIR'.' | |
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/$APP_DIR | |
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/$APP_DIR | |
elif [ $ACTION == "revoke-all" ]; then | |
echo 'Revoking ALL permissions for' $SECONDARY_USER'.' | |
setfacl -x u:$SECONDARY_USER $HOME | |
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/* | |
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/* | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment