Skip to content

Instantly share code, notes, and snippets.

@epcim epcim/acl_permissions.sh
Last active Mar 16, 2019

Embed
What would you like to do?
#!/bin/bash
if [ $# -lt 2 -o $# -gt 3 ]; then
echo
echo 'Please provide 2 or 3 arguments.'
echo
echo 'USAGE: permissions.sh action username directory'
echo 'actions: grant, revoke-app, revoke-all'
echo 'eg: permissions.sh grant joe $HOME/webapps/django'
echo
echo 'Currently only works for directories in /home/username/webapps.'
echo
exit
fi
PRIMARY_USER=`whoami`
ACTION=$1
SECONDARY_USER=$2
APP_DIR=$3
DIR_ARRAY=$3
# Parse the supplied directory path
i=0
while [ "$DIR_ARRAY" != "/" ];do
i=$(($i+1))
parse[$i]="$(basename "$DIR_ARRAY")"
DIR_ARRAY="$(dirname "$DIR_ARRAY")"
if [ "$DIR_ARRAY" != "/home" -a "$DIR_ARRAY" != "/" ]; then
[ "$DIR_ARRAY" = "." ] && DIR_ARRAY="$(pwd -P)"
fi
done
if [ $ACTION == "grant" -a $# == 3 ]; then
if [[ $APP_DIR != $HOME/webapps/* ]]; then
echo
echo "This script currently only works with $HOME/webapps"
echo
exit
fi
echo 'Granting permissions to' $APP_DIR 'for user' $SECONDARY_USER'.'
if [ ! `getfacl -p $HOME | grep user:$SECONDARY_USER:--x` ]; then
# Grant secondary user access to the primary account's home directory
# for navigational purposes only.
setfacl -m u:$SECONDARY_USER:--x $HOME
# Disallow ALL access to all direcories for secondary user.
setfacl -R -m u:$SECONDARY_USER:--- $HOME/webapps/*
fi
DIR_PATH=""
while [ $i -gt 0 ]; do
DIR_PATH=$DIR_PATH/"${parse[$i]}"
if [ "$DIR_PATH" != "/home" -a "$DIR_PATH" != "/" ]; then
if [ "$DIR_PATH" != "$HOME" -a "$DIR_PATH" != "$HOME/webapps" ]; then
if [ $i == 1 ]; then
# Grant secondary user permissions to specified directory.
setfacl -R -m u:$SECONDARY_USER:rwx $DIR_PATH
# Grant secondary user permissions to new directories created
# in specified directory.
setfacl -R -m d:u:$SECONDARY_USER:rwx $DIR_PATH
# Ensure all new directories and files are owned by the primary
# account's group.
chmod g+s $DIR_PATH
# Make sure the primary account user continues to have full access
# to all files and directories.
setfacl -R -m d:u:$PRIMARY_USER:rwx $DIR_PATH
else
# Grant secondary user permissions to navigate to specified directory.
setfacl -R -m u:$SECONDARY_USER:--x $DIR_PATH
fi
fi
fi
i=$(($i-1))
done
elif [ $ACTION == "revoke-app" ]; then
echo 'Revoking permissions for user' $SECONDARY_USER 'to' $APP_DIR
setfacl -R -x u:$SECONDARY_USER $APP_DIR
setfacl -R -x d:u:$SECONDARY_USER $APP_DIR
elif [ $ACTION == "revoke-all" ]; then
echo 'Revoking ALL permissions for' $SECONDARY_USER'.'
setfacl -x u:$SECONDARY_USER $HOME
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/*
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/*
fi
#!/bin/sh
extra_user=$1
extra_user_apps="$2 $3 $4 $5 $6 $7"
echo Setting $extra_user access to your home...
setfacl -m u:$extra_user:--x $HOME
echo Removing $extra_user access to webapps...
setfacl -R -m u:$extra_user:--- $HOME/webapps/*
setfacl -R -m d:u:$extra_user:--- $HOME/webapps/*
echo Setting $extra_user access to webapps...
for i in `echo $extra_user_apps | xargs`;do
echo -e "\t $i"
setfacl -R -m u:$extra_user:rwx $HOME/webapps/$i;
setfacl -R -m d:u:$extra_user:rwx $HOME/webapps/$i;
done
# set permissions on webfaction.com
#!/bin/bash
if [ $# -lt 2 ]; then
echo 'Too few arguments.\n'
echo 'USAGE: permissions.sh action username app_name'
echo 'eg: permissions.sh grant joe django'
echo 'actions: grant, revoke-app, revoke-all'
exit
fi
PRIMARY_USER=`whoami`
ACTION=$1
SECONDARY_USER=$2
APP_DIR=$3
if [ $ACTION == "grant" -a $# == 3 ]; then
echo 'Granting permissions to' $APP_DIR 'for user' $SECONDARY_USER'.'
if [ ! `getfacl -p $HOME | grep user:$SECONDARY_USER:--x` ]; then
# Grant secondary user access to the primary account's home directory
# for navigational purposes only.
setfacl -m u:$SECONDARY_USER:--x $HOME
# Disallow ALL access to all direcories for secondary user.
setfacl -R -m u:$SECONDARY_USER:--- $HOME/webapps/*
fi
# Grant secondary user permissions to specified app directory.
setfacl -R -m u:$SECONDARY_USER:rwx $HOME/webapps/$APP_DIR
# Grant secondary user permissions to new directories created
# in specified app directory.
setfacl -R -m d:u:$SECONDARY_USER:rwx $HOME/webapps/$APP_DIR
# Ensure all new directories and files are owned by the primary
# account's group.
chmod g+s $HOME/webapps/$APP_DIR
# Make sure the primary account user continues to have full access
# to all files and directories.
setfacl -R -m d:u:$PRIMARY_USER:rwx $HOME/webapps/$APP_DIR
elif [ $ACTION == "revoke-app" ]; then
echo 'Revoking permissions for user' $SECONDARY_USER 'to' $APP_DIR'.'
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/$APP_DIR
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/$APP_DIR
elif [ $ACTION == "revoke-all" ]; then
echo 'Revoking ALL permissions for' $SECONDARY_USER'.'
setfacl -x u:$SECONDARY_USER $HOME
setfacl -R -x u:$SECONDARY_USER $HOME/webapps/*
setfacl -R -x d:u:$SECONDARY_USER $HOME/webapps/*
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.