Last active
November 29, 2018 15:12
-
-
Save pounard/8d702ec1fb874b2d255e26c79be8fb70 to your computer and use it in GitHub Desktop.
User rights restoration script for Symfony/D7/D8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "`id -u`" != "0" ]; then | |
| echo "Script must be run as root" | |
| exit 1 | |
| fi | |
| IGNORE_BIN=0 | |
| ROOT_PATH=`pwd` | |
| WWW_USER=http | |
| DEV_GROUP=makina | |
| # 1 is write mode for group (www-user will be the user) | |
| # 2 is write mode for user (www-user will be the group) | |
| MODE=1 | |
| # When set to 1 this will add extreme write rights access | |
| # for Drush being able to reinstall the site | |
| DRUSH=0 | |
| # Webroot folder name relative to script run | |
| WWW_DIR="www" | |
| # Force rights to be set without index.php file | |
| FORCE=0 | |
| SUB_PATH="." | |
| while getopts "fibs:g:w:u:d" opt | |
| do | |
| if [ $opt = "i" ]; then | |
| echo "Full access will be given to user" | |
| MODE=2 | |
| fi | |
| if [ $opt = "g" ]; then | |
| DEV_GROUP=$OPTARG | |
| fi | |
| if [ $opt = "u" ]; then | |
| WWW_USER=$OPTARG | |
| fi | |
| if [ $opt = "d" ]; then | |
| DRUSH=1 | |
| fi | |
| if [ $opt = "b" ]; then | |
| IGNORE_BIN=1 | |
| fi | |
| if [ $opt = "f" ]; then | |
| FORCE=1 | |
| fi | |
| if [ $opt = "s" ]; then | |
| echo "Working in $OPTARG" | |
| SUB_PATH=$OPTARG | |
| fi | |
| if [ $opt = "w" ]; then | |
| echo "Using $OPTARG as public webroot" | |
| WWW_DIR=$OPTARG | |
| fi | |
| done | |
| # Security | |
| if [ ! $FORCE ]; then | |
| if [ ! -f "$ROOT_PATH/www/index.php" ]; then | |
| echo "You are not in a project webroot!" | |
| exit 1 | |
| fi | |
| fi | |
| WORK_DIR="$ROOT_PATH/$SUB_PATH" | |
| # Ignore | |
| IGNORE=" | |
| backup | |
| bin | |
| sbin | |
| www/scripts | |
| web/scripts | |
| selenium | |
| vendor" | |
| # The last two are for ZF2 projects | |
| WWW_WRITABLE=" | |
| cache | |
| log | |
| logs | |
| tmp | |
| var/cache | |
| var/log | |
| var/logs | |
| var/private | |
| var/tmp | |
| app/cache | |
| app/logs | |
| $WWW_DIR/sites/*/files | |
| $WWW_DIR/sites/*/settings.php | |
| $WWW_DIR/sites/*/services.yml | |
| $WWW_DIR/pub | |
| $WWW_DIR/sites/simpletest | |
| data/cache" | |
| DRUSH_WRITABLE=" | |
| $WWW_DIR/sites/all/libraries | |
| $WWW_DIR/sites/*/settings.php | |
| $WWW_DIR/sites/*/services.yml | |
| $WWW_DIR/sites/simpletest | |
| $WWW_DIR/sites/" | |
| BIN=" | |
| bin/drush | |
| vendor/bin/* | |
| lib/vendor/bin/* | |
| bin/* | |
| sbin/*" | |
| if [ "$MODE" == "1" ]; then | |
| r_normal="u+r,u-w,g+rw,o-rwx" | |
| r_write="u+w" | |
| else | |
| r_normal="g+r,g-w,u+rw,o-rwx" | |
| r_write="g+w" | |
| fi | |
| echo "Giving rights to $WWW_USER:$DEV_GROUP on $SUB_PATH" | |
| find $ROOT_PATH -type d -exec chmod g+x,u+x '{}' \; | |
| find $ROOT_PATH -type f -exec chmod g-x,u-x '{}' \; | |
| chown -R $WWW_USER:$DEV_GROUP $ROOT_PATH | |
| chmod -R $r_normal $ROOT_PATH | |
| for dir in $WWW_WRITABLE; do | |
| if [ -d $dir ]; then | |
| echo " * giving write access for www to $dir" | |
| chmod -R $r_write $ROOT_PATH/$dir | |
| else | |
| echo " * skipping non existing dir $dir" | |
| fi | |
| done | |
| for f in $BIN; do | |
| if [ -e $f ]; then | |
| echo " * giving execute flag to $f" | |
| chmod -R +x $f | |
| fi | |
| done | |
| if [ $DRUSH ]; then | |
| echo "Restoring excessive write access for Drush" | |
| chmod u+w,g+w $DRUSH_WRITABLE | |
| fi | |
| if [ -d "$ROOT_PATH/bin" ]; then | |
| echo "Restoring executable flag to scripts" | |
| chmod u+x $ROOT_PATH/bin/*.sh | |
| fi | |
| #EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment