| 1 | #!/bin/bash |
|---|
| 2 | # checkperms: Comprueba que los permisos de los ficheros sean correctos. |
|---|
| 3 | # Nota: Las siguientes variables de entorno pueden usarse para retocar los |
|---|
| 4 | # valores por defecto: |
|---|
| 5 | # - OPENGNSYS_USER - usuario de OpenGnsys. |
|---|
| 6 | # - OPENGNSYS_DIR - directorio de instalación. |
|---|
| 7 | # - APACHE_USER - usuario de Apache. |
|---|
| 8 | # - APACHE_GROUP - grupo de Apache. |
|---|
| 9 | # Uso: checkperms |
|---|
| 10 | # variable1=valor1 ... checkperms |
|---|
| 11 | # Autor: Ramon Gomez - Univ. Sevilla, noviembre 2010 |
|---|
| 12 | # Fecha: 2012/07/13 |
|---|
| 13 | |
|---|
| 14 | |
|---|
| 15 | # Variables. |
|---|
| 16 | OPENGNSYS_USER=${OPENGNSYS_USER:-"opengnsys"} # Usuario del cliente para acceso remoto |
|---|
| 17 | OPENGNSYS_DIR=${OPENGNSYS_DIR:-/opt/opengnsys} # Directorio de instalación de OpenGnsys |
|---|
| 18 | APACHE_USER=${APACHE_USER:-"www-data"} # Usuario de ejecución de Apache |
|---|
| 19 | APACHE_GROUP=${APACHE_GROUP:-"www-data"} # Grupo de ejecución de Apache |
|---|
| 20 | PROG=$(basename "$0") |
|---|
| 21 | |
|---|
| 22 | # Control de errores. |
|---|
| 23 | if [ "$USER" != "root" ]; then |
|---|
| 24 | echo "$PROG: Error: solo ejecutable por root" >&2 |
|---|
| 25 | exit 1 |
|---|
| 26 | fi |
|---|
| 27 | if [ "$OPENGNSYS_USER" == "root" -o -z "$(getent passwd "$OPENGNSYS_USER" 2>/dev/null)" ]; then |
|---|
| 28 | echo "$PROG: Error: el usuario de OpenGnsys debe existir y no ser root (OPENGNSYS_USER=\"$OPENGNSYS_USER\")" >&2 |
|---|
| 29 | exit 1 |
|---|
| 30 | fi |
|---|
| 31 | if [ ! -d "$OPENGNSYS_DIR" ]; then |
|---|
| 32 | echo "$PROG: Error: sin acceso al directorio de OpenGnsys (OPENGNSYS_DIR=\"$OPENGNSYS_DIR\")". >&2 |
|---|
| 33 | exit 1 |
|---|
| 34 | fi |
|---|
| 35 | if [ -z "$(getent passwd "$APACHE_USER" 2>/dev/null)" -o -z "$(getent group "$APACHE_GROUP" 2>/dev/null)" ]; then |
|---|
| 36 | echo "$PROG: Error: no se detectan el usuario o el grupo de Apache (APACHE_USER=\"$APACHE_USER\", APACHE_GROUP=\"$APACHE_GROUP\")" >&2 |
|---|
| 37 | exit 1 |
|---|
| 38 | fi |
|---|
| 39 | |
|---|
| 40 | mkdir -p $OPENGNSYS_DIR/{log/clients,images/groups} |
|---|
| 41 | chown -R :$OPENGNSYS_USER $OPENGNSYS_DIR/{log/clients,images/groups} |
|---|
| 42 | find $OPENGNSYS_DIR/log/clients -type f -exec chmod 664 {} \; |
|---|
| 43 | find $OPENGNSYS_DIR/images -maxdepth 1 -exec chown :$OPENGNSYS_USER {} \; |
|---|
| 44 | find $OPENGNSYS_DIR/images -maxdepth 1 -type d -exec chmod 775 {} \; |
|---|
| 45 | find $OPENGNSYS_DIR/images -maxdepth 1 -type f -exec chmod 664 {} \; |
|---|
| 46 | find $OPENGNSYS_DIR/client/{interfaceAdm,scripts} ! -name "*.txt" -exec chmod +x {} \; |
|---|
| 47 | chown -R $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/etc/ssl/private |
|---|
| 48 | chmod -R go-rwx $OPENGNSYS_DIR/client/etc/ssl/private |
|---|
| 49 | chown $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso |
|---|
| 50 | chmod 700 $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso |
|---|
| 51 | chown root:root $OPENGNSYS_DIR/etc/ogAdmAgent*.cfg |
|---|
| 52 | chmod 600 $OPENGNSYS_DIR/etc/ogAdmAgent*.cfg |
|---|
| 53 | chown root:$APACHE_GROUP $OPENGNSYS_DIR/{www/controlacceso*.php,etc/ogAdmRepo*.cfg,etc/ogAdmServer*.cfg} |
|---|
| 54 | chmod 640 $OPENGNSYS_DIR/{www/controlacceso*.php,etc/ogAdmRepo*.cfg,etc/ogAdmServer*.cfg} |
|---|
| 55 | chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/www/images/{fotos,iconos} |
|---|
| 56 | mkdir -p $OPENGNSYS_DIR/www/{api,tmp} |
|---|
| 57 | chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/www/{api,tmp} |
|---|
| 58 | chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/tftpboot/{menu.lst,grub} |
|---|
| 59 | chown -R :$OPENGNSYS_USER $OPENGNSYS_DIR/tftpboot/ogLive* |
|---|
| 60 | find -L $OPENGNSYS_DIR/tftpboot -type d -exec chmod 755 {} \; |
|---|
| 61 | find -L $OPENGNSYS_DIR/tftpboot -type f -exec chmod 644 {} \; |
|---|
| 62 | chown $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/log/{ogagent,remotepc,rest}.log |
|---|
| 63 | |
|---|
