diff options
author | Jonas Smedegaard <dr@jones.dk> | 2008-03-20 16:36:53 +0000 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2008-03-20 16:36:53 +0000 |
commit | 8afd9d4d9b76328fe60ca999987f4b87343a1da4 (patch) | |
tree | 9b3593dbdf6f0eda57f58d59d103286e828dae91 | |
parent | c6b4e3861c78860af6e1110a2ed5566f23c78e5e (diff) |
New script to watch dirs and enforce access rights (only implemented for ~/public_images/* for now...
-rwxr-xr-x | localfixaccessrights | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/localfixaccessrights b/localfixaccessrights new file mode 100755 index 0000000..9cf1561 --- /dev/null +++ b/localfixaccessrights @@ -0,0 +1,104 @@ +#!/bin/sh +# +# /usr/local/bin/localfixaccessrights +# Copyright 2008 Jonas Smedegaard <dr@jones.dk> +# +# $Id: localfixaccessrights,v 1.1 2008-03-20 16:36:53 jonas Exp $ +# +# Adjust access rights to follow directory-based policy +# +# TODO: Implement options: +# --help +# --run-once +# --init +# --verbose +# --debug +# +# TODO: Support overriding defaults in rc-file +# +# FIXME: Implement more of the local policy... +# + +set -e + +PRG=$(basename "$0") + +showhelp() { + cat <<EOF +Usage: $PRG DIR [ DIR ... ] + +Examples: + $PRG ~/private* ~/public* +EOF +} + +exit1() { + echo >&2 "Error: $1" + echo >&2 "Exiting..." + exit 1 +} + +# Sanity checks +for dir in "$@"; do + [ -d "$dir" ] || exit1 "Directory \"$dir\" is not a directory" +done + +getbasename() { + basename "$1" +} + +getbits() { + ls -l "$1" | awk '{print $1}' +} + +setprivate() { + case "$(getbits "$1")" in + drwx------) + : + ;; + d*) + chmod -f u=rwx,go= "$path" || true + ;; + -rw-------) + : + ;; + -*) + chmod -f u=rw,go= "$path" || true + ;; + esac +} +setpublic() { + case "$(getbits "$1")" in + drwxr?xr-x) + : + ;; + d*) + chmod -f u=rwx,g+rx,o=rx "$path" || true + ;; + -rw-r?-r--) + : + ;; + -*) + chmod -f u=rw,g+r,g-x,o=r "$path" || true + ;; + esac +} + +fileschanged -r -s created,changed "$@" | while read path; do + + case "$path" in + "$HOME"/public_images/*) + case "$(getbasename "$path")" in + .*) + setprivate "$path" + continue + ;; + esac + + setpublic "$path" + continue + ;; + esac +done + +exit 0 |