summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2008-03-20 16:36:53 +0000
committerJonas Smedegaard <dr@jones.dk>2008-03-20 16:36:53 +0000
commit8afd9d4d9b76328fe60ca999987f4b87343a1da4 (patch)
tree9b3593dbdf6f0eda57f58d59d103286e828dae91
parentc6b4e3861c78860af6e1110a2ed5566f23c78e5e (diff)
New script to watch dirs and enforce access rights (only implemented for ~/public_images/* for now...
-rwxr-xr-xlocalfixaccessrights104
1 files changed, 104 insertions, 0 deletions
diff --git a/localfixaccessrights b/localfixaccessrights
new file mode 100755
index 0000000..9cf1561
--- /dev/null
+++ b/localfixaccessrights
@@ -0,0 +1,104 @@
+#!/bin/sh
+#
+# /usr/local/bin/localfixaccessrights
+# Copyright 2008 Jonas Smedegaard <dr@jones.dk>
+#
+# $Id: localfixaccessrights,v 1.1 2008-03-20 16:36:53 jonas Exp $
+#
+# Adjust access rights to follow directory-based policy
+#
+# TODO: Implement options:
+# --help
+# --run-once
+# --init
+# --verbose
+# --debug
+#
+# TODO: Support overriding defaults in rc-file
+#
+# FIXME: Implement more of the local policy...
+#
+
+set -e
+
+PRG=$(basename "$0")
+
+showhelp() {
+ cat <<EOF
+Usage: $PRG DIR [ DIR ... ]
+
+Examples:
+ $PRG ~/private* ~/public*
+EOF
+}
+
+exit1() {
+ echo >&2 "Error: $1"
+ echo >&2 "Exiting..."
+ exit 1
+}
+
+# Sanity checks
+for dir in "$@"; do
+ [ -d "$dir" ] || exit1 "Directory \"$dir\" is not a directory"
+done
+
+getbasename() {
+ basename "$1"
+}
+
+getbits() {
+ ls -l "$1" | awk '{print $1}'
+}
+
+setprivate() {
+ case "$(getbits "$1")" in
+ drwx------)
+ :
+ ;;
+ d*)
+ chmod -f u=rwx,go= "$path" || true
+ ;;
+ -rw-------)
+ :
+ ;;
+ -*)
+ chmod -f u=rw,go= "$path" || true
+ ;;
+ esac
+}
+setpublic() {
+ case "$(getbits "$1")" in
+ drwxr?xr-x)
+ :
+ ;;
+ d*)
+ chmod -f u=rwx,g+rx,o=rx "$path" || true
+ ;;
+ -rw-r?-r--)
+ :
+ ;;
+ -*)
+ chmod -f u=rw,g+r,g-x,o=r "$path" || true
+ ;;
+ esac
+}
+
+fileschanged -r -s created,changed "$@" | while read path; do
+
+ case "$path" in
+ "$HOME"/public_images/*)
+ case "$(getbasename "$path")" in
+ .*)
+ setprivate "$path"
+ continue
+ ;;
+ esac
+
+ setpublic "$path"
+ continue
+ ;;
+ esac
+done
+
+exit 0