From 73b959903699b19bef805b96c386ed7fe433a33e Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Wed, 4 Sep 2002 23:35:52 +0000 Subject: Add support in user-init for webphpsites and webphpdata, and tighten access rights on all web* dirs. --- localmkpostfixvirtual | 5 ++++- user-init | 24 ++++++++++++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/localmkpostfixvirtual b/localmkpostfixvirtual index 8afec20..12af73f 100755 --- a/localmkpostfixvirtual +++ b/localmkpostfixvirtual @@ -3,7 +3,7 @@ # /usr/local/sbin/localmkpostfixvirtual # Copyright 2001-2002 Jonas Smedegaard # -# $Id: localmkpostfixvirtual,v 1.7 2002-07-20 18:40:49 jonas Exp $ +# $Id: localmkpostfixvirtual,v 1.8 2002-09-04 23:35:52 jonas Exp $ # # Generate virtual file for postfix # @@ -21,6 +21,9 @@ # Optional: root can have hints like "postmaster@ hostmaster@ support@" # (default: "postmaster@"). # +# Suggestion: Add mailgroup users like this: +# adduser --system --no-create-home --group --disabled-password +# # TODO: reuse getent requests (drastically improves speed) # TODO: Write command "members" as internal code # diff --git a/user-init b/user-init index 45cb9de..fb8f55a 100755 --- a/user-init +++ b/user-init @@ -212,7 +212,7 @@ for user in $USERS; do # Web shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/websites"`; do chown root: $dir - chmod u+rw,go+r,a+X $dir + chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/websites/"`; do chown -R $user: $dir @@ -226,7 +226,7 @@ for user in $USERS; do done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webscripts"`; do chown root: $dir - chmod u+rw,go+r,a+X $dir + chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webscripts/"`; do chown -R $user: $dir @@ -236,11 +236,27 @@ for user in $USERS; do done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webdata"`; do chown root: $dir - chmod u+rw,go+r,a+X $dir + chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webdata/"`; do chown -R $user: $dir - chmod -R u=rw,go=r,a+X $dir + chmod -R u=rw,go=,u+X $dir + done + for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpsites"`; do + chown root: $dir + chmod a=r,u+w,a+X $dir + done + for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpsites/"`; do + chown -R $user:www-data $dir + chmod -R ug=rw,o=r,a+X $dir + done + for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpdata"`; do + chown root: $dir + chmod a=r,u+w,a+X $dir + done + for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpdata/"`; do + chown -R $user:www-data $dir + chmod -R ug=rw,o=,ug+X $dir done # Dummy user restrictions -- cgit v1.2.3