From a9583d7907e0674fe3a1c65863c6c59f4a0b1872 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sun, 11 Dec 2005 20:53:48 +0000 Subject: Use 'find -regex' rather than egrep. --- user-init | 168 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 85 insertions(+), 83 deletions(-) (limited to 'user-init') diff --git a/user-init b/user-init index 62e238c..1519946 100755 --- a/user-init +++ b/user-init @@ -210,34 +210,36 @@ for user in $USERS; do fi # Public dir permissions - if [ -d "$HOME/public_html" ]; then - chown -R "$user": "$HOME/public_html" - chmod -R u+rX,go=r,go+X "$HOME/public_html" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./public_html$'`; do + chown -R "$user": "$HOME/$dir" + chmod -R u+rX,go=r,go+X "$HOME/$dir" if [ -n "$NETATALK" ]; then - rm -rf "$HOME/public_html/Network Trash Folder" - mkdir "$HOME/public_html/Network Trash Folder" - chown nobody: "$HOME/public_html/Network Trash Folder" - chmod a= "$HOME/public_html/Network Trash Folder" + rm -rf "$HOME/$dir/Network Trash Folder" + mkdir "$HOME/$dir/Network Trash Folder" + chown nobody: "$HOME/$dir/Network Trash Folder" + chmod a= "$HOME/$dir/Network Trash Folder" fi - fi + done - # Private dir permissions - if [ -d "$HOME/private" ]; then - chown -R "$user": "$HOME/private" - chmod -R u+rX,g=r,g+X,o= "$HOME/private" - fi + # Private dirs are readable by own primary group + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./private\(_.*\)?$'`; do + chown -R "$user": "$HOME/$dir" + chmod -R u+rX,g=r,g+X,o= "$HOME/$dir" + done - # Private music dir permissions - if [ -d "$HOME/private_music" ]; then - chown -R "$user": "$HOME/private_music" - chmod -R u+rX,g=r,g+X,o= "$HOME/private_music" - fi + # Secret dirs are accessible only by self + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./secret\(_.*\)?$'`; do + chown -R "$user": "$HOME/$dir" + chmod -R u+rX,go= "$HOME/$dir" + done # Fileshares: /shares./// # : Either mac or win depending on which of netatalk and samba provides r/w access to the shares # : Group with write access to the share (usually the default group of the owner) # : Either rwgroup or secondary group with read-only access to the share # owner and rwgroup members must be member of both groups + #FIXME: Use the below instead, and replace occurrences of "$thisdir" with "$HOME/$dir". + #for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./shares\..*'`; do find "$HOME" -mindepth 1 -maxdepth 1 -type d -print | egrep "^$HOME/shares\." | (while read thisdir; do sharetype="`basename \"$thisdir\" | awk -F. '{print $2}'`" # Define dir and file exceptions @@ -332,106 +334,106 @@ for user in $USERS; do done) # Deprecated share permissions - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_win"`; do - chgrp -R "$user" "$dir" - chmod -R u=rw,g=rw,o=,ug+X,g+s "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./shares_win.*'`; do + chgrp -R "$user" "$HOME/$dir" + chmod -R u=rw,g=rw,o=,ug+X,g+s "$HOME/$dir" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_mac"`; do - chgrp -R "$user" "$dir" - chmod -R u=rw,g=rw,o=,ug+X,g+s "$dir" - rm -rf "$dir/Network Trash Folder" - mkdir "$dir/Network Trash Folder" - chown nobody: "$dir/Network Trash Folder" - chmod a= "$dir/Network Trash Folder" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./shares_mac.*'`; do + chgrp -R "$user" "$HOME/$dir" + chmod -R u=rw,g=rw,o=,ug+X,g+s "$HOME/$dir" + rm -rf "$HOME/$dir/Network Trash Folder" + mkdir "$HOME/$dir/Network Trash Folder" + chown nobody: "$HOME/$dir/Network Trash Folder" + chmod a= "$HOME/$dir/Network Trash Folder" done # Ftp shares permissions - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_$USER$"`; do - chgrp -R "$user" "$dir" - chmod -R ug=rw,o=r,a+X,g+s "$dir" - rm -rf "$dir/Network Trash Folder" - mkdir "$dir/Network Trash Folder" - chown nobody: "$dir/Network Trash Folder" - chmod a= "$dir/Network Trash Folder" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex "^\./ftp_$user$"`; do + chgrp -R "$user" "$HOME/$dir" + chmod -R ug=rw,o=r,a+X,g+s "$HOME/$dir" + rm -rf "$HOME/$dir/Network Trash Folder" + mkdir "$HOME/$dir/Network Trash Folder" + chown nobody: "$HOME/$dir/Network Trash Folder" + chmod a= "$HOME/$dir/Network Trash Folder" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_${USER}_ro$"`; do - chown -R "$user": "$dir" - chmod -R u=rw,go=r,a+X "$dir" - rm -rf "$dir/Network Trash Folder" - mkdir "$dir/Network Trash Folder" - chown nobody: "$dir/Network Trash Folder" - chmod a= "$dir/Network Trash Folder" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex "^\./ftp_${user}_ro$"`; do + chown -R "$user": "$HOME/$dir" + chmod -R u=rw,go=r,a+X "$HOME/$dir" + rm -rf "$HOME/$dir/Network Trash Folder" + mkdir "$HOME/$dir/Network Trash Folder" + chown nobody: "$HOME/$dir/Network Trash Folder" + chmod a= "$HOME/$dir/Network Trash Folder" done # Web shares permissions - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/web_"`; do - chown -R "$user": "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./web_.*'`; do + chown -R "$user": "$HOME/$dir" # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable - chmod -R u+rw,go+r,a+X "$dir" + chmod -R u+rw,go+r,a+X "$HOME/$dir" # leftover from ancient times with another policy if [ $NETATALK ]; then - rm -rf "$dir/Network Trash Folder" + rm -rf "$HOME/$dir/Network Trash Folder" fi done # Web shares permissions - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/websites"`; do - chown root: "$dir" - chmod a=r,u+w,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./websites$'`; do + chown root: "$HOME/$dir" + chmod a=r,u+w,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/websites/"`; do - chown -R "$user": "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./websites/.*'`; do + chown -R "$user": "$HOME/$dir" # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable - chmod -R u+rw,go+r,a+X "$dir" + chmod -R u+rw,go+r,a+X "$HOME/$dir" # leftover from ancient times with another policy if [ $NETATALK ]; then - rm -rf "$dir/Network Trash Folder" + rm -rf "$HOME/$dir/Network Trash Folder" fi done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webscripts"`; do - chown root: "$dir" - chmod a=r,u+w,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./webscripts$'`; do + chown root: "$HOME/$dir" + chmod a=r,u+w,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webscripts/"`; do - chown -R $user: "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./webscripts/.*'`; do + chown -R $user: "$HOME/$dir" # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable - chmod -R u+rw,go+r,a+X "$dir" + chmod -R u+rw,go+r,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webdata"`; do - chown "$user": "$dir" - chmod a=r,u+w,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./webdata$'`; do + chown "$user": "$HOME/$dir" + chmod a=r,u+w,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webdata/"`; do - chown -R "$user": "$dir" - chmod -R u=rw,go=,u+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./webdata/.*'`; do + chown -R "$user": "$HOME/$dir" + chmod -R u=rw,go=,u+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webshareddata"`; do - chown "$user": "$dir" - chmod a=r,u+w,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./webshareddata$'`; do + chown "$user": "$HOME/$dir" + chmod a=r,u+w,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webshareddata/"`; do - chown -R "$user:" "$dir" - chmod -R u=rw,go=r,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./webshareddata/.*'`; do + chown -R "$user:" "$HOME/$dir" + chmod -R u=rw,go=r,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpsites"`; do - chown root: "$dir" - chmod u=rw,go=r,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./webphpsites$'`; do + chown root: "$HOME/$dir" + chmod u=rw,go=r,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpsites/"`; do - chown -R "$user":www-data "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./webphpsites/.*'`; do + chown -R "$user":www-data "$HOME/$dir" # chmod -R ug=rw,o=r,a+X $dir - chmod -R ug=rw,o=,ug+X "$dir" + chmod -R ug=rw,o=,ug+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpdata"`; do - chown root: "$dir" - chmod a=r,u+w,a+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 1 -maxdepth 1 -type d -regex '^\./webphpdata$'`; do + chown root: "$HOME/$dir" + chmod a=r,u+w,a+X "$HOME/$dir" done - for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpdata/"`; do - chown -R "$user":www-data "$dir" - chmod -R ug=rw,o=,ug+X "$dir" + for dir in `cd "$HOME" && find . -mindepth 2 -maxdepth 2 -type d -regex '^\./webphpdata/.*'`; do + chown -R "$user":www-data "$HOME/$dir" + chmod -R ug=rw,o=,ug+X "$HOME/$dir" done # Dummy user restrictions -- cgit v1.2.3