#!/bin/sh set -e # reset flags apache_reload_needed="" runmode="normal" mac=".mac" pc=".pc" xchange=".xchange" if [ -e /etc/adduser.conf ]; then . /etc/adduser.conf else echo "/etc/adduser.conf missing. Exiting..." exit 1 fi [ -f /etc/local/users.conf ] && . /etc/local/users.conf if [ -e /etc/local/volumes ]; then . /etc/local/volumes else # exit silently if this system lacks required hints exit 0 fi XDIRREAL="$XDIR/users/root" if [ $XCHANGE ]; then if [ ! -d "$XDIR" ]; then echo "XDIR doesn't exist. Ignoring XCHANGE!" XCHANGE="" fi fi if [ $# -gt 0 ]; then USERS=$* else USERS=`getent passwd | awk -F: '{print $1}'` fi [ $NETATALK_HOME ] && mac=$NETATALK_HOME [ $SAMBA_HOME ] && pc=$SAMBA_HOME [ $XCHANGE_HOME ] && xchange=$XCHANGE_HOME echo "Setting up additional folders and permissions..." for user in $USERS; do uid=`getent passwd $user | awk -F: '{print $3}' | head -1` HOME=`getent passwd $user | awk -F: '{print $6}' | head -1` if [ -z "$HOME" ]; then echo "User $user doesn't exist. Ignoring..." continue fi # Ignore non-human accounts silently [ "$uid" -ge "$FIRST_UID" -a "$uid" -le "$LAST_UID" ] || continue [ -d $HOME ] || continue # [ -L $HOME ] && continue echo -n $user # if [ -x /etc/local/quota.sh ]; then # /etc/local/quota.sh $user # fi [ $QUOTASOFT ] || QUOTASOFT="0" [ $QUOTAHARD ] || QUOTAHARD="0" for QUOTAHOME in $QUOTAHOMES; do if [ $NEW_QUOTA ]; then setquota $user $QUOTASOFT $QUOTAHARD 0 0 $QUOTAHOME else setquota $user $QUOTAHOME $QUOTASOFT $QUOTAHARD 0 0 fi done mkdir -p $HOME/mail if [ "$USE_MBOX" ]; then touch $HOME/mail/mbox elif [ -f $HOME/mail/mbox -a ! -s $HOME/mail/mbox ]; then rm -f $HOME/mail/mbox fi if [ $NETATALK ]; then mkdir -p $HOME/$mac fi if [ $SAMBA ]; then mkdir -p $HOME/$pc fi if [ $XCHANGE ]; then mkdir -p $XDIRREAL/$user fi if [ $PUBLIC ]; then mkdir -p $HOME/public_html fi chown $user: $HOME chmod u=rwX,go=rX $HOME # Mail handling chown -R $user: $HOME/mail chmod -R u=rw,go=,u+X $HOME/mail if [ -f $HOME/.mailboxlist ]; then chown $user: $HOME/.mailboxlist chmod 0640 $HOME/.mailboxlist fi if [ -f $HOME/.forward ]; then chown $user: $HOME/.forward chmod 0640 $HOME/.forward fi if [ -f /var/mail/$user ]; then chown $user:mail /var/mail/$user chmod ug=rw,o= /var/mail/$user elif [ -f /var/spool/mail/$user ]; then chown $user:mail /var/spool/mail/$user chmod ug=rw,o= /var/spool/mail/$user fi # Mac dir permissions if [ -d $HOME/$mac ]; then chown -R $user: $HOME/$mac chmod -R u=rw,g=r,o=,ug+X $HOME/$mac rm -rf $HOME/$mac/Network\ Trash\ Folder mkdir $HOME/$mac/Network\ Trash\ Folder chown nobody: $HOME/$mac/Network\ Trash\ Folder chmod a= $HOME/$mac/Network\ Trash\ Folder fi # PC dir permissions if [ -d $HOME/$pc ]; then chown -R $user: $HOME/$pc chmod -R u=rw,g=r,o=,ug+X $HOME/$pc fi # Exchange dir permissions if [ -d $XDIRREAL/$user ]; then chown -R $user:users $XDIRREAL/$user chmod -R g=r,g+X $XDIRREAL/$user if [ -e "x$HOME/$xchange" ]; then if [ -L "x$HOME/$xchange" ]; then ln -sf $XDIRREAL/$user $HOME/$xchange else echo "ERROR: $HOME/$xchange exists already. Leaving it as is..." fi else ln -s $XDIRREAL/$user $HOME/$xchange fi fi # Public dir permissions if [ -d $HOME/public_html ]; then chown -R $user: $HOME/public_html chmod -R u+rX,go=r,go+X $HOME/public_html if [ $NETATALK ]; then rm -rf $HOME/public_html/Network\ Trash\ Folder mkdir $HOME/public_html/Network\ Trash\ Folder chown nobody: $HOME/public_html/Network\ Trash\ Folder chmod a= $HOME/public_html/Network\ Trash\ Folder fi fi # Share permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_win"`; do chgrp -R $user $dir chmod -R u=rw,g=rw,o=,ug+X,g+s $dir done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_mac"`; do chgrp -R $user $dir chmod -R u=rw,g=rw,o=,ug+X,g+s $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder chown nobody: $dir/Network\ Trash\ Folder chmod a= $dir/Network\ Trash\ Folder done # Ftp shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_$USER$"`; do chgrp -R $user $dir chmod -R ug=rw,o=r,a+X,g+s $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder chown nobody: $dir/Network\ Trash\ Folder chmod a= $dir/Network\ Trash\ Folder done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_${USER}_ro$"`; do chown -R $user: $dir chmod -R u=rw,go=r,a+X $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder chown nobody: $dir/Network\ Trash\ Folder chmod a= $dir/Network\ Trash\ Folder done # Web shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/web_"`; do chown -R $user: $dir # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable chmod -R u+rw,go+r,a+X $dir # leftover from ancient times with another policy if [ $NETATALK ]; then rm -rf $dir/Network\ Trash\ Folder fi done # Web shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/websites"`; do chown root: $dir chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/websites/"`; do chown -R $user: $dir # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable chmod -R u+rw,go+r,a+X $dir # leftover from ancient times with another policy if [ $NETATALK ]; then rm -rf $dir/Network\ Trash\ Folder fi done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webscripts"`; do chown root: $dir chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webscripts/"`; do chown -R $user: $dir # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable chmod -R u+rw,go+r,a+X $dir done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webdata"`; do chown root: $dir chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webdata/"`; do chown -R $user: $dir chmod -R u=rw,go=,u+X $dir done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpsites"`; do chown root: $dir chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpsites/"`; do chown -R $user:www-data $dir chmod -R ug=rw,o=r,a+X $dir done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpdata"`; do chown root: $dir chmod a=r,u+w,a+X $dir done for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpdata/"`; do chown -R $user:www-data $dir chmod -R ug=rw,o=,ug+X $dir done # Dummy user restrictions if [ -n "$DUMMYSHAREDIR" -a -n "$DUMMYSHAREOWNER" -a -n "$DUMMYSHARENAME" ]; then [ -e $DUMMYSHAREDIR/$user ] \ || mkdir $DUMMYSHAREDIR/$user chown $DUMMYSHAREOWNER: $DUMMYSHAREDIR/$user chmod u=rw,go=r,a+X $DUMMYSHAREDIR/$user if [ -e $HOME/$DUMMYSHARENAME ]; then if [ -L $HOME/$DUMMYSHARENAME ]; then ln -sf $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME chown $user: $HOME/$DUMMYSHARENAME else echo "ERROR: $HOME/$DUMMYSHAREDIR exists already. Leaving it as is..." fi else ln -s $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME chown $user: $HOME/$DUMMYSHARENAME fi if [ -n "$DUMMYAPACHECFG" -a -n "$DUMMYAPACHESHAREDIR" ]; then if [ -f /etc/apache/include.d/$DUMMYAPACHECFG -a -x /etc/init.d/apache ]; then if [ -e /etc/apache/include.d/$DUMMYAPACHECFG-$user ]; then echo "/etc/apache/include.d/$DUMMYAPACHECFG-$user exists already. Ignoring..." else echo "# Created automatically by adduser.local require user $user " \ > /etc/apache/include.d/$DUMMYAPACHECFG-$user apache_reload_needed="1" fi fi fi fi echo "." done if [ $XCHANGE ]; then for USER in $(ls $XDIRREAL); do id $user >/dev/null 2>&1 || rm -rf $XDIRREAL/$user done fi if [ "$apache_reload_needed" ]; then apache_do_reload="" case runmode in interactive) echo -n "Apache config changed. Reload Apache now (Y/n)? " read apache_reload case $apache_reload in y|Y|"") apache_do_reload="1" ;; esac ;; force) apache_do_reload="1" ;; *) echo "Apache config has changed. Remember to reload Apache...!" ;; esac if "$apache_do_reload" ]; then /etc/init.d/apache force-reload fi fi