sysadmin/scripts/aclset.sh

#!/bin/bash

# acl setup

### vars

watchdir="/srv/share"
domainadmin="user"
password="pass"

###

#init
controlfile="control.txt"
passfile="delete.txt"
aclset="";
acldel="";
old_IFS=$IFS      # save the field separator
IFS=$'\n'     # new field separator, the end of line
exec >> /var/log/afxacl.log 2>&1

mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.1.tmp
mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.1.tmp
updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0
mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.2.tmp
mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.2.tmp

setlist=`diff /var/tmp/afxacl.set.1.tmp /var/tmp/afxacl.set.2.tmp`
aclset=`echo "$setlist" | grep '>'`
dellist=`diff /var/tmp/afxacl.del.1.tmp /var/tmp/afxacl.del.2.tmp`
acldel=`echo "$dellist" | grep '>'`

#del
if [ -n "$acldel" ]
then
        while read dline;
        do
                curcontroldel=`echo "$dline" | cut -c 3-`;
                echo "unlocking $curcontroldel"
		ccut=`expr ${#passfile} + 1`
		cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev`
		echo ""
                if [ -d "$cdir" ];
                then
                        if grep -q $password "$curcontroldel";
			then
				echo "password accepted"
				chattr -i "$cdir/$controlfile"
				rm "$cdir/$controlfile"
				setfacl -R --remove-all "$cdir"
                        	chmod 770 "$cdir"
				echo ""
				echo "current permissions:"
				getfacl "$cdir"
				rm "$curcontroldel"
			else
				echo "invalid password!"
				rm "$curcontroldel"
			fi
                else
                        echo "warning: whole dir was deleted"
                fi
		echo ""
                updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0
		echo ""
        done < <(echo "$acldel")
fi

# set
if [ -n "$aclset" ]
then
        while read cline;
        do
		curcontrolset=`echo "$cline" | cut -c 3-`;
		echo "setting up acl from $curcontrolset"
		ccuser=`stat -c "%U" "$curcontrolset"`
		if [ "$ccuser" != "$domainadmin" ];
		then
			echo "$ccuser is not a valid admin!"
			rm $curcontrolset
			continue;
		fi
		
		echo ""
                ccut=`expr ${#controlfile} + 1`
		cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev`
                chmod 700 "$cdir"
                for uline in $(cat "$curcontrolset")
                do
                        echo "add user $uline ..."
		 	setfacl -R -n -m u:$uline:rwx "$cdir"
                done
		echo "add admin $domainadmin ..."
		setfacl -R -n -m u:$domainadmin:rwx "$cdir"
		setfacl -R -n -m m::rwx "$cdir"

		chattr +i "$curcontrolset"
		echo ""
		echo "current permissions:"
		getfacl "$cdir"
		echo ""
		echo ""
        done < <(echo "$aclset")

fi

IFS=$old_IFS     # restore default field separator

#if [ -s /var/log/afxacl.log ];
#then
#        mutt -s "ACL" user@mail.com < /var/tmp/afxacl.log
#fi

#cleantmp
rm /var/tmp/afxacl.set*
rm /var/tmp/afxacl.del*
initial commit 2017-09-15 14:11:31 -04:00			`#!/bin/bash`

Update aclset.sh 2020-04-07 16:14:32 -04:00			`# acl setup`
initial commit 2017-09-15 14:11:31 -04:00
			`### vars`

Update aclset.sh 2020-04-07 16:14:32 -04:00			`watchdir="/srv/share"`
Update aclset.sh 2020-04-07 16:16:06 -04:00			`domainadmin="user"`
			`password="pass"`
initial commit 2017-09-15 14:11:31 -04:00
			`###`

			`#init`
			`controlfile="control.txt"`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`passfile="delete.txt"`
initial commit 2017-09-15 14:11:31 -04:00			`aclset="";`
			`acldel="";`
			`old_IFS=$IFS # save the field separator`
			`IFS=$'\n' # new field separator, the end of line`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`exec >> /var/log/afxacl.log 2>&1`
initial commit 2017-09-15 14:11:31 -04:00
Update aclset.sh 2020-04-07 16:14:32 -04:00			`mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.1.tmp`
			`mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.1.tmp`
			`updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0`
			`mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.2.tmp`
			`mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.2.tmp`
initial commit 2017-09-15 14:11:31 -04:00
Update aclset.sh 2020-04-07 16:14:32 -04:00			setlist=`diff /var/tmp/afxacl.set.1.tmp /var/tmp/afxacl.set.2.tmp`
initial commit 2017-09-15 14:11:31 -04:00			aclset=`echo "$setlist" \| grep '>'`
Update aclset.sh 2020-04-07 16:14:32 -04:00			dellist=`diff /var/tmp/afxacl.del.1.tmp /var/tmp/afxacl.del.2.tmp`
initial commit 2017-09-15 14:11:31 -04:00			acldel=`echo "$dellist" \| grep '>'`

			`#del`
			`if [ -n "$acldel" ]`
			`then`
			`while read dline;`
			`do`
			curcontroldel=`echo "$dline" \| cut -c 3-`;
			`echo "unlocking $curcontroldel"`
Update aclset.sh 2020-04-07 16:14:32 -04:00			ccut=`expr ${#passfile} + 1`
			cdir=`echo "$curcontroldel" \| rev \| cut -c $ccut- \| rev`
			`echo ""`
initial commit 2017-09-15 14:11:31 -04:00			`if [ -d "$cdir" ];`
			`then`
			`if grep -q $password "$curcontroldel";`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`then`
			`echo "password accepted"`
			`chattr -i "$cdir/$controlfile"`
			`rm "$cdir/$controlfile"`
			`setfacl -R --remove-all "$cdir"`
			`chmod 770 "$cdir"`
			`echo ""`
			`echo "current permissions:"`
			`getfacl "$cdir"`
			`rm "$curcontroldel"`
			`else`
			`echo "invalid password!"`
			`rm "$curcontroldel"`
			`fi`
initial commit 2017-09-15 14:11:31 -04:00			`else`
			`echo "warning: whole dir was deleted"`
			`fi`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`echo ""`
			`updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0`
			`echo ""`
initial commit 2017-09-15 14:11:31 -04:00			`done < <(echo "$acldel")`
			`fi`

			`# set`
			`if [ -n "$aclset" ]`
			`then`
			`while read cline;`
			`do`
Update aclset.sh 2020-04-07 16:14:32 -04:00			curcontrolset=`echo "$cline" \| cut -c 3-`;
			`echo "setting up acl from $curcontrolset"`
			ccuser=`stat -c "%U" "$curcontrolset"`
			`if [ "$ccuser" != "$domainadmin" ];`
			`then`
			`echo "$ccuser is not a valid admin!"`
			`rm $curcontrolset`
			`continue;`
			`fi`

			`echo ""`
initial commit 2017-09-15 14:11:31 -04:00			ccut=`expr ${#controlfile} + 1`
Update aclset.sh 2020-04-07 16:14:32 -04:00			cdir=`echo "$curcontrolset" \| rev \| cut -c $ccut- \| rev`
initial commit 2017-09-15 14:11:31 -04:00			`chmod 700 "$cdir"`
			`for uline in $(cat "$curcontrolset")`
			`do`
			`echo "add user $uline ..."`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`setfacl -R -n -m u:$uline:rwx "$cdir"`
initial commit 2017-09-15 14:11:31 -04:00			`done`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`echo "add admin $domainadmin ..."`
			`setfacl -R -n -m u:$domainadmin:rwx "$cdir"`
			`setfacl -R -n -m m::rwx "$cdir"`

			`chattr +i "$curcontrolset"`
			`echo ""`
			`echo "current permissions:"`
			`getfacl "$cdir"`
			`echo ""`
			`echo ""`
initial commit 2017-09-15 14:11:31 -04:00			`done < <(echo "$aclset")`

			`fi`

			`IFS=$old_IFS # restore default field separator`

Update aclset.sh 2020-04-07 16:14:32 -04:00			`#if [ -s /var/log/afxacl.log ];`
			`#then`
			`# mutt -s "ACL" user@mail.com < /var/tmp/afxacl.log`
			`#fi`
initial commit 2017-09-15 14:11:31 -04:00
			`#cleantmp`
Update aclset.sh 2020-04-07 16:14:32 -04:00			`rm /var/tmp/afxacl.set*`
			`rm /var/tmp/afxacl.del*`