From add84bc08a95754e77ef3acdb242bd39384f178a Mon Sep 17 00:00:00 2001 From: deflax Date: Tue, 7 Apr 2020 23:14:32 +0300 Subject: [PATCH] Update aclset.sh --- scripts/aclset.sh | 122 +++++++++++++++++++++++----------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/scripts/aclset.sh b/scripts/aclset.sh index 5f9bf48..7162822 100644 --- a/scripts/aclset.sh +++ b/scripts/aclset.sh @@ -1,33 +1,33 @@ #!/bin/bash -# afx acl setup +# acl setup ### vars -watchdir="/srv/test" -domainadmin="afx" -password="CHANGEME" +watchdir="/srv/share" +domainadmin="admin" +password="bangovasil" ### #init controlfile="control.txt" -passfile="password.txt" +passfile="delete.txt" aclset=""; acldel=""; old_IFS=$IFS # save the field separator IFS=$'\n' # new field separator, the end of line -exec > /tmp/afxacl.log 2>&1 +exec >> /var/log/afxacl.log 2>&1 -mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.1.tmp -mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.1.tmp -updatedb --database-root=$watchdir --output /tmp/afxacl.db -l 0 -mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.2.tmp -mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.2.tmp +mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.1.tmp +mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.1.tmp +updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0 +mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.2.tmp +mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.2.tmp -setlist=`diff /tmp/afxacl.set.1.tmp /tmp/afxacl.set.2.tmp` +setlist=`diff /var/tmp/afxacl.set.1.tmp /var/tmp/afxacl.set.2.tmp` aclset=`echo "$setlist" | grep '>'` -dellist=`diff /tmp/afxacl.del.1.tmp /tmp/afxacl.del.2.tmp` +dellist=`diff /var/tmp/afxacl.del.1.tmp /var/tmp/afxacl.del.2.tmp` acldel=`echo "$dellist" | grep '>'` #del @@ -37,31 +37,32 @@ then do curcontroldel=`echo "$dline" | cut -c 3-`; echo "unlocking $curcontroldel" - ccut=`expr ${#passfile} + 1` - cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev` - echo "" + ccut=`expr ${#passfile} + 1` + cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev` + echo "" if [ -d "$cdir" ]; then if grep -q $password "$curcontroldel"; - then - echo "password accepted" - chattr -i "$cdir/$controlfile" - rm "$cdir/$controlfile" - setfacl -R --remove-all "$cdir" - chmod 770 "$cdir" - echo "" - echo "current permissions:" - getfacl "$cdir" - rm "$curcontroldel" - else - echo "invalid password!" - rm "$curcontroldel" - fi + then + echo "password accepted" + chattr -i "$cdir/$controlfile" + rm "$cdir/$controlfile" + setfacl -R --remove-all "$cdir" + chmod 770 "$cdir" + echo "" + echo "current permissions:" + getfacl "$cdir" + rm "$curcontroldel" + else + echo "invalid password!" + rm "$curcontroldel" + fi else echo "warning: whole dir was deleted" fi - echo "" - echo "" + echo "" + updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0 + echo "" done < <(echo "$acldel") fi @@ -70,47 +71,46 @@ if [ -n "$aclset" ] then while read cline; do - curcontrolset=`echo "$cline" | cut -c 3-`; - echo "setting up acl from $curcontrolset" - ccuser=`stat -c "%U" "$curcontrolset"` - if [ "$ccuser" != "$domainadmin" ]; - then - echo "$ccuser is not a valid admin!" - rm $curcontrolset - continue; - fi - - echo "" + curcontrolset=`echo "$cline" | cut -c 3-`; + echo "setting up acl from $curcontrolset" + ccuser=`stat -c "%U" "$curcontrolset"` + if [ "$ccuser" != "$domainadmin" ]; + then + echo "$ccuser is not a valid admin!" + rm $curcontrolset + continue; + fi + + echo "" ccut=`expr ${#controlfile} + 1` - cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev` + cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev` chmod 700 "$cdir" for uline in $(cat "$curcontrolset") do echo "add user $uline ..." - setfacl -R -n -m u:$uline:rwx "$cdir" + setfacl -R -n -m u:$uline:rwx "$cdir" done - echo "add admin $domainadmin ..." - setfacl -R -n -m u:$domainadmin:rwx "$cdir" - setfacl -R -n -m m::rwx "$cdir" + echo "add admin $domainadmin ..." + setfacl -R -n -m u:$domainadmin:rwx "$cdir" + setfacl -R -n -m m::rwx "$cdir" - chattr +i "$curcontrolset" - echo "" - echo "current permissions:" - getfacl "$cdir" - echo "" - echo "" + chattr +i "$curcontrolset" + echo "" + echo "current permissions:" + getfacl "$cdir" + echo "" + echo "" done < <(echo "$aclset") fi IFS=$old_IFS # restore default field separator -if [ -s /tmp/afxacl.log ]; -then - mutt -s "setacl.sh notice" mailbox@server.com < /tmp/afxacl.log -fi +#if [ -s /var/log/afxacl.log ]; +#then +# mutt -s "ACL" user@mail.com < /var/tmp/afxacl.log +#fi #cleantmp -rm /tmp/afxacl.set* -rm /tmp/afxacl.del* - +rm /var/tmp/afxacl.set* +rm /var/tmp/afxacl.del*