deflax/sysadmin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update aclset.sh

Browse source
This commit is contained in:
deflax 2020-04-07 23:14:32 +03:00 committed by GitHub
parent 06b93b2352
commit add84bc08a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 61 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
scripts/aclset.sh
View file

@ -1,33 +1,33 @@
#!/bin/bash #!/bin/bash
# afx acl setup # acl setup
### vars ### vars
watchdir="/srv/test" watchdir="/srv/share"
domainadmin="afx" domainadmin="admin"
password="CHANGEME" password="bangovasil"
### ###
#init #init
controlfile="control.txt" controlfile="control.txt"
passfile="password.txt" passfile="delete.txt"
aclset=""; aclset="";
acldel=""; acldel="";
old_IFS=$IFS # save the field separator old_IFS=$IFS # save the field separator
IFS=$'\n' # new field separator, the end of line IFS=$'\n' # new field separator, the end of line
exec > /tmp/afxacl.log 2>&1 exec >> /var/log/afxacl.log 2>&1
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.1.tmp mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.1.tmp
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.1.tmp mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.1.tmp
updatedb --database-root=$watchdir --output /tmp/afxacl.db -l 0 updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.2.tmp mlocate --database=/var/tmp/afxacl.db $controlfile > /var/tmp/afxacl.set.2.tmp
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.2.tmp mlocate --database=/var/tmp/afxacl.db $passfile > /var/tmp/afxacl.del.2.tmp
setlist=`diff /tmp/afxacl.set.1.tmp /tmp/afxacl.set.2.tmp` setlist=`diff /var/tmp/afxacl.set.1.tmp /var/tmp/afxacl.set.2.tmp`
aclset=`echo "$setlist" | grep '>'` aclset=`echo "$setlist" | grep '>'`
dellist=`diff /tmp/afxacl.del.1.tmp /tmp/afxacl.del.2.tmp` dellist=`diff /var/tmp/afxacl.del.1.tmp /var/tmp/afxacl.del.2.tmp`
acldel=`echo "$dellist" | grep '>'` acldel=`echo "$dellist" | grep '>'`
#del #del
@ -37,31 +37,32 @@ then
do do
curcontroldel=`echo "$dline" | cut -c 3-`; curcontroldel=`echo "$dline" | cut -c 3-`;
echo "unlocking $curcontroldel" echo "unlocking $curcontroldel"
ccut=`expr ${#passfile} + 1` ccut=`expr ${#passfile} + 1`
cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev` cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev`
echo "" echo ""
if [ -d "$cdir" ]; if [ -d "$cdir" ];
then then
if grep -q $password "$curcontroldel"; if grep -q $password "$curcontroldel";
then then
echo "password accepted" echo "password accepted"
chattr -i "$cdir/$controlfile" chattr -i "$cdir/$controlfile"
rm "$cdir/$controlfile" rm "$cdir/$controlfile"
setfacl -R --remove-all "$cdir" setfacl -R --remove-all "$cdir"
chmod 770 "$cdir" chmod 770 "$cdir"
echo "" echo ""
echo "current permissions:" echo "current permissions:"
getfacl "$cdir" getfacl "$cdir"
rm "$curcontroldel" rm "$curcontroldel"
else else
echo "invalid password!" echo "invalid password!"
rm "$curcontroldel" rm "$curcontroldel"
fi fi
else else
echo "warning: whole dir was deleted" echo "warning: whole dir was deleted"
fi fi
echo "" echo ""
echo "" updatedb --database-root=$watchdir --output /var/tmp/afxacl.db -l 0
echo ""
done < <(echo "$acldel") done < <(echo "$acldel")
fi fi
@ -70,47 +71,46 @@ if [ -n "$aclset" ]
then then
while read cline; while read cline;
do do
curcontrolset=`echo "$cline" | cut -c 3-`; curcontrolset=`echo "$cline" | cut -c 3-`;
echo "setting up acl from $curcontrolset" echo "setting up acl from $curcontrolset"
ccuser=`stat -c "%U" "$curcontrolset"` ccuser=`stat -c "%U" "$curcontrolset"`
if [ "$ccuser" != "$domainadmin" ]; if [ "$ccuser" != "$domainadmin" ];
then then
echo "$ccuser is not a valid admin!" echo "$ccuser is not a valid admin!"
rm $curcontrolset rm $curcontrolset
continue; continue;
fi fi
echo "" echo ""
ccut=`expr ${#controlfile} + 1` ccut=`expr ${#controlfile} + 1`
cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev` cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev`
chmod 700 "$cdir" chmod 700 "$cdir"
for uline in $(cat "$curcontrolset") for uline in $(cat "$curcontrolset")
do do
echo "add user $uline ..." echo "add user $uline ..."
setfacl -R -n -m u:$uline:rwx "$cdir" setfacl -R -n -m u:$uline:rwx "$cdir"
done done
echo "add admin $domainadmin ..." echo "add admin $domainadmin ..."
setfacl -R -n -m u:$domainadmin:rwx "$cdir" setfacl -R -n -m u:$domainadmin:rwx "$cdir"
setfacl -R -n -m m::rwx "$cdir" setfacl -R -n -m m::rwx "$cdir"
chattr +i "$curcontrolset" chattr +i "$curcontrolset"
echo "" echo ""
echo "current permissions:" echo "current permissions:"
getfacl "$cdir" getfacl "$cdir"
echo "" echo ""
echo "" echo ""
done < <(echo "$aclset") done < <(echo "$aclset")
fi fi
IFS=$old_IFS # restore default field separator IFS=$old_IFS # restore default field separator
if [ -s /tmp/afxacl.log ]; #if [ -s /var/log/afxacl.log ];
then #then
mutt -s "setacl.sh notice" mailbox@server.com < /tmp/afxacl.log # mutt -s "ACL" user@mail.com < /var/tmp/afxacl.log
fi #fi
#cleantmp #cleantmp
rm /tmp/afxacl.set* rm /var/tmp/afxacl.set*
rm /tmp/afxacl.del* rm /var/tmp/afxacl.del*