sit/check_permissions.sh

160 lines
3.8 KiB
Bash
Raw Normal View History

#!/bin/bash
#
# Script checking the right permissions for software installations:
# Ordinary files must at least have permissions 664 and directories 755.
#
# Copyright (c) 2010-2019 Christoph Niethammer <niethammer@hlrs.de>
#
#
# TODO: Check replacing most of the logick by
# chmod -R g=u,o=g-w -v *
# Figure out how to do
# * a dry run
# * give statistics at the end
#
declare -r APP_NAME="${0##*/}"
declare -r VERSION="0.8"
declare SEARCH_DIRS=
declare VERBOSE=0
declare PRINT_FILES=0
declare PRINT_DIRS=0
declare FIX_PERMISSIONS=0
declare -i NUM_FIEX_DIR_PERMISSIONS=0
declare -i NUM_FIEX_FILE_PERMISSIONS=0
declare -r FILE_PERMS=664
declare -r DIR_PERMS=775
function print_usage {
binary=`basename $0`
cat <<EOF
${APP_NAME}: (${VERSION})
2011-03-04 15:35:09 +00:00
Copyright (C) 2010-2011 Christoph Niethammer <niethammer@hlrs.de>
Usage: $APP_NAME DIR
-h, --help Print this usage
-v, --verbose Be more verbose (print list of found directories and files)
--fixit Fix permissions if possible (only working in verbose mode)
Checks permissions in the given directories. Permissions for files must be
at least set to 664 and for directories must be exactly 775.
EOF
}
function die {
echo $1
exit 1
}
function file_add_perm() {
local perm=$1
shift
local filename="$@"
local oldperm=$(stat -c '%a' "${filename[@]}")
local newperm="$(( ${oldperm:0:1} | ${perm:0:1} ))$(( ${oldperm:1:1} | ${perm:1:1} ))$(( ${oldperm:2:1} | ${perm:2:1} ))"
chmod $newperm "${filename[@]}"
}
if [ $# -lt 1 ]; then
print_usage
exit 0
fi
for arg in $@; do
case $arg in
--fixit)
FIX_PERMISSIONS=1
;;
--help|-h)
print_usage
exit 0
;;
--verbose|-v)
VERBOSE=1
PRINT_FILES=1
PRINT_DIRS=1
;;
--no-print-files)
PRINT_FILES=0
;;
--no-print-dirs)
PRINT_DIRS=0
;;
*)
if [[ ! -d $arg ]]; then
echo "# Skipped $arg"
continue
fi
SEARCH_DIRS+="${IFS}${arg}"
#echo "# Added $arg"
;;
esac
done
declare -a WRONG_DIRS
declare -a WRONG_FILES
echo "# Searching for directories which do not match '$DIR_PERMS' ..."
while IFS= read -r -d '' n; do
WRONG_DIRS+=( $n )
done < <(find $SEARCH_DIRS -type d ! -perm $DIR_PERMS -print0)
echo "# Searching for files which do not match at least '$FILE_PERMS' ..."
while IFS= read -r -d '' n; do
WRONG_FILES+=( "$n" )
done < <(find $SEARCH_DIRS -type f ! -perm -$FILE_PERMS -print0)
for (( i=1; i <= ${#WRONG_FILES[@]}; i++ ))
do
echo ${WRONG_FILES[$i]}
done
if [[ $PRINT_DIRS -eq 1 ]]; then
echo "# ** directories with wrong permissions:"
for dir in "${WRONG_DIRS[@]}"; do
if [[ $FIX_PERMISSIONS -eq 1 ]]; then
echo -en "$dir\t\t"$(stat -c '%a' "$dir")
if chmod $DIR_PERMS "$dir" ; then
NUM_FIXED_DIR_PERMISSIONS=$(($NUM_DIRD_FILE_PERMISSIONS + 1))
echo " ... (fixed)"
else
echo " ... (not fixed)"
fi
else
echo -e "$dir\t\t$(stat -c '%a' \"$dir\")"
fi
done
fi
if [[ $PRINT_FILES -eq 1 ]]; then
echo "# ** files with wrong permissions:"
for file in "${WRONG_FILES[@]}"; do
if [[ $FIX_PERMISSIONS -eq 1 ]]; then
echo -en "$file\t\t"$(stat -c '%a' "$file")
if file_add_perm $FILE_PERMS "$file" ; then
NUM_FIXED_FILE_PERMISSIONS=$(($NUM_FIXED_FILE_PERMISSIONS + 1))
echo " ... (fixed)"
else
echo " ... (not fixed)"
fi
else
echo -e "$file\t\t$(stat -c '%a' \"$file\")"
fi
done
fi
echo "#"
echo "# ------------------------------"
echo "# Summary:"
echo "# directories with wrong permissions: ${#WRONG_DIRS[@]}${NUM_FIXED_DIR_PERMISSIONS:+ (fixed $NUM_FIXED_DIR_PERMISSIONS)}"
echo "# files with wrong permissions: ${#WRONG_FILES[@]}${NUM_FIXED_FILE_PERMISSIONS:+ (fixed $NUM_FIXED_FILE_PERMISSIONS)}"
echo "# ------------------------------"
echo "#"
# clean up temporary files
#rm $WRONG_DIR_FILE
#rm $WRONG_FILES_FILE