prepare_permissioncheck.sh 4.35 KB
Newer Older
1
#!/bin/sh
2

3
ACTION=$1
4

5 6 7
# all filenames concerning permission
# check must not include a colon `:'

8 9 10
# ensure the command "which" is available
PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/opt/sbin:/opt/local/bin:/opt/local/sbin"
CHMOD=`which chmod`
11
COPY=`which cp`
12
MKDIR=`which mkdir`
13

14
# compare with permissioncheck/usecases.inc.php
15 16

WORK_DIR="permissioncheck"
17
LIST_OF_FILES="${WORK_DIR}/list-of-files.txt"
18
LIST_OF_SUBDIRS="${WORK_DIR}/list-of-subdirs.txt"
19
#
20 21
INDEX_FILE="index.php"
DEFAULT_FILE_NAME="check.php"
22 23
#USECASES_FILE="${WORK_DIR}/usecases.txt"
USECASES_FILE="${WORK_DIR}/usecases.bin"
24 25 26
GRANT="${WORK_DIR}/permission_granted.bin"
NO="${WORK_DIR}/no.bin"
YES="${WORK_DIR}/yes.bin"
27
HTACCESS="${WORK_DIR}/.htaccess"
28 29

# quick 'n dirty
30
# none of those permissions are critical
31
#
32 33 34 35 36 37 38 39 40 41 42
if [ -d ${WORK_DIR} ] ; then
	${CHMOD} 755 "${WORK_DIR}"
else
	echo "${WORK_DIR} does not exist"
	exit 1
fi
if [ -f ${LIST_OF_FILES} ] ; then
	${CHMOD} 644 "${LIST_OF_FILES}"
else
	echo "${LIST_OF_FILES} does not exist"
	exit 1
43
fi
44 45 46 47 48 49 50
# the next may be redundant, because it could be done in ${LIST_OF_FILES}
if [ -f ${LIST_OF_SUBDIRS} ] ; then
	${CHMOD} 644 "${LIST_OF_SUBDIRS}"
else
	echo "${LIST_OF_SUBDIRS} does not exist"
	exit 1
fi
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

# hardcoded permissions are supposed to be
# removed and replaced by list of files
hardcoded_perms() {
	${CHMOD} 644 "${GRANT}"
	${CHMOD} 444 "${NO}"
	${CHMOD} 444 "${YES}"
	#
	${CHMOD} 644 "${WORK_DIR}/${DEFAULT_FILE_NAME}"
	${CHMOD} 644 "${WORK_DIR}/functions.inc.php"
	if [ -f ${HTACCESS} ] ; then
		${CHMOD} 644 ${HTACCESS}
	fi
	${CHMOD} 600 "${WORK_DIR}/_htaccess"
	${CHMOD} 600 "${WORK_DIR}/.htpasswd"
	${CHMOD} 644 "${WORK_DIR}/${INDEX_FILE}"
	${CHMOD} 644 "${WORK_DIR}/permission_granted.inc.php"
	${CHMOD} 644 "${WORK_DIR}/usecases.inc.php"
69
	#${CHMOD} 644 "${WORK_DIR}/usecases.bin"
70 71 72 73 74
	#${CHMOD} 644 "${WORK_DIR}/usecases.txt"
	${CHMOD} 644 "${USECASES_FILE}"
}
hardcoded_perms

75 76
dynamic_perms_files() {
echo ' dynamic_perms_files'
77 78 79 80 81 82
while read line_of_file_orig ; do
	static_file_name="permissioncheck/"`echo $line_of_file_orig | cut -d: -f1`
	#echo $static_file_name
	static_file_perm=`echo $line_of_file_orig | cut -d: -f2`
	#echo $static_file_perm
	if [ -f $static_file_name ] ; then
83 84
		#echo ${CHMOD} $static_file_perm $static_file_name
		${CHMOD} $static_file_perm $static_file_name
85 86 87 88 89 90
	else
		echo "$static_file_name $static_file_perm does not exist"
		echo exit 1 recommended
	fi
done < ${LIST_OF_FILES}
}
91

92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
dynamic_perms_subdirs() {
echo ' dynamic_perms_subdirs'
while read line_of_file_orig ; do
	static_subdir_name="permissioncheck/"`echo $line_of_file_orig | cut -d: -f1`
	#echo $static_file_name
	static_subdir_perm=`echo $line_of_file_orig | cut -d: -f2`
	#echo $static_file_perm
	if [ -d $static_subdir_name ] ; then
		#echo ${CHMOD} $static_subdir_perm $static_subdir_name
		${CHMOD} $static_subdir_perm $static_subdir_name
	else
		echo "$static_subdir_name $static_subdir_perm does not exist"
		echo ${MKDIR} $static_subdir_name '#' recommended
		#echo exit 1 recommended
	fi
done < ${LIST_OF_SUBDIRS}
}

dynamic_perms() {
	dynamic_perms_files
	dynamic_perms_subdirs
}

115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
disable_perm_check() {
while read line_of_file_orig ; do
	${COPY} ${NO} ${GRANT}
	#echo $line_of_file_orig
	usecase=`echo $line_of_file_orig | cut -d: -f1`
	#echo $usecase
	uc_perms_subdir=`echo $line_of_file_orig | cut -d: -f2`
	#echo $uc_perms_subdir
	uc_perms_file=`echo $line_of_file_orig | cut -d: -f3`
	#echo $uc_perms_file
	${CHMOD} 700 ${WORK_DIR}/${usecase}
	#ls -ld ${WORK_DIR}/${usecase}
	${CHMOD} 600 ${WORK_DIR}/${usecase}/${DEFAULT_FILE_NAME}
	#ls -l ${WORK_DIR}/${usecase}/${DEFAULT_FILE_NAME}
	#echo
done < ${USECASES_FILE}
}

enable_perm_check() {
while read line_of_file_orig ; do
	${COPY} ${YES} ${GRANT}
	#echo $line_of_file_orig
	usecase=`echo $line_of_file_orig | cut -d: -f1`
	#echo $usecase
	uc_perms_subdir=`echo $line_of_file_orig | cut -d: -f2`
	#echo $uc_perms_subdir
	uc_perms_file=`echo $line_of_file_orig | cut -d: -f3`
	#echo $uc_perms_file
	${CHMOD} ${uc_perms_subdir} ${WORK_DIR}/${usecase}
	#ls -ld ${WORK_DIR}/${usecase}
	${CHMOD} ${uc_perms_file} ${WORK_DIR}/${usecase}/${DEFAULT_FILE_NAME}
	#ls -l ${WORK_DIR}/${usecase}/${DEFAULT_FILE_NAME}
	#echo
148
done < ${USECASES_FILE}
149 150 151 152 153 154 155 156 157 158
}


case ${ACTION} in
	disable)
		disable_perm_check
		;;
	enable)
		enable_perm_check
		;;
159 160 161
	test)
		dynamic_perms
		;;
162 163 164 165
	*)
		echo "Usage: sh prepare_permissioncheck.sh {disable|enable}"
		;;
esac
166

167
# EOF