#!/bin/csh -f # Script to maintain proper protections on a directory of private web # pages as described at # http://www.cs.rutgers.edu/~watrous/private-web-pages.html # You should set up the initial private directory owned by the user # under which httpd runs and in the group doing the sharing, and # protected 770. This script will: # * Propagate the ownership of that directory to all directories # below it. # * Propagate the group of that directory to all directories and # files below it. # * Make all files and directories beneath it read/writeable by # group. # * Make all files beneath it world readable. (Don't worry about # this as the directory is protected readable only by the owner # and group. No one else will be able to get to the files. This # step is just do the httpd user doesn't need to own all the files.) # daw; 2/7/05 switch (`uname -s``uname -r`) case SunOS5*: set FIND = /usr/local/gnu/bin/find set WHOAMI = /usr/ucb/whoami breaksw case Linux2*: set FIND = /usr/bin/find set WHOAMI = /usr/bin/whoami breaksw default: exec echo ${0}: does not run on `uname -s` `uname -r` endsw set SWITCHES set DEBUG while($#argv) switch ("$1") case -d: set SWITCHES = ( $SWITCHES "$1" ) set DEBUG = /bin/echo # shift # breaksw # fall through to verbose case -v: set SWITCHES = ( $SWITCHES "$1" ) set VERBOSE shift breaksw case -s: # set SWITCHES = ( $SWITCHES "$1" ) set DOSNAPS shift breaksw default: if (! $?TARGET && -d "$1") then set TARGET = $1 shift breaksw endif set DQ = '"' exec echo ${0}: "What do I do with $DQ$1$DQ?" endsw end #set SLIDE = /usr/local/bin/slide set SLIDE = ~watrous/Sys/slido set TMP = /tmp/`basename $0`.$$ if ("$SLIDE" != "") then if (`$SLIDE $WHOAMI` != "root") exec echo ${0}: need root access to run this endif # Don't do anything if directory has any world access set WPROT = `/bin/ls -ld $TARGET | /bin/cut -c8-10` if ("$WPROT" != "---") exec echo ${0}: $TARGET not protected from world # Use owner's uid from that dir to avoid propagating possible ftp uid instead. set FTPUID = `/bin/ls -ldn $TARGET | awk '{print $3}'` # snapshots for debugging access problems; daw, 2/7/05 if ($?DOSNAPS) then if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -ls set TSTAMP = `date +%m%d.%H%M` # set TMP = /tmp/`basename $0` echo Doing debugging snapshots to $TMP.$TSTAMP.{before,after} $DEBUG $SLIDE /usr/bin/find $TARGET -ls > $TMP.$TSTAMP.before endif # Make sure all directories are owned by ftp #if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -type d -exec "/bin/chown ftp {} \;" #$DEBUG $SLIDE /usr/bin/find $TARGET -type d -exec "/bin/chown ftp {} \;" #if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -type d -exec "/bin/chown $FTPUID {} \;" #$DEBUG $SLIDE /usr/bin/find $TARGET -type d -exec "/bin/chown $FTPUID {} \;" # only do chown if needed; 1/24/07 #$DEBUG $SLIDE $FIND $TARGET -type d -not -uid $FTPUID -exec "/bin/chown $FTPUID {} \;" #if ("DEBUG" != "") $SLIDE $FIND $TARGET -type d -not -uid $FTPUID -exec "$DEBUG /bin/chown $FTPUID {} \;" # adjustment for slido; 10/12/12 echo "$FIND $TARGET -type d -not -uid $FTPUID -exec $DEBUG /bin/chown $FTPUID {} \;" > $TMP if ($?VERBOSE) echo `date +%T` $SLIDE `cat $TMP` #echo ${TMP}: #sed 's;.; &;' $TMP $SLIDE sh $TMP # Make sure hiringcom has group access to everything if ($?VERBOSE) echo `date +%T` $SLIDE ~watrous/Sys/enforce-group-access $SWITCHES $TARGET $SLIDE ~watrous/Sys/enforce-group-access $SWITCHES $TARGET | \ sed 's;.; &;' # See that all files are world readable #if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -type f -exec "/bin/chmod o+r {} \;" #$DEBUG $SLIDE /usr/bin/find $TARGET -type f -exec "/bin/chmod o+r {} \;" # only do chown if needed; 1/24/07 #if ($?VERBOSE) echo `date +%T` $SLIDE $FIND $TARGET -type f -not -perm -4 -exec "/bin/chmod o+r {} \\\;" #$DEBUG $SLIDE $FIND $TARGET -type f -not -perm -4 -exec "/bin/chmod o+r {} \;" #$SLIDE $FIND $TARGET -type f -not -perm -4 -exec "$DEBUG /bin/chmod o+r {} \;" # adjustment for slido; 10/12/12 echo "$FIND $TARGET -type f -not -perm -4 -exec $DEBUG /bin/chmod o+r {} \;" > $TMP if ($?VERBOSE) echo `date +%T` $SLIDE `cat $TMP` #echo ${TMP}: #sed 's;.; &;' $TMP $SLIDE sh $TMP # see files are all owned by ftp; 1/18/07 # no, don't do that; 1/24/07 #if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -type f -exec "/bin/chown $FTPUID {} \;" #$DEBUG $SLIDE /usr/bin/find $TARGET -type f -exec "/bin/chown $FTPUID {} \;" if ($?DOSNAPS) then if ($?VERBOSE) echo `date +%T` $SLIDE /usr/bin/find $TARGET -ls $DEBUG $SLIDE /usr/bin/find $TARGET -ls > $TMP.$TSTAMP.after endif /bin/rm -f $TMP if ($?VERBOSE) echo `date +%T` Done