|
@@ -1,7 +1,9 @@
|
|
|
#!/bin/bash
|
|
|
|
|
|
+
|
|
|
DIR="/var/local/log/lcmlog-data"
|
|
|
|
|
|
+
|
|
|
######################
|
|
|
# AUXILIARY FUNCTION #
|
|
|
######################
|
|
@@ -25,8 +27,8 @@ method_help()
|
|
|
echo
|
|
|
echo "Options:"
|
|
|
echo " -i Initialization of the folder structure in default directory ($DIR)"
|
|
|
- echo " -l See who is authorized in auth folder using getent"
|
|
|
- echo " -u Update folders ACL"
|
|
|
+ echo " -l See who is authorized in $DIR/auth"
|
|
|
+ echo " -u Update folders ACL (data and logs)"
|
|
|
echo
|
|
|
echo " -h Show this help"
|
|
|
}
|
|
@@ -73,7 +75,7 @@ method_init()
|
|
|
fi
|
|
|
|
|
|
echo
|
|
|
- echo "Now you should add entries in auth files and then update folder permissions using the flag -u"
|
|
|
+ echo "Now you should add entries in $DIR/auth files and then update folder permissions using -u flag."
|
|
|
|
|
|
fi
|
|
|
}
|
|
@@ -85,24 +87,29 @@ method_init()
|
|
|
method_authlookup()
|
|
|
{
|
|
|
if [ -d $DIR/auth ]; then
|
|
|
+
|
|
|
+ # look 150
|
|
|
echo -e "\033[1;36m150 auth:\033[0;36m GET 150, GET Admin, POST 150\033[00m"
|
|
|
for uid in $(awk '{print $1}' $DIR/auth/150); do
|
|
|
getent passwd $uid
|
|
|
done
|
|
|
-
|
|
|
echo
|
|
|
+
|
|
|
+ # look admin
|
|
|
echo -e "\033[1;36mAdmin auth:\033[0;36m GET 150, GET Admin, POST 150, POST Admin, UPDATE\033[00m"
|
|
|
for uid in $(awk '{print $1}' $DIR/auth/Admin); do
|
|
|
getent passwd $uid
|
|
|
done
|
|
|
-
|
|
|
echo
|
|
|
+
|
|
|
+ # look ex 150
|
|
|
echo -e "\033[1;36mValhalla auth:\033[0;36m GET 150, GET Admin\033[00m"
|
|
|
for uid in $(awk '{print $1}' $DIR/auth/Valhalla); do
|
|
|
getent passwd $uid
|
|
|
done
|
|
|
-
|
|
|
echo
|
|
|
+
|
|
|
+ # look ex admin
|
|
|
echo -e "\033[1;36mNirvana auth:\033[0;36m GET 150, GET Admin, POST Admin\033[00m"
|
|
|
for uid in $(awk '{print $1}' $DIR/auth/Nirvana); do
|
|
|
getent passwd $uid
|
|
@@ -120,7 +127,63 @@ method_authlookup()
|
|
|
method_updateACL()
|
|
|
{
|
|
|
if [ -d $DIR/auth ] && [ -d $DIR/data ] && [ -d $DIR/logs ]; then
|
|
|
- echo "OK. Method incomplete."
|
|
|
+
|
|
|
+ echo "Authorization in $DIR/auth:"
|
|
|
+ echo
|
|
|
+ method_authlookup
|
|
|
+
|
|
|
+ echo "Do you want to set new permissions? [y|n]"
|
|
|
+ read ANSWER
|
|
|
+ while [ -z $ANSWER ]; do
|
|
|
+ echo "Yes (y) or no (n)? "
|
|
|
+ read ANSWER
|
|
|
+ done
|
|
|
+ while [ $ANSWER != "y" ] && [ $ANSWER != "n" ]; do
|
|
|
+ echo "Yes (y) or no (n)? "
|
|
|
+ read ANSWER
|
|
|
+ while [ -z $ANSWER ]; do
|
|
|
+ echo "Yes (y) or no (n)? "
|
|
|
+ read ANSWER
|
|
|
+ done
|
|
|
+ done
|
|
|
+ if [ $ANSWER == "n" ]; then exit 0; fi
|
|
|
+
|
|
|
+ # remove old permissions
|
|
|
+ echo "Removing old permissions..."
|
|
|
+ setfacl -b $DIR/data
|
|
|
+ setfacl -b $DIR/logs
|
|
|
+
|
|
|
+ # add new permissions
|
|
|
+ echo "Setting up new permissions..."
|
|
|
+
|
|
|
+ # set 150
|
|
|
+ for uid in $(awk '{print $1}' $DIR/auth/150); do
|
|
|
+ setfacl -m u:$uid:rwx $DIR/data
|
|
|
+ setfacl -m u:$uid:rwx $DIR/logs
|
|
|
+ done
|
|
|
+
|
|
|
+ # set admin
|
|
|
+ for uid in $(awk '{print $1}' $DIR/auth/Admin); do
|
|
|
+ setfacl -m u:$uid:rwx $DIR/data
|
|
|
+ setfacl -m u:$uid:rwx $DIR/logs
|
|
|
+ done
|
|
|
+
|
|
|
+ # set ex 150
|
|
|
+ for uid in $(awk '{print $1}' $DIR/auth/Valhalla); do
|
|
|
+ setfacl -m u:$uid:rx $DIR/data
|
|
|
+ setfacl -m u:$uid:rwx $DIR/logs
|
|
|
+ done
|
|
|
+
|
|
|
+ # set ex admin
|
|
|
+ for uid in $(awk '{print $1}' $DIR/auth/Nirvana); do
|
|
|
+ setfacl -m u:$uid:rwx $DIR/data
|
|
|
+ setfacl -m u:$uid:rwx $DIR/logs
|
|
|
+ done
|
|
|
+
|
|
|
+ echo "Done. New permissions are:"
|
|
|
+ getfacl $DIR/data
|
|
|
+ getfacl $DIR/logs
|
|
|
+
|
|
|
else
|
|
|
echo "Error: some folders are missing. Use the -i option to create missing folders."
|
|
|
fi
|