LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 10-16-2005, 09:23 AM   #16
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231

Anxiously awaiting the results.
 
Old 10-20-2005, 02:18 AM   #17
doc.nice
Member
 
Registered: Oct 2004
Location: Germany
Distribution: Debian
Posts: 274

Rep: Reputation: 34
sorry, for the long waiting time but <insert your favorite plea here>

so here it is, fine, not so small and fully commented!

Code:
#!/bin/bash
#
# homerights - script to change access rights and owner of
# home directories
#
# 2005 by Florian Harbich (doc.nice)
#
# created after a request of ??? (danimalz) on www.linuxquestions.org
# credits for fixes and improvements to
# - Rick (archtoad6)
# - ??? (anomie)
# - ??? (fotoguy)
#
# this script can be freely copied, as long as the orginal
# author(s) remain mentioned.


######################################################
# USERCONFIG SECTION
######################################################

# base dir for home directories
HOMEBASE="/home"

# group name if no group called after the username exists
COMMONGRP="users"

# rights for home directories with common group
# the rights for the user directory are reset to 0000 before
# appying this string to be able to use X together
# with --recursive without keeping an old x right
COMMONGRPRIGHTS="u=rwX,g-rwXs,o-rwxt"

# rights for home directories with individual group
# the rights for the user directory are reset to 0000 before
# appying this string to be able to use X together
# with --recursive without keeping an old x right
USERGRPRIGHTS="u=rwX,g=rwXs,o=t"

# extra options for chown (i.e. --recursive)
CHOWNOPTS=""

# extra options for chmod (i.e.--recursive)
# this is normally not needed, without access to the directory
# one also can't access the file therein.
CHMODOPTS=""

######################################################
# END OF USERCONFIG SECTION
# do not edit below this line
######################################################

# fix variables and set sensible defaults if unset

HOMEBASE="${HOMEBASE:=/home}"
HOMEBASE="${HOMEBASE%/}"
COMMONGROUP="${COMMONGROUP:=users}"
COMMONRPRIGHTS="${COMMONGRPRIGHTS:=u+rwX,g+rwX,o-rwx}"
USERGRPRIGHTS="${USERGRPRIGHTS:=u+rwX,g+rwX,o-rwx}"

if [ \( "$1" == "-h" \) -o \( "$1" == "--help" \) ]; then
  cat >&2 <<EOF
Aufruf: $(basename $0) [-h] [-r]

script to change access rights and owner of home directories

-h      --help          show this help
-r      --really        without this switch, the script will ony
                        show what would happen, but doesn't really
                        perform the actions.


Will change all user directories in ${HOMEBASE}.
The owners will be changed to be the same as the
directory name and the group will be the same if
it exists, else it will be set to ${COMMONGRP}.
Rights for directories with individual group will
be changed to ${USERGRPRIGHTS}
rights for directories with common groups will
be set to ${COMMONGRPRIGHTS}.

EOF
  exit 0
fi

# sanity checks
if [ -z "$(grep "^${COMMONGRP}:" /etc/group)" ]; then
  # common group not in group auth file
  echo "common group ${COMMONGRP} doesn't exist! aborting." >&2
  exit 1
fi

if [ ! -d "${HOMEBASE}" ]; then
  # base directory not found
  echo "base directory ${HOMEBASE} not found! aborting." >&2
  exit 1
fi

if [ \( "$1" == "-r" \) -o \( "$1" == "--really" \) ]; then
  # really perform changes
  REALACTION="dontbelazy"
else
  # only show changes, but don't perform
  REALACTION=""
fi

[ "${REALACTION}" ] && echo "$1 specified, changes are really applied!" >&2

# main part
for DIR in $(ls -d -1 --quoting-style=escape ${HOMEBASE}/*/); do
  DIR="$(basename "${DIR}")"
  echo "setting rights for ${DIR}"
  if grep -q "^${DIR}:" /etc/passwd; then
    # user with directory name found
    if grep -q "^${DIR}:" /etc/group; then
      # group with directory name found,
      # use individual group mode for this directory
      echo "  user has its own group, setting individual mode"
      if [ "${REALACTION}" ]; then
        chown ${CHOWNOPTS} ${DIR}:${DIR} "${HOMEBASE}/${DIR}"
        # fix for X and recursive mode, see in CONFIG section
        chmod 0000 "${HOMEBASE}/${DIR}"
        chmod ${CHMODOPTS} ${USERGRPRIGHTS} "${HOMEBASE}/${DIR}"
      else
        echo "chown ${CHOWNOPTS} ${DIR}:${DIR} \"${HOMEBASE}/${DIR}\"" 
        echo "chmod ${CHMODOPTS} ${USERGRPRIGHTS} \"${HOMEBASE}/${DIR}\""
      fi
    else
      # no group with directory name found,
      # use common group mode for this directory
      echo "  user has no own group, setting common mode"
      if [ "${REALACTION}" ]; then
        chown ${CHOWNOPTS} ${DIR}:${COMMONGRP} "${HOMEBASE}/${DIR}"
        # fix for X and recursive mode, see in CONFIG section
        chmod 0000 "${HOMEBASE}/${DIR}"
        chmod ${CHMODOPTS} ${COMMONGRPRIGHTS} "${HOMEBASE}/${DIR}"
      else
        echo "chown ${CHOWNOPTS} ${DIR}:${COMMONGRP} \"${HOMEBASE}/${DIR}\"" 
        echo "chmod ${CHMODOPTS} ${COMMONGRPRIGHTS} \"${HOMEBASE}/${DIR}\""
      fi
    fi
  else
    # no user with directory name found,
    # ignore this directory
    echo "  no username for this directory, skipping..."
  fi
done

if [ -z "${REALACTION}" ]; then
  echo "no changes were made to your filesystem," >&2
  echo "use -r  or --really to really apply" >&2
fi
Flo
 
Old 11-28-2005, 07:00 AM   #18
stimpsonjcat
Member
 
Registered: Apr 2005
Location: switzerland
Distribution: debian etch
Posts: 99

Rep: Reputation: 15
I know this thread is old. but I'm trying to do exactly (well, kind of) the opposite of what the original poster did.
I want a default umask of 003, so if I add user alice to group john, Alice can rwx John's files (at the moment, Alice can only r-x John's files).

there is a file /etc/profile which I suppose sets the default umask of the whole system to 022.
If I edit this file, will that work (the debian manual doesn't tell)? or is there a better way to do it?

thanks
stimpy
 
Old 11-28-2005, 07:05 AM   #19
doc.nice
Member
 
Registered: Oct 2004
Location: Germany
Distribution: Debian
Posts: 274

Rep: Reputation: 34
This file will set the umask for any NEW usery to what is set therein,
it is copied to .profile in the new usery homedir.

so you can set the usmask and AFTERWARDS create the user or edit/create the file .profile in the existing homedir and set the umask there.
(and afterwards set the variables in my script above and run it to fix the rights of all existing files...)
 
Old 11-28-2005, 03:34 PM   #20
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,279

Rep: Reputation: 61
Awesome script, you certainly a talented individual.
 
Old 11-28-2005, 04:50 PM   #21
doc.nice
Member
 
Registered: Oct 2004
Location: Germany
Distribution: Debian
Posts: 274

Rep: Reputation: 34
thanks, even if it took a bit longer than expected...
hope anyone can use or even improve it...
 
Old 11-30-2005, 03:30 AM   #22
T.Hsu
Member
 
Registered: Jan 2005
Posts: 178

Rep: Reputation: 31
dpkg-reconfigure adduser

But it will only affect the users you create after.
 
  


Reply

Tags
adduser, script


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Root/Home Directory and setting up FTP for home directories? Mankind75 Linux - Newbie 6 07-23-2006 02:37 PM
encrypted home directories TomaCzar Slackware 1 05-19-2005 07:00 AM
securing users to certain directories ? lozza1978 Linux - Newbie 2 05-09-2005 10:04 PM
Securing individual directories (SSL) Trent Hatred Linux - Software 1 10-07-2004 10:50 PM
Home directories and AD authentication Kerry Davis Linux - Networking 5 07-14-2004 10:26 AM


All times are GMT -5. The time now is 04:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration