Advanced 'find' against specific groups and perms

RaelOM · 10-11-2006, 09:44 AM

I need to search all files in directory X that do not belong to $GROUP and then -exec chgrp {} \; and then I need to find all files in directory X that do not have group rw (If they are a file) or rwx (if it's a directory) and do -exec chmod g+rw (or g+rwx) {} \;

I'm having trouble understanding how I can get find to lcoate these files that aren't belonging to $GROUP. -nogroup won't work since that just checks against non existant groups in the /etc/group file.

Help me obie-wan-ka-newbie... You're meh only hope!

druuna · 10-11-2006, 10:20 AM

Hi,

find . -type f ! -group users searches for files that do not have users as group. The ! (or -not) is used to exclude something.
You can also group things like this:

find . -type f -not $ -group users -o -group visitor $

All file having users or visitor as group will be excluded from the hits.

Hope this clears things up a bit.

RaelOM · 10-11-2006, 11:49 AM

Yea, I figured that out...

Here's what I got but it's not working as I expected...WTF?!

Code:

# Project Ownership & Group permissions.
for i in `ls -d /proj/*`;
do
	# Set $GROUP Variable
		GROUP=`ls -ld $i | awk '{print $4}'`;
	# Find DIRECTORIES under <project> that do not have group rwx and chmod
		find $i -type d ! -perm -0070 -exec chmod g+rwx '{}' \;
	# Find FILES under <project> that do not have group rw and chmod
		find $i -type f ! -perm -0060 -exec chmod g+rw '{}' \;
	# Find EVERYTHING under <project> that have the incorrect group set
		find $i ! -group $GROUP -exec chgrp -h $GROUP '{}' \;
	# Set Project ROOT /proj/* to 2751
		chmod 2751 $i;
	# Set Project ROOT Group ownership
		chgrp $GROUP $i;
done

druuna · 10-11-2006, 01:14 PM

Hi,

What's it doing, or not doing?
Do you get any error messages?

I'll take a look, but it would be easier if you gave a bit more information

RaelOM · 10-12-2006, 06:41 AM

As it's running through the for loop it's changing everything under /proj/* to the first group it gets assigned. WTF?

druuna · 10-12-2006, 09:40 AM

Hi,

This I can understand:
# Set $GROUP Variable
GROUP=`ls -ld $i | awk '{print $4}'`;

But this seems to be unneeded, it always sets it to a group that it already is:
# Set Project ROOT Group ownership
chgrp $GROUP $i;

The following could do something you didn't think of:
# Set Project ROOT /proj/* to 2751
chmod 2751 $i;
All files and directories in /proj/ (not recursive) will get 2751 as permission. Do you also want this to be true for files??

I don't seem to understand your problem: it's changing everything under /proj/* to the first group it gets assigned.
If /proj/dirone has internet as group, all dirs and files under /proj/dirone will have internet as group after you run the script.

Code:

Original filestructure:

drwxr-xr-x  5 druuna internet 4096 Oct 12 16:31 dirone
drwxr-xr-x  5 druuna users    4096 Oct 12 16:31 dirthree
drwxr-xr-x  5 druuna visitor  4096 Oct 12 16:31 dirtwo
-rw-r--r--  1 druuna internet    0 Oct 12 16:31 fileone
-rw-r--r--  1 druuna users       0 Oct 12 16:31 filethree
-rw-r--r--  1 druuna visitor     0 Oct 12 16:31 filetwo

dirone:
total 12
drwxr-xr-x  2 druuna internet 4096 Oct 12 16:31 dironeone
drwxr-xr-x  2 druuna users    4096 Oct 12 16:31 dironethree
drwxr-xr-x  2 druuna visitor  4096 Oct 12 16:31 dironetwo
-rw-r--r--  1 druuna internet    0 Oct 12 16:31 fileone
-rw-r--r--  1 druuna users       0 Oct 12 16:31 filethree
-rw-r--r--  1 druuna visitor     0 Oct 12 16:31 filetwo

dirtwo:
total 12
drwxr-xr-x  2 druuna internet 4096 Oct 12 16:31 dirtwoone
drwxr-xr-x  2 druuna users    4096 Oct 12 16:31 dirtwothree
drwxr-xr-x  2 druuna visitor  4096 Oct 12 16:31 dirtwotwo
-rw-r--r--  1 druuna internet    0 Oct 12 16:31 fileone
-rw-r--r--  1 druuna users       0 Oct 12 16:31 filethree
-rw-r--r--  1 druuna visitor     0 Oct 12 16:31 filetwo

Dirstructure after running the script:

drwxr-s--x  5 druuna internet 4096 Oct 12 16:31 dirone
drwxr-s--x  5 druuna users    4096 Oct 12 16:31 dirthree
drwxr-s--x  5 druuna visitor  4096 Oct 12 16:31 dirtwo
-rwxr-s--x  1 druuna internet    0 Oct 12 16:33 fileone
-rwxr-s--x  1 druuna users       0 Oct 12 16:33 filethree
-rwxr-s--x  1 druuna visitor     0 Oct 12 16:33 filetwo

dirone:
total 12
drwxrwxr-x  2 druuna internet 4096 Oct 12 16:31 dironeone
drwxrwxr-x  2 druuna internet 4096 Oct 12 16:31 dironethree
drwxrwxr-x  2 druuna internet 4096 Oct 12 16:31 dironetwo
-rw-rw-r--  1 druuna internet    0 Oct 12 16:33 fileone
-rw-rw-r--  1 druuna internet    0 Oct 12 16:33 filethree
-rw-rw-r--  1 druuna internet    0 Oct 12 16:33 filetwo

dirtwo:
total 12
drwxrwxr-x  2 druuna visitor 4096 Oct 12 16:31 dirtwoone
drwxrwxr-x  2 druuna visitor 4096 Oct 12 16:31 dirtwothree
drwxrwxr-x  2 druuna visitor 4096 Oct 12 16:31 dirtwotwo
-rw-rw-r--  1 druuna visitor    0 Oct 12 16:33 fileone
-rw-rw-r--  1 druuna visitor    0 Oct 12 16:33 filethree
-rw-rw-r--  1 druuna visitor    0 Oct 12 16:33 filetwo

As you can see, all files in dirone have internet as group after running the script and all files and dirs in dirtwo have visitor as group. Script does exactly what it is supposed to do.

RaelOM · 10-13-2006, 07:02 AM

This is the completed script. basically it will create a list of directory names only and then chgrp rwx on directories and chgrp +rw on files so all group members will always have access to the files, then it extracts the group name of the root (This relies that the /proj/X group is correct) and applies that group ownership recursively throughout the directory structure for that instance of $GROUP, then does a final chmod 2751.

Code:

#!/bin/bash
#
# Author: Rael Mussell
# Date: 1/18/2006
#
# Purpose:  This script is designed to change the group ownership of all
#                  project files to their respective project groups.  This will ensure
#                  that no subwebs ever exist and also allow all developers on the
#                  project to access the files at any time.
#

# Project Ownership & Group permissions.
for i in `ls -d /proj/*`;
do
        # Set $GROUP Variable
                GROUP=`ls -ld $i | awk '{print $4}'`;
                #echo DEBUG: group=$GROUP
        # Find DIRECTORIES under <project> that do not have group rwx and chmod
                #echo find: $i -type d ! -perm -0070 -exec chmod g+rwx '{}' \;
                find $i -type d ! -perm -0070 -exec chmod g+rwx '{}' \;
        # Find FILES under <project> that do not have group rw and chmod
                #echo find: $i -type f ! -perm -0060 -exec chmod g+rw '{}' \;
                find $i -type f ! -perm -0060 -exec chmod g+rw '{}' \;
        # Find EVERYTHING under <project> that has the incorrect group set
                #echo find: $i ! -group $GROUP -exec chgrp -h $GROUP '{}' \;
                find $i ! -group $GROUP -exec chgrp -h $GROUP '{}' \;
        # Set Project ROOT /proj/* to 2751
                #echo chmod 2751 $i;
                chmod 2751 $i;
        # Set Project ROOT Group ownership
                #echo chgrp $GROUP $i;
                chgrp $GROUP $i;
done