| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 #!/bin/bash 2 3 # 4 ##### Replace les droits dans les differents repertoires importants pour le serveur ##### 5 # 6 ### $Id: permse3 8406 2015-01-24 22:56:28Z keyser $ ### 7 # 8 if [ "$1" == "--help" -o "$1" == "-h" ] 9 then 10 echo "Aide : Replace les droits dans les differents repertoires" 11 echo "Syntaxe : --full afin de remettre les droits sur tous les repertoires et sous repertoires" 12 echo "Sans argument afin de remettre les droits sur les dossiers les plus importants uniquement." 13 exit 0 14 fi 15 16 if [ "$1" == "--full" ]; then 17 OPTION="-R" 18 else 19 OPTION="" 20 fi 21 22 dbhost=$(expr "$(grep mysqlServerIp /etc/SeConfig.ph)" : ".*'\(.*\)'.*") 23 dbuser=$(expr "$(grep mysqlServerUsername /etc/SeConfig.ph)" : ".*'\(.*\)'.*") 24 dbpass=$(expr "$(grep mysqlServerPw /etc/SeConfig.ph)" : ".*'\(.*\)'.*") 25 dbname=$(expr "$(grep connexionDb /etc/SeConfig.ph)" : ".*'\(.*\)'.*") 26 27 function SETNETLOGON 28 { 29 #droits sur /home/netlogon 30 if [ -e /home/netlogon ]; then 31 find /home/netlogon/machine/ -name gpoPASSWD -delete 32 chmod -R 755 /home/netlogon 33 chown -R admin:admins /home/netlogon/ 34 chmod g+s /home/netlogon 35 setfacl -b /home/netlogon/ 36 if [ -e /home/netlogon/domscripts/ ]; then 37 chmod 664 /home/netlogon/domscripts/* 38 fi 39 40 setfacl -R -m u:adminse3:rx /var/se3/Progs/install 41 setfacl -R -m d:u:adminse3:rx /var/se3/Progs/install 42 43 # Droits sur CPAU 44 chown root:admins /home/netlogon/CPAU.exe 45 chmod 775 /home/netlogon/CPAU.exe 46 fi 47 } 48 49 if [ "$1" == "netlogon" ]; then 50 SETNETLOGON 51 exit 0 52 fi 53 54 chmod 400 /root/.my.cnf 55 56 # Apache 57 chmod 544 /etc/default/apache2 58 59 # Droits sur LDAP 60 chmod 600 /etc/ldap.secret 61 chown root:root /etc/ldap.secret 62 63 chmod 640 /etc/ldap/slapd.conf 64 65 chmod 644 /etc/ldap/slapd.pem 66 67 chmod 644 /etc/pam_ldap.conf 68 chown root:root /etc/pam_ldap.conf 69 70 chmod 644 /etc/libnss-ldap.conf 71 chown root:root /etc/libnss-ldap.conf 72 73 chown openldap:openldap /var/run/slapd/ 74 chown -R openldap:openldap /etc/ldap 75 chown -R openldap:openldap /var/lib/ldap 76 77 # Droits sur admind 78 chown root.root /usr/sbin/admind 79 chmod 750 /usr/sbin/admind 80 81 # Droits sur les scripts 82 chmod 550 /usr/share/se3/scripts/* 83 chown www-se3.root /usr/share/se3/scripts/* 84 chmod 550 /usr/share/se3/sbin/* 85 chown www-se3.root /usr/share/se3/sbin/* 86 chmod 550 /usr/share/se3/scripts-alertes/* 87 chown www-se3.root /usr/share/se3/scripts-alertes/* 88 chmod 750 /usr/share/se3/scripts/tarCreate 89 chmod 750 /usr/share/se3/includes/* 90 chown www-se3.root /usr/share/se3/includes/* 91 92 # Droits sudo 93 chmod 0440 /etc/sudoers 94 95 # Droits CGI 96 chown www-se3.root /usr/lib/cgi-binse/gep*.cgi 97 chown www-se3.root /usr/lib/perl5/Se.pm 98 99 # Droits sur la sauvegarde 100 chmod -R 750 /etc/save 101 chgrp -R admins /var/se3/save 102 103 104 # Droits sur ssmtp 105 chown -R www-se3 /etc/ssmtp 106 107 # Droits sur cups 108 chown -R www-se3.lpadmin /etc/samba/printers_se3 109 chmod 770 /etc/samba/printers_se3 110 chmod -R 775 /var/lib/samba/printers 111 chown -R admin:admins /var/lib/samba/printers 112 chmod 777 /var/spool/samba 113 114 # Droits sur drivers 115 chown -R admin:root /var/se3/drivers 116 117 # Droits sur les rep www 118 chown -R www-se3 /var/www/se3 119 chmod 750 -R /var/www/se3 120 chmod 400 /var/www/se3/includes/config.inc.php 121 [ -e /var/www/se3/includes/dbconfig.inc.php ] && chmod 400 /var/www/se3/includes/dbconfig.inc.php 122 if [ -e /var/www/se3/includes/privateKey.pyc ] 123 then 124 chmod 440 /var/www/se3/includes/privateKey.pyc 125 chown www-se3.www-data /var/www/se3/includes/privateKey.pyc 126 fi 127 chmod 770 /var/se3/Docs/deploy 128 chown admin.www-data /var/se3/Docs/deploy 129 130 # Droits sur la cle 131 chown www-se3.root /var/remote_adm 132 chmod 770 /var/remote_adm 133 chmod -R 700 /var/remote_adm/.ssh 134 chown -R www-se3.www-data /var/remote_adm/.ssh 135 if [ -f /var/remote_adm/.ssh/id_rsa.pub ] 136 then 137 chmod 600 /var/remote_adm/.ssh/id_rsa 138 chmod 640 /var/remote_adm/.ssh/id_rsa.pub 139 fi 140 141 # droits sur /var/log 142 if [ -L /var/log ]; then 143 LOGS_DIR="/var/se3/log" 144 else 145 LOGS_DIR="/var/log" 146 fi 147 chown root ${LOGS_DIR} 148 chown root ${LOGS_DIR}/* 149 chown -R news ${LOGS_DIR}/news 150 chown -R mysql ${LOGS_DIR}/mysql* 151 chown -R www-se3 ${LOGS_DIR}/se3 152 chmod -R 750 ${LOGS_DIR}/se3 153 154 if [ -e ${LOGS_DIR}/clamav ]; then 155 chown -R clamav ${LOGS_DIR}/clamav 156 fi 157 158 if [ -e ${LOGS_DIR}/squid ]; then 159 chown -R proxy ${LOGS_DIR}/squid 160 fi 161 162 if [ -e ${LOGS_DIR}/squid3 ]; then 163 chown -R proxy ${LOGS_DIR}/squid3 164 fi 165 166 if [ -e ${LOGS_DIR}/dansguardian ]; then 167 chown -R dansguardian /var/log/dansguardian 168 fi 169 170 if [ -e ${LOGS_DIR}/ocsinventory-NG ]; then 171 chown -R www-se3 ${LOGS_DIR}/ocsinventory-NG 172 fi 173 174 # mise en place droits sur /home/netlogon 175 SETNETLOGON 176 177 178 if [ -e /home/templates ]; then 179 # droits sur les templates 180 chmod 775 /home/templates 181 chown admin:admins /home/templates -R 182 [ ! -e /home/templates/skeluser ] && ln -s /etc/skel/user /home/templates/skeluser 183 chown -R www-se3 /etc/skel/user 184 setfacl -R -m u:www-se3:rwx /home/templates/ 2> /dev/null 185 setfacl -R -m d:u:www-se3:rwx /home/templates/ 2> /dev/null 186 fi 187 188 #droits pour nut 189 mkdir -p /etc/nut 190 chown -R www-se3 /etc/nut 191 chgrp nut /var/run/nut 192 chgrp nut /var/lib/nut 193 194 195 #droits de base sur var/se3 (sauf public enleve volontairement) 196 # setfacl -m d:g::rwx /var/se3/Docs/public 197 chown admin:admins /var/se3 198 chmod 755 /var/se3 199 200 201 #partage Progs 202 mkdir -p /var/se3/Progs 203 chmod 775 /var/se3/Progs 204 chown $OPTION admin:admins /var/se3/Progs 205 setfacl $OPTION -m g:admins:rwx /var/se3/Progs 206 setfacl $OPTION -m d:g:admins:rwx /var/se3/Progs 207 208 #ro 209 chown admin:lcs-users /var/se3/Progs/ro 210 chmod 755 /var/se3/Progs/ro 211 setfacl -m d:u::rwx /var/se3/Progs/ro 212 setfacl -m d:g::rx /var/se3/Progs/ro 213 setfacl -m d:o::rx /var/se3/Progs/ro 214 setfacl -m g:admins:rwx /var/se3/Progs/ro 215 setfacl -m d:g:admins:rwx /var/se3/Progs/ro 216 217 #rw 218 chown admin:admins /var/se3/Progs/rw 219 chmod 775 /var/se3/Progs/rw 220 setfacl -m d:u::rwx /var/se3/Progs/rw 221 setfacl -m d:g::rwx /var/se3/Progs/rw 222 #setfacl -m d:o::rwx /var/se3/Progs/rw 223 224 225 # droit sur /var/se3/Progs/install 226 if [ -e /var/se3/Progs/install ]; then 227 chown admin:admins /var/se3/Progs/install 228 [ ! -e /var/se3/Progs/install/domscripts ] && ln -s /home/netlogon/domscripts /var/se3/Progs/install/domscripts 229 setfacl $OPTION -m u:www-se3:rx /var/se3/Progs/install 230 setfacl $OPTION -m d:u:www-se3:rx /var/se3/Progs/install 231 setfacl -R -m u:adminse3:rx /var/se3/Progs/install 232 setfacl -R -m d:u:adminse3:rx /var/se3/Progs/install 233 setfacl -R -m g:admins:rwx /var/se3/Progs/install 234 setfacl -R -m d:g:admins:rwx /var/se3/Progs/install 235 # accès a CPAU pour installation initiale de : inventaire, wpkg... 236 setfacl -m other:x /var/se3/Progs/install 237 fi 238 239 # inventaire 240 if [ -e /var/se3/Progs/ro/inventory ]; then 241 chown -R admin:admins /var/se3/Progs/ro/inventory 242 setfacl -R -m m:rwx /var/se3/Progs/ro/inventory 243 fi 244 245 #partage Classes 246 mkdir -p /var/se3/Classes 247 chown www-se3:admins /var/se3/Classes 248 chgrp $OPTION admins /var/se3/Classes 249 chmod 755 /var/se3/Classes 250 251 #partage Docs 252 mkdir -p /var/se3/Docs 253 chown $OPTION admin:admins /var/se3/Docs 254 chmod 775 /var/se3/Docs 255 chmod 700 /var/se3/Docs/trombine 256 chown admin.admins /var/se3/Docs/trombine 257 # Droits fond ecran, on empeche les petits camarades de voir les fonds des autres (trombi) 258 chmod o=x /var/se3/Docs/media/fonds_ecran 259 chown admin.admins /var/se3/Docs/media/fonds_ecran 260 261 setfacl $OPTION -m g:admins:rwx /var/se3/Docs 262 setfacl $OPTION -m d:g:admins:rwx /var/se3/Docs 263 setfacl -m g:admins:rwx /var/se3/Docs/trombine 264 setfacl -m g:profs:rx /var/se3/Docs/trombine 265 setfacl -m d:g:admins:rwx /var/se3/Docs/trombine 266 setfacl -m d:g:profs:rx /var/se3/Docs/trombine 267 setfacl -m u:www-se3:rx /var/se3/Docs/trombine 268 setfacl -m d:u:www-se3:rx /var/se3/Docs/trombine 269 setfacl -m d:g::rwx /var/se3/Docs/public 270 271 272 273 274 #partage Prof 275 mkdir -p /var/se3/prof 276 chown admin.Profs /var/se3/prof 277 chmod 770 /var/se3/prof 278 setfacl -m g:Profs:rwx /var/se3/prof 279 setfacl -m d:g:Profs:rwx /var/se3/prof 280 281 #unnatended - wpkg 282 chmod 755 /var/se3/unattended 283 chown admin /var/se3/unattended 284 chgrp -R admins /var/se3/unattended 285 chown -R www-se3:admins /var/se3/unattended/install 286 setfacl -R -m u:www-se3:rwx -m d:u:www-se3:rwx /var/se3/unattended/install 287 getent passwd adminse3 >/dev/null && [ -e /var/se3/unattended/install/wpkg/rapports ] && setfacl -R -m u:adminse3:rwx -m d:u:adminse3:rwx /var/se3/unattended/install/wpkg/rapports 288 getent passwd adminse3 >/dev/null && [ -e /var/se3/unattended/install/italc_keys ] && setfacl -R -m u:adminse3:rwx -m d:u:adminse3:rwx /var/se3/unattended/install/italc_keys 289 setfacl -R -m u::rwx -m g::rx -m o::rx -m d:m:rwx -m d:u::rwx -m d:g::rx -m d:o::rx /var/se3/unattended/install 290 291 if [ -e /var/www/se3/wpkg ]; then 292 chown -R www-se3:www-data /var/www/se3/wpkg 293 chmod 775 /var/www/se3/wpkg/bin/* 294 fi 295 296 getent passwd unattended >/dev/null && [ -e /var/se3/unattended/install/packages ] && ( 297 setfacl -R -m u:unattend:rx /var/se3/unattended/install/packages 298 setfacl -R -m d:u:unattend:rx /var/se3/unattended/install/packages 299 setfacl -R -m u:www-se3:rx /var/se3/unattended/install/packages 300 setfacl -R -m d:u:www-se3:rx /var/se3/unattended/install/packages 301 ) 302 303 304 # Creation si necessaire du dossier d'upload des fichiers XML de l'import de comptes: 305 chmod 770 /var/lib/se3/import_comptes 306 chown www-se3:root /var/lib/se3/import_comptes 307 308 # Modification du proprio pour permettre une suppression de config specifique pour un poste par www-se3 309 if [ -e "/tftpboot/pxelinux.cfg" ]; then 310 chown www-se3:root /tftpboot/pxelinux.cfg 311 fi 312 313 314 # Droits du dossier de mise a disposition des CSV (optionnel) lors de la generation de comptes: 315 mkdir -p /var/www/se3/setup/csv 316 chmod 770 /var/www/se3/setup/csv 317 chown www-se3:root /var/www/se3/setup/csv 318 319 320 # Droits si necessaire du dossier www-tools... utilise a la place de /var/remote_adm dans plusieurs scripts: 321 mkdir -p /etc/se3/www-tools 322 chmod 770 /etc/se3/www-tools 323 chown www-se3:root /etc/se3/www-tools 324 325 # Droits si necessaire du dossier tmp necessaires aux scripts profils FF / TB 326 mkdir -p /var/www/se3/tmp 327 chmod 770 /var/www/se3/tmp 328 chown www-se3:root /var/www/se3/tmp 329 330 # Droits necessaires a l'interface fonds d'ecran 331 332 if [ -e /etc/se3/fonds_ecran ]; then 333 chmod 755 /etc/se3/fonds_ecran 334 chmod 644 /etc/se3/fonds_ecran/* 335 chown -R www-se3:root /etc/se3/fonds_ecran 336 fi 337 exit 0
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |