#!/bin/bash
# Made by Light Olli for settting correct permissions on clients dirs.
# Easy & simplest.
# License: GNU-like.
# Contacts: olli@digger.org.ru

#
# Made for keeping file permissions in good state - sets some permissions on
# user homes, cgi-bin's & public_htmls.
#

debug=no
chroot=/users/userchroot
group=apache

# get apache gid
gid=`grep $group $chroot/etc/group|tr /:/ /\ / |awk -- '{print $3}'`
[ "$ebug" = "yes" ] && echo "apache has gid $gid";

# for all users having hostig service (all in /home)
for user in `ls -1 $chroot/home |grep -v httpd|grep -v quota`; 
do
# get user uid
uid=`grep $user $chroot/etc/passwd|tr /:/ /\ / |awk -- '{print $3}'`;
[ "$ebug" = "yes" ] && echo "user $user has uid $uid .";

# ~user/public_html ~user/public_html & ~user/cgi-bin should have gid apache & mode 750.
chmod 750 $chroot/home/$user $chroot/home/$user/public_html \
 $chroot/home/$user/cgi-bin 2>/dev/null
chown $uid.$gid $chroot/home/$user $chroot/home/$user/public_html \
$chroot/home/$user/cgi-bin 2>/dev/null

#Comented: system policy - no autoenabled cgi's.
#chmod -R 750 $chroot/home/$user/cgi-bin/* 2>/dev/null

# BAd thing (2 change), now just commented.
# chown -R $uid.$gid $chroot/home/$user/cgi-bin $chroot/home/$user/public_html \
# 2>/dev/null
#find $chroot/home/$user/public_html -type d -exec chmod 750 {} \;

#Commented: This'll break things, i.e. user-specified writable files from
# guestbooks or so. 
#find $chroot/home/$user/public_html -type f -exec chmod 644 {} \;
find $chroot/var/log/apache/* -type d -exec chmod 755 {} \;

# temp 2 be changed: Logs should be user-gid chowned & chmoded 640.
find $chroot/var/log/apache/* -type f -exec chmod 644 {} \;
done
chmod 755 $chroot/var/log/apache