system-helpers/usr/local/bin/perms_user_home_default_umask

#!/usr/bin/env bash
#
# Usage: perms_user_home_default_umask <a user home directory> [<keep executables: no|yes, default: yes>]
#
# Fix permissions for user:
# - align with umask 022 (755 on folders, 644 on files)
# - keep +x flag for already executable files if enabled (default, otherwise set to no)
# - set 700 (only allow owner to go into directory)

check_required() {
  type find &> /dev/null || { echo "Requiring 'find' but it's not installed"; exit 1; }
  type chmod &> /dev/null || { echo "Requiring 'chmod' but it's not installed"; exit 1; }
}

check_required

DIR="$1"
KEEP_EXECUTABLE_FILES="$2"

if [[ -z "$DIR" ]]; then
    echo "No directory given"
    exit 1;
fi

if [[ ! -d "$DIR" ]]; then
    echo "Directory $DIR does not exist"
    exit 1;
fi

if [[ -z "$KEEP_EXECUTABLE_FILES" ]]; then
    KEEP_EXECUTABLE_FILES="yes"
fi

echo "Fixing directory permissions of '$DIR'"
find "$DIR" -type d -exec chmod 755 {} \;

if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then
    echo "Maintaining +x flag for files in '$DIR'"
    EXECUTABLE_FILES=$(find "$DIR" -executable -type f)
else
    echo "Executable files in '$DIR' will also be reset"
fi

echo "Fixing file permissions of '$DIR'"
find "$DIR" -type f -exec chmod 644 {} \;

if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then
    for i in ${EXECUTABLE_FILES}; 
    do
        echo "Restoring +x flag for ${i}"
        chmod +x "${i}"
    done
fi

echo "Making '$DIR' owner only"
chmod 700 "$DIR"


SSH_DIR="$DIR/.ssh"
if [[ -d "$SSH_DIR" ]]; then
    echo "Directory $SSH_DIR exists, setting special permissions"
    find "$SSH_DIR" -type f -exec chmod 600 {} \;
    chmod 700 "$SSH_DIR"
fi

WIREGUARD_DIR="$DIR/.wireguard"
if [[ -d "$WIREGUARD_DIR" ]]; then
    echo "Directory $WIREGUARD_DIR exists, setting special permissions"
    find "$WIREGUARD_DIR" -type f -exec chmod 600 {} \;
    chmod 700 "$WIREGUARD_DIR"
fi

echo "Finished"
echo ""
echo "You might want to adapt owner with chown -R user:user $DIR"
Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`#!/usr/bin/env bash`
			`#`
Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`# Usage: perms_user_home_default_umask <a user home directory> [<keep executables: no\|yes, default: yes>]`
Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`#`
			`# Fix permissions for user:`
			`# - align with umask 022 (755 on folders, 644 on files)`
Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`# - keep +x flag for already executable files if enabled (default, otherwise set to no)`
Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`# - set 700 (only allow owner to go into directory)`

Fail properly in all scripts when required commands are not available 2023-01-25 08:42:22 +00:00			`check_required() {`
			`type find &> /dev/null \|\| { echo "Requiring 'find' but it's not installed"; exit 1; }`
			`type chmod &> /dev/null \|\| { echo "Requiring 'chmod' but it's not installed"; exit 1; }`
			`}`

			`check_required`

Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`DIR="$1"`
Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`KEEP_EXECUTABLE_FILES="$2"`
Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00
			`if [[ -z "$DIR" ]]; then`
			`echo "No directory given"`
			`exit 1;`
			`fi`

			`if [[ ! -d "$DIR" ]]; then`
			`echo "Directory $DIR does not exist"`
			`exit 1;`
			`fi`

Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`if [[ -z "$KEEP_EXECUTABLE_FILES" ]]; then`
			`KEEP_EXECUTABLE_FILES="yes"`
			`fi`

Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`echo "Fixing directory permissions of '$DIR'"`
			`find "$DIR" -type d -exec chmod 755 {} \;`

Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then`
			`echo "Maintaining +x flag for files in '$DIR'"`
			`EXECUTABLE_FILES=$(find "$DIR" -executable -type f)`
			`else`
			`echo "Executable files in '$DIR' will also be reset"`
			`fi`

Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`echo "Fixing file permissions of '$DIR'"`
			`find "$DIR" -type f -exec chmod 644 {} \;`

Add script for simple umask alignment 2022-09-06 11:44:32 +00:00			`if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then`
			`for i in ${EXECUTABLE_FILES};`
			`do`
			`echo "Restoring +x flag for ${i}"`
			`chmod +x "${i}"`
			`done`
			`fi`

Add script to align default umask 022 permissions for user homes 2022-09-05 18:27:13 +00:00			`echo "Making '$DIR' owner only"`
			`chmod 700 "$DIR"`


			`SSH_DIR="$DIR/.ssh"`
			`if [[ -d "$SSH_DIR" ]]; then`
			`echo "Directory $SSH_DIR exists, setting special permissions"`
			`find "$SSH_DIR" -type f -exec chmod 600 {} \;`
			`chmod 700 "$SSH_DIR"`
			`fi`

			`WIREGUARD_DIR="$DIR/.wireguard"`
			`if [[ -d "$WIREGUARD_DIR" ]]; then`
			`echo "Directory $WIREGUARD_DIR exists, setting special permissions"`
			`find "$WIREGUARD_DIR" -type f -exec chmod 600 {} \;`
			`chmod 700 "$WIREGUARD_DIR"`
			`fi`

			`echo "Finished"`
			`echo ""`
			`echo "You might want to adapt owner with chown -R user:user $DIR"`