From 3a53a4a8a1cad5262ef39aa4cfad42122db72899 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Mon, 5 Sep 2022 20:27:13 +0200 Subject: [PATCH] Add script to align default umask 022 permissions for user homes --- usr/local/bin/perms_user_home_default_umask | 49 +++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100755 usr/local/bin/perms_user_home_default_umask diff --git a/usr/local/bin/perms_user_home_default_umask b/usr/local/bin/perms_user_home_default_umask new file mode 100755 index 0000000..569369d --- /dev/null +++ b/usr/local/bin/perms_user_home_default_umask @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +# +# Usage: perms_user_home_default_umask $A_USERS_HOME_DIRECTORY +# +# Fix permissions for user: +# - align with umask 022 (755 on folders, 644 on files) +# - set 700 (only allow owner to go into directory) +# +# You need to execute chown -R ...:... on your own + +DIR="$1" + +if [[ -z "$DIR" ]]; then + echo "No directory given" + exit 1; +fi + +if [[ ! -d "$DIR" ]]; then + echo "Directory $DIR does not exist" + exit 1; +fi + +echo "Fixing directory permissions of '$DIR'" +find "$DIR" -type d -exec chmod 755 {} \; + +echo "Fixing file permissions of '$DIR'" +find "$DIR" -type f -exec chmod 644 {} \; + +echo "Making '$DIR' owner only" +chmod 700 "$DIR" + + +SSH_DIR="$DIR/.ssh" +if [[ -d "$SSH_DIR" ]]; then + echo "Directory $SSH_DIR exists, setting special permissions" + find "$SSH_DIR" -type f -exec chmod 600 {} \; + chmod 700 "$SSH_DIR" +fi + +WIREGUARD_DIR="$DIR/.wireguard" +if [[ -d "$WIREGUARD_DIR" ]]; then + echo "Directory $WIREGUARD_DIR exists, setting special permissions" + find "$WIREGUARD_DIR" -type f -exec chmod 600 {} \; + chmod 700 "$WIREGUARD_DIR" +fi + +echo "Finished" +echo "" +echo "You might want to adapt owner with chown -R user:user $DIR"