Add script to align default umask 022 permissions for user homes

2022-09-05 20:27:13 +02:00 · 2022-09-05 20:27:13 +02:00 · 3a53a4a8a1
commit 3a53a4a8a1
parent 0987bcaf9d
1 changed files with 49 additions and 0 deletions
--- a/usr/local/bin/perms_user_home_default_umask
+++ b/usr/local/bin/perms_user_home_default_umask
@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+#
+# Usage: perms_user_home_default_umask $A_USERS_HOME_DIRECTORY
+#
+# Fix permissions for user:
+# - align with umask 022 (755 on folders, 644 on files)
+# - set 700 (only allow owner to go into directory)
+#
+# You need to execute chown -R ...:... on your own
+
+DIR="$1"
+
+if [[ -z "$DIR" ]]; then
+    echo "No directory given"
+    exit 1;
+fi
+
+if [[ ! -d "$DIR" ]]; then
+    echo "Directory $DIR does not exist"
+    exit 1;
+fi
+
+echo "Fixing directory permissions of '$DIR'"
+find "$DIR" -type d -exec chmod 755 {} \;
+
+echo "Fixing file permissions of '$DIR'"
+find "$DIR" -type f -exec chmod 644 {} \;
+
+echo "Making '$DIR' owner only"
+chmod 700 "$DIR"
+
+
+SSH_DIR="$DIR/.ssh"
+if [[ -d "$SSH_DIR" ]]; then
+    echo "Directory $SSH_DIR exists, setting special permissions"
+    find "$SSH_DIR" -type f -exec chmod 600 {} \;
+    chmod 700 "$SSH_DIR"
+fi
+
+WIREGUARD_DIR="$DIR/.wireguard"
+if [[ -d "$WIREGUARD_DIR" ]]; then
+    echo "Directory $WIREGUARD_DIR exists, setting special permissions"
+    find "$WIREGUARD_DIR" -type f -exec chmod 600 {} \;
+    chmod 700 "$WIREGUARD_DIR"
+fi
+
+echo "Finished"
+echo ""
+echo "You might want to adapt owner with chown -R user:user $DIR"