forked from PeachFlame/cPanel-fixperms
-
Notifications
You must be signed in to change notification settings - Fork 1
/
fixperms.sh
172 lines (153 loc) · 5.13 KB
/
fixperms.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#! /bin/bash
#
# License: GNU General Public License v3.0
# See the Github page for full license and notes:
# https://github.com/PeachFlame/cPanel-fixperms
#
# Set verbose to null
verbose=""
# Print the help text
helptext () {
tput bold
tput setaf 2
echo "Fix Permissions (fixperms) Script help:"
echo "Sets file/directory permissions to match suPHP and FastCGI schemes"
echo "USAGE: fixperms [option] [scope]"
echo "-------"
echo "Scope:"
echo "--account or -a: Specify a cPanel account"
echo "-all: Run fixperms on all cPanel accounts"
echo "Options:"
echo "-b: Backup firstly"
echo "-v: Verbose output"
echo "-h or --help: Print this screen and exit"
tput sgr0
exit 0
}
# Main workhorse, fix perms per account passed to it
fixperms () {
# Get account from what is passed to the function
account=$1
# Check account against cPanel user files
if ! grep $account /var/cpanel/users/*
then
tput bold
tput setaf 1
echo "Invalid cPanel account!"
tput sgr0
exit 0
fi
# Make sure account isn't blank
if [ -z $account ]
then
tput bold
tput setaf 1
echo "Need a cPanel account!"
tput sgr0
helptext
# Else, start doing work
else
# Get the account's homedir
HOMEDIR=$(egrep "^${account}:" /etc/passwd | cut -d: -f6)
# Backup if flag passed through
if [ "$backup" = true ] ; then
backupdate=$(date +%F)
backuptime=$(date "+%F-%T")
backupdir="/root/fixperms_backups/fixperms_backups_"${backupdate}""
mkdir -p $backupdir
echo "Backing up perms for $account"
find $HOMEDIR -printf 'chmod %#m "%p"\n' > "${backupdir}"/backup_perms_"${account}"_"${backuptime}".sh
echo "Backing up ownership for $account"
find $HOMEDIR -printf 'chown %u:%g "%p"\n' > "${backupdir}"/backup_owner_"${account}"_"${backuptime}".sh
fi
tput bold
tput setaf 4
echo "(fixperms) for: $account"
tput setaf 3
echo "--------------------------"
tput setaf 4
echo "Fixing website files..."
tput sgr0
# Fix owner of public_html
chown -R $verbose $account:$account $HOMEDIR/public_html
# Fix individual files in public_html
find $HOMEDIR/public_html -type d -exec chmod $verbose 755 {} \;
find $HOMEDIR/public_html -type f | xargs -d$'\n' -r chmod $verbose 644
find $HOMEDIR/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
# Regular and Hidden files support - hidden ref: https://serverfault.com/a/156481
# Fix hidden files and folders like .well-known/ with root or other user perms
chown $verbose -R $account:$account $HOMEDIR/public_html/*
chown $verbose -R $account:$account $HOMEDIR/public_html/.[^.]*
find $HOMEDIR/* -name .htaccess -exec chown $verbose $account.$account {} \;
tput bold
tput setaf 4
echo "Fixing public_html itself..."
tput sgr0
# Fix perms of public_html itself
chown $verbose $account:nobody $HOMEDIR/public_html
chmod $verbose 750 $HOMEDIR/public_html
# Fix subdomains that lie outside of public_html
tput setaf 3
tput bold
echo "--------------------------"
tput setaf 4
echo "Fixing any domains with a docroot outside public_html..."
for SUBDOMAIN in $(grep -i documentroot /var/cpanel/userdata/$account/* | grep -v '.cache\|_SSL' | awk '{print $2}' | grep -v public_html)
do
tput bold
tput setaf 4
echo "Fixing sub/addon domain docroot for $SUBDOMAIN..."
tput sgr0
chown -R $verbose $account:$account $SUBDOMAIN;
find $SUBDOMAIN -type d -exec chmod $verbose 755 {} \;
find $SUBDOMAIN -type f | xargs -d$'\n' -r chmod $verbose 644
find $SUBDOMAIN -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
chown $verbose -R $account:$account $SUBDOMAIN
chmod $verbose 755 $SUBDOMAIN
find $SUBDOMAIN -name .htaccess -exec chown $verbose $account.$account {} \;
done
# Finished
tput bold
tput setaf 3
echo "Finished! (User: $account)"
echo "--------------------------"
printf "\n\n"
tput sgr0
fi
return 0
}
# Parses all users via cPanel's users/domains file
all () {
for user in $(cut -d: -f1 /etc/domainusers)
do
fixperms $user
done
}
# Main function, switches options passed to it
case "$1" in
-h) helptext ;;
--help) helptext ;;
-v) verbose="-v" ;;
-b) backup="true"
case "$2" in
-all) all ;;
--account) fixperms "$3" ;;
-a) fixperms "$3" ;;
*)
tput bold
tput setaf 1
echo "Invalid option!"
helptext
;;
esac
;;
-all) all ;;
--account) fixperms "$2" ;;
-a) fixperms "$2" ;;
*)
tput bold
tput setaf 1
echo "Invalid option!"
helptext
;;
esac