3 if [ "$1" = "-h" -o "$1" = "--help" -o $# -ne 1 ]; then
4 echo "Usage $0 <dirname>"
5 echo "<dirname> is the full path to the site, such as /var/www/example.nl"
6 echo "which is created if it does not exist yet. If it exists, it's"
7 echo "permissions are reset".
12 # The primary group of the created user
14 # The template to copy
15 TEMPLATE_DIR=/data/www/template
16 # The bases to create users under
17 USERBASE=ou=Users,dc=drsnuggles,dc=stderr,dc=nl
18 GROUPBASE=ou=Groups,dc=drsnuggles,dc=stderr,dc=nl
19 # PHP config to change the error_log setting in
20 PHP_CONFIG=conf/php.ini.override
21 # PHP error logfile to set error_log to
22 PHP_ERRORLOG=logs/php.log
26 if [ -e "$DIR" -a ! -d "$DIR" ]; then
27 echo "$DIR" must be a directory, or not exist yet.
35 GROUP=`echo $SITE | sed s/\\\\./-/g`
36 SCRIPT_USER="httpd-$GROUP"
38 if getent passwd | grep $SCRIPT_USER &> /dev/null && getent group | grep $GROUP &> /dev/null; then
39 echo "$SCRIPT_USER and/or $GROUP already exists, skipping account creation"
43 while getent passwd | cut -f 3 -d: | grep "^$ID\$" &>/dev/null && getent group | cut -f 3 -d: | grep "^$ID\$" &> /dev/null; do
47 echo Found uid/gid $ID for $SCRIPT_USER/$GROUP
49 # Create a user for scripts to run as, and a group to give write permissions to
51 ldapvi --profile bind --add --in --ldapvi <<EOF || exit
52 add cn=$GROUP,$GROUPBASE
55 objectClass: posixGroup
58 add cn=$SITE,$USERBASE
61 gidNumber: $HTTPD_USERS_GID
63 objectClass: posixAccount
70 if getent passwd | grep $SCRIPT_USER &> /dev/null && getent group | grep $GROUP &> /dev/null; then
71 echo "$SCRIPT_USER and $GROUP created succesfully"
73 echo "User or group creation failed"
77 if [ -e "$DIR" ]; then
78 echo "Skipping creation of $DIR, it already exists";
80 # Create $DIR from $TEMPLATE_DIR, if it does not exist yet
81 echo "Creating $DIR from $TEMPLATE_DIR"
82 cp -R "$TEMPLATE_DIR" "$DIR"
85 echo "Setting up permissions"
87 sudo chown -R 0:$GROUP "$DIR"
89 # By default, let the owner have write access, the group have read access
90 sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR"
92 # Give the group write access to htdocs and conf
93 sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/conf"
95 # Give lighttpd read access to the dir itself
96 sudo setfacl -m u:$HTTPD_USER:rx "$DIR"
98 # Allow lighttpd to read anything in htdocs
99 sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs"
101 # Allow lighttpd to write new files in logs (but not touch existing or those created by lighttpd)
102 sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs"
104 # Give scripts read access to the dir itself
105 sudo setfacl -m u:$SCRIPT_USER:rx "$DIR"
107 # Allow scripts to read anything in applications, htdocs and conf
108 sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf"
110 # Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd)
111 sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data"
113 # Temp, chown existing log files
114 sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"
115 sudo sh -c "chown -R $HTTPD_USER \"$DIR\"/logs/access.log*"
117 # Now, set the error_log setting in php.ini
119 echo Updating `basename $PHP_CONFIG`
121 sudo sed -i "s#^error_log *=.*#error_log = $DIR/$PHP_ERRORLOG#" "$DIR/$PHP_CONFIG"
126 echo "Now add human users to $GROUP."
127 echo "Also add this site to /usr/local/sbin/spawn-fcgi.sh and enable"
128 echo "fcgi in lighttpd if dynamic content is required."