#!/bin/sh
+if [ "$UID" -eq 0 ]; then
+ echo "No need to run as root."
+ exit 1
+fi
+
if [ "$1" = "-h" -o "$1" = "--help" -o $# -ne 1 ]; then
echo "Usage $0 <dirname>"
echo "<dirname> is the full path to the site, such as /var/www/example.nl"
# The template to copy
TEMPLATE_DIR=/data/www/template
# The bases to create users under
-USERBASE=ou=Users,dc=drsnuggles,dc=stderr,dc=nl
-GROUPBASE=ou=Groups,dc=drsnuggles,dc=stderr,dc=nl
+USERBASE="uniqueIdentifier=7,uniqueIdentifier=6,dc=drsnuggles,dc=stderr,dc=nl"
+GROUPBASE="uniqueIdentifier=4,uniqueIdentifier=8,dc=drsnuggles,dc=stderr,dc=nl"
# PHP config to change the error_log setting in
PHP_CONFIG=conf/php.ini.override
# PHP error logfile to set error_log to
PHP_ERRORLOG=logs/php.log
-DIR=$1
+# Get dir
+DIR="$1"
-if [ -e "$DIR" -a ! -d "$DIR" ]; then
- echo "$DIR" must be a directory, or not exist yet.
- exit 1;
+if [ -e "$DIR" ]; then
+ if [ ! -d "$DIR" ]; then
+ echo "$DIR" must be a directory, or not exist yet.
+ exit 1;
+ fi
+ echo "Skipping creation of $DIR, it already exists";
+else
+ # Create $DIR from $TEMPLATE_DIR, if it does not exist yet
+ echo "Creating $DIR from $TEMPLATE_DIR"
+ cp -R "$TEMPLATE_DIR" "$DIR"
fi
+# Make $DIR absolute
+cd "$DIR"
+DIR=`pwd`
+
# Strip prefix
SITE=`basename $DIR`
ldapvi --profile bind --add --in --ldapvi <<EOF || exit
add cn=$GROUP,$GROUPBASE
cn: $GROUP
+displayName: $SITE
gidNumber: $ID
-objectClass: posixGroup
+objectClass: simplePosixGroup
+objectClass: simpleGroup
objectClass: top
-add cn=$SITE,$USERBASE
-cn: $SITE
+add cn=$SCRIPT_USER,$USERBASE
+cn: $SCRIPT_USER
+displayName: $SITE
uidNumber: $ID
gidNumber: $HTTPD_USERS_GID
homeDirectory: $DIR
objectClass: posixAccount
-objectClass: account
+objectClass: simpleObject
objectClass: top
uid: $SCRIPT_USER
EOF
exit 1
fi
-if [ -e "$DIR" ]; then
- echo "Skipping creation of $DIR, it already exists";
-else
- # Create $DIR from $TEMPLATE_DIR, if it does not exist yet
- echo "Creating $DIR from $TEMPLATE_DIR"
- cp -R "$TEMPLATE_DIR" "$DIR"
-fi
-
echo "Setting up permissions"
# Set up permissions
sudo chown -R 0:$GROUP "$DIR"
# By default, let the owner have write access, the group have read access
sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR"
-# Give the group write access to htdocs and conf
-sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/conf"
+# Give the group write access to htdocs, applications, conf and data
+sudo setfacl -R -m g::rwX,d:g::rwX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" "$DIR/data"
# Give lighttpd read access to the dir itself
-sudo setfacl -R -m u:$HTTPD_USER:rx "$DIR"
+sudo setfacl -m u:$HTTPD_USER:rx "$DIR"
-# Allow lighttpd to read anything in htdocs
-sudo setfacl -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs"
+# Allow lighttpd to read anything in htdocs, applications, conf and data
+sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" "$DIR/data"
-# Allow lighttpd to write new files in logs (but not touch existing!)
-sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs"
+# Allow lighttpd to write new files in logs
+sudo setfacl -m d:u:$HTTPD_USER:rwX,u:$HTTPD_USER:rwX "$DIR/logs"
+
+# Give scripts read access to the dir itself
+sudo setfacl -m u:$SCRIPT_USER:rx "$DIR"
# Allow scripts to read anything in applications, htdocs and conf
sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf"
-# Allow scripts to create new files in logs and data (but not touch existing!)
-sudo setfacl -R -m d:u:$SCRIPT_USER:rwX,u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data"
+# Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd)
+sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data"
# Temp, chown existing log files
sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"
sudo sh -c "chown -R $HTTPD_USER \"$DIR\"/logs/access.log*"
-# Now, set the error_log setting in php.ini
+# Now, set the error_log setting in php.ini. This ensures each domein will have
+# a separate logfile for errors, since lighttpd only supports a single error
+# log (When error_log is not set, error messages will go to lighttpd's log
+# automatically).
echo Updating `basename $PHP_CONFIG`
-
sudo sed -i "s#^error_log *=.*#error_log = $DIR/$PHP_ERRORLOG#" "$DIR/$PHP_CONFIG"
+sudo update-php.ini
# Done!