X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=usr%2Flocal%2Fbin%2Faddsite;h=815ecfc1719ed81be24824c2e3dc19665491b62e;hb=b436a7b3f9038c19993e031189dfef12a5601a0a;hp=00fa24ba5a21d5707340899b81c0aa18b1890591;hpb=98d18b9c77861e26629c5e7769f71370eb394af1;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/usr/local/bin/addsite b/usr/local/bin/addsite index 00fa24b..815ecfc 100755 --- a/usr/local/bin/addsite +++ b/usr/local/bin/addsite @@ -14,20 +14,32 @@ HTTPD_USERS_GID=1002 # The template to copy TEMPLATE_DIR=/data/www/template # The bases to create users under -USERBASE=ou=Users,dc=drsnuggles,dc=stderr,dc=nl -GROUPBASE=ou=Groups,dc=drsnuggles,dc=stderr,dc=nl +USERBASE="ou=Httpd Users,ou=Users,dc=drsnuggles,dc=stderr,dc=nl" +GROUPBASE="ou=Domain Groups,ou=Groups,dc=drsnuggles,dc=stderr,dc=nl" # PHP config to change the error_log setting in PHP_CONFIG=conf/php.ini.override # PHP error logfile to set error_log to PHP_ERRORLOG=logs/php.log -DIR=$1 +# Get dir +DIR="$1" -if [ -e "$DIR" -a ! -d "$DIR" ]; then - echo "$DIR" must be a directory, or not exist yet. - exit 1; +if [ -e "$DIR" ]; then + if [ ! -d "$DIR" ]; then + echo "$DIR" must be a directory, or not exist yet. + exit 1; + fi + echo "Skipping creation of $DIR, it already exists"; +else + # Create $DIR from $TEMPLATE_DIR, if it does not exist yet + echo "Creating $DIR from $TEMPLATE_DIR" + cp -R "$TEMPLATE_DIR" "$DIR" fi +# Make $DIR absolute +cd "$DIR" +DIR=`pwd` + # Strip prefix SITE=`basename $DIR` @@ -74,14 +86,6 @@ else exit 1 fi -if [ -e "$DIR" ]; then - echo "Skipping creation of $DIR, it already exists"; -else - # Create $DIR from $TEMPLATE_DIR, if it does not exist yet - echo "Creating $DIR from $TEMPLATE_DIR" - cp -R "$TEMPLATE_DIR" "$DIR" -fi - echo "Setting up permissions" # Set up permissions sudo chown -R 0:$GROUP "$DIR" @@ -89,23 +93,26 @@ sudo chown -R 0:$GROUP "$DIR" # By default, let the owner have write access, the group have read access sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR" -# Give the group write access to htdocs and conf -sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/conf" +# Give the group write access to htdocs, applications and conf +sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" # Give lighttpd read access to the dir itself -sudo setfacl -R -m u:$HTTPD_USER:rx "$DIR" +sudo setfacl -m u:$HTTPD_USER:rx "$DIR" -# Allow lighttpd to read anything in htdocs -sudo setfacl -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" +# Allow lighttpd to read anything in htdocs, applications and conf +sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" -# Allow lighttpd to write new files in logs (but not touch existing!) +# Allow lighttpd to write new files in logs (but not touch existing or those created by lighttpd) sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs" +# Give scripts read access to the dir itself +sudo setfacl -m u:$SCRIPT_USER:rx "$DIR" + # Allow scripts to read anything in applications, htdocs and conf sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf" -# Allow scripts to create new files in logs and data (but not touch existing!) -sudo setfacl -R -m d:u:$SCRIPT_USER:rwX,u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" +# Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd) +sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" # Temp, chown existing log files sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"