X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=usr%2Flocal%2Fbin%2Faddsite;h=93113deed0e3463c33cc5bca584548272874522b;hb=1f8a56cb171205520714bc9d3282d25717fe74df;hp=00fa24ba5a21d5707340899b81c0aa18b1890591;hpb=98d18b9c77861e26629c5e7769f71370eb394af1;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/usr/local/bin/addsite b/usr/local/bin/addsite index 00fa24b..93113de 100755 --- a/usr/local/bin/addsite +++ b/usr/local/bin/addsite @@ -21,7 +21,10 @@ PHP_CONFIG=conf/php.ini.override # PHP error logfile to set error_log to PHP_ERRORLOG=logs/php.log -DIR=$1 +# Get dir, but make it absolute +cd "$1" +DIR=`pwd` + if [ -e "$DIR" -a ! -d "$DIR" ]; then echo "$DIR" must be a directory, or not exist yet. @@ -89,23 +92,26 @@ sudo chown -R 0:$GROUP "$DIR" # By default, let the owner have write access, the group have read access sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR" -# Give the group write access to htdocs and conf -sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/conf" +# Give the group write access to htdocs, applications and conf +sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" # Give lighttpd read access to the dir itself -sudo setfacl -R -m u:$HTTPD_USER:rx "$DIR" +sudo setfacl -m u:$HTTPD_USER:rx "$DIR" -# Allow lighttpd to read anything in htdocs -sudo setfacl -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" +# Allow lighttpd to read anything in htdocs, applications and conf +sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" -# Allow lighttpd to write new files in logs (but not touch existing!) +# Allow lighttpd to write new files in logs (but not touch existing or those created by lighttpd) sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs" +# Give scripts read access to the dir itself +sudo setfacl -m u:$SCRIPT_USER:rx "$DIR" + # Allow scripts to read anything in applications, htdocs and conf sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf" -# Allow scripts to create new files in logs and data (but not touch existing!) -sudo setfacl -R -m d:u:$SCRIPT_USER:rwX,u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" +# Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd) +sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" # Temp, chown existing log files sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"