From: root Date: Fri, 7 Nov 2008 11:28:02 +0000 (+0100) Subject: system: Fix permission setting in addsite. X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;ds=inline;h=bc88473fc882311c342323143ad06e0a1500d78e;p=matthijs%2Fservers%2Fdrsnuggles.git system: Fix permission setting in addsite. --- diff --git a/usr/local/bin/addsite b/usr/local/bin/addsite index 00fa24b..44d39b8 100755 --- a/usr/local/bin/addsite +++ b/usr/local/bin/addsite @@ -93,19 +93,22 @@ sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR" sudo setfacl -R -m g::rwX "$DIR/htdocs" "$DIR/conf" # Give lighttpd read access to the dir itself -sudo setfacl -R -m u:$HTTPD_USER:rx "$DIR" +sudo setfacl -m u:$HTTPD_USER:rx "$DIR" # Allow lighttpd to read anything in htdocs -sudo setfacl -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" +sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" -# Allow lighttpd to write new files in logs (but not touch existing!) +# Allow lighttpd to write new files in logs (but not touch existing or those created by lighttpd) sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs" +# Give scripts read access to the dir itself +sudo setfacl -m u:$SCRIPT_USER:rx "$DIR" + # Allow scripts to read anything in applications, htdocs and conf sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf" -# Allow scripts to create new files in logs and data (but not touch existing!) -sudo setfacl -R -m d:u:$SCRIPT_USER:rwX,u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" +# Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd) +sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data" # Temp, chown existing log files sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"