Skip to content

Commit

Permalink
Update fixperms.sh
Browse files Browse the repository at this point in the history 
Added smart fall back detection to find the linux user from domain if domain is provided vs username for Cyberpanel user. Also ran it through shellcheck andupdated and optimized the code and added multi control panel detection code.
  • Loading branch information
@whattheserver
whattheserver committed Sep 2, 2020
1 parent a3846aa commit ca30929
Showing 1 changed file with 262 additions and 41 deletions.
303 changes: 262 additions & 41 deletions CPScripts/fixperms.sh
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,62 @@
#! /bin/bash
# Cyberpanel Fix Perms
# https://gitlab.com/cyberpaneltoolsnscripts/cyberpanel-fixperms
#!/usr/bin/env bash
## Author: Michael Ramsey
## Objective Fix permissions issues on CyberPanel/cPanel/Plesk for a linux user or users
# https://gitlab.com/wizardassistantscripts/fixperms
#
# Forked from https://github.com/PeachFlame/cPanel-fixperms
#
# Plesk portion credits too
# https://www.orware.com/blog/tips-and-how-tos/plesk/correct-httpdocs-permissions
# https://support.plesk.com/hc/en-us/articles/115001969889--BUG-plesk-repair-fs-doesn-t-set-correct-owner-inside-httpdocs

## How to use.
# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh username
#
# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh exampleuserbob
#
# Or once of
## bash <(curl -s https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh || wget -qO - https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh) exampleuserbob;
#
# Permanent Install for reuse via the below
# wget -O /usr/bin/fixperms https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh; chmod +x /usr/bin/fixperms;
#
# Then
# fixperms -v -a Username
# fixperms -v -all
# Username=$1


#Detect Control panel
if [ -f /usr/local/cpanel/cpanel ]; then
# Cpanel check for /usr/local/cpanel/cpanel -V
ControlPanel="cpanel"
#user_homedir="/home/${Username}"


elif [ -f /usr/bin/cyberpanel ]; then
# CyberPanel check /usr/bin/cyberpanel
ControlPanel="cyberpanel"
#Get users homedir path
#user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)

elif [ -f /usr/local/psa/core.version ]; then
# Plesk check /usr/local/psa/core.version
ControlPanel="plesk"

#Get users homedir path
#user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)


else
echo "Not able to detect Control panel. Unsupported Control Panel exiting now"
exit 1;
fi
echo "=============================================================";
echo "$ControlPanel Control Panel Detected"
echo "=============================================================";
echo "";



# Set verbose to null
verbose=""
Expand All @@ -21,7 +74,7 @@ helptext () {
echo "-h or --help: print this screen and exit"
echo "-v: verbose output"
echo "-all: run on all Cyberpanel accounts"
echo "--account or -a: specify a Cyberpanel account"
echo "--account or -a: specify a Cyberpanel/cPanel/Plesk account"
# echo "--domain or -d: specify a Cyberpanel domain"
tput sgr0
exit 0
Expand Down Expand Up @@ -59,8 +112,11 @@ else
fi



#### Cyberpanel Section

# fix mailperms
fixmailperms () {
fixmailperms_cyberpanel () {
tput bold
tput setaf 4
echo "Fixing mailperms...."
Expand All @@ -75,7 +131,7 @@ fixmailperms () {
}

# Main workhorse, fix perms per account passed to it
fixperms () {
fixperms_cyberpanel () {

#Get account from what is passed to the function
account=$1
Expand All @@ -91,43 +147,64 @@ fixperms () {
#Else, start doing work
else

#Get the account's homedir
HOMEDIR=$(egrep "^${account}:" /etc/passwd | cut -d: -f6)
# Get linux user from Domain
domain_username=$(grep -E "/${1}:" /etc/passwd | cut -d: -f1)
if id "$1" >/dev/null 2>&1; then
echo "$1 exists"
elif id "$domain_username" >/dev/null 2>&1; then
echo "Found user: $domain_username from domain: $1"
echo "$domain_username exists"
account=$domain_username
else
echo "user does not exist"
fi


#Get the account's homedir
HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6)
echo "User Homedirectory: ${HOMEDIR}"
tput bold
tput setaf 4
echo "Fixing perms for $account:"
tput setaf 3
if [ -d "$HOMEDIR/.cagefs" ]; then
chmod 775 "$HOMEDIR"/.cagefs
chmod 700 "$HOMEDIR"/.cagefs/tmp
chmod 700 "$HOMEDIR"/.cagefs/var
chmod 777 "$HOMEDIR"/.cagefs/cache
chmod 777 "$HOMEDIR"/.cagefs/run
fi
echo "------------------------"
tput setaf 4
echo "Fixing website files...."
tput sgr0



#Fix individual files in public_html
find "$HOMEDIR"/public_html -type d -exec chmod $verbose 755 {} \;
find "$HOMEDIR"/public_html -type f | xargs -d$'\n' -r chmod $verbose 644
find "$HOMEDIR"/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \;
find "$HOMEDIR"/public_html -type f -print0 | xargs -d$'\n' -r chmod "$verbose" 644
find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
#chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/*
# Hidden files test support: https://serverfault.com/a/156481
chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
find "$HOMEDIR"/* -name .htaccess -exec chown $verbose "$account"."$account" {} \;
chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;

tput bold
tput setaf 4
echo "Fixing public_html...."
tput sgr0
#Fix perms of public_html itself
chown $verbose "$account":"$account" "$HOMEDIR"/public_html
chmod $verbose 755 "$HOMEDIR"/public_html
chown "$verbose" "$account":"$account" "$HOMEDIR"/public_html
chmod "$verbose" 755 "$HOMEDIR"/public_html

tput bold
tput setaf 4
echo "Fixing logs...."
tput sgr0
#Fix perms of $HOMEDIR/logs
chown $verbose nobody:"$account" "$HOMEDIR"/logs
chmod $verbose 750 "$HOMEDIR"/logs
find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown $verbose nobody."$account" {} \;
chown "$verbose" nobody:"$account" "$HOMEDIR"/logs
chmod "$verbose" 750 "$HOMEDIR"/logs
find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown "$verbose" nobody."$account" {} \;



Expand All @@ -144,7 +221,7 @@ fixperms () {
#echo "Fixing sub/addon domain document root $SUBDOMAIN...."
#tput sgr0
#find $SUBDOMAIN -type d -exec chmod $verbose 755 {} \;
#find $SUBDOMAIN -type f | xargs -d$'\n' -r chmod $verbose 644
#find $SUBDOMAIN -type f -print0 | xargs -d$'\n' -r chmod $verbose 644
#find $SUBDOMAIN -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
#chown $verbose -R $account:$account $SUBDOMAIN
#find $SUBDOMAIN -name .htaccess -exec chown $verbose $account.$account {} \;
Expand All @@ -162,33 +239,177 @@ fixperms () {
return 0
}

#Parses all users through Cyberpanel's users file
#all () {
# for user in $(cut -d: -f1 /etc/domainusers)
# do
# fixperms "$user"
# done
#}

#########cPanel
# Main workhorse, fix perms per account passed to it
fixperms_cpanel () {

all () {
#Get account from what is passed to the function
account=$1

if [[ $OS = 'CentOS Linux' ]] ; then
for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd)
do
fixperms "$user"
done
fixmailperms
fi
#Check account against cPanel users file
if ! grep "$account" /var/cpanel/users/*
then
tput bold
tput setaf 1
echo "Invalid cPanel account"
tput sgr0
exit 0
fi

if [[ $OS = 'Ubuntu' ]] ; then
for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}')
#Make sure account isn't blank
if [ -z "$account" ]
then
tput bold
tput setaf 1
echo "Need an account name!"
tput sgr0
helptext
#Else, start doing work
else

#Get the account's homedir
HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6)
echo "User Homedirectory: ${HOMEDIR}"
tput bold
tput setaf 4
echo "Fixing perms for $account:"
tput setaf 3
if [ -d "$HOMEDIR/.cagefs" ]; then
chmod 775 "$HOMEDIR"/.cagefs
chmod 700 "$HOMEDIR"/.cagefs/tmp
chmod 700 "$HOMEDIR"/.cagefs/var
chmod 777 "$HOMEDIR"/.cagefs/cache
chmod 777 "$HOMEDIR"/.cagefs/run
fi
echo "------------------------"
tput setaf 4
echo "Fixing website files...."
tput sgr0



#Fix individual files in public_html
find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \;
find "$HOMEDIR"/public_html -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644
find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
# fix hidden files and folders like .well-known/ with root or other user perms
chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;

tput bold
tput setaf 4
echo "Fixing public_html...."
tput sgr0
#Fix perms of public_html itself
chown "$verbose" "$account":nobody "$HOMEDIR"/public_html
chmod "$verbose" 750 "$HOMEDIR"/public_html

#Fix subdomains that lie outside of public_html
tput setaf 3
tput bold
echo "------------------------"
tput setaf 4
echo "Fixing any domains with a document root outside of public_html...."
for SUBDOMAIN in $(grep -i documentroot /var/cpanel/userdata/"$account"/* | grep -v '.cache\|_SSL' | awk '{print $2}' | grep -v public_html)
do
fixperms "$user"
tput bold
tput setaf 4
echo "Fixing sub/addon domain document root $SUBDOMAIN...."
tput sgr0
find "$SUBDOMAIN" -type d -exec chmod "$verbose" 755 {} \;
find "$SUBDOMAIN" -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644
find "$SUBDOMAIN" -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
chown "$verbose" -R "$account":"$account" "$SUBDOMAIN"
chmod "$verbose" 755 "$SUBDOMAIN"
find "$SUBDOMAIN" -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;
done
fixmailperms
fi

#Finished
tput bold
tput setaf 3
echo "Finished!"
echo "------------------------"
printf "\n\n"
tput sgr0
fi

return 0
}

###################################





##################################

fixperms () {
Username=$1
if [ "${ControlPanel}" == "cpanel" ] ; then

fixperms_cpanel "${Username}"
# Fix users mailperms
tput bold
tput setaf 4
echo "Fixing Mailperms...."
tput sgr0
/scripts/mailperm --verbose "${Username}"
#Finished
tput bold
tput setaf 3
echo "Finished!"
echo "------------------------"
printf "\n\n"
tput sgr0

elif [ "${ControlPanel}" == "cyberpanel" ] ; then

fixperms_cyberpanel "${Username}"
fixmailperms_cyberpanel


elif [ "${ControlPanel}" == "plesk" ] ; then
#Get users homedir path
user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)
echo "User Homedirectory: ${user_homedir}"
echo "Resetting perms/ownership for ${user_homedir}/httpdocs"
sudo chown -R "${Username}":psacln "${user_homedir}"/httpdocs
sudo chown "${Username}":psaserv "${user_homedir}"/httpdocs

fi
}

all () {

if [ "${ControlPanel}" == "cpanel" ] ; then

for user in $(cut -d: -f1 /etc/domainusers)
do
fixperms_cpanel "$user"
done
# Fix all users mailperms
/scripts/mailperm --verbose

elif [ "${ControlPanel}" == "cyberpanel" ] ; then

if [[ $OS = 'CentOS Linux' ]] ; then
for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd)
do
fixperms_cyberpanel "$user"
done
fixmailperms_cyberpanel
fi

if [[ $OS = 'Ubuntu' ]] ; then
for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}')
do
fixperms_cyberpanel "$user"
done
fixmailperms_cyberpanel
fi
fi
}


Expand Down Expand Up @@ -230,4 +451,4 @@ case "$1" in
echo "Invalid Option!"
helptext
;;
esac
esac

0 comments on commit ca30929

Please sign in to comment.