Update fixperms.sh

whattheserver · web-flow · commit ca30929d6faf · 2020-09-02T09:33:13.000-04:00
Added smart fall back detection to find the linux user from domain if domain is provided vs username for Cyberpanel user. Also ran it through shellcheck andupdated and optimized the code and added multi control panel detection code.
diff --git a/CPScripts/fixperms.sh b/CPScripts/fixperms.sh
@@ -1,9 +1,62 @@
-#! /bin/bash
-# Cyberpanel Fix Perms
-# https://gitlab.com/cyberpaneltoolsnscripts/cyberpanel-fixperms
+#!/usr/bin/env bash
+## Author: Michael Ramsey
+## Objective Fix permissions issues on CyberPanel/cPanel/Plesk for a linux user or users
+# https://gitlab.com/wizardassistantscripts/fixperms
 # 
 # Forked from https://github.com/PeachFlame/cPanel-fixperms
 #
+# Plesk portion credits too
+# https://www.orware.com/blog/tips-and-how-tos/plesk/correct-httpdocs-permissions
+# https://support.plesk.com/hc/en-us/articles/115001969889--BUG-plesk-repair-fs-doesn-t-set-correct-owner-inside-httpdocs
+
+## How to use.
+# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh username
+# 
+# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh exampleuserbob
+#
+# Or once of
+## bash <(curl -s https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh || wget -qO - https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh) exampleuserbob;
+#
+# Permanent Install for reuse via the below
+# wget -O /usr/bin/fixperms https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh; chmod +x /usr/bin/fixperms;
+#
+# Then 
+# fixperms -v -a Username
+# fixperms -v -all
+# Username=$1
+
+
+#Detect Control panel
+if [ -f /usr/local/cpanel/cpanel ]; then
+    	# Cpanel check for /usr/local/cpanel/cpanel -V
+    	ControlPanel="cpanel"
+	#user_homedir="/home/${Username}"
+
+	
+elif [ -f /usr/bin/cyberpanel ]; then
+    	# CyberPanel check /usr/bin/cyberpanel
+    	ControlPanel="cyberpanel"
+	#Get users homedir path
+	#user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)	
+
+elif [ -f /usr/local/psa/core.version ]; then
+    	# Plesk check /usr/local/psa/core.version
+    	ControlPanel="plesk"
+	
+	#Get users homedir path
+	#user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)
+
+
+else
+	echo "Not able to detect Control panel. Unsupported Control Panel exiting now"
+	   exit 1;
+	fi
+echo "=============================================================";	
+echo "$ControlPanel Control Panel Detected"
+echo "=============================================================";
+echo "";
+
+
 
 # Set verbose to null
 verbose=""
@@ -21,7 +74,7 @@ helptext () {
     echo "-h or --help: print this screen and exit"
     echo "-v: verbose output"
     echo "-all: run on all Cyberpanel accounts"
-    echo "--account or -a: specify a Cyberpanel account"
+    echo "--account or -a: specify a Cyberpanel/cPanel/Plesk account"
 #   echo "--domain or -d: specify a Cyberpanel domain"
     tput sgr0
     exit 0
@@ -59,8 +112,11 @@ else
 fi
 
 
+
+#### Cyberpanel Section
+
 # fix mailperms
-fixmailperms () {
+fixmailperms_cyberpanel () {
     tput bold
     tput setaf 4
     echo "Fixing mailperms...."
@@ -75,7 +131,7 @@ fixmailperms () {
 }
 
 # Main workhorse, fix perms per account passed to it
-fixperms () {
+fixperms_cyberpanel () {
 
   #Get account from what is passed to the function
   account=$1
@@ -91,43 +147,64 @@ fixperms () {
   #Else, start doing work
   else
 
-    #Get the account's homedir
-    HOMEDIR=$(egrep "^${account}:" /etc/passwd | cut -d: -f6)
+  # Get linux user from Domain
+  domain_username=$(grep -E "/${1}:" /etc/passwd | cut -d: -f1)
+  if id "$1" >/dev/null 2>&1; then
+        echo "$1 exists"
+  elif id "$domain_username" >/dev/null 2>&1; then
+	echo "Found user: $domain_username from domain: $1"        
+	echo "$domain_username exists"
+	account=$domain_username
+  else
+        echo "user does not exist"
+  fi
+
 
+    #Get the account's homedir
+    HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6)
+    echo "User Homedirectory: ${HOMEDIR}"
     tput bold
     tput setaf 4
     echo "Fixing perms for $account:"
     tput setaf 3
+    if [ -d "$HOMEDIR/.cagefs" ]; then
+            chmod 775 "$HOMEDIR"/.cagefs
+            chmod 700 "$HOMEDIR"/.cagefs/tmp
+            chmod 700 "$HOMEDIR"/.cagefs/var
+            chmod 777 "$HOMEDIR"/.cagefs/cache
+            chmod 777 "$HOMEDIR"/.cagefs/run
+     	fi
     echo "------------------------"
     tput setaf 4
     echo "Fixing website files...."
     tput sgr0
-    
+
+   
     #Fix individual files in public_html
-    find "$HOMEDIR"/public_html -type d -exec chmod $verbose 755 {} \;
-    find "$HOMEDIR"/public_html -type f | xargs -d$'\n' -r chmod $verbose 644
-    find "$HOMEDIR"/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
+    find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \;
+    find "$HOMEDIR"/public_html -type f -print0 | xargs -d$'\n' -r chmod "$verbose" 644
+    find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
     #chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/*
     # Hidden files test support: https://serverfault.com/a/156481
-    chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
-    find "$HOMEDIR"/* -name .htaccess -exec chown $verbose "$account"."$account" {} \;
+    chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
+    find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;
 
     tput bold
     tput setaf 4
     echo "Fixing public_html...."
     tput sgr0
     #Fix perms of public_html itself
-    chown $verbose "$account":"$account" "$HOMEDIR"/public_html
-    chmod $verbose 755 "$HOMEDIR"/public_html
+    chown "$verbose" "$account":"$account" "$HOMEDIR"/public_html
+    chmod "$verbose" 755 "$HOMEDIR"/public_html
 
     tput bold
     tput setaf 4
     echo "Fixing logs...."
     tput sgr0
     #Fix perms of $HOMEDIR/logs
-    chown $verbose nobody:"$account" "$HOMEDIR"/logs
-    chmod $verbose 750 "$HOMEDIR"/logs
-    find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown $verbose nobody."$account" {} \;
+    chown "$verbose" nobody:"$account" "$HOMEDIR"/logs
+    chmod "$verbose" 750 "$HOMEDIR"/logs
+    find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown "$verbose" nobody."$account" {} \;
 
     
 
@@ -144,7 +221,7 @@ fixperms () {
       #echo "Fixing sub/addon domain document root $SUBDOMAIN...."
       #tput sgr0
       #find $SUBDOMAIN -type d -exec chmod $verbose 755 {} \;
-      #find $SUBDOMAIN -type f | xargs -d$'\n' -r chmod $verbose 644
+      #find $SUBDOMAIN -type f -print0 | xargs -d$'\n' -r chmod $verbose 644
       #find $SUBDOMAIN -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
       #chown $verbose -R $account:$account $SUBDOMAIN
       #find $SUBDOMAIN -name .htaccess -exec chown $verbose $account.$account {} \;
@@ -162,33 +239,177 @@ fixperms () {
   return 0
 }
 
-#Parses all users through Cyberpanel's users file
-#all () {
-#    for user in $(cut -d: -f1 /etc/domainusers)
-#    do
-#  fixperms "$user"
-#    done
-#}
 
+#########cPanel 
+# Main workhorse, fix perms per account passed to it
+fixperms_cpanel () {
 
-all () {
+  #Get account from what is passed to the function
+  account=$1
 
-if [[ $OS = 'CentOS Linux' ]] ; then
-   for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd)
-    do
-  fixperms "$user"
-    done
-   fixmailperms
-fi
+  #Check account against cPanel users file
+  if ! grep "$account" /var/cpanel/users/*
+  then
+    tput bold
+    tput setaf 1
+    echo "Invalid cPanel account"
+    tput sgr0
+    exit 0
+  fi
 
-if [[ $OS = 'Ubuntu' ]] ; then
-   for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}')
+  #Make sure account isn't blank
+  if [ -z "$account" ]
+  then
+    tput bold
+    tput setaf 1
+    echo "Need an account name!"
+    tput sgr0
+    helptext
+  #Else, start doing work
+  else
+
+    #Get the account's homedir
+    HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6)
+    echo "User Homedirectory: ${HOMEDIR}"
+    tput bold
+    tput setaf 4
+    echo "Fixing perms for $account:"
+    tput setaf 3
+    if [ -d "$HOMEDIR/.cagefs" ]; then
+            chmod 775 "$HOMEDIR"/.cagefs
+            chmod 700 "$HOMEDIR"/.cagefs/tmp
+            chmod 700 "$HOMEDIR"/.cagefs/var
+            chmod 777 "$HOMEDIR"/.cagefs/cache
+            chmod 777 "$HOMEDIR"/.cagefs/run
+     	fi
+    echo "------------------------"
+    tput setaf 4
+    echo "Fixing website files...."
+    tput sgr0
+    
+
+
+    #Fix individual files in public_html
+    find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \;
+    find "$HOMEDIR"/public_html -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644
+    find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
+    # fix hidden files and folders like .well-known/ with root or other user perms
+    chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]*
+    find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;
+
+    tput bold
+    tput setaf 4
+    echo "Fixing public_html...."
+    tput sgr0
+    #Fix perms of public_html itself
+    chown "$verbose" "$account":nobody "$HOMEDIR"/public_html
+    chmod "$verbose" 750 "$HOMEDIR"/public_html
+
+    #Fix subdomains that lie outside of public_html
+    tput setaf 3
+    tput bold
+    echo "------------------------"
+    tput setaf 4
+    echo "Fixing any domains with a document root outside of public_html...."
+    for SUBDOMAIN in $(grep -i documentroot /var/cpanel/userdata/"$account"/* | grep -v '.cache\|_SSL' | awk '{print $2}' | grep -v public_html)
     do
-  fixperms "$user"
+      tput bold
+      tput setaf 4
+      echo "Fixing sub/addon domain document root $SUBDOMAIN...."
+      tput sgr0
+      find "$SUBDOMAIN" -type d -exec chmod "$verbose" 755 {} \;
+      find "$SUBDOMAIN" -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644
+      find "$SUBDOMAIN" -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755
+      chown "$verbose" -R "$account":"$account" "$SUBDOMAIN"
+      chmod "$verbose" 755 "$SUBDOMAIN"
+      find "$SUBDOMAIN" -name .htaccess -exec chown "$verbose" "$account"."$account" {} \;
     done
-  fixmailperms
-fi
 
+  #Finished
+    tput bold
+    tput setaf 3
+    echo "Finished!"
+    echo "------------------------"
+    printf "\n\n"
+    tput sgr0
+  fi
+
+  return 0
+}
+
+###################################
+
+
+
+
+
+##################################
+
+fixperms () {
+	Username=$1
+	if [ "${ControlPanel}" == "cpanel" ] ; then
+
+	  	fixperms_cpanel "${Username}"
+		# Fix users mailperms
+		tput bold
+    		tput setaf 4
+    		echo "Fixing Mailperms...."
+		tput sgr0
+		/scripts/mailperm --verbose "${Username}"
+		#Finished
+		tput bold
+		tput setaf 3
+		echo "Finished!"
+		echo "------------------------"
+		printf "\n\n"
+		tput sgr0
+
+	elif [ "${ControlPanel}" == "cyberpanel" ] ; then
+
+		fixperms_cyberpanel "${Username}"
+		fixmailperms_cyberpanel
+
+
+	elif [ "${ControlPanel}" == "plesk" ] ; then
+		#Get users homedir path
+		user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6)
+                echo "User Homedirectory: ${user_homedir}"
+		echo "Resetting perms/ownership for ${user_homedir}/httpdocs"
+		sudo chown -R "${Username}":psacln "${user_homedir}"/httpdocs
+		sudo chown "${Username}":psaserv "${user_homedir}"/httpdocs	
+
+	fi	
+}
+
+all () {
+
+	if [ "${ControlPanel}" == "cpanel" ] ; then
+
+		for user in $(cut -d: -f1 /etc/domainusers)
+		    do
+		  	fixperms_cpanel "$user"
+		    done
+		# Fix all users mailperms
+		/scripts/mailperm --verbose
+
+	elif [ "${ControlPanel}" == "cyberpanel" ] ; then
+
+		if [[ $OS = 'CentOS Linux' ]] ; then
+	   	for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd)
+		    do
+		  	fixperms_cyberpanel "$user"
+		    done
+		   	fixmailperms_cyberpanel
+		fi
+
+		if [[ $OS = 'Ubuntu' ]] ; then
+		   for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}')
+		    do
+		  	fixperms_cyberpanel "$user"
+		    done
+		  	fixmailperms_cyberpanel
+		fi
+	fi
 }
 
 
@@ -230,4 +451,4 @@ case "$1" in
        echo "Invalid Option!"
        helptext
        ;;
-esac
+esac
