diff --git a/CPScripts/fixperms.sh b/CPScripts/fixperms.sh index 55f3015e6..d2d588512 100644 --- a/CPScripts/fixperms.sh +++ b/CPScripts/fixperms.sh @@ -1,9 +1,62 @@ -#! /bin/bash -# Cyberpanel Fix Perms -# https://gitlab.com/cyberpaneltoolsnscripts/cyberpanel-fixperms +#!/usr/bin/env bash +## Author: Michael Ramsey +## Objective Fix permissions issues on CyberPanel/cPanel/Plesk for a linux user or users +# https://gitlab.com/wizardassistantscripts/fixperms # # Forked from https://github.com/PeachFlame/cPanel-fixperms # +# Plesk portion credits too +# https://www.orware.com/blog/tips-and-how-tos/plesk/correct-httpdocs-permissions +# https://support.plesk.com/hc/en-us/articles/115001969889--BUG-plesk-repair-fs-doesn-t-set-correct-owner-inside-httpdocs + +## How to use. +# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh username +# +# wget https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh ; bash fixperms.sh exampleuserbob +# +# Or once of +## bash <(curl -s https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh || wget -qO - https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh) exampleuserbob; +# +# Permanent Install for reuse via the below +# wget -O /usr/bin/fixperms https://gitlab.com/wizardassistantscripts/fixperms/-/raw/master/fixperms.sh; chmod +x /usr/bin/fixperms; +# +# Then +# fixperms -v -a Username +# fixperms -v -all +# Username=$1 + + +#Detect Control panel +if [ -f /usr/local/cpanel/cpanel ]; then + # Cpanel check for /usr/local/cpanel/cpanel -V + ControlPanel="cpanel" + #user_homedir="/home/${Username}" + + +elif [ -f /usr/bin/cyberpanel ]; then + # CyberPanel check /usr/bin/cyberpanel + ControlPanel="cyberpanel" + #Get users homedir path + #user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6) + +elif [ -f /usr/local/psa/core.version ]; then + # Plesk check /usr/local/psa/core.version + ControlPanel="plesk" + + #Get users homedir path + #user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6) + + +else + echo "Not able to detect Control panel. Unsupported Control Panel exiting now" + exit 1; + fi +echo "============================================================="; +echo "$ControlPanel Control Panel Detected" +echo "============================================================="; +echo ""; + + # Set verbose to null verbose="" @@ -21,7 +74,7 @@ helptext () { echo "-h or --help: print this screen and exit" echo "-v: verbose output" echo "-all: run on all Cyberpanel accounts" - echo "--account or -a: specify a Cyberpanel account" + echo "--account or -a: specify a Cyberpanel/cPanel/Plesk account" # echo "--domain or -d: specify a Cyberpanel domain" tput sgr0 exit 0 @@ -59,8 +112,11 @@ else fi + +#### Cyberpanel Section + # fix mailperms -fixmailperms () { +fixmailperms_cyberpanel () { tput bold tput setaf 4 echo "Fixing mailperms...." @@ -75,7 +131,7 @@ fixmailperms () { } # Main workhorse, fix perms per account passed to it -fixperms () { +fixperms_cyberpanel () { #Get account from what is passed to the function account=$1 @@ -91,43 +147,64 @@ fixperms () { #Else, start doing work else - #Get the account's homedir - HOMEDIR=$(egrep "^${account}:" /etc/passwd | cut -d: -f6) + # Get linux user from Domain + domain_username=$(grep -E "/${1}:" /etc/passwd | cut -d: -f1) + if id "$1" >/dev/null 2>&1; then + echo "$1 exists" + elif id "$domain_username" >/dev/null 2>&1; then + echo "Found user: $domain_username from domain: $1" + echo "$domain_username exists" + account=$domain_username + else + echo "user does not exist" + fi + + #Get the account's homedir + HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6) + echo "User Homedirectory: ${HOMEDIR}" tput bold tput setaf 4 echo "Fixing perms for $account:" tput setaf 3 + if [ -d "$HOMEDIR/.cagefs" ]; then + chmod 775 "$HOMEDIR"/.cagefs + chmod 700 "$HOMEDIR"/.cagefs/tmp + chmod 700 "$HOMEDIR"/.cagefs/var + chmod 777 "$HOMEDIR"/.cagefs/cache + chmod 777 "$HOMEDIR"/.cagefs/run + fi echo "------------------------" tput setaf 4 echo "Fixing website files...." tput sgr0 - + + #Fix individual files in public_html - find "$HOMEDIR"/public_html -type d -exec chmod $verbose 755 {} \; - find "$HOMEDIR"/public_html -type f | xargs -d$'\n' -r chmod $verbose 644 - find "$HOMEDIR"/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755 + find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \; + find "$HOMEDIR"/public_html -type f -print0 | xargs -d$'\n' -r chmod "$verbose" 644 + find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755 #chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/* # Hidden files test support: https://serverfault.com/a/156481 - chown $verbose -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]* - find "$HOMEDIR"/* -name .htaccess -exec chown $verbose "$account"."$account" {} \; + chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]* + find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \; tput bold tput setaf 4 echo "Fixing public_html...." tput sgr0 #Fix perms of public_html itself - chown $verbose "$account":"$account" "$HOMEDIR"/public_html - chmod $verbose 755 "$HOMEDIR"/public_html + chown "$verbose" "$account":"$account" "$HOMEDIR"/public_html + chmod "$verbose" 755 "$HOMEDIR"/public_html tput bold tput setaf 4 echo "Fixing logs...." tput sgr0 #Fix perms of $HOMEDIR/logs - chown $verbose nobody:"$account" "$HOMEDIR"/logs - chmod $verbose 750 "$HOMEDIR"/logs - find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown $verbose nobody."$account" {} \; + chown "$verbose" nobody:"$account" "$HOMEDIR"/logs + chmod "$verbose" 750 "$HOMEDIR"/logs + find "$HOMEDIR"/logs/* -name '*.access_log' -exec chown "$verbose" nobody."$account" {} \; @@ -144,7 +221,7 @@ fixperms () { #echo "Fixing sub/addon domain document root $SUBDOMAIN...." #tput sgr0 #find $SUBDOMAIN -type d -exec chmod $verbose 755 {} \; - #find $SUBDOMAIN -type f | xargs -d$'\n' -r chmod $verbose 644 + #find $SUBDOMAIN -type f -print0 | xargs -d$'\n' -r chmod $verbose 644 #find $SUBDOMAIN -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755 #chown $verbose -R $account:$account $SUBDOMAIN #find $SUBDOMAIN -name .htaccess -exec chown $verbose $account.$account {} \; @@ -162,33 +239,177 @@ fixperms () { return 0 } -#Parses all users through Cyberpanel's users file -#all () { -# for user in $(cut -d: -f1 /etc/domainusers) -# do -# fixperms "$user" -# done -#} +#########cPanel +# Main workhorse, fix perms per account passed to it +fixperms_cpanel () { + + #Get account from what is passed to the function + account=$1 + + #Check account against cPanel users file + if ! grep "$account" /var/cpanel/users/* + then + tput bold + tput setaf 1 + echo "Invalid cPanel account" + tput sgr0 + exit 0 + fi + + #Make sure account isn't blank + if [ -z "$account" ] + then + tput bold + tput setaf 1 + echo "Need an account name!" + tput sgr0 + helptext + #Else, start doing work + else + + #Get the account's homedir + HOMEDIR=$(grep -E "^${account}:" /etc/passwd | cut -d: -f6) + echo "User Homedirectory: ${HOMEDIR}" + tput bold + tput setaf 4 + echo "Fixing perms for $account:" + tput setaf 3 + if [ -d "$HOMEDIR/.cagefs" ]; then + chmod 775 "$HOMEDIR"/.cagefs + chmod 700 "$HOMEDIR"/.cagefs/tmp + chmod 700 "$HOMEDIR"/.cagefs/var + chmod 777 "$HOMEDIR"/.cagefs/cache + chmod 777 "$HOMEDIR"/.cagefs/run + fi + echo "------------------------" + tput setaf 4 + echo "Fixing website files...." + tput sgr0 + + + + #Fix individual files in public_html + find "$HOMEDIR"/public_html -type d -exec chmod "$verbose" 755 {} \; + find "$HOMEDIR"/public_html -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644 + find "$HOMEDIR"/public_html -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755 + # fix hidden files and folders like .well-known/ with root or other user perms + chown "$verbose" -R "$account":"$account" "$HOMEDIR"/public_html/.[^.]* + find "$HOMEDIR"/* -name .htaccess -exec chown "$verbose" "$account"."$account" {} \; + + tput bold + tput setaf 4 + echo "Fixing public_html...." + tput sgr0 + #Fix perms of public_html itself + chown "$verbose" "$account":nobody "$HOMEDIR"/public_html + chmod "$verbose" 750 "$HOMEDIR"/public_html + + #Fix subdomains that lie outside of public_html + tput setaf 3 + tput bold + echo "------------------------" + tput setaf 4 + echo "Fixing any domains with a document root outside of public_html...." + for SUBDOMAIN in $(grep -i documentroot /var/cpanel/userdata/"$account"/* | grep -v '.cache\|_SSL' | awk '{print $2}' | grep -v public_html) + do + tput bold + tput setaf 4 + echo "Fixing sub/addon domain document root $SUBDOMAIN...." + tput sgr0 + find "$SUBDOMAIN" -type d -exec chmod "$verbose" 755 {} \; + find "$SUBDOMAIN" -type f -print0 | xargs -0 -d$'\n' -r chmod "$verbose" 644 + find "$SUBDOMAIN" -name '*.cgi' -print0 -o -name '*.pl' | xargs -0 -r chmod "$verbose" 755 + chown "$verbose" -R "$account":"$account" "$SUBDOMAIN" + chmod "$verbose" 755 "$SUBDOMAIN" + find "$SUBDOMAIN" -name .htaccess -exec chown "$verbose" "$account"."$account" {} \; + done + + #Finished + tput bold + tput setaf 3 + echo "Finished!" + echo "------------------------" + printf "\n\n" + tput sgr0 + fi + + return 0 +} + +################################### + + + + + +################################## + +fixperms () { + Username=$1 + if [ "${ControlPanel}" == "cpanel" ] ; then + + fixperms_cpanel "${Username}" + # Fix users mailperms + tput bold + tput setaf 4 + echo "Fixing Mailperms...." + tput sgr0 + /scripts/mailperm --verbose "${Username}" + #Finished + tput bold + tput setaf 3 + echo "Finished!" + echo "------------------------" + printf "\n\n" + tput sgr0 + + elif [ "${ControlPanel}" == "cyberpanel" ] ; then + + fixperms_cyberpanel "${Username}" + fixmailperms_cyberpanel + + + elif [ "${ControlPanel}" == "plesk" ] ; then + #Get users homedir path + user_homedir=$(grep -E "^${Username}:" /etc/passwd | cut -d: -f6) + echo "User Homedirectory: ${user_homedir}" + echo "Resetting perms/ownership for ${user_homedir}/httpdocs" + sudo chown -R "${Username}":psacln "${user_homedir}"/httpdocs + sudo chown "${Username}":psaserv "${user_homedir}"/httpdocs + + fi +} all () { -if [[ $OS = 'CentOS Linux' ]] ; then - for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd) - do - fixperms "$user" - done - fixmailperms -fi + if [ "${ControlPanel}" == "cpanel" ] ; then -if [[ $OS = 'Ubuntu' ]] ; then - for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}') - do - fixperms "$user" - done - fixmailperms -fi + for user in $(cut -d: -f1 /etc/domainusers) + do + fixperms_cpanel "$user" + done + # Fix all users mailperms + /scripts/mailperm --verbose + elif [ "${ControlPanel}" == "cyberpanel" ] ; then + + if [[ $OS = 'CentOS Linux' ]] ; then + for user in $(getent passwd | awk -F: '5001<$3 && $3<6000 {print $1}' |grep -v spamd) + do + fixperms_cyberpanel "$user" + done + fixmailperms_cyberpanel + fi + + if [[ $OS = 'Ubuntu' ]] ; then + for user in $(getent passwd | awk -F: '1001<$3 && $3<2000 {print $1}') + do + fixperms_cyberpanel "$user" + done + fixmailperms_cyberpanel + fi + fi } @@ -230,4 +451,4 @@ case "$1" in echo "Invalid Option!" helptext ;; -esac \ No newline at end of file +esac