[LON-CAPA-cvs] cvs: loncom / lcuseradd
foxr
lon-capa-cvs@mail.lon-capa.org
Thu, 27 Jan 2005 11:52:46 -0000
foxr Thu Jan 27 06:52:46 2005 EDT
Modified files:
/loncom lcuseradd
Log:
use File::Find::find to recurse the public_html dir ensuring that all
subdirs get 02770 mode.
(defect 3853)
Index: loncom/lcuseradd
diff -u loncom/lcuseradd:1.34 loncom/lcuseradd:1.35
--- loncom/lcuseradd:1.34 Wed Jan 26 07:13:58 2005
+++ loncom/lcuseradd Thu Jan 27 06:52:46 2005
@@ -6,7 +6,7 @@
# with adding a user with filesystem privileges (e.g. author)
#
#
-# $Id: lcuseradd,v 1.34 2005/01/26 12:13:58 foxr Exp $
+# $Id: lcuseradd,v 1.35 2005/01/27 11:52:46 foxr Exp $
###
###############################################################################
@@ -32,6 +32,8 @@
###############################################################################
use strict;
+use File::Find;
+
# ------------------------------------------------------- Description of script
#
@@ -300,7 +302,6 @@
system('/bin/chmod','-R','0660',"/home/$safeusername");
system('/bin/chmod','0710',"/home/$safeusername");
mkdir "/home/$safeusername/public_html",0755;
-system('/bin/chmod','02770',"/home/$safeusername/public_html");
open OUT,">/home/$safeusername/public_html/index.html";
print OUT<<END;
<html>
@@ -314,13 +315,14 @@
</html>
END
close OUT;
-system('/bin/chmod','0660', "/home/$safeusername/public_html/index.html");
+
#
# In order to allow the loncapa daemons appropriate access
# to public_html, Top level and public_html directories should
# be owned by safeusername:safeusername as should the smaple index.html..
print "lcuseradd ownership\n" unless $noprint;
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything.
+&set_public_html_permissions("/home/$safeusername/public_html");
# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level...
# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir.
# ---------------------------------------------------- Gracefull Apache Restart
@@ -329,7 +331,8 @@
open(PID,'/var/run/httpd.pid');
my $pid=<PID>;
close(PID);
- my ($safepid)= $pid=~ /(\D+)/;
+ my $pid=~ /(\D+)/;
+ my $safepid = $1;
if ($pid) {
system('kill','-USR1',"$safepid");
}
@@ -396,6 +399,53 @@
close LOCK;
return 1;
}
+# Called by File::Find::find for each file examined.
+#
+# Untaint the file and, if it is a directory,
+# chmod it to 02770
+#
+sub set_permission {
+ $File::Find::name =~ /^(.*)$/;
+ my $safe_name = $1; # Untainted filename...
+
+ print "$safe_name" unless $noprint;
+ if(-d $safe_name) {
+ print " - directory" unless $noprint;
+ chmod(02770, $safe_name);
+ }
+ print "\n" unless $noprint;
+
+}
+#
+# Set up the correct permissions for all files in the
+# user's public htmldir. We just do a chmod -R 0660 ... for
+# the ordinary files. The we use File::Find
+# to pop through the directory tree changing directories only
+# to 02770:
+#
+sub set_public_html_permissions {
+ my ($topdir) = @_;
+
+ # Set the top level dir permissions (I'm not sure if find
+ # will enumerate it specifically), correctly and all
+ # files and dirs to the 'ordinary' file permissions:
+
+ system("chmod -R 0660 $topdir");
+ chmod(02770, $topdir);
+
+ # Now use find to locate all directories under $topdir
+ # and set their modes to 02770...
+ #
+ print "Find file\n " unless $noprint;
+ File::Find::find({"untaint" => 1,
+ "untaint_pattern" => qr(/^(.*)$/),
+ "untaint_skip" => 1,
+ "no_chdir" => 1,
+ "wanted" => \&set_permission }, "$topdir");
+
+
+}
+
#-------------------------- Exit...
#
# Write the file if the error_file is defined. Regardless