Kallobombus Oddmuse

Kallobombus runs a number of Oddmuse wikis. When I run into permission problems, I usually run `fix-data-dir-permissions`. Run it for the directories where Oddmuse needs to write stuff – the data directories and the picture directories, if you’re using the Static Copy Extension.

Kallobombus

Static Copy Extension

Why are we doing this?

The system has two accounts: *alex* is me and *www-data* runs Oddmuse. If Oddmuse creates new files, they will belong to «www-data» and I won’t be able to edit them. This drives me nuts. This is why I run `fix-data-dir-permissions`. Here’s what the result looks like:

alex@kallobombus:~$ ls -ld alexschroeder alexschroeder.ch alexschroeder.ch/pics
drwxrws--- 11 www-data alex  4096 Jul 16 03:50 alexschroeder
drwxr-xr-x 15 alex     alex  4096 Jun  3 08:04 alexschroeder.ch
drwxrws---  4 www-data alex 49152 Nov 10  2014 alexschroeder.ch/pics

The «alexschroeder.ch» directory is for `.htaccess`, `robots.txt`, static HTML and CSS files, and some Perl scripts. It’s basically supposed to be read only for «www-data». The files belong to user and group «alex» and their permissions are 755 (`rwxr-xr-x`) for directories and 644 (`rw-r--r--`) for static files. Perl scripts need to be executable and get 755 (`rwxr-xr-x`).

I ran the script on my data directory «alexschroeder» and on the pictures directory «alexschroeder.ch/pics». *Files and directories must belong to the user «www-data» and to group «alex»*.

Directories get the permission 2770 (`rwxrws---`) which means that the user and group members can change into them, they can list their files, and the can create or delete their files. The sticky bit makes sure that files created in these directories keep the group of their parent directory, «alex».

Since I am part of group «alex», I will have write permissions for new files even though www-data creates them for me. That’s the whole point of the exercise.

alex@kallobombus:~$ ls -l alexschroeder/page/Kallobombus*
-rw-rw---- 1 www-data alex 21105 Jul 16 11:54 alexschroeder/page/Kallobombus_Apache.pg
-rw-rw---- 1 www-data alex  2012 Jul 16 03:16 alexschroeder/page/Kallobombus_Infrastructure.pg
-rw-rw---- 1 www-data alex  6897 Jul  5  2014 alexschroeder/page/Kallobombus_Monit.pg
-rw-rw---- 1 www-data alex  8687 Jul  6  2014 alexschroeder/page/Kallobombus_Munin.pg
-rw-rw---- 1 www-data alex  8923 Jul 16 03:50 alexschroeder/page/Kallobombus_Perl.pg
-rw-rw---- 1 www-data alex  1033 Jul 16 12:10 alexschroeder/page/Kallobombus.pg
-rw-rw---- 1 www-data alex 19831 Jul 16 03:25 alexschroeder/page/Kallobombus_Setup.pg

Usage

• *Do not forget about the -n option!**

for d in alexschroeder.ch arabisch-lernen.org campaignwiki.org \
    communitywiki.org oddmuse.org orientalisch.info; do
    bin/fix-static-dir-permissions "$d"
done

for d in alexschroeder arabisch-lernen campaignwiki \
    claudia communitywiki helmut hug mark oddmuse \
    orientalisch paper zengarden; do
    bin/fix-data-dir-permissions "$d"
done

for d in alexschroeder.ch/pics campaignwiki.org/pics \
    communitywiki.org/pics oddmuse.org/pics \
    orientalisch.info/pics; do
    fix-data-dir-permissions "$d"
done

fix-static-dir-permissions

#!/bin/bash

if test "$1" == "-n"; then
    echo Not executing
    ECHO=echo
    shift
fi

if test -z "$1"; then
    F=`basename $0`
    echo Usage: $F [-n] STATICDIR
    exit 1
fi

if test ! -d "$1"; then
    echo You need to provide an existing directory
    pwd
    exit 2
fi

echo fixing directory permissions for `pwd`/$1 except for pics or static
find $1 -name pics -prune \
    -or -name static -prune \
    -or -name .svn -prune \
    -or -name .git -prune \
    -or -type d -not -perm 755 -exec $ECHO sudo chmod 755 {} \;
echo fixing file permissions except for pics or static and most Perl files
find $1 -name pics -prune \
    -or -name static -prune \
    -or -name .svn -prune \
    -or -name .git -prune \
    -or -name '*.pl' -not -name '*-utf8.pl' -not -name 'current.pl' -prune \
    -or -type f -not -perm 644 -exec $ECHO sudo chmod 644 {} \;
echo fixing file permissions for most Perl files
find $1 -name pics -prune \
    -or -name static -prune \
    -or -name .svn -prune \
    -or -name .git -prune \
    -or -name '*.pl' -not -name '*-utf8.pl' -not -name 'current.pl' -prune \
    -type f -not -perm 755 -exec $ECHO sudo chmod 755 {} \;
echo fixing ownership except for pics or static
find $1 -name pics -prune \
    -or -name static -prune \
    -or \( -not -group alex -or -not -user alex \) -exec $ECHO sudo chown alex.alex {} \;

data-dir-permissions

#!/bin/bash

if test "$1" == "-n"; then
    echo Not executing
    ECHO=echo
    shift
fi

if test -z "$1"; then
    F=`basename $0`
    echo Usage: $F [-n] DATADIR
    exit 1
fi

if test ! -d "$1"; then
    echo You need to provide an existing directory
    pwd
    exit 2
fi

echo fixing directory permissions for `pwd`/$1
find $1 -type d -not -perm 2770 -exec $ECHO sudo chmod 2770 {} \;
echo fixing file permissions
find $1 -type f -not -perm 0660 -exec $ECHO sudo chmod 0660 {} \;
echo fixing ownership
find $1 \( -type f -or -type d \) \
    \( -not -group alex -or -not -user www-data \) \
    -exec $ECHO sudo chown www-data.alex {} \;