Created
November 20, 2014 13:28
-
-
Save mishak87/ef7cfb8f0f67eb235f60 to your computer and use it in GitHub Desktop.
Nette strict permissions script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ROOT=$(pwd) | |
| USER=nette | |
| WEB_SERVER_GROUP=www-data | |
| # create cache | |
| if [ ! -d "$ROOT/temp/cache" ]; then | |
| mkdir -p "$ROOT/temp/cache" | |
| fi | |
| # journal | |
| touch "$ROOT/temp/btfj.dat" | |
| # defaults | |
| chown -R $USER $ROOT | |
| chmod -R u=rX,go= $ROOT # chmod 0500 for directories and 0400 for files | |
| # document root | |
| chmod -R g+rX $ROOT/www # chmod 0550 for directories and 0440 for files | |
| chgrp -R $WEB_SERVER_GROUP $ROOT/www | |
| # log, temp, cache and sessions | |
| chmod -R u+w $ROOT/log | |
| chmod u+w $ROOT/temp | |
| chmod u+w $ROOT/temp/btfj.dat | |
| chmod -R u+w $ROOT/temp/cache | |
| chmod -R u+w $ROOT/temp/sessions | |
| # directories with executables | |
| for BIN in bin vendor/bin; do | |
| if [ -d "$ROOT/$BIN" ]; then | |
| chmod -R u+x "$ROOT/$BIN" # chmod 0500 for files (directories already have 0500) | |
| fi | |
| done | |
| # allow access to .htaccess and web.config for server | |
| for DIR in app log temp vendor www; do | |
| # allow listing files directory for www-data | |
| if [ -d "$ROOT/$DIR" ]; then | |
| chmod g+x "$ROOT/$DIR" # enable directory listing for group | |
| chgrp $WEB_SERVER_GROUP "$ROOT/$DIR" | |
| fi | |
| for FILE in .htaccess web.config; do | |
| if [ -f "$ROOT/$DIR/$FILE" ]; then | |
| chmod g+r "$ROOT/$DIR/$FILE" # enable reading file for group | |
| chgrp $WEB_SERVER_GROUP "$ROOT/$DIR/$FILE" | |
| fi | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment