tonejito · February 16, 2018 23:18
diff --git a/selinux_httpd_userdir b/selinux_httpd_userdir
 #!/bin/bash -v

 #	= ^ . ^ =
 # https://gist.github.com/tonejito/696cdc3939728e54fa051196a4de845c

 HOME_PREFIX=/home
 HTTPD_VHOST_CONF=/etc/httpd/conf.d/zz-99-vhost.conf
 HTTPD_USER=apache
 PUBLIC_HTML_LIST=public_html.log
 PUBLIC_HTML_SELINUX_TYPE=httpd_user_content_t
 SEMANAGE_CONFIG=semanage.local
 RESTORECON_LOG=restorecon.log
 RESTORECON_ERROR_LOG=restorecon_incorrect.log
 FIXFILES_LOG=fixfiles.log

 # Clean up previous files
 for FILE in ${PUBLIC_HTML_LIST} ${PUBLIC_HTML_LIST}.0 ${RESTORECON_LOG} ${RESTORECON_ERROR_LOG} ${FIXFILES_LOG}
 do
  touch ${FILE}
  truncate --size 0 ${FILE}
 done

 # Find target directories on httpd config and on ~user/public_html
 # UID range taken from login.defs
 grep -i DocumentRoot ${HTTPD_VHOST_CONF} | awk '{print $NF}' >> ${PUBLIC_HTML_LIST}.1
 getent passwd | awk -F : '{if( $3>=500 && $3<=60000 ){print $6"/public_html"}}' >> ${PUBLIC_HTML_LIST}.1
 # find ${HOME_PREFIX} -type d -name public_html >> ${PUBLIC_HTML_LIST}.1

 # Clean list of target directories
 sed -e 's/\s+$//g' -e 's|/$||g' < ${PUBLIC_HTML_LIST}.1 | sort -u | uniq > ${PUBLIC_HTML_LIST}
 rm -v ${PUBLIC_HTML_LIST}.1
 tr '\n' '\0' < ${PUBLIC_HTML_LIST} > ${PUBLIC_HTML_LIST}.0

 # Adjust normal UNIX permissions
 xargs -0 -r chgrp -f -R ${HTTPD_USER} < ${PUBLIC_HTML_LIST}.0
 xargs -0 -r chmod -f -R ug+w,o-w < ${PUBLIC_HTML_LIST}.0

 # Set SELinux type and restore default context
 if [ -e ${SEMANAGE_CONFIG} ]
 then
  semanage -i ${SEMANAGE_CONFIG}
 else
  # Build semanage configuration and export it to file
  xargs -0 -r -n 1 -I {} semanage fcontext -a -t ${PUBLIC_HTML_SELINUX_TYPE} '{}(/.*)?' < ${PUBLIC_HTML_LIST}.0
  semanage -o ${SEMANAGE_CONFIG}
 fi
 restorecon -v -i -R -0 -f ${PUBLIC_HTML_LIST}.0 -o ${RESTORECON_ERROR_LOG} 2>&1 > ${RESTORECON_LOG}
 xargs -0 -r fixfiles -v -l ${FIXFILES_LOG} restore < ${PUBLIC_HTML_LIST}.0

 # Finally, enable the SELinux boolean for homedirs
 apachectl -M | grep userdir
 if [ $? -eq 0 ]
 then
  setsebool -P httpd_enable_homedirs true
  semodule --build
  # fixfiles restore
  # touch /.autorelabel
 else
  cat << EOF
 userdir_module not enabled in httpd

 Please enable it and run this program again or
 execute the following commands as root:

  # setsebool -P httpd_enable_homedirs true
  # semodule --build

 You might also want to set the proper labels
 via fixfiles or a full autorelabel

  # fixfiles restore
  # touch /.autorelabel

 EOF
 fi
	#!/bin/bash -v

	# = ^ . ^ =
	# https://gist.github.com/tonejito/696cdc3939728e54fa051196a4de845c

	HOME_PREFIX=/home
	HTTPD_VHOST_CONF=/etc/httpd/conf.d/zz-99-vhost.conf
	HTTPD_USER=apache
	PUBLIC_HTML_LIST=public_html.log
	PUBLIC_HTML_SELINUX_TYPE=httpd_user_content_t
	SEMANAGE_CONFIG=semanage.local
	RESTORECON_LOG=restorecon.log
	RESTORECON_ERROR_LOG=restorecon_incorrect.log
	FIXFILES_LOG=fixfiles.log

	# Clean up previous files
	for FILE in ${PUBLIC_HTML_LIST} ${PUBLIC_HTML_LIST}.0 ${RESTORECON_LOG} ${RESTORECON_ERROR_LOG} ${FIXFILES_LOG}
	do
	touch ${FILE}
	truncate --size 0 ${FILE}
	done

	# Find target directories on httpd config and on ~user/public_html
	# UID range taken from login.defs
	grep -i DocumentRoot ${HTTPD_VHOST_CONF} \| awk '{print $NF}' >> ${PUBLIC_HTML_LIST}.1
	getent passwd \| awk -F : '{if( $3>=500 && $3<=60000 ){print $6"/public_html"}}' >> ${PUBLIC_HTML_LIST}.1
	# find ${HOME_PREFIX} -type d -name public_html >> ${PUBLIC_HTML_LIST}.1

	# Clean list of target directories
	sed -e 's/\s+$//g' -e 's\|/$\|\|g' < ${PUBLIC_HTML_LIST}.1 \| sort -u \| uniq > ${PUBLIC_HTML_LIST}
	rm -v ${PUBLIC_HTML_LIST}.1
	tr '\n' '\0' < ${PUBLIC_HTML_LIST} > ${PUBLIC_HTML_LIST}.0

	# Adjust normal UNIX permissions
	xargs -0 -r chgrp -f -R ${HTTPD_USER} < ${PUBLIC_HTML_LIST}.0
	xargs -0 -r chmod -f -R ug+w,o-w < ${PUBLIC_HTML_LIST}.0

	# Set SELinux type and restore default context
	if [ -e ${SEMANAGE_CONFIG} ]
	then
	semanage -i ${SEMANAGE_CONFIG}
	else
	# Build semanage configuration and export it to file
	xargs -0 -r -n 1 -I {} semanage fcontext -a -t ${PUBLIC_HTML_SELINUX_TYPE} '{}(/.*)?' < ${PUBLIC_HTML_LIST}.0
	semanage -o ${SEMANAGE_CONFIG}
	fi
	restorecon -v -i -R -0 -f ${PUBLIC_HTML_LIST}.0 -o ${RESTORECON_ERROR_LOG} 2>&1 > ${RESTORECON_LOG}
	xargs -0 -r fixfiles -v -l ${FIXFILES_LOG} restore < ${PUBLIC_HTML_LIST}.0

	# Finally, enable the SELinux boolean for homedirs
	apachectl -M \| grep userdir
	if [ $? -eq 0 ]
	then
	setsebool -P httpd_enable_homedirs true
	semodule --build
	# fixfiles restore
	# touch /.autorelabel
	else
	cat << EOF
	userdir_module not enabled in httpd

	Please enable it and run this program again or
	execute the following commands as root:

	# setsebool -P httpd_enable_homedirs true
	# semodule --build

	You might also want to set the proper labels
	via fixfiles or a full autorelabel

	# fixfiles restore
	# touch /.autorelabel

	EOF
	fi