3 # fixes the cakelampvm permissions according to the way.
7 if [[ $EUID != 0 ]]; then
8 echo "This script must be run as root or sudo."
14 export WORKDIR="$( \cd "$(\dirname "$0")" && \pwd )" # obtain the script's working directory.
15 export FEISTY_MEOW_APEX="$( \cd "$WORKDIR/../.." && \pwd )"
18 source "$FEISTY_MEOW_APEX/scripts/core/launch_feisty_meow.sh"
19 source "$FEISTY_MEOW_SCRIPTS/system/common_sysadmin.sh"
23 # new requirement is to get the sql root password, since we need to do some sql db configuration.
24 echo -n "Please enter the MySQL root account password: "
26 if [ -z "$mysql_passwd" ]; then
27 echo "This script must have the sql root password to proceed."
33 echo "Regenerating feisty meow loading dock."
35 reconfigure_feisty_meow
36 test_or_die "feisty meow reconfiguration"
37 chown -R "$(logname)":"$(logname)" /home/$(logname)/.[a-zA-Z0-9]*
38 test_or_die "fix after reconfigured as sudo"
42 echo "Making some important permission changes..."
44 # fix up the main web storage.
45 chown -R www-data:www-data /var/www
46 test_or_die "chown www-data"
48 test_or_die "group_perm www-data"
52 # set up access on some important folders for the developer user.
53 chown -R developer:developer /home/developer /home/developer/.[a-zA-Z0-9]*
54 test_or_die "chown developer home"
55 harsh_perm /home/developer/.ssh
56 test_or_die "harsh_perm setting on developer .ssh"
57 chown -R developer:developer /etc/apache2 /etc/bind
58 test_or_die "chown apache2 and bind to developer"
59 group_perm /etc/apache2 /etc/bind
60 test_or_die "group perms on apache2 and bind"
64 # fix perms for fred user.
65 chown -R fred:fred /home/fred /home/archives/stuffing /home/fred/.[a-zA-Z0-9]*
66 test_or_die "chown fred home"
68 test_or_die "group perms on fred's apps"
69 harsh_perm /home/fred/.ssh
70 test_or_die "harsh_perm setting on fred .ssh"
71 chown -R fred:fred /opt/feistymeow.org
72 test_or_die "chown feisty meow to fred"
73 group_perm /opt/feistymeow.org
74 test_or_die "group perms on feisty meow"
75 group_perm /home/fred/apps/mapsdemo
76 test_or_die "group perms on mapsdemo app"
78 echo "Done with important permission changes."
82 # some slightly tricky bits start here. we want to massage the vm into the
83 # best possible shape without needing to re-release it.
87 echo "Updating developer welcome file."
89 # only update hello if they've still got the file there. we don't want to
90 # keep forcing our hellos at people.
91 if [ -f "$HOME/hello.txt" ]; then
92 # copy the most recent hello file into place for the user.
93 \cp -f "$FEISTY_MEOW_APEX/production/sites/cakelampvm.com/hello.txt" "$HOME"
94 test_or_continue "copying hello file for user"
99 # install a better editor app.
101 echo "The script is about to install the bluefish editor and some dependencies.
102 If the app is not already installed, then this process takes only about a
103 minute on a slower home DSL internet connection..."
105 apt-get install -y bluefish &> "/tmp/install_bluefish-$(logname).log"
106 test_or_continue "installing bluefish editor"
110 # deploy any site updates here to the VM's cakelampvm.com site.
112 # we want to upgrade the default apache site to the latest, since the new
113 # version mirrors the one on the internet (but with green checks instead
114 # of red X's) and since we also support https on the new default version.
115 # we can do this again later if needed, by upping the numbers on the apache
116 # site config files. our original site was 000 and the new version is 001,
117 # which we've done as a prefix on the config for some reason. makes the
118 # code below easy at least.
119 if [ -L /etc/apache2/sites-enabled/000-default.conf ]; then
120 # the old site is in place still, so let's update that.
121 echo "Updating default web sites to latest version."
124 test_or_die "enabling SSL for secure websites"
127 test_or_die "getting SSL loaded in apache"
129 a2dissite 000-default
130 test_or_die "disabling old apache site"
132 rm -f /etc/apache2/sites-available/000-default.conf
133 test_or_die "removing old apache site"
135 # copy in our new 000 version (which
136 cp $FEISTY_MEOW_APEX/production/sites/cakelampvm.com/rolling/default_page.001/* \
137 /etc/apache2/sites-available
138 test_or_die "installing new apache default sites"
140 # there should only be ours at this version level and with that prefix.
142 test_or_die "enabling new apache default sites"
149 # fix up the apache site so that HSTS is disabled. otherwise we can't view
150 # the https site for cakelampvm.com once the domain name switch has occurred.
152 # we operate only on our own specialized tls conf file. hopefully no one has messed with it besides revamp.
153 # note the use of the character class :blank: below to match spaces or tabs.
154 search_replace "^[[:blank:]]*Header always set Strict-Transport-Security.*" "# not good for cakelampvm.com -- Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains;\"" /etc/apache2/conf-library/tls-enabling.conf
155 if [ $? -ne 0 ]; then
156 echo the apache tls-enabling.conf file seems to have already been patched to disable strict transport security. good.
159 echo successfully patched the apache tls-enabling.conf file to disable strict transport security. awesome.
164 # fix up bind so that we think of any address with cakelampvm.com on the end
165 # as being on the vm. this is already true for some specific sites, but we
166 # want the wildcard enabled to ease the use of DNS for windows folks.
168 grep -q "\*[[:blank:]]*IN A[[:blank:]]*10.28.42.20" /etc/bind/cakelampvm.com.conf
169 if [ $? -eq 0 ]; then
171 echo the bind settings for wildcard domains off of cakelampvm.com seems to already be present. good deal.
174 ; our bind magic, a wildcard domain, for all other sites with cakelampvm.com
175 ; in the domain. this forces any other sites besides the ones above to route
176 ; to the actual vm IP address, which currently is singular and very fixated.
178 IN HINFO "linux vm" "ubuntu"
179 " >> /etc/bind/cakelampvm.com.conf
181 echo "successfully added wildcard domains to the cakelampvm.com bind configuration, so we're still on track for greatness."
186 # fix samba configuration for (ass-headed) default of read-only in user homes.
187 # why add a necessary feature if you're just going to cripple it by default?
189 pattern="[#;][[:blank:]]*read only = yes"
190 replacement="read only = no"
192 # first see if we've already done this.
193 # if we find any occurrence of the replacement, we assume we already did it.
194 # ** we're assuming a lot about the structure of the samba config file!
195 grep -q "$replacement" /etc/samba/smb.confÂ
196 if [ $? -ne 0 ]; then
197 echo "the samba configuration has already been fixed for user homes, s'cool."
199 # so not there yet; we need to make the replacement.
200 sed -i "0,/$pattern/{s/$pattern/$replacement/}" /etc/samba/smb.conf
201 test_or_die "patching samba configuration to enable write acccess on user home dirs"
202 # sweet, looks like that worked...
204 echo successfully patched the samba configuration to enable writes on user home directories. way cool.
209 # set up some crucial users in the mysql db that we seem to have missed previously.
211 mysql -u root -p "$mysql_passwd" <<EOF
212 create user 'root'@'%' IDENTIFIED BY '$mysql_passwd';
213 grant all privileges on *.* TO 'root'@'%' with grant option;
215 create user 'wampcake'@'%' IDENTIFIED BY 'bakecamp';
216 grant all privileges on *.* TO 'wampcake'@'%' with grant option;
218 create user 'lampcake'@'%' IDENTIFIED BY 'bakecamp';
219 grant all privileges on *.* TO 'lampcake'@'%' with grant option;
222 test_or_die "configuring root, wampcake and lampcake users on mysql"
227 # sequel--tell them they're great and show the hello again also.
234 test_or_die "regenerating feisty meow scripts"
235 chown -R "$(logname)":"$(logname)" /home/$(logname)/.[a-zA-Z0-9]*
236 test_or_die "fix after regenerate as sudo"
240 Thanks for revamping your cakelampvm. :-)