From a95d773413c7ad550c1c310f02e182347fc3a1c6 Mon Sep 17 00:00:00 2001 From: Chris Koeritz Date: Fri, 18 May 2018 17:33:43 -0400 Subject: [PATCH] nice changes for customization system allows scripts to be in top level of custom scripts folder now. also permission fixer script made official and used in different versions of user repermissioning. --- scripts/core/generate_aliases.pl | 10 +-- scripts/customize/developer/redeveloper.sh | 68 ---------------- .../developer/scripts/redeveloper.sh | 20 +++++ scripts/customize/fred/refred.sh | 68 ---------------- scripts/customize/fred/scripts/refred.sh | 20 +++++ scripts/customize/how_to_customize.txt | 39 ++++++--- scripts/security/cool_permissionator.sh | 79 +++++++++++++++++++ .../site_avenger/revamp_cakelampvm_v003.sh | 6 +- scripts/site_avenger/shared_site_mgr.sh | 4 +- 9 files changed, 160 insertions(+), 154 deletions(-) delete mode 100644 scripts/customize/developer/redeveloper.sh create mode 100644 scripts/customize/developer/scripts/redeveloper.sh delete mode 100644 scripts/customize/fred/refred.sh create mode 100644 scripts/customize/fred/scripts/refred.sh create mode 100644 scripts/security/cool_permissionator.sh diff --git a/scripts/core/generate_aliases.pl b/scripts/core/generate_aliases.pl index a9b77747..6521601c 100644 --- a/scripts/core/generate_aliases.pl +++ b/scripts/core/generate_aliases.pl @@ -86,18 +86,19 @@ sub rebuild_script_aliases { @ALIAS_DEFINITION_FILES = ("$FEISTY_MEOW_SCRIPTS/core/common.alias"); # if custom aliases files exist, add them to the list. +#hmmm: would be nice to have this name in a symbol somewhere instead of having "custom" or "customize" everywhere. foreach $i (&glob_list("$FEISTY_MEOW_LOADING_DOCK/custom/*.alias")) { if (-f $i) { push(@ALIAS_DEFINITION_FILES, $i); } } if (length($DEBUG_FEISTY_MEOW)) { print "using these alias files:\n"; -print "HEY IS THIS PROBLEM CHILD?\n"; +#print "HEY IS THIS PROBLEM CHILD?\n"; foreach $i (@ALIAS_DEFINITION_FILES) { local $base_of_dir = &basename(&dirname($i)); local $basename = &basename($i); print " $base_of_dir/$basename\n"; } -print "WAS PROBLEM CHILD ABOVE HERE?\n"; +#print "WAS PROBLEM CHILD ABOVE HERE?\n"; } # write the aliases for sh and bash scripts. @@ -194,6 +195,7 @@ open(she, ">> $FEISTY_MEOW_LOADING_DOCK/fmc_aliases_for_scripts.sh"); # find the list of files in the scripts directory. @shell_files = (find_files(recursive_find_directories("$FEISTY_MEOW_SCRIPTS")), + find_files("$FEISTY_MEOW_LOADING_DOCK/custom/scripts"), find_files(recursive_find_directories("$FEISTY_MEOW_LOADING_DOCK/custom/scripts"))); # strip out the customization files, since they are added in on demand only. @@ -215,11 +217,9 @@ foreach $file (@shell_files) { || $file =~ /\/\.\.$/ || $file =~ /\/\.svn$/ || $file =~ /\/\.git$/ - || $file =~ /\/custom\/[a-zA-Z0-9_]+\/[a-zA-Z0-9_.]+$/ -#hmmm: would be nice to have this name in a symbol somewhere instead of having "customize" everywhere. ) { # just skip this item; it's a special directory or a file we don't want to include. -# print "skipping name: $file\n"; + print "skipping name: $file\n"; } else { &make_alias($file, ""); } diff --git a/scripts/customize/developer/redeveloper.sh b/scripts/customize/developer/redeveloper.sh deleted file mode 100644 index 3a32fa46..00000000 --- a/scripts/customize/developer/redeveloper.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -#source "$FEISTY_MEOW_SCRIPTS/core/launch_feisty_meow.sh" - -# cleans up the ownership for all my files and dirs. -function redeveloper() -{ - # first build a list of dirs based on their location in /home/archives. - local arch_builder="archons basement codebarn games imaginations musix pooling prewar_toaster stuffing toaster walrus" - local ARCHIVE_HOME=/home/archives - local dirname - local arch_addin - for dirname in $arch_builder; do - arch_addin+="$ARCHIVE_HOME/$dirname " - done -#echo arch addin now is: $arch_addin - - # special case that makes our software hierarchy folder, if it doesn't exist. - # everything else is only re-permed if it exists. - if [ ! -d "$DEFAULT_FEISTYMEOW_ORG_DIR" ]; then - sudo mkdir "$DEFAULT_FEISTYMEOW_ORG_DIR" - test_or_die "making directory: $DEFAULT_FEISTYMEOW_ORG_DIR" - fi - - # iterate across the list of dirs we want developer to own and change their ownership. - for dirname in /home/developer $DEFAULT_FEISTYMEOW_ORG_DIR /usr/local/developer /home/games $arch_addin; do - if [ -d "$dirname" ]; then - echo "redeveloper on '$dirname'" - sudo chown -R developer:developer "$dirname" - test_or_die "chowning for developer: $dirname" - fi - done - - # special case for archives directory. - if [ -d /z/stuffing -o -L /z/stuffing ]; then - sudo chown developer:developer /z - test_or_die "chowning /z for developer" - sudo chmod g+rx,o+rx /z - test_or_die "chmodding /z/ for developer" - sudo chown developer:developer /z/stuffing - test_or_die "chowning /z/stuffing for developer" - sudo chmod g+rx,o-rwx /z/stuffing - test_or_die "chmodding /z/stuffing for developer" - pushd /z/stuffing &>/dev/null - if [ -d archives -o -L archives ]; then - sudo chown developer:developer archives - test_or_die "chowning /z/stuffing/archives for developer" - sudo chmod -R g+rwx archives - test_or_die "chmodding /z/stuffing/archives for developer" - fi - popd &>/dev/null - fi - - # make the logs readable by normal humans. - sudo bash $FEISTY_MEOW_SCRIPTS/security/normal_perm.sh /var/log - test_or_die "setting normal perms on /var/log" -} - -# this block should execute when the script is actually run, rather -# than when it's just being sourced. -if [[ $0 =~ .*redeveloper\.sh.* ]]; then - THISDIR="$( \cd "$(\dirname "$0")" && /bin/pwd )" - source "$THISDIR/../../core/launch_feisty_meow.sh" - test_or_die "sourcing the feisty meow launcher" - redeveloper - test_or_die "redeveloperding process" -fi - diff --git a/scripts/customize/developer/scripts/redeveloper.sh b/scripts/customize/developer/scripts/redeveloper.sh new file mode 100644 index 00000000..eeb0fbcb --- /dev/null +++ b/scripts/customize/developer/scripts/redeveloper.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +function do_redeveloper() +{ + reapply_cool_permissions developer + + # anything else specific to developer? +} + +# this block should execute when the script is actually run, rather +# than when it's just being sourced. +if [[ $0 =~ .*redeveloper\.sh.* ]]; then + source "$FEISTY_MEOW_SCRIPTS/core/launch_feisty_meow.sh" + test_or_die "sourcing the feisty meow environment" + source "$FEISTY_MEOW_SCRIPTS/security/cool_permissionator.sh" + test_or_die "sourcing the permission script" + do_redeveloper + test_or_die "redevelopering process" +fi + diff --git a/scripts/customize/fred/refred.sh b/scripts/customize/fred/refred.sh deleted file mode 100644 index c99b2d11..00000000 --- a/scripts/customize/fred/refred.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -#source "$FEISTY_MEOW_SCRIPTS/core/launch_feisty_meow.sh" - -# cleans up the ownership for all my files and dirs. -function refred() -{ - # first build a list of dirs based on their location in /home/archives. - local arch_builder="archons basement codebarn games imaginations musix pooling prewar_toaster stuffing toaster walrus" - local ARCHIVE_HOME=/home/archives - local dirname - local arch_addin - for dirname in $arch_builder; do - arch_addin+="$ARCHIVE_HOME/$dirname " - done -#echo arch addin now is: $arch_addin - - # special case that makes our software hierarchy folder, if it doesn't exist. - # everything else is only re-permed if it exists. - if [ ! -d "$DEFAULT_FEISTYMEOW_ORG_DIR" ]; then - sudo mkdir "$DEFAULT_FEISTYMEOW_ORG_DIR" - test_or_die "making directory: $DEFAULT_FEISTYMEOW_ORG_DIR" - fi - - # iterate across the list of dirs we want fred to own and change their ownership. - for dirname in /home/fred $DEFAULT_FEISTYMEOW_ORG_DIR /usr/local/fred /home/games $arch_addin; do - if [ -d "$dirname" ]; then - echo "refred on '$dirname'" - sudo chown -R fred:fred "$dirname" - test_or_die "chowning for fred: $dirname" - fi - done - - # special case for archives directory. - if [ -d /z/stuffing -o -L /z/stuffing ]; then - sudo chown fred:fred /z - test_or_die "chowning /z for fred" - sudo chmod g+rx,o+rx /z - test_or_die "chmodding /z/ for fred" - sudo chown fred:fred /z/stuffing - test_or_die "chowning /z/stuffing for fred" - sudo chmod g+rx,o-rwx /z/stuffing - test_or_die "chmodding /z/stuffing for fred" - pushd /z/stuffing &>/dev/null - if [ -d archives -o -L archives ]; then - sudo chown fred:fred archives - test_or_die "chowning /z/stuffing/archives for fred" - sudo chmod -R g+rwx archives - test_or_die "chmodding /z/stuffing/archives for fred" - fi - popd &>/dev/null - fi - - # make the logs readable by normal humans. - sudo bash $FEISTY_MEOW_SCRIPTS/security/normal_perm.sh /var/log - test_or_die "setting normal perms on /var/log" -} - -# this block should execute when the script is actually run, rather -# than when it's just being sourced. -if [[ $0 =~ .*refred\.sh.* ]]; then - THISDIR="$( \cd "$(\dirname "$0")" && /bin/pwd )" - source "$THISDIR/../../core/launch_feisty_meow.sh" - test_or_die "sourcing the feisty meow launcher" - refred - test_or_die "refredding process" -fi - diff --git a/scripts/customize/fred/scripts/refred.sh b/scripts/customize/fred/scripts/refred.sh new file mode 100644 index 00000000..a026b4c6 --- /dev/null +++ b/scripts/customize/fred/scripts/refred.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +function do_refred() +{ + reapply_cool_permissions fred + + # anything else specific to fred? +} + +# this block should execute when the script is actually run, rather +# than when it's just being sourced. +if [[ $0 =~ .*refred\.sh.* ]]; then + source "$FEISTY_MEOW_SCRIPTS/core/launch_feisty_meow.sh" + test_or_die "sourcing the feisty meow environment" + source "$FEISTY_MEOW_SCRIPTS/security/cool_permissionator.sh" + test_or_die "sourcing the permission script" + do_refred + test_or_die "refredding process" +fi + diff --git a/scripts/customize/how_to_customize.txt b/scripts/customize/how_to_customize.txt index be796df1..f6ddb3d2 100644 --- a/scripts/customize/how_to_customize.txt +++ b/scripts/customize/how_to_customize.txt @@ -1,16 +1,37 @@ -this folder has some examples of how various people (or one person right now) -do their custom scripts. +customizations are cool +======================= -the folder can have alias files (ending in .alias) that are written in bash, -and it can also have shell scripts that are sourced into the main-line of -script initialization (any files ending in .sh). +this folder has some examples of customizations that override the default +feisty meow environment. -when you have some custom scripts you want to use, copy them from your own -folder to the $FEISTY_MEOW_LOADING_DOCK/custom directory. +user customization folder organization +====================================== +the user's optional custom folder is located at: +echo $FEISTY_MEOW_SCRIPTS/customize/$(logname) -(needs to talk about the scripts directory which is handled specially. -are there any keyword matched filenames with special functions?) +the top-level of the customization folder can store: + ++ alias files (ending in .alias) that are written in bash; these are added + into the feisty meow environment as additional aliases. + ++ sourceable bash scripts (ending in our bash extension of '.sh'); these + will be pulled into the main-line of the script initialization process + using the bash 'source' command. these scripts can change or add any + environment variables and aliases as needed, so be careful writing them. + +custom script aliases +===================== + +there is also a facility for adding aliases automatically for any custom +scripts that have been developed by the user. these join the other aliases +provided by the feisty meow environment. + +store any custom scripts in the folder: +$FEISTY_MEOW_SCRIPTS/customize/$(logname)/scripts + +any scripts in that folder (or in a directory under that folder) will +automatically be turned into aliases. diff --git a/scripts/security/cool_permissionator.sh b/scripts/security/cool_permissionator.sh new file mode 100644 index 00000000..340e2242 --- /dev/null +++ b/scripts/security/cool_permissionator.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# a library file for redoing file ownership and permissions as we feel is +# appropriate. this approach is a little bit specific to our way of doing +# things, but it does handle a lot of important fixes everyone would want, +# like making ~/.ssh really secure. + +# cleans up the ownership and permissions for all of the important files and dirs. +function reapply_cool_permissions() +{ + local cooluser="$1"; shift + + # first build a list of dirs based on their location in /home/archives. + local arch_builder="archons basement codebarn games imaginations musix pooling prewar_toaster stuffing toaster walrus" + local ARCHIVE_HOME=/home/archives + local dirname + local arch_addin + for dirname in $arch_builder; do + arch_addin+="$ARCHIVE_HOME/$dirname " + done +#echo arch addin now is: $arch_addin + + # special case that makes our software hierarchy folder, if it doesn't exist. + # everything else is only re-permed if it exists. + if [ ! -d "$DEFAULT_FEISTYMEOW_ORG_DIR" ]; then + sudo mkdir "$DEFAULT_FEISTYMEOW_ORG_DIR" + test_or_die "making directory: $DEFAULT_FEISTYMEOW_ORG_DIR" + fi + + # fix some permissions for important security considerations. + harsh_perm $HOME/.ssh + +#hmmm: consider adding feisty meow apex to the list below. + # iterate across the list of dirs we want cooluser to own and change their ownership. + for dirname in $HOME $DEFAULT_FEISTYMEOW_ORG_DIR /usr/local/${cooluser} /home/games $arch_addin; do + if [ -d "$dirname" ]; then + echo "revising ownership on '$dirname'" + sudo chown -R ${cooluser}:${cooluser} "$dirname" + test_or_die "chowning for ${cooluser}: $dirname" + fi + done + + # special case for archives directory. + if [ -d /z/stuffing -o -L /z/stuffing ]; then + sudo chown ${cooluser}:${cooluser} /z + test_or_die "chowning /z for ${cooluser}" + sudo chmod g+rx,o+rx /z + test_or_die "chmodding /z/ for ${cooluser}" + sudo chown ${cooluser}:${cooluser} /z/stuffing + test_or_die "chowning /z/stuffing for ${cooluser}" + sudo chmod g+rx,o-rwx /z/stuffing + test_or_die "chmodding /z/stuffing for ${cooluser}" + pushd /z/stuffing &>/dev/null + if [ -d archives -o -L archives ]; then + sudo chown ${cooluser}:${cooluser} archives + test_or_die "chowning /z/stuffing/archives for ${cooluser}" + sudo chmod -R g+rwx archives + test_or_die "chmodding /z/stuffing/archives for ${cooluser}" + fi + popd &>/dev/null + fi + + # make the logs readable by normal humans. + sudo bash $FEISTY_MEOW_SCRIPTS/security/normal_perm.sh /var/log + test_or_die "setting normal perms on /var/log" +} + +# this block should execute when the script is actually run, rather +# than when it's just being sourced. + +# this runs the cool permission applier on the current user. +if [[ $0 =~ .*reapply_cool_permissions\.sh.* ]]; then + THISDIR="$( \cd "$(\dirname "$0")" && /bin/pwd )" + source "$THISDIR/../core/launch_feisty_meow.sh" + test_or_die "sourcing the feisty meow launcher" + reapply_cool_permissions $(logname) + test_or_die "reapplying cool permissions on $(logname)" +fi + diff --git a/scripts/site_avenger/revamp_cakelampvm_v003.sh b/scripts/site_avenger/revamp_cakelampvm_v003.sh index 23ac11dd..771f81e2 100644 --- a/scripts/site_avenger/revamp_cakelampvm_v003.sh +++ b/scripts/site_avenger/revamp_cakelampvm_v003.sh @@ -86,8 +86,10 @@ test_or_die "group_perm www-data" ############## # set up access on some important folders for the developer user. -chown -R developer:developer /home/developer /home/developer/.[a-zA-Z0-9]* -test_or_die "chown developer home" +redeveloper +test_or_die "running redeveloper to fix ownership" +#chown -R developer:developer /home/developer /home/developer/.[a-zA-Z0-9]* +#test_or_die "chown developer home" harsh_perm /home/developer/.ssh test_or_die "harsh_perm setting on developer .ssh" chown -R developer:developer /etc/apache2 /etc/bind diff --git a/scripts/site_avenger/shared_site_mgr.sh b/scripts/site_avenger/shared_site_mgr.sh index a6803b21..b0ce7d6d 100644 --- a/scripts/site_avenger/shared_site_mgr.sh +++ b/scripts/site_avenger/shared_site_mgr.sh @@ -410,7 +410,7 @@ function switch_to() # where we expect to find our checkout folder underneath. full_app_dir="$BASE_APPLICATION_PATH/$app_dirname" - cd $full_app_dir/$CHECKOUT_DIR_NAME - pwd + pushd $full_app_dir/$CHECKOUT_DIR_NAME +#redundant if pushd pwd } -- 2.34.1