--- loncom/Attic/lcuseradd 2005/01/26 12:13:58 1.34 +++ loncom/Attic/lcuseradd 2005/01/27 11:52:46 1.35 @@ -6,7 +6,7 @@ # with adding a user with filesystem privileges (e.g. author) # # -# $Id: lcuseradd,v 1.34 2005/01/26 12:13:58 foxr Exp $ +# $Id: lcuseradd,v 1.35 2005/01/27 11:52:46 foxr Exp $ ### ############################################################################### @@ -32,6 +32,8 @@ ############################################################################### use strict; +use File::Find; + # ------------------------------------------------------- Description of script # @@ -300,7 +302,6 @@ if ($?) { system('/bin/chmod','-R','0660',"/home/$safeusername"); system('/bin/chmod','0710',"/home/$safeusername"); mkdir "/home/$safeusername/public_html",0755; -system('/bin/chmod','02770',"/home/$safeusername/public_html"); open OUT,">/home/$safeusername/public_html/index.html"; print OUT< @@ -314,13 +315,14 @@ print OUT< END close OUT; -system('/bin/chmod','0660', "/home/$safeusername/public_html/index.html"); + # # In order to allow the loncapa daemons appropriate access # to public_html, Top level and public_html directories should # be owned by safeusername:safeusername as should the smaple index.html.. print "lcuseradd ownership\n" unless $noprint; system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything. +&set_public_html_permissions("/home/$safeusername/public_html"); # system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level... # system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir. # ---------------------------------------------------- Gracefull Apache Restart @@ -329,7 +331,8 @@ if (-e '/var/run/httpd.pid') { open(PID,'/var/run/httpd.pid'); my $pid=; close(PID); - my ($safepid)= $pid=~ /(\D+)/; + my $pid=~ /(\D+)/; + my $safepid = $1; if ($pid) { system('kill','-USR1',"$safepid"); } @@ -396,6 +399,53 @@ sub try_to_lock { close LOCK; return 1; } +# Called by File::Find::find for each file examined. +# +# Untaint the file and, if it is a directory, +# chmod it to 02770 +# +sub set_permission { + $File::Find::name =~ /^(.*)$/; + my $safe_name = $1; # Untainted filename... + + print "$safe_name" unless $noprint; + if(-d $safe_name) { + print " - directory" unless $noprint; + chmod(02770, $safe_name); + } + print "\n" unless $noprint; + +} +# +# Set up the correct permissions for all files in the +# user's public htmldir. We just do a chmod -R 0660 ... for +# the ordinary files. The we use File::Find +# to pop through the directory tree changing directories only +# to 02770: +# +sub set_public_html_permissions { + my ($topdir) = @_; + + # Set the top level dir permissions (I'm not sure if find + # will enumerate it specifically), correctly and all + # files and dirs to the 'ordinary' file permissions: + + system("chmod -R 0660 $topdir"); + chmod(02770, $topdir); + + # Now use find to locate all directories under $topdir + # and set their modes to 02770... + # + print "Find file\n " unless $noprint; + File::Find::find({"untaint" => 1, + "untaint_pattern" => qr(/^(.*)$/), + "untaint_skip" => 1, + "no_chdir" => 1, + "wanted" => \&set_permission }, "$topdir"); + + +} + #-------------------------- Exit... # # Write the file if the error_file is defined. Regardless