Yes, you can do so with the following simple Python script. Simply copy it into a file named regenerate_permissions.py in your home directory, and then run it as:
| python regenerate_permissions.py
|
And here is the script:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32 | #!/usr/bin/env python
VERBOSE = True # Print commands being run ("True") or print only errors ("False")
PERFORM_COMMANDS = False # Actually perform commands ("True") or just simulate ("False")
import os
primary_user = os.getenv("USER")
home_dir = os.getenv("HOME")
users_and_apps = (
('user1',['app1','app2','app3']), # Secondary user named "user1" should have access to apps "app1", "app2", and "app3"
('user2',['app3','app4']), # Secondary user named "user2" should have access to apps "app3" and "app4"
('user3',['app5','app6','app7']), # Secondary user named "user3" should have access to apps "app5", "app6", and "app7"
)
def do_cmd(cmd):
if VERBOSE:
print cmd
if PERFORM_COMMANDS:
os.system(cmd)
do_cmd("setfacl -R -b %s/webapps" % home_dir) # Clear all ACL permissions first
for (user, apps) in users_and_apps:
do_cmd("setfacl -m u:%s:--x %s" % (user, home_dir)) # Give secondary user --x access to $HOME
do_cmd("setfacl -m u:%s:--- %s/webapps/*" % (user, home_dir)) # Remove access for secondary user from all apps
for app in apps:
do_cmd("setfacl -R -m u:%s:rwx %s/webapps/%s" % (user, home_dir, app)) # Give secondary user access to this app
do_cmd("setfacl -R -m d:u:%s:rwx %s/webapps/%s" % (user, home_dir, app)) # Give secondary user access to new files created in this app
do_cmd("chmod g+s %s/webapps/%s" % (home_dir, app)) # Cause binaries executed in this app to run as the primary user
do_cmd("setfacl -R -m d:u:%s:rwx %s/webapps/%s" % (primary_user, home_dir, app)) # Give primary user acccess to new files created in this app
|
Hope that helps!
Be sure to set PERFORM_COMMANDS = True after testing the output so that the commands are actually run instead of merely printed to the screen.
Note: This won't help you if you actually have directories and files owned by users besides your primary user, and then you try to change the permissions on those files to be something different than they were. In that case, the only option is to open a support ticket and ask us to chown all of your webapps to your primary user. That's no problem.
This shouldn't typically be an issue - it's only needed when you're trying to change permissions on a directory which is owned by another user. Typically, you're just adding new users or adding new applications for an existing user, and not making changes to an existing application.
Disclaimer: this script comes with no warranty, so read and understand it before using it.
answered
Jun 15 '12 at 04:37
ryans ♦♦
2841●1●4●20
