我今天写了一个bash脚本,它可能会破坏我的某些用户设置和/或权限。现在,我知道在我的实时系统上测试脚本是很愚蠢的;)。
什么不起作用?以root用户以外的其他用户身份运行的每个进程(后缀,ftp,dovecot等)。
编辑:在所有者和权限的情况下,文件夹结构是多种多样的。因此,看起来好像我没有在根目录级别上进行任何更改。我也无法以新添加的用户身份登录或运行某些操作(请参见下面的测试)。proftpd日志显示了我Unable to open password file /etc/passwd for reading: Permission denied
你的测试
Cannot execute /bin/bash: Permission denied
ls -l
drwxrwxr-x 23 root root 4096 Aug 15 15:26 /
drwxr-xr-x 90 root root 4096 Aug 15 16:38 etc
-rw-rw-r-- 1 root root 1971 Aug 15 16:25 /etc/passwd
-rw-r----- 1 root shadow 2151 Aug 15 16:25 /etc/shadow
drwxrwxr-x 2 root root 4096 Aug 15 16:38 bin
-rwxr-xr-x 1 root root 941252 Sep 25 2014 /bin/bash
剧本
#!/bin/bash
path="/var/www"
if [ $(id -u) -eq 0 ]; then
echo "Enter directory name"
read dirname
pathdir="$path/$dirname"
echo $pathdir
echo "File doesn't exist. Creating now"
mkdir $pathdir
mkdir $pathdir/conf
mkdir $pathdir/docs
mkdir $pathdir/logs
mkdir $pathdir/tmp
mkdir $pathdir/php-fcgi
echo "Folder structure created"
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -d $pathdir -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
adduser www-data $username
chown root:$user $pathdir
chmod 750 $pathdir
chown $username:$username $pathdir/*
chmod 750 $pathdir/*
confdir=$pathdir/conf
chmod 550 $confdir
cp ./php.ini $confdir
sed -i -e 's#;open_basedir =#open_basedir = '$pathdir'/docs/:'$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;upload_tmp_dir =#upload_tmp_dir = '$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;session.save_path =#session.save_path = '$pathdir'/tmp/#g' $confdir/php.ini
chown $username:$username $confdir/php.ini
chmod 440 $confdir/php.ini
generate php-fcgi-starter
cat > $pathdir/php-fcgi/php-fcgi-starter << EOF
#!/bin/sh
PHPRC="${confdir}/"
export PHPRC
export TMPDIR=${pathdir}/tmp
exec /usr/bin/php5-cgi
EOF
chmod 750 $pathdir/php-fcgi/php-fcgi-starter
chattr +i -V $pathdir/php-fcgi/php-fcgi-starter
generate apache vhost
echo "Domain:"
read domain
cat > /etc/apache2/sites-available/$domain << EOF
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName ${domain}
ServerAlias www.${domain}
SuexecUserGroup ${username} ${username}
AddHandler fcgid-script .php
DocumentRoot "${pathdir}/docs"
DirectoryIndex index.htm index.html index.php
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "${pathdir}/docs">
Options Indexes MultiViews FollowSymLinks +ExecCGI
FCGIWrapper ${pathdir}/php-fcgi/php-fcgi-starter .php
Order allow,deny
allow from all
</Directory>
LogLevel warn
CustomLog ${pathdir}/logs/access.log combined
ServerSignature On
</VirtualHost>
EOF
a2ensite $domain
echo "Ready"
else
echo "run as root"
exit 2
fi
Mea culpa,我在根目录级别更改了权限。大多数/ *目录位于750或-rwxr-x---
如果您遇到类似的错误,请检查
ls -ld /
ls -l /
这应该导致
drwxr-xr-x
为了
/
/home
/lib
/opt
/var
/mnt
/boot
恢复/中的权限标志
chmod 0755 /
chmod 0755 /*
chmod 0777 /tmp
我在这里得到了灵感:资料来源
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句