diff --git a/templates/drupal-fix-permissions.sh.erb b/templates/drupal-fix-permissions.sh.erb index 951cad2..fb3a055 100644 --- a/templates/drupal-fix-permissions.sh.erb +++ b/templates/drupal-fix-permissions.sh.erb @@ -75,7 +75,9 @@ if [ -z "${drupal_user}" ] || [[ $(id -un "${drupal_user}" 2> /dev/null) != "${d fi printf "Checking Drupal version at "${drupal_path}"... "; -dversion=$(drush core-status --format=json --root=${drupal_path} | jq '."drupal-version"' --raw-output | awk -F. '{print $1}') +dstatus=$(drush core-status --format=json --root=${drupal_path}) +dversion=$(echo $dstatus | jq '."drupal-version"' --raw-output | awk -F. '{print $1}') +private_files_path=$(echo $dstatus | jq '."private"' --raw-output) printf "Detected: " # Check which version we have. @@ -95,7 +97,7 @@ cd $drupal_path # Composer vendor. if [ -d "${drupal_path}/../vendor" ]; then # Since there's a parent folder, revoke other's privileges. - printf "Revoking 'other' user access to parent directory "${drupal_path}/.." \n" && \ + printf "Revoking other user access to parent directory "${drupal_path}/.." \n" && \ chmod -R o-rwx ${drupal_path}/.. & # Set the right permissions. printf "Grant access to apache to parent folder "${drupal_path}/.." \n" && \ @@ -104,13 +106,13 @@ if [ -d "${drupal_path}/../vendor" ]; then chmod u=rwx,g=rx,o= ${drupal_path}/.. chmod u=rwx,g=rx,o= ${drupal_path}/../* - printf "Changing ownership of "vendor" directories in "${drupal_path}/../vendor" \n" && \ + printf "Changing ownership of vendor directories in "${drupal_path}/../vendor" \n" && \ chown -R ${drupal_user}:${httpd_group} ${drupal_path}/../vendor find ${drupal_path}/../vendor -type d ! -name . -exec chmod g=rx '{}' + chmod g=rx ${drupal_path}/../vendor if [ -d "${drupal_path}/../vendor/bin" ]; then - printf "Changing permissions of "vendor/bin" directories in "${drupal_path}/../vendor/bin" to "u+x"...\n" && \ + printf "Changing permissions of vendor/bin directories in "${drupal_path}/../vendor/bin" to "u+x"...\n" && \ chmod -R u+x ${drupal_path}/../bin & fi @@ -118,7 +120,7 @@ fi # Bin directories. if [ -d "${drupal_path}/../bin" ]; then - printf "Changing permissions of "bin" directories in "${drupal_path}/../bin" to "u+x"...\n" && \ + printf "Changing permissions of bin directories in "${drupal_path}/../bin" to "u+x"...\n" && \ chmod -R u+x ${drupal_path}/../bin & # Set the right permissions. printf "Grant access to apache to parent folder "${drupal_path}/.." \n" && \ @@ -129,7 +131,7 @@ fi # Composer.json file. if [ -f "${drupal_path}/../composer.json" ]; then - printf "Changing permissions of "composer.json" in "${drupal_path}/../" to "rw-r-----"...\n" && \ + printf "Changing permissions of composer.json in "${drupal_path}/../" to "rw-r-----"...\n" && \ chmod 640 ${drupal_path}/../composer.json chown ${drupal_user}:${httpd_group} ${drupal_path}/../composer.json # Set the right permissions. @@ -145,7 +147,7 @@ fi # Load environment file. if [ -f "${drupal_path}/../load.environment.php" ]; then - printf "Changing permissions of "load.environment.php" in "${drupal_path}/../" to "rw-r-----"...\n" && \ + printf "Changing permissions of load.environment.php in "${drupal_path}/../" to "rw-r-----"...\n" && \ chmod 640 ${drupal_path}/../load.environment.php chown ${drupal_user}:${httpd_group} ${drupal_path}/../load.environment.php # Set the right permissions. @@ -224,21 +226,39 @@ printf "Changing permissions of all directories inside "${drupal_path}" to "rwxr find . -type d -not -path "./sites/*/files" ! -name . -exec chmod u=rwx,g=rx,o= '{}' + chmod u=rwx,g=rx,o= $drupal_path -printf "Changing permissions of "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n" +printf "Changing permissions of files directories in "${drupal_path}/sites" to "rwxrwx---"...\n" cd sites # Todo: Ask drush where the files are and set the perms there. -printf "Changing permissions of all files inside all "files" directories in "${drupal_path}/sites" to "rw-rw----"...\n" && \ -printf "Changing permissions of all directories inside all "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n" && \ +printf "Changing permissions of all files inside all files directories in "${drupal_path}/sites" to "rw-rw----"...\n" && \ +printf "Changing permissions of all directories inside all files directories in "${drupal_path}/sites" to "rwxrwx---"...\n" && \ for x in ./*/files; do find ${x} -type d -exec chmod ug=rwx,o= '{}' + # Don't need to set non-directory perms as they're already set above. done + +# Set permissions on private files path. +# Ask drush where the files directories are. +cd $drupal_path +if [ "$private_files_path" ] && [ -d "$private_files_path" ] && [[ "$private_files_path" == /var/www/* ]]; then + chown -R ${drupal_user}:${httpd_group} ${private_files_path} & + printf "Changing permissions of all files inside private files directory ${private_files_path} to rw-rw----...\n" && \ + printf "Changing permissions of private files directory and all directories inside ${private_files_path} to rwxrwx---...\n" && \ + chmod u=rwx,g=rwx,o= ${private_files_path} + find ${private_files_path} -type d -exec chmod u=rwx,g=rwx,o= '{}' + + find ${private_files_path} -not -type d -exec chmod u=rw,g=rw,o= '{}' + + # Restore SELinux modes for private files directory. + command_exists restorecon && \ + printf "Restoring SeLinux file contexts for ${private_files_path}, please wait...\n" && \ + restorecon -RF ${private_files_path} & +fi + + # Check permissions for supporting directories. if [ "$dversion" -eq 7 ] && [ -d "${drupal_path}/sites/all/vendor/bin" ]; then - printf "Changing permissions of "vendor/bin" directories in "${drupal_path}/sites/all/vendor/bin" to "u+x"...\n" && \ + printf "Changing permissions of vendor/bin directories in "${drupal_path}/sites/all/vendor/bin" to "u+x"...\n" && \ chmod -R u+x ${drupal_path}/sites/all/vendor/bin & fi