From 8685d995047ac282f422c2074e8effe6e020b119 Mon Sep 17 00:00:00 2001 From: David Schmitz Date: Tue, 4 Jul 2023 13:01:19 +0000 Subject: [PATCH] install-centos.sh --- install-centos.sh | 58 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/install-centos.sh b/install-centos.sh index 5700c392..ce3922f1 100755 --- a/install-centos.sh +++ b/install-centos.sh @@ -52,6 +52,7 @@ fod_dir="/srv/flowspy" venv_dir="/srv/venv" FOD_SYSUSER="fod" +FOD_SYSGROUP="fod" inside_docker=0 @@ -118,7 +119,7 @@ ifc_setup__wait_for_ifc__in_runfod=0 # -findfix_file_permissions=0 +findfix_file_permissions=1 ############################################################################## ############################################################################## @@ -148,6 +149,32 @@ function debug_python_deps() [ -z "$exit_code" ] || exit "$exit_code" } +function fix_permission_in_dir() +{ + user="$1" # user for test accessing + shift 1 + group="$1" # used in fixing with chgrp + chmod +rx for dirs +r for other files + shift 1 + dir="$1" + shift 1 + + echo "fix_permission_in_dir on dir '$dir'" 1>&2 + + set -- + + (set +e + + export MYUSER2="$user" + export MYGROUP2="$group" + + find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 \( -type d -not -readable -not -executable \) -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+rx "$@";' -- + #find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' -- + find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -type f -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' -- + + true + ) +} + ## ############################################################################## ############################################################################## @@ -256,6 +283,9 @@ while [ $# -gt 0 ]; do elif [ $# -ge 1 -a "$1" = "--no_systemd" ]; then shift 1 install_systemd_services=0 + elif [ $# -ge 1 -a "$1" = "--fix_permissions" ]; then + shift 1 + findfix_file_permissions=1 elif [ $# -ge 1 -a "$1" = "--db_schema_migrate__fake_initial" ]; then shift 1 db_schema_migrate__fake_initial=1 @@ -475,10 +505,13 @@ if [ "$install_fodproper" = 0 -a "$install_basesw_python" = 1 ]; then if [ "$findfix_file_permissions" = 0 ]; then echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2 + id "$FOD_SYSUSER" &>/dev/null || useradd -m "$FOD_SYSUSER" mkdir -p "$venv_dir" #find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true - find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" || true - chown "$FOD_SYSUSER:$FOD_SYSUSER" "$venv_dir" + #find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" || true + fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/" + + chown "$FOD_SYSUSER:$FOD_SYSGROUP" "$venv_dir" chmod og+rxs "$venv_dir" fi @@ -554,7 +587,9 @@ if [ "$install_fodproper" = 1 ]; then echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2 mkdir -p "$venv_dir" #find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true - find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" + #find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" + fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/" + chown "$FOD_SYSUSER:$FOD_SYSUSER" "$venv_dir" chmod og+rxs "$venv_dir" fi @@ -613,7 +648,8 @@ if [ "$install_fodproper" = 1 ]; then if [ "$findfix_file_permissions" = 1 ]; then echo "$0: step 2.1a: fixing permissions" 1>&2 - find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true + #find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true + fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/" fi ### @@ -715,14 +751,15 @@ if [ "$install_fodproper" = 1 ]; then cd "$fod_dir" - if type -p sudo 2>/dev/null; then + if false && type -p sudo 2>/dev/null; then sudo --preserve-env=LD_LIBRARY_PATH,PATH -E -u "$FOD_SYSUSER" ./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1 else ./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1 fi #find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -exec chown "$FOD_SYSUSER:" {} \; || true # TODO is depending on flowspy/settings*.py var STATIC_ROOT - find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" "$fod_dir/staticfiles" # is depending on ./mkdocs.yml var site_dir + #find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" "$fod_dir/staticfiles" # is depending on ./mkdocs.yml var site_dir + fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/staticfiles" ) ## @@ -999,9 +1036,12 @@ EOF ) if [ "$inst_dir_is_fod_dir" = 1 ]; then - if [ "$findfix_file_permissions" = 1 ]; then + if true || [ "$findfix_file_permissions" = 1 ]; then echo "$0: step 2.9: finally fixing permissions as inst_dir_is_fod_dir=$inst_dir_is_fod_dir" 1>&2 - find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true + ##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true + ##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true + #find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true + fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/" fi fi