Overview

File nextcloud-permissions.sh of Package nextcloud

#!/bin/sh
BASE_DIR="/srv/www/vhosts/nextcloud/"
APP_DIR="$BASE_DIR/public/"
LOG_DIR="/var/log/nextcloud"
DATA_DIR="$BASE_DIR/data/"

RECURSE_DATA=""
case "$1" in
  complete)
    RECURSE_DATA="-R"
  ;;
esac

function usage () {
    echo "Usage: `basename $0` [--complete]"
}

function make_help () {
    echo
    cat << EOF
    --help                 This help
    --complete             Recursively fix permissions in the complete data dir.
EOF
}

while test -n "$1"; do
  PARAM="$1"
  ARG="$2"
  shift
  case ${PARAM} in
    *-*=*)
    ARG=${PARAM#*=}
    PARAM=${PARAM%%=*}
    set -- "----noarg=${PARAM}" "$@"
  esac
  case ${PARAM} in
    *-help|-h)
      usage
      make_help
      exit 0
    ;;
    *-complete)
      RECURSE_DATA="-R"
    ;;
    ----noarg)
      echo "$ARG does not take an argument"
      exit 0
    ;;
    -*)
      echo Unknown Option "$PARAM". Exit.
      exit 1
    ;;
  esac
done

chown -R --no-dereference nextcloud-admin:nextcloud-admin ${APP_DIR}
chmod -R                  ug=rwX,o=                       ${APP_DIR}

setfacl -R    --no-mask -m u:nextcloud:rX        ${APP_DIR}
setfacl -R -d --no-mask -m u:nextcloud:rX        ${APP_DIR}

ALLOW_READ="$(find ${APP_DIR} -maxdepth 1 -not -path '*/config')"
for user in nginx wwwrun ; do
  if id $user >/dev/null 2>&1; then
    setfacl -R    --no-mask -m u:$user:rX        ${ALLOW_READ}
    setfacl -R -d --no-mask -m u:$user:rX        ${ALLOW_READ}
  fi
done
# those dirs are owned by nextcloud:nextcloud but the occ tool checks the permissions on startup
setfacl  ${RECURSE_DATA}    --no-mask -m u:nextcloud-admin:rwX ${DATA_DIR}
setfacl  ${RECURSE_DATA} -d --no-mask -m u:nextcloud-admin:rwX ${DATA_DIR}

chown --no-dereference ${RECURSE_DATA} nextcloud:nextcloud ${DATA_DIR}
chmod                  ${RECURSE_DATA} u=rwX,g=rwX,o=      ${DATA_DIR}

chown --no-dereference nextcloud-admin:nextcloud-admin ${LOG_DIR}
chmod                  u=rwX,g=rwX,o=                  ${LOG_DIR}
chown --no-dereference nextcloud-admin:nextcloud-admin ${LOG_DIR}/nextcloud.log
chmod                  u=rwX,g=rwX,o=                  ${LOG_DIR}/nextcloud.log

setfacl -R    --no-mask -m u:nextcloud:rwX             ${LOG_DIR}
setfacl -R -d --no-mask -m u:nextcloud:rwX             ${LOG_DIR}
setfacl -R    --no-mask -m u:nextcloud-admin:rwX       ${LOG_DIR}
setfacl -R -d --no-mask -m u:nextcloud-admin:rwX       ${LOG_DIR}

# Disable for now as this can take really really long on large installations
chown -R --no-dereference nextcloud:nextcloud          ${BASE_DIR}/{sessions,tmp}
chmod -R                  u=rwX,go=                    ${BASE_DIR}/{sessions,tmp}
openSUSE Build Service is sponsored by
Places