A script to automatise acl for apache write permission

vim /etc/e-smith/events/actions/nethserver-full-apache-write
use esmith::ConfigDB;
use strict;

eval { require esmith::AccountsDB };
if($@) {
    exit(0); # AccountsDB is not available, exit

use esmith::AccountsDB;
my $db = esmith::ConfigDB->open_ro();
my $adb  = esmith::AccountsDB->open_ro();

my $event = shift || die("Missing event argument");
my $ibay = shift || die("Missing ibay argument");
my $ibaydir = '/var/lib/nethserver/ibay/' . $ibay;

my $httpdstatus = $adb->get_prop($ibay, 'HttpStatus') || 'disabled';
exit 0 if ($httpdstatus eq 'disabled');

my $httpwrite = $adb->get_prop($ibay,'HttpWritable') || 'disabled';

if ($httpwrite eq 'enabled') {
system ('/usr/bin/setfacl','-P','-R','-m','u:apache:rwX,d:u:apache:rwX', "$ibaydir") == '0'
|| die "Failed to set apache acl on the ibay $ibay\n";

then chmod the file

chmod 750 /etc/e-smith/events/actions/nethserver-full-apache-write

do symlinks to the action

ln -s ../actions/nethserver-full-apache-write /etc/e-smith/events/ibay-reset-permissions/S80nethserver-full-apache-write
ln -s ../actions/nethserver-full-apache-write /etc/e-smith/events/ibay-modify/S80nethserver-full-apache-write

now you must set as parameter for each Ibay HttpWritable to enabled (or disabled if you want to remove the full apache write permission in the Ibay)

db accounts setprop IBAYNAME HttpWritable enabled
signal-event ibay-modify IBAYNAME

you can see the acl on a folder or a file by doing

getfacl /path/2/your/folder/path
  • howto/apache_permissions.txt
  • Last modified: 2016/04/01 20:49
  • by Jim