check_permissions.sh 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
  1. #!/bin/bash
  2. # LGSM check_permissions.sh
  3. # Author: Daniel Gibbs
  4. # Contributor: UltimateByte
  5. # Website: https://gameservermanagers.com
  6. # Description: Checks ownership & permissions of scripts, files and directories.
  7. local commandname="CHECK"
  8. local function_selfname="$(basename $(readlink -f "${BASH_SOURCE[0]}"))"
  9. fn_check_ownership(){
  10. if [ -f "${rootdir}/${selfname}" ]; then
  11. if [ $(find "${rootdir}/${selfname}" -not -user $(whoami)|wc -l) -ne "0" ]; then
  12. selfownissue=1
  13. fi
  14. fi
  15. if [ -d "${functionsdir}" ]; then
  16. if [ $(find "${functionsdir}" -not -user $(whoami)|wc -l) -ne "0" ]; then
  17. funcownissue=1
  18. fi
  19. fi
  20. if [ -d "${filesdir}" ]; then
  21. if [ $(find "${filesdir}" -not -user $(whoami)|wc -l) -ne "0" ]; then
  22. filesownissue=1
  23. fi
  24. fi
  25. if [ "${selfownissue}" == "1" ]||[ "${funcownissue}" == "1" ]||[ "${filesownissue}" == "1" ]; then
  26. fn_print_fail_nl "Ownership issues found"
  27. fn_script_log_fatal "Ownership issues found"
  28. fn_print_information_nl "The current user ($(whoami)) does not have ownership of the following files:"
  29. fn_script_log_info "The current user ($(whoami)) does not have ownership of the following files:"
  30. {
  31. echo -e "User\tGroup\tFile\n"
  32. if [ "${selfownissue}" == "1" ]; then
  33. find "${rootdir}/${selfname}" -not -user $(whoami) -printf "%u\t\t%g\t%p\n"
  34. fi
  35. if [ "${funcownissue}" == "1" ]; then
  36. find "${functionsdir}" -not -user $(whoami) -printf "%u\t\t%g\t%p\n"
  37. fi
  38. if [ "${filesownissue}" == "1" ]; then
  39. find "${filesdir}" -not -user $(whoami) -printf "%u\t\t%g\t%p\n"
  40. fi
  41. } | column -s $'\t' -t | tee -a "${scriptlog}"
  42. echo ""
  43. fn_print_information_nl "For more information, please see https://github.com/GameServerManagers/LinuxGSM/wiki/FAQ#-fail--starting-game-server-ownership-issues-found"
  44. fn_script_log "For more information, please see https://github.com/GameServerManagers/LinuxGSM/wiki/FAQ#-fail--starting-game-server-ownership-issues-found"
  45. core_exit.sh
  46. fi
  47. }
  48. fn_check_permissions(){
  49. if [ -d "${functionsdir}" ]; then
  50. if [ $(find "${functionsdir}" -type f -not -executable|wc -l) -ne "0" ]; then
  51. fn_print_fail_nl "Permissions issues found"
  52. fn_script_log_fatal "Permissions issues found"
  53. fn_print_information_nl "The following files are not executable:"
  54. fn_script_log_info "The following files are not executable:"
  55. {
  56. echo -e "File\n"
  57. find "${functionsdir}" -type f -not -executable -printf "%p\n"
  58. } | column -s $'\t' -t | tee -a "${scriptlog}"
  59. core_exit.sh
  60. fi
  61. fi
  62. # Check rootdir permissions
  63. if [ -n "${rootdir}" ]; then
  64. # Get permission numbers on directory under the form 775
  65. rootdirperm="$(stat -c %a "${rootdir}")"
  66. # Grab the first and second digit for user and group permission
  67. userrootdirperm="${rootdirperm:0:1}"
  68. grouprootdirperm="${rootdirperm:1:1}"
  69. if [ "${userrootdirperm}" != "7" ] && [ "${grouprootdirperm}" != "7" ]; then
  70. fn_print_fail_nl "Permissions issues found"
  71. fn_script_log_fatal "Permissions issues found"
  72. fn_print_information_nl "The following directory does not have the correct permissions:"
  73. fn_script_log_info "The following directory does not have the correct permissions:"
  74. fn_script_log_info "${rootdir}"
  75. ls -l "${rootdir}"
  76. core_exit.sh
  77. fi
  78. fi
  79. # Check if executable is executable and attempt to fix it
  80. # First get executable name
  81. execname="$(basename "${executable}")"
  82. if [ -f "${executabledir}/${execname}" ]; then
  83. # Get permission numbers on file under the form 775
  84. execperm="$(stat -c %a "${executabledir}/${execname}")"
  85. # Grab the first and second digit for user and group permission
  86. userexecperm="${execperm:0:1}"
  87. groupexecperm="${execperm:1:1}"
  88. # Check for invalid user permission
  89. if [ "${userexecperm}" == "0" ] || [ "${userexecperm}" == "2" ] || [ "${userexecperm}" == "4" ] || [ "${userexecperm}" == "6" ]; then
  90. # If user permission is invalid, then check for invalid group permissions
  91. if [ "${groupexecperm}" == "0" ] || [ "${groupexecperm}" == "2" ] || [ "${groupexecperm}" == "4" ] || [ "${groupexecperm}" == "6" ]; then
  92. # If permission issues are found
  93. fn_print_warn_nl "Permissions issue found"
  94. fn_script_log_warn "Permissions issue found"
  95. fn_print_information_nl "The following file is not executable:"
  96. ls -l "${executabledir}/${execname}"
  97. fn_script_log_info "The following file is not executable:"
  98. fn_script_log_info "${executabledir}/${execname}"
  99. fn_print_information_nl "Applying chmod u+x,g+x ${executabledir}/${execname}"
  100. fn_script_log_info "Applying chmod u+x,g+x ${execperm}"
  101. # Make the executable executable
  102. chmod u+x,g+x "${executabledir}/${execname}"
  103. # Second check to see if it's been successfully applied
  104. # Get permission numbers on file under the form 775
  105. execperm="$(stat -c %a "${executabledir}/${execname}")"
  106. # Grab the first and second digit for user and group permission
  107. userexecperm="${execperm:0:1}"
  108. groupexecperm="${execperm:1:1}"
  109. if [ "${userexecperm}" == "0" ] || [ "${userexecperm}" == "2" ] || [ "${userexecperm}" == "4" ] || [ "${userexecperm}" == "6" ]; then
  110. if [ "${groupexecperm}" == "0" ] || [ "${groupexecperm}" == "2" ] || [ "${groupexecperm}" == "4" ] || [ "${groupexecperm}" == "6" ]; then
  111. # If errors are still found
  112. fn_print_fail_nl "The following file could not be set executable:"
  113. ls -l "${executabledir}/${execname}"
  114. fn_script_log_warn "The following file could not be set executable:"
  115. fn_script_log_info "${executabledir}/${execname}"
  116. core_exit.sh
  117. fi
  118. fi
  119. fi
  120. fi
  121. fi
  122. }
  123. ## The following fn_sys_perm_* functions checks for permission errors in /sys directory
  124. # Checks for permission errors in /sys directory
  125. fn_sys_perm_errors_detect(){
  126. # Reset test variables
  127. sysdirpermerror="0"
  128. classdirpermerror="0"
  129. netdirpermerror="0"
  130. # Check permissions
  131. # /sys, /sys/class and /sys/class/net should be readable & executable
  132. if [ ! -r "/sys" ]||[ ! -x "/sys" ]; then
  133. sysdirpermerror="1"
  134. fi
  135. if [ ! -r "/sys/class" ]||[ ! -x "/sys/class" ]; then
  136. classdirpermerror="1"
  137. fi
  138. if [ ! -r "/sys/class/net" ]||[ ! -x "/sys/class/net" ]; then
  139. netdirpermerror="1"
  140. fi
  141. }
  142. # Display a message on how to fix the issue manually
  143. fn_sys_perm_fix_manually_msg(){
  144. echo ""
  145. fn_print_information_nl "To fix this issue, run this command as root:"
  146. fn_script_log_info "To fix this issue, run this command as root:"
  147. echo " * chmod a+rx /sys /sys/class /sys/class/net"
  148. fn_script_log "chmod a+rx /sys /sys/class /sys/class/net"
  149. sleep 1
  150. core_exit.sh
  151. }
  152. # Attempt to fix /sys related permission errors if sudo is available, exits otherwise
  153. fn_sys_perm_errors_fix(){
  154. sudo -v > /dev/null 2>&1
  155. if [ $? -eq 0 ]; then
  156. fn_print_information_nl "Automatically fixing permissions"
  157. sleep 1
  158. fn_script_log_info "Automatically fixing permissions."
  159. if [ "${sysdirpermerror}" == "1" ]; then
  160. sudo chmod a+rx "/sys"
  161. fi
  162. if [ "${classdirpermerror}" == "1" ]; then
  163. sudo chmod a+rx "/sys/class"
  164. fi
  165. if [ "${netdirpermerror}" == "1" ]; then
  166. sudo chmod a+rx "/sys/class/net"
  167. fi
  168. # Run check again to see if it's fixed
  169. fn_sys_perm_errors_detect
  170. if [ "${sysdirpermerror}" == "1" ]||[ "${classdirpermerror}" == "1" ]||[ "${netdirpermerror}" == "1" ]; then
  171. fn_print_error "Could not fix permissions"
  172. fn_script_log_error "Could not fix permissions."
  173. sleep 1
  174. # Show the user how to fix
  175. fn_sys_perm_fix_manually_msg
  176. else
  177. fn_print_ok "Automatically fixing permissions"
  178. sleep 1
  179. fi
  180. else
  181. # Show the user how to fix
  182. fn_sys_perm_fix_manually_msg
  183. fi
  184. }
  185. # Processes to the /sys related permission errors check & fix/info
  186. fn_sys_perm_error_process(){
  187. fn_sys_perm_errors_detect
  188. # If any error was found
  189. if [ "${sysdirpermerror}" == "1" ]||[ "${classdirpermerror}" == "1" ]||[ "${netdirpermerror}" == "1" ]; then
  190. fn_print_error_nl "Permission error(s) found:"
  191. fn_script_log_error "Permission error(s) found:"
  192. sleep 1
  193. if [ "${sysdirpermerror}" == "1" ]; then
  194. echo " * /sys permissions are $(stat -c %a /sys) instead of expected 555"
  195. fn_script_log "/sys permissions are $(stat -c %a /sys) instead of expected 555"
  196. fi
  197. if [ "${classdirpermerror}" == "1" ]; then
  198. echo " * /sys/class permissions are $(stat -c %a /sys/class) instead of expected 755"
  199. fn_script_log "/sys/class permissions are $(stat -c %a /sys/class) instead of expected 755"
  200. fi
  201. if [ "${netdirpermerror}" == "1" ]; then
  202. echo " * /sys/class/net permissions are $(stat -c %a /sys/class/net) instead of expected 755"
  203. fn_script_log "/sys/class/net permissions are $(stat -c %a /sys/class/net) instead of expected 755"
  204. fi
  205. sleep 1
  206. fn_print_information_nl "This error causes servers to fail starting properly"
  207. fn_script_log_info "This error causes servers to fail starting properly."
  208. # Run the fix
  209. fn_sys_perm_errors_fix
  210. fi
  211. }
  212. # Run perm error detect & fix/alert functions on /sys directories
  213. ## Run checks
  214. fn_check_ownership
  215. fn_check_permissions
  216. fn_sys_perm_error_process