check_permissions.sh 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. #!/bin/bash
  2. # LinuxGSM check_permissions.sh
  3. # Author: Daniel Gibbs
  4. # Contributors: http://linuxgsm.com/contrib
  5. # Website: https://linuxgsm.com
  6. # Description: Checks ownership & permissions of scripts, files and directories.
  7. moduleselfname="$(basename "$(readlink -f "${BASH_SOURCE[0]}")")"
  8. fn_check_ownership() {
  9. if [ -f "${rootdir}/${selfname}" ]; then
  10. if [ "$(find "${rootdir}/${selfname}" -not -user "$(whoami)" | wc -l)" -ne "0" ]; then
  11. selfownissue=1
  12. fi
  13. fi
  14. if [ -d "${lgsmdir}" ]; then
  15. if [ "$(find "${lgsmdir}" -not -user "$(whoami)" | wc -l)" -ne "0" ]; then
  16. lgsmownissue=1
  17. fi
  18. fi
  19. if [ -d "${modulesdir}" ]; then
  20. if [ "$(find "${modulesdir}" -not -name '*.swp' -not -user "$(whoami)" | wc -l)" -ne "0" ]; then
  21. funcownissue=1
  22. fi
  23. fi
  24. if [ -d "${serverfiles}" ]; then
  25. if [ "$(find "${serverfiles}" -not -name '*.swp' -not -user "$(whoami)" | wc -l)" -ne "0" ]; then
  26. filesownissue=1
  27. fi
  28. fi
  29. if [ "${selfownissue}" == "1" ] || [ "${lgsmownissue}" == "1" ] || [ "${filesownissue}" == "1" ]; then
  30. fn_print_fail_nl "Ownership issues found"
  31. fn_script_log_fail "Ownership issues found"
  32. fn_print_information_nl "The current user ($(whoami)) does not have ownership of the following files:"
  33. fn_script_log_info "The current user ($(whoami)) does not have ownership of the following files:"
  34. {
  35. echo -en "User\tGroup\tFile:"
  36. if [ "${selfownissue}" == "1" ]; then
  37. find "${rootdir}/${selfname}" -not -user "$(whoami)" -printf "%u\t%g\t%p\n"
  38. fi
  39. if [ "${lgsmownissue}" == "1" ]; then
  40. find "${lgsmdir}" -not -user "$(whoami)" -printf "%u\t%g\t%p\n"
  41. fi
  42. if [ "${filesownissue}" == "1" ]; then
  43. find "${serverfiles}" -not -user "$(whoami)" -printf "%u\t%g\t%p\n"
  44. fi
  45. } | column -s $'\t' -t | tee -a "${lgsmlog}"
  46. echo -e ""
  47. fn_print_information_nl "please see https://docs.linuxgsm.com/support/faq#fail-starting-game-server-permission-issues-found"
  48. fn_script_log "For more information, please see https://docs.linuxgsm.com/support/faq#fail-starting-game-server-permission-issues-found"
  49. if [ "${monitorflag}" == 1 ]; then
  50. alert="permissions"
  51. alert.sh
  52. fi
  53. core_exit.sh
  54. fi
  55. }
  56. fn_check_permissions() {
  57. # Check modules files are executable.
  58. if [ -d "${modulesdir}" ]; then
  59. findnotexecutable="$(find "${modulesdir}" -type f -not -executable)"
  60. findnotexecutablewc="$(find "${modulesdir}" -type f -not -executable | wc -l)"
  61. if [ "${findnotexecutablewc}" -ne "0" ]; then
  62. fn_print_fail_nl "Permissions issues found"
  63. fn_script_log_fail "Permissions issues found"
  64. fn_print_information_nl "The following files are not executable:"
  65. fn_script_log_info "The following files are not executable:"
  66. {
  67. echo -en "File:"
  68. echo -en "${findnotexecutable}"
  69. } | column -s $'\t' -t | tee -a "${lgsmlog}"
  70. if [ "${monitorflag}" == 1 ]; then
  71. alert="permissions"
  72. alert.sh
  73. fi
  74. core_exit.sh
  75. fi
  76. fi
  77. # Check rootdir permissions.
  78. if [ -d "${rootdir}" ]; then
  79. # Get permission numbers on directory should return 775.
  80. rootdirperm=$(stat -c %a "${rootdir}")
  81. # Grab the first and second digit for user and group permission.
  82. userrootdirperm="${rootdirperm:0:1}"
  83. grouprootdirperm="${rootdirperm:1:1}"
  84. if [ "${userrootdirperm}" != "7" ] && [ "${grouprootdirperm}" != "7" ]; then
  85. fn_print_fail_nl "Permissions issues found"
  86. fn_script_log_fail "Permissions issues found"
  87. fn_print_information_nl "The following directory does not have the correct permissions:"
  88. fn_script_log_info "The following directory does not have the correct permissions:"
  89. fn_script_log_info "${rootdir}"
  90. ls -l "${rootdir}"
  91. if [ "${monitorflag}" == 1 ]; then
  92. alert="permissions"
  93. alert.sh
  94. fi
  95. core_exit.sh
  96. fi
  97. fi
  98. # Check if executable is executable and attempt to fix it.
  99. # First get executable name.
  100. execname=$(basename "${executable}")
  101. if [ -f "${executabledir}/${execname}" ]; then
  102. # Get permission numbers on file under the form 775.
  103. execperm=$(stat -c %a "${executabledir}/${execname}")
  104. # Grab the first and second digit for user and group permission.
  105. userexecperm="${execperm:0:1}"
  106. groupexecperm="${execperm:1:1}"
  107. # Check for invalid user permission.
  108. if [ "${userexecperm}" == "0" ] || [ "${userexecperm}" == "2" ] || [ "${userexecperm}" == "4" ] || [ "${userexecperm}" == "6" ]; then
  109. # If user permission is invalid, then check for invalid group permissions.
  110. if [ "${groupexecperm}" == "0" ] || [ "${groupexecperm}" == "2" ] || [ "${groupexecperm}" == "4" ] || [ "${groupexecperm}" == "6" ]; then
  111. # If permission issues are found.
  112. fn_print_warn_nl "Permissions issue found"
  113. fn_script_log_warn "Permissions issue found"
  114. fn_print_information_nl "The following file is not executable:"
  115. ls -l "${executabledir}/${execname}"
  116. fn_script_log_info "The following file is not executable:"
  117. fn_script_log_info "${executabledir}/${execname}"
  118. fn_print_information_nl "Applying chmod u+x,g+x ${executabledir}/${execname}"
  119. fn_script_log_info "Applying chmod u+x,g+x ${execperm}"
  120. # Make the executable executable.
  121. chmod u+x,g+x "${executabledir}/${execname}"
  122. # Second check to see if it's been successfully applied.
  123. # Get permission numbers on file under the form 775.
  124. execperm=$(stat -c %a "${executabledir}/${execname}")
  125. # Grab the first and second digit for user and group permission.
  126. userexecperm="${execperm:0:1}"
  127. groupexecperm="${execperm:1:1}"
  128. if [ "${userexecperm}" == "0" ] || [ "${userexecperm}" == "2" ] || [ "${userexecperm}" == "4" ] || [ "${userexecperm}" == "6" ]; then
  129. if [ "${groupexecperm}" == "0" ] || [ "${groupexecperm}" == "2" ] || [ "${groupexecperm}" == "4" ] || [ "${groupexecperm}" == "6" ]; then
  130. # If errors are still found.
  131. fn_print_fail_nl "The following file could not be set executable:"
  132. ls -l "${executabledir}/${execname}"
  133. fn_script_log_warn "The following file could not be set executable:"
  134. fn_script_log_info "${executabledir}/${execname}"
  135. if [ "${monitorflag}" == "1" ]; then
  136. alert="permissions"
  137. alert.sh
  138. fi
  139. core_exit.sh
  140. fi
  141. fi
  142. fi
  143. fi
  144. fi
  145. }
  146. ## The following fn_sys_perm_* function checks for permission errors in /sys directory.
  147. # Checks for permission errors in /sys directory.
  148. fn_sys_perm_errors_detect() {
  149. # Reset test variables.
  150. sysdirpermerror="0"
  151. classdirpermerror="0"
  152. netdirpermerror="0"
  153. # Check permissions.
  154. # /sys, /sys/class and /sys/class/net should be readable & executable.
  155. if [ ! -r "/sys" ] || [ ! -x "/sys" ]; then
  156. sysdirpermerror="1"
  157. fi
  158. if [ ! -r "/sys/class" ] || [ ! -x "/sys/class" ]; then
  159. classdirpermerror="1"
  160. fi
  161. if [ ! -r "/sys/class/net" ] || [ ! -x "/sys/class/net" ]; then
  162. netdirpermerror="1"
  163. fi
  164. }
  165. # Display a message on how to fix the issue manually.
  166. fn_sys_perm_fix_manually_msg() {
  167. echo -e ""
  168. fn_print_information_nl "This error causes servers to fail starting properly"
  169. fn_script_log_info "This error causes servers to fail starting properly."
  170. echo -e " * To fix this issue, run the following command as root:"
  171. fn_script_log_info "To fix this issue, run the following command as root:"
  172. echo -e " chmod a+rx /sys /sys/class /sys/class/net"
  173. fn_script_log "chmod a+rx /sys /sys/class /sys/class/net"
  174. fn_sleep_time_5
  175. if [ "${monitorflag}" == 1 ]; then
  176. alert="permissions"
  177. alert.sh
  178. fi
  179. core_exit.sh
  180. }
  181. # Attempt to fix /sys related permission errors if sudo is available, exits otherwise.
  182. fn_sys_perm_errors_fix() {
  183. if sudo -n true > /dev/null 2>&1; then
  184. fn_print_dots "Fixing /sys permissions"
  185. fn_script_log_info "Fixing /sys permissions."
  186. if [ "${sysdirpermerror}" == "1" ]; then
  187. sudo chmod a+rx "/sys"
  188. fi
  189. if [ "${classdirpermerror}" == "1" ]; then
  190. sudo chmod a+rx "/sys/class"
  191. fi
  192. if [ "${netdirpermerror}" == "1" ]; then
  193. sudo chmod a+rx "/sys/class/net"
  194. fi
  195. # Run check again to see if it's fixed.
  196. fn_sys_perm_errors_detect
  197. if [ "${sysdirpermerror}" == "1" ] || [ "${classdirpermerror}" == "1" ] || [ "${netdirpermerror}" == "1" ]; then
  198. fn_print_error "Could not fix /sys permissions"
  199. fn_script_log_error "Could not fix /sys permissions."
  200. # Show the user how to fix.
  201. fn_sys_perm_fix_manually_msg
  202. else
  203. fn_print_ok_nl "Fixing /sys permissions"
  204. fn_script_log_pass "Permissions in /sys fixed"
  205. fi
  206. else
  207. # Show the user how to fix.
  208. fn_sys_perm_fix_manually_msg
  209. fi
  210. }
  211. # Processes to the /sys related permission errors check & fix/info.
  212. fn_sys_perm_error_process() {
  213. fn_sys_perm_errors_detect
  214. # If any error was found.
  215. if [ "${sysdirpermerror}" == "1" ] || [ "${classdirpermerror}" == "1" ] || [ "${netdirpermerror}" == "1" ]; then
  216. fn_print_dots "Checking /sys permissions"
  217. fn_print_error_nl "Checking /sys permissions"
  218. fn_script_log_error "Checking /sys permissions"
  219. # Run the fix
  220. fn_sys_perm_errors_fix
  221. fi
  222. }
  223. ## Run permisions checks when not root.
  224. if [ "$(whoami)" != "root" ]; then
  225. fn_check_ownership
  226. fn_check_permissions
  227. if [ "${commandname}" == "START" ]; then
  228. fn_sys_perm_error_process
  229. fi
  230. fi