Bash: change multi files, in multi directories to multi perms

[todd_dsm]

Hey guys, I have a real brain tickler:

I need to change multiple (pre-designated) files, in multiple directories to various octal permissions. Example:

Code:

$ tree
|-- dir1/
|   |-- file1     # should get permissions: 444
|   |-- file2     # should get permissions: 640
|   |-- file3     # should get permissions: 555
|-- dir2/
|   |-- file4     # should get permissions: 744
|   |-- file5     # should get permissions: 640
|   |-- file6     # should get permissions: 544
|-- dir3/
|   |-- file7     # should get permissions: 600
|   |-- file8     # should get permissions: 640
`-- |-- file9     # should get permissions: 740

Presently:

I have a predefined list of files that need to be chmod'd to specified file permissions; Example:

Code:

file_perms_600.txt
file_perms_644.txt
file_perms_700.txt
file_perms_744.txt
---

$ cat file_perms_600.txt
"$dir3"/file7
etc.

I don't care what octal permission files in that list currently have.

I have a few ideas sketched out but everything so far makes me think I'm over-complicating the process.

Just looking for a sanity check.

Thanks in advance,

TT

[Miven]

Nah. You get as complicated as you need for security reasons and access reasons. It sounds like you're on the right track.

On my system, msec runs through every morning at 4am and does exactly what you're talking about, ie check and set permissions on important things. It has some huge config files telling it what to do. It covers my butt when I've been hacking in usr/lib or var/log or something and forgot to set the perms backs to what they should be.

If you need your perms set exactly so, figure it out once and make it a cronjob at 4am everyday.

[todd_dsm]

This is where I landed:

Code:

#!/usr/bin/env bash
#------------------------------------------------------------------------------
#  PURPOSE: Set target octal permissions on specified files but only if they
#           don't already have have the correct permissions.
#     DATE: 2012/12/14
# MODIFIED:
#------------------------------------------------------------------------------


###----------------------------------------------------------------------------
### VARIABLES
###----------------------------------------------------------------------------
declare permsFile="$1"
# NOTE: permsFile must be formatted as:
# /path/to/file.ext   [TAB(s)]   Octal Permissions
#    !!! ANYTHING ELSE WILL BREAK THIS SCRIPT !!!
declare permsMatch='^[0-9]{3,4}$'


###----------------------------------------------------------------------------
### FUNCTIONS
###----------------------------------------------------------------------------
### matchPerms() check that fileName current & target octal permissions are
### valid and match.
###---
matchPerms()  {
  # Get current file permissions
  fileName_permission="$(stat -c '%a' $fileName 2>&-)"
  if ! [[ "$fileName_permission" =~ $permsMatch ]]; then
    # If stat returns anything other than file permission, print error
    printf '%b\n' "Something's gone wrong: with $fileLocation"
    printf '%b\n' "  The permissions cannont be found."
    printf '%b\n' "  Fix the file location in $permsFile and try again.\n"
    return 1
  else
    return 0
  fi  
}


###---
### MAIN
###---
while IFS=$'\t' read -r fileLocation permsOctal; do
  [[ $line = \#* ]] && continue
  # init var: file location --> fileName
  fileName="${fileLocation##*/}"

  # Call function to verify format
  matchPerms
  retVal="$?"

  # For all files that have been verified, do the work:
  if [[ "$retVal" = '0' ]]; then
    if [[ "$fileName_permission" -ne "$permsOctal" ]]; then
      printf '%b\n' "Changing permissions on $fileName to $permsOctal...\n"
      chmod $permsOctal $fileName 2>&-
    else
      printf '%b\n' "$fileName already has target octal permissions: $permsOctal\n"
    fi
  fi
done < "$permsFile"


###---
### Return IFS to default value
###---
unset -v IFS


###---
### Fin~
###---
exit 0

This script accepts a "feeder-file" as an argument. That file contains lines with this format:
absolute path [TAB] octal permissions; EG:
/etc/hosts 644

The feeder file can be updated with as many lines as necessary.

I only do a few data checks mostly because I will be maintaining the file. If others were helping me with it, I would do more.

But, now that I think of it, while the file is being read, this script could be extended to no only read "fileLocation" "permsOctal" but user/group designations as well.

Still though, any suggestions to tighten-up this script are still welcome.

[watael]

hi,

2>&- probably doesn't do what you think; in fact, it closes file descriptor #2
if you want stderr not to show, then redirect it to /dev/null.

if you don't use [[ extended features keep using simple test, or [
Using regex operator (=~) is useless here.

retVal is useless too

Code:

if matchPerms; then :do_stuff; else :do_other_stuff; fi

functions are like little script: they should take parameters, and don't use(/be aware of) global vars, just treat positionnal parameters.

error messages should be sent to stderr

permsMatch should test filenamePermission to be a number, else print an error message, before testing recorded permission match stat output

...