#!/bin/bash # Fix Permissions Script for ZitiNexus Router Enrollment UI # This script fixes common permission and configuration issues set -euo pipefail # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Configuration WEB_DIR="/var/www/ziti-enrollment" WEB_USER="www-data" # Logging function log() { local level=$1 shift local message="$*" case $level in "ERROR") echo -e "${RED}[ERROR]${NC} $message" >&2 ;; "SUCCESS") echo -e "${GREEN}[SUCCESS]${NC} $message" ;; "WARNING") echo -e "${YELLOW}[WARNING]${NC} $message" ;; "INFO") echo -e "${BLUE}[INFO]${NC} $message" ;; *) echo "$message" ;; esac } # Check if running as root check_root() { if [[ $EUID -ne 0 ]]; then log "ERROR" "This script must be run as root (use sudo)" exit 1 fi } # Fix file permissions fix_permissions() { log "INFO" "Fixing file permissions..." if [[ ! -d "$WEB_DIR" ]]; then log "ERROR" "Web directory $WEB_DIR not found. Please run install.sh first." exit 1 fi # Set proper ownership chown -R "$WEB_USER:$WEB_USER" "$WEB_DIR" log "SUCCESS" "Set ownership to $WEB_USER:$WEB_USER" # Set directory permissions find "$WEB_DIR" -type d -exec chmod 755 {} \; log "SUCCESS" "Set directory permissions to 755" # Set file permissions find "$WEB_DIR" -type f -exec chmod 644 {} \; log "SUCCESS" "Set file permissions to 644" # Set special permissions for logs and temp if [[ -d "$WEB_DIR/logs" ]]; then chmod -R 777 "$WEB_DIR/logs" log "SUCCESS" "Set logs directory permissions to 777" fi if [[ -d "$WEB_DIR/temp" ]]; then chmod -R 777 "$WEB_DIR/temp" log "SUCCESS" "Set temp directory permissions to 777" fi # Make PHP files executable if needed find "$WEB_DIR" -name "*.php" -exec chmod 644 {} \; log "SUCCESS" "Set PHP file permissions" } # Fix sudo configuration fix_sudo() { log "INFO" "Checking sudo configuration..." if [[ -f "/etc/sudoers.d/ziti-enrollment" ]]; then log "INFO" "Sudo configuration already exists" # Test sudo access if sudo -u www-data sudo -n whoami >/dev/null 2>&1; then log "SUCCESS" "Sudo access is working" else log "WARNING" "Sudo access may not be working properly" log "INFO" "Recreating sudo configuration..." # Recreate sudoers file with all required commands based on diagnostic results cat > "/etc/sudoers.d/ziti-enrollment" << 'EOF' # Allow www-data to run system commands for Ziti enrollment # Core system commands www-data ALL=(ALL) NOPASSWD: /usr/bin/apt-get www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl www-data ALL=(ALL) NOPASSWD: /usr/bin/mkdir www-data ALL=(ALL) NOPASSWD: /usr/bin/chmod www-data ALL=(ALL) NOPASSWD: /usr/bin/chown www-data ALL=(ALL) NOPASSWD: /usr/bin/cp www-data ALL=(ALL) NOPASSWD: /usr/bin/mv www-data ALL=(ALL) NOPASSWD: /usr/bin/rm www-data ALL=(ALL) NOPASSWD: /usr/bin/ln # Network and download commands www-data ALL=(ALL) NOPASSWD: /usr/bin/curl www-data ALL=(ALL) NOPASSWD: /usr/bin/wget # GPG and security commands www-data ALL=(ALL) NOPASSWD: /usr/bin/gpg www-data ALL=(ALL) NOPASSWD: /usr/bin/ziti # Information gathering commands www-data ALL=(ALL) NOPASSWD: /usr/bin/which www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname www-data ALL=(ALL) NOPASSWD: /usr/bin/uname www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release www-data ALL=(ALL) NOPASSWD: /usr/bin/whoami www-data ALL=(ALL) NOPASSWD: /usr/bin/id www-data ALL=(ALL) NOPASSWD: /usr/bin/pwd www-data ALL=(ALL) NOPASSWD: /usr/bin/date # File operations www-data ALL=(ALL) NOPASSWD: /usr/bin/tee www-data ALL=(ALL) NOPASSWD: /usr/bin/cat www-data ALL=(ALL) NOPASSWD: /usr/bin/test www-data ALL=(ALL) NOPASSWD: /usr/bin/ls www-data ALL=(ALL) NOPASSWD: /usr/bin/touch www-data ALL=(ALL) NOPASSWD: /usr/bin/echo www-data ALL=(ALL) NOPASSWD: /usr/bin/head www-data ALL=(ALL) NOPASSWD: /usr/bin/tail www-data ALL=(ALL) NOPASSWD: /usr/bin/wc www-data ALL=(ALL) NOPASSWD: /usr/bin/grep www-data ALL=(ALL) NOPASSWD: /usr/bin/sed www-data ALL=(ALL) NOPASSWD: /usr/bin/awk www-data ALL=(ALL) NOPASSWD: /usr/bin/cut www-data ALL=(ALL) NOPASSWD: /usr/bin/sort www-data ALL=(ALL) NOPASSWD: /usr/bin/uniq # Network diagnostic commands www-data ALL=(ALL) NOPASSWD: /usr/bin/nslookup www-data ALL=(ALL) NOPASSWD: /usr/bin/ping www-data ALL=(ALL) NOPASSWD: /usr/bin/dig www-data ALL=(ALL) NOPASSWD: /usr/bin/host # Process and system monitoring www-data ALL=(ALL) NOPASSWD: /usr/bin/ps www-data ALL=(ALL) NOPASSWD: /usr/bin/top www-data ALL=(ALL) NOPASSWD: /usr/bin/htop www-data ALL=(ALL) NOPASSWD: /usr/bin/free www-data ALL=(ALL) NOPASSWD: /usr/bin/df www-data ALL=(ALL) NOPASSWD: /usr/bin/du # Text processing and utilities www-data ALL=(ALL) NOPASSWD: /usr/bin/find www-data ALL=(ALL) NOPASSWD: /usr/bin/xargs www-data ALL=(ALL) NOPASSWD: /usr/bin/basename www-data ALL=(ALL) NOPASSWD: /usr/bin/dirname www-data ALL=(ALL) NOPASSWD: /usr/bin/realpath www-data ALL=(ALL) NOPASSWD: /usr/bin/readlink # Archive and compression www-data ALL=(ALL) NOPASSWD: /usr/bin/tar www-data ALL=(ALL) NOPASSWD: /usr/bin/gzip www-data ALL=(ALL) NOPASSWD: /usr/bin/gunzip www-data ALL=(ALL) NOPASSWD: /usr/bin/zip www-data ALL=(ALL) NOPASSWD: /usr/bin/unzip # Allow shell built-ins and common utilities www-data ALL=(ALL) NOPASSWD: /bin/bash www-data ALL=(ALL) NOPASSWD: /bin/sh www-data ALL=(ALL) NOPASSWD: /usr/bin/env www-data ALL=(ALL) NOPASSWD: /usr/bin/sleep www-data ALL=(ALL) NOPASSWD: /usr/bin/timeout EOF # Validate sudoers file if visudo -c -f "/etc/sudoers.d/ziti-enrollment"; then log "SUCCESS" "Sudo configuration updated successfully" else log "ERROR" "Invalid sudoers configuration" exit 1 fi fi else log "WARNING" "Sudo configuration not found. Please run install.sh first." fi } # Fix web server configuration fix_web_server() { log "INFO" "Checking web server configuration..." # Check if Apache is running if systemctl is-active --quiet apache2 2>/dev/null; then log "INFO" "Apache is running" # Check if site is enabled if [[ -f "/etc/apache2/sites-enabled/ziti-enrollment.conf" ]]; then log "SUCCESS" "Apache site is enabled" else log "WARNING" "Apache site not enabled" if [[ -f "/etc/apache2/sites-available/ziti-enrollment.conf" ]]; then a2ensite ziti-enrollment.conf systemctl reload apache2 log "SUCCESS" "Enabled Apache site" else log "ERROR" "Apache site configuration not found. Please run install.sh first." fi fi # Check if Nginx is running elif systemctl is-active --quiet nginx 2>/dev/null; then log "INFO" "Nginx is running" # Check if site is enabled if [[ -L "/etc/nginx/sites-enabled/ziti-enrollment" ]]; then log "SUCCESS" "Nginx site is enabled" else log "WARNING" "Nginx site not enabled" if [[ -f "/etc/nginx/sites-available/ziti-enrollment" ]]; then ln -sf "/etc/nginx/sites-available/ziti-enrollment" "/etc/nginx/sites-enabled/" nginx -t && systemctl reload nginx log "SUCCESS" "Enabled Nginx site" else log "ERROR" "Nginx site configuration not found. Please run install.sh first." fi fi # Check PHP-FPM PHP_VERSION=$(php -v | head -n1 | cut -d' ' -f2 | cut -d'.' -f1,2) if systemctl is-active --quiet "php${PHP_VERSION}-fpm" 2>/dev/null; then log "SUCCESS" "PHP-FPM is running" else log "WARNING" "PHP-FPM not running" systemctl start "php${PHP_VERSION}-fpm" || log "ERROR" "Failed to start PHP-FPM" fi else log "ERROR" "No web server (Apache or Nginx) is running" fi } # Install missing packages install_missing_packages() { log "INFO" "Checking for missing packages..." # Update package list apt update >/dev/null 2>&1 # Check for curl if ! command -v curl >/dev/null 2>&1; then log "INFO" "Installing curl..." apt install -y curl fi # Check for GPG if ! command -v gpg >/dev/null 2>&1; then log "INFO" "Installing gnupg..." apt install -y gnupg fi # Check for jq if ! command -v jq >/dev/null 2>&1; then log "INFO" "Installing jq..." apt install -y jq fi log "SUCCESS" "All required packages are installed" } # Create missing directories create_missing_directories() { log "INFO" "Creating missing directories..." # Create logs directory if [[ ! -d "$WEB_DIR/logs" ]]; then mkdir -p "$WEB_DIR/logs" chown "$WEB_USER:$WEB_USER" "$WEB_DIR/logs" chmod 777 "$WEB_DIR/logs" log "SUCCESS" "Created logs directory" fi # Create temp directory if [[ ! -d "$WEB_DIR/temp" ]]; then mkdir -p "$WEB_DIR/temp" chown "$WEB_USER:$WEB_USER" "$WEB_DIR/temp" chmod 777 "$WEB_DIR/temp" log "SUCCESS" "Created temp directory" fi # Create keyrings directory if [[ ! -d "/usr/share/keyrings" ]]; then mkdir -p "/usr/share/keyrings" chmod 755 "/usr/share/keyrings" log "SUCCESS" "Created keyrings directory" fi } # Test the installation test_installation() { log "INFO" "Testing installation..." # Test web server access if curl -s -o /dev/null -w "%{http_code}" "http://localhost" | grep -q "200\|301\|302"; then log "SUCCESS" "Web server is accessible" else log "WARNING" "Web server may not be accessible" fi # Test PHP if php -v >/dev/null 2>&1; then log "SUCCESS" "PHP is working" else log "ERROR" "PHP is not working" fi # Test sudo access if sudo -u www-data sudo -n whoami >/dev/null 2>&1; then log "SUCCESS" "Sudo access is working" else log "WARNING" "Sudo access may not be working" fi # Test file permissions if [[ -r "$WEB_DIR/public/index.php" ]]; then log "SUCCESS" "File permissions are correct" else log "ERROR" "File permissions may be incorrect" fi } # Main function main() { echo "==============================================" echo " ZitiNexus UI Permission Fix Script" echo "==============================================" echo check_root install_missing_packages create_missing_directories fix_permissions fix_sudo fix_web_server test_installation echo log "SUCCESS" "Permission fix completed!" echo echo "Next steps:" echo "1. Access the diagnostic script: http://your-server-ip/debug-command-execution.php" echo "2. Review the diagnostic results" echo "3. Try the enrollment process again" echo } # Run main function main "$@"