zitinexus-public
/
zitinexus-router-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
zitinexus-router-script/UI/fix-permissions.sh

372 lines
11 KiB
Bash
Raw Blame History

#!/bin/bash
# Fix Permissions Script for ZitiNexus Router Enrollment UI
# This script fixes common permission and configuration issues
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
WEB_DIR="/var/www/ziti-enrollment"
WEB_USER="www-data"
# Logging function
log() {
local level=$1
shift
local message="$*"
case $level in
"ERROR")
echo -e "${RED}[ERROR]${NC} $message" >&2
;;
"SUCCESS")
echo -e "${GREEN}[SUCCESS]${NC} $message"
;;
"WARNING")
echo -e "${YELLOW}[WARNING]${NC} $message"
;;
"INFO")
echo -e "${BLUE}[INFO]${NC} $message"
;;
*)
echo "$message"
;;
esac
}
# Check if running as root
check_root() {
if [[ $EUID -ne 0 ]]; then
log "ERROR" "This script must be run as root (use sudo)"
exit 1
fi
}
# Fix file permissions
fix_permissions() {
log "INFO" "Fixing file permissions..."
if [[ ! -d "$WEB_DIR" ]]; then
log "ERROR" "Web directory $WEB_DIR not found. Please run install.sh first."
exit 1
fi
# Set proper ownership
chown -R "$WEB_USER:$WEB_USER" "$WEB_DIR"
log "SUCCESS" "Set ownership to $WEB_USER:$WEB_USER"
# Set directory permissions
find "$WEB_DIR" -type d -exec chmod 755 {} \;
log "SUCCESS" "Set directory permissions to 755"
# Set file permissions
find "$WEB_DIR" -type f -exec chmod 644 {} \;
log "SUCCESS" "Set file permissions to 644"
# Set special permissions for logs and temp
if [[ -d "$WEB_DIR/logs" ]]; then
chmod -R 777 "$WEB_DIR/logs"
log "SUCCESS" "Set logs directory permissions to 777"
fi
if [[ -d "$WEB_DIR/temp" ]]; then
chmod -R 777 "$WEB_DIR/temp"
log "SUCCESS" "Set temp directory permissions to 777"
fi
# Make PHP files executable if needed
find "$WEB_DIR" -name "*.php" -exec chmod 644 {} \;
log "SUCCESS" "Set PHP file permissions"
}
# Fix sudo configuration
fix_sudo() {
log "INFO" "Checking sudo configuration..."
if [[ -f "/etc/sudoers.d/ziti-enrollment" ]]; then
log "INFO" "Sudo configuration already exists"
# Test sudo access
if sudo -u www-data sudo -n whoami >/dev/null 2>&1; then
log "SUCCESS" "Sudo access is working"
else
log "WARNING" "Sudo access may not be working properly"
log "INFO" "Recreating sudo configuration..."
# Recreate sudoers file with all required commands based on diagnostic results
cat > "/etc/sudoers.d/ziti-enrollment" << 'EOF'
# Allow www-data to run system commands for Ziti enrollment
# Core system commands
www-data ALL=(ALL) NOPASSWD: /usr/bin/apt-get
www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl
www-data ALL=(ALL) NOPASSWD: /usr/bin/mkdir
www-data ALL=(ALL) NOPASSWD: /usr/bin/chmod
www-data ALL=(ALL) NOPASSWD: /usr/bin/chown
www-data ALL=(ALL) NOPASSWD: /usr/bin/cp
www-data ALL=(ALL) NOPASSWD: /usr/bin/mv
www-data ALL=(ALL) NOPASSWD: /usr/bin/rm
www-data ALL=(ALL) NOPASSWD: /usr/bin/ln
# Network and download commands
www-data ALL=(ALL) NOPASSWD: /usr/bin/curl
www-data ALL=(ALL) NOPASSWD: /usr/bin/wget
# GPG and security commands
www-data ALL=(ALL) NOPASSWD: /usr/bin/gpg
www-data ALL=(ALL) NOPASSWD: /usr/bin/ziti
# Information gathering commands
www-data ALL=(ALL) NOPASSWD: /usr/bin/which
www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname
www-data ALL=(ALL) NOPASSWD: /usr/bin/uname
www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release
www-data ALL=(ALL) NOPASSWD: /usr/bin/whoami
www-data ALL=(ALL) NOPASSWD: /usr/bin/id
www-data ALL=(ALL) NOPASSWD: /usr/bin/pwd
www-data ALL=(ALL) NOPASSWD: /usr/bin/date
# File operations
www-data ALL=(ALL) NOPASSWD: /usr/bin/tee
www-data ALL=(ALL) NOPASSWD: /usr/bin/cat
www-data ALL=(ALL) NOPASSWD: /usr/bin/test
www-data ALL=(ALL) NOPASSWD: /usr/bin/ls
www-data ALL=(ALL) NOPASSWD: /usr/bin/touch
www-data ALL=(ALL) NOPASSWD: /usr/bin/echo
www-data ALL=(ALL) NOPASSWD: /usr/bin/head
www-data ALL=(ALL) NOPASSWD: /usr/bin/tail
www-data ALL=(ALL) NOPASSWD: /usr/bin/wc
www-data ALL=(ALL) NOPASSWD: /usr/bin/grep
www-data ALL=(ALL) NOPASSWD: /usr/bin/sed
www-data ALL=(ALL) NOPASSWD: /usr/bin/awk
www-data ALL=(ALL) NOPASSWD: /usr/bin/cut
www-data ALL=(ALL) NOPASSWD: /usr/bin/sort
www-data ALL=(ALL) NOPASSWD: /usr/bin/uniq
# Network diagnostic commands
www-data ALL=(ALL) NOPASSWD: /usr/bin/nslookup
www-data ALL=(ALL) NOPASSWD: /usr/bin/ping
www-data ALL=(ALL) NOPASSWD: /usr/bin/dig
www-data ALL=(ALL) NOPASSWD: /usr/bin/host
# Process and system monitoring
www-data ALL=(ALL) NOPASSWD: /usr/bin/ps
www-data ALL=(ALL) NOPASSWD: /usr/bin/top
www-data ALL=(ALL) NOPASSWD: /usr/bin/htop
www-data ALL=(ALL) NOPASSWD: /usr/bin/free
www-data ALL=(ALL) NOPASSWD: /usr/bin/df
www-data ALL=(ALL) NOPASSWD: /usr/bin/du
# Text processing and utilities
www-data ALL=(ALL) NOPASSWD: /usr/bin/find
www-data ALL=(ALL) NOPASSWD: /usr/bin/xargs
www-data ALL=(ALL) NOPASSWD: /usr/bin/basename
www-data ALL=(ALL) NOPASSWD: /usr/bin/dirname
www-data ALL=(ALL) NOPASSWD: /usr/bin/realpath
www-data ALL=(ALL) NOPASSWD: /usr/bin/readlink
# Archive and compression
www-data ALL=(ALL) NOPASSWD: /usr/bin/tar
www-data ALL=(ALL) NOPASSWD: /usr/bin/gzip
www-data ALL=(ALL) NOPASSWD: /usr/bin/gunzip
www-data ALL=(ALL) NOPASSWD: /usr/bin/zip
www-data ALL=(ALL) NOPASSWD: /usr/bin/unzip
# Allow shell built-ins and common utilities
www-data ALL=(ALL) NOPASSWD: /bin/bash
www-data ALL=(ALL) NOPASSWD: /bin/sh
www-data ALL=(ALL) NOPASSWD: /usr/bin/env
www-data ALL=(ALL) NOPASSWD: /usr/bin/sleep
www-data ALL=(ALL) NOPASSWD: /usr/bin/timeout
EOF
# Validate sudoers file
if visudo -c -f "/etc/sudoers.d/ziti-enrollment"; then
log "SUCCESS" "Sudo configuration updated successfully"
else
log "ERROR" "Invalid sudoers configuration"
exit 1
fi
fi
else
log "WARNING" "Sudo configuration not found. Please run install.sh first."
fi
}
# Fix web server configuration
fix_web_server() {
log "INFO" "Checking web server configuration..."
# Check if Apache is running
if systemctl is-active --quiet apache2 2>/dev/null; then
log "INFO" "Apache is running"
# Check if site is enabled
if [[ -f "/etc/apache2/sites-enabled/ziti-enrollment.conf" ]]; then
log "SUCCESS" "Apache site is enabled"
else
log "WARNING" "Apache site not enabled"
if [[ -f "/etc/apache2/sites-available/ziti-enrollment.conf" ]]; then
a2ensite ziti-enrollment.conf
systemctl reload apache2
log "SUCCESS" "Enabled Apache site"
else
log "ERROR" "Apache site configuration not found. Please run install.sh first."
fi
fi
# Check if Nginx is running
elif systemctl is-active --quiet nginx 2>/dev/null; then
log "INFO" "Nginx is running"
# Check if site is enabled
if [[ -L "/etc/nginx/sites-enabled/ziti-enrollment" ]]; then
log "SUCCESS" "Nginx site is enabled"
else
log "WARNING" "Nginx site not enabled"
if [[ -f "/etc/nginx/sites-available/ziti-enrollment" ]]; then
ln -sf "/etc/nginx/sites-available/ziti-enrollment" "/etc/nginx/sites-enabled/"
nginx -t && systemctl reload nginx
log "SUCCESS" "Enabled Nginx site"
else
log "ERROR" "Nginx site configuration not found. Please run install.sh first."
fi
fi
# Check PHP-FPM
PHP_VERSION=$(php -v | head -n1 | cut -d' ' -f2 | cut -d'.' -f1,2)
if systemctl is-active --quiet "php${PHP_VERSION}-fpm" 2>/dev/null; then
log "SUCCESS" "PHP-FPM is running"
else
log "WARNING" "PHP-FPM not running"
systemctl start "php${PHP_VERSION}-fpm" || log "ERROR" "Failed to start PHP-FPM"
fi
else
log "ERROR" "No web server (Apache or Nginx) is running"
fi
}
# Install missing packages
install_missing_packages() {
log "INFO" "Checking for missing packages..."
# Update package list
apt update >/dev/null 2>&1
# Check for curl
if ! command -v curl >/dev/null 2>&1; then
log "INFO" "Installing curl..."
apt install -y curl
fi
# Check for GPG
if ! command -v gpg >/dev/null 2>&1; then
log "INFO" "Installing gnupg..."
apt install -y gnupg
fi
# Check for jq
if ! command -v jq >/dev/null 2>&1; then
log "INFO" "Installing jq..."
apt install -y jq
fi
log "SUCCESS" "All required packages are installed"
}
# Create missing directories
create_missing_directories() {
log "INFO" "Creating missing directories..."
# Create logs directory
if [[ ! -d "$WEB_DIR/logs" ]]; then
mkdir -p "$WEB_DIR/logs"
chown "$WEB_USER:$WEB_USER" "$WEB_DIR/logs"
chmod 777 "$WEB_DIR/logs"
log "SUCCESS" "Created logs directory"
fi
# Create temp directory
if [[ ! -d "$WEB_DIR/temp" ]]; then
mkdir -p "$WEB_DIR/temp"
chown "$WEB_USER:$WEB_USER" "$WEB_DIR/temp"
chmod 777 "$WEB_DIR/temp"
log "SUCCESS" "Created temp directory"
fi
# Create keyrings directory
if [[ ! -d "/usr/share/keyrings" ]]; then
mkdir -p "/usr/share/keyrings"
chmod 755 "/usr/share/keyrings"
log "SUCCESS" "Created keyrings directory"
fi
}
# Test the installation
test_installation() {
log "INFO" "Testing installation..."
# Test web server access
if curl -s -o /dev/null -w "%{http_code}" "http://localhost" | grep -q "200\|301\|302"; then
log "SUCCESS" "Web server is accessible"
else
log "WARNING" "Web server may not be accessible"
fi
# Test PHP
if php -v >/dev/null 2>&1; then
log "SUCCESS" "PHP is working"
else
log "ERROR" "PHP is not working"
fi
# Test sudo access
if sudo -u www-data sudo -n whoami >/dev/null 2>&1; then
log "SUCCESS" "Sudo access is working"
else
log "WARNING" "Sudo access may not be working"
fi
# Test file permissions
if [[ -r "$WEB_DIR/public/index.php" ]]; then
log "SUCCESS" "File permissions are correct"
else
log "ERROR" "File permissions may be incorrect"
fi
}
# Main function
main() {
echo "=============================================="
echo " ZitiNexus UI Permission Fix Script"
echo "=============================================="
echo
check_root
install_missing_packages
create_missing_directories
fix_permissions
fix_sudo
fix_web_server
test_installation
echo
log "SUCCESS" "Permission fix completed!"
echo
echo "Next steps:"
echo "1. Access the diagnostic script: http://your-server-ip/debug-command-execution.php"
echo "2. Review the diagnostic results"
echo "3. Try the enrollment process again"
echo
}
# Run main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink