Skip to content

Instantly share code, notes, and snippets.

@cconversion

cconversion/chwp.sh

Created October 25, 2018 05:44
Show Gist options
  • Save cconversion/5ce4164d7a09b23be00c08f4a30e4e7c to your computer and use it in GitHub Desktop.
Save cconversion/5ce4164d7a09b23be00c08f4a30e4e7c to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Permissions Fixer
Raw
chwp.sh
#!/bin/bash
#
# https://codex.wordpress.org/Changing_File_Permissions
#
echo ""
################################################ Pretty Colours in the Terminal
cb="\033[0;34m"
ccb="\033[1;36m"
gb="\033[1;32m"
rb="\033[1;31m"
wb="\033[0;37m"
wbb="\033[1;37m"
endp="\n\033[0m"
PS3="[ENTER]: "
################################################
################################################
APACHE_USER="www-data"
DEV_USER=$USER && if [[ $DEV_USER = "" ]] ; then DEV_USER='dev' ; fi
APACH_GROUP="${APACHE_USER}-${DEV_USER}"
S_GRP="$(groups ${APACHE_USER})" && U_GRP="$(groups ${DEV_USER})" && A_GRP="${S_GRP#*:}${U_GRP#*:}"
################################################
regex_CONTENT_DIR='.*?(/app|/io|/wp-content)$'
regex_CORE_DIR_PRE='.*?(?=(/io|/wp-admin|/wp-content|/wp-includes|/app))'
regex_APP_ABSPATH='(com|local|localhost|net|io|in|org|www|public_html)'
PWD=$(pwd)
APP_ABSPATH_X=$(find "$( pwd )" -maxdepth 2 -type d -regextype posix-extended -regex "${regex_CONTENT_DIR}" | grep -oP "${regex_CORE_DIR_PRE}" | head -n1)
APP_ABSPATH_A="$APP_ABSPATH_X"
APP_ABSPATH_B=$(pwd | grep -oP "${regex_CORE_DIR_PRE}")
if [[ $APP_ABSPATH_A == "" ]] ; then APP_ABSPATH=$APP_ABSPATH_B ; else APP_ABSPATH=$APP_ABSPATH_A ; fi
if [[ ! ${APP_ABSPATH} =~ .*?${regex_APP_ABSPATH}.*? ]] ; then
helplist=$(find "$( pwd )" -maxdepth 4 -type d -regextype posix-extended -regex "${regex_CONTENT_DIR}" | grep -oP "${regex_CORE_DIR_PRE}")
printf "${rb}${helplist}${endp}"
printf "${ccb}Please paste {${cb}[CTRL]+[SHIFT]+[V]${ccb}} absolute path to repo${endp}"
read -r APP_ABSPATH
fi
################################################
# All folders and subfolders should have permissions set as,
# First digit of the code (7) = Owner has read, write, and execute priviledges
# Second digit of the code (7 or 5) = "group" has read, possibly write, and execute priviledges
# Third digit of the code (5) = the public has read and execute priviledges.
printf "${rb} ${gb}${APP_ABSPATH} ${endp}"
printf "${rb}Pick an option (${gb}[3]${rb} Recommended) and hit [ENTER]${endp}"
options=("Loose [777,664]" "Dev [775,664]" "Live [755,644]" "Strict [750,600]" "Shut [400,400]") && PS3="[ENTER]: "
select opt in "${options[@]}" "Quit"; do
case "$REPLY" in
1|777|loose )
DIRS_MOD="777"
FILE_MOD="664"
CONF_MOD="664"
DIRS_APP_MOD="777"
FILE_APP_MOD="664"
HTAC_MOD="664"
break;;
2|dev )
DIRS_MOD="755"
FILE_MOD="644"
CONF_MOD="640"
DIRS_APP_MOD="775"
FILE_APP_MOD="664"
HTAC_MOD="660"
break;;
3|live|prod|stage )
# APACH_GROUP="www-data"
DIRS_MOD="750"
FILE_MOD="640"
CONF_MOD="440"
DIRS_APP_MOD="755"
FILE_APP_MOD="644"
HTAC_MOD="640"
break;;
4|strict )
DIRS_MOD="750"
FILE_MOD="640"
CONF_MOD="400"
DIRS_APP_MOD="750"
FILE_APP_MOD="640"
HTAC_MOD="600"
break;;
5|shut|close|root )
DIRS_MOD="400"
FILE_MOD="400"
CONF_MOD="400"
DIRS_APP_MOD="400"
FILE_APP_MOD="400"
HTAC_MOD="400"
break;;
$(( ${#options[@]}+1 ))|6|q|quit ) printf "${wb} $em_shrug ${endp}" && exit 1 ; break;;
*) echo "Invalid option${REPLY} ... Try another one.";continue;;
esac
done
################################################
echo "################################################"
printf "${ccb}Templating access, user and group privledges...${endp}"
echo ""
printf "${rb}############# WORKING DIRECTORY${endp}"
printf "${rb}[ROOT-DIR] : ${gb}${APP_ABSPATH} ${endp}"
printf "${rb}############# USER GROUPS${endp}"
printf "${rb}[GROUP] : ${gb}${APACH_GROUP} ${endp}"
printf "${rb}[USER] : ${gb}${DEV_USER} ${endp}"
printf "${rb}[SERVER] : ${gb}${APACHE_USER} ${endp}"
printf "${rb}############# FILE PERMISSIONS${endp}"
printf "${rb}[ALL] : ${gb}files '$FILE_MOD', dirs '$DIRS_MOD'${endp}"
printf "${rb}[APP FILES] : ${gb}files '$FILE_APP_MOD', dirs '$DIRS_APP_MOD'${endp}"
printf "${rb}[CONFIGS] : ${gb}wp-config '$CONF_MOD', htacess '$HTAC_MOD'${endp}"
printf "${rb}Make sure this is the correct directory before changing permissions!${endp}"
printf "${rb}Continue with these user settings?${endp}"
options=("Yes (Y)" "No (N)" "Paste New Path (V)") && PS3="[ENTER]: "
select opt in "${options[@]}" "Quit"; do
case "$REPLY" in
1|[yY]|[yY][eE][sS] ) echo "" ; break;;
2|[nN]|[nN][oO] ) printf "${wb}$em_shrug${endp}" && exit 1 ; break;;
3|\^[vV]|[vV]|paste )
find "$( pwd )" -maxdepth 4 -type d -regextype posix-extended -regex "${regex_CONTENT_DIR}" | grep -oP "${regex_CORE_DIR_PRE}"
printf "${ccb}Please paste {${cb}[CTRL]+[SHIFT]+[V]${ccb}} absolute path to repo${endp}"
read -r APP_ABSPATH
break;;
$(( ${#options[@]}+1 )) ) printf "${wb}$em_shrug${endp}" && exit 1 ; break;;
*) echo "Invalid option${REPLY} ... Try another one."; continue;;
esac
done
printf "${wb} ${gb}${APP_ABSPATH} ${endp}"
################################################
if [[ ${APP_ABSPATH} == '/' ]] ; then
# exit ; fi
# if [[ ! ${APP_ABSPATH} =~ .*?(/wp-admin|/wp-content|/wp-includes|/app|/wp).*? ]] ; then
printf "${rb}ERROR: Execute this script from a WordPress directory destination${endp}"
find /var/www -maxdepth 4 -type d -regextype posix-extended -regex "${regex_CONTENT_DIR}" | grep -oP "${regex_CORE_DIR_PRE}"
find "/home/$USER" -maxdepth 4 -type d -regextype posix-extended -regex "${regex_CONTENT_DIR}" | grep -voP "${regex_CORE_DIR_PRE}"| grep -v 'Permission denied'
printf "${ccb}Please paste {${cb}[CTRL]+[SHIFT]+[V]${ccb}} absolute path to repo${endp}"
read -r APP_ABSPATH
printf "${wb} ${gb}${APP_ABSPATH} ${endp}"
exit 1
fi
APP_CONTENT_DIR="${APP_ABSPATH}/io"
################################################
if [[ "${A_GRP}" == "${APACH_GROUP}" ]] || [[ "${A_GRP}" == *"${APACH_GROUP}"* ]] ; then
printf "${ccb}Group '${gb}${APACH_GROUP}${ccb}' already exists...${endp}"
else printf "${gb}[ADD GROUP] ${ccb}New ${wb}'${APACH_GROUP}'${ccb} user group... ${endp}" ; sudo addgroup ${APACH_GROUP}
fi
if groups ${APACHE_USER} | grep "\b${A_GRP}\b" &>/dev/null ; then printf "" ; else
if [[ ${U_GRP#*:} == *"${APACH_GROUP}"* ]] ; then
printf "${ccb}↳ Already has '${gb}${DEV_USER}${ccb}' in group '${gb}${APACH_GROUP}${ccb}'...${endp}"
else printf "${gb}↳ [USERMOD] ${wb}'${DEV_USER}'${ccb} to ${wb}'${APACH_GROUP}'${ccb} user group... ${endp}" ; sudo usermod -a -G ${APACH_GROUP} ${DEV_USER}
fi
if [[ ${S_GRP#*:} == *"${APACH_GROUP}"* ]] ; then
printf "${ccb}↳ Already has '${gb}${APACHE_USER}${ccb}' in group '${gb}${APACH_GROUP}${ccb}'...${endp}"
else printf "${gb}↳ [USERMOD] ${wb}'${APACHE_USER}'${ccb} to ${wb}'${APACH_GROUP}'${ccb} user group... ${endp}" ; sudo usermod -a -G ${APACH_GROUP} ${APACHE_USER}
fi
fi
################################################
echo ""
printf "${wb}The following processes can take a while,${endp}"
printf "${wb}please be patient and do not kill the process...${endp}"
printf "${rb}OK... ${wb}Moving to '${APP_ABSPATH}' now...${endp}"
sudo echo "" || sleep 3
printf "${ccb}Setting directory ownership to '${gb}${DEV_USER}:${APACH_GROUP}${ccb}'... ${endp}"
sudo chown -R ${DEV_USER}:${APACH_GROUP} "${APP_ABSPATH}"
sudo chgrp ${APACH_GROUP} "${APP_ABSPATH}"
printf "${ccb}↳ Set the group ID (setgid) to ${gb}inherit${ccb} parent directory... ${endp}"
sudo find "${APP_ABSPATH}" -type d -not -path "*/.git*" -exec chmod g+s {} \;
printf "${ccb}↳ Set folders (${gb}${DIRS_MOD}${ccb}) permissions... ${endp}"
sudo find "${APP_ABSPATH}" -type d -not -path "*/.git*" -exec chmod ${DIRS_MOD} {} \; || sudo find "${APP_ABSPATH}" -type d -exec chmod 755 {} \;
printf "${ccb}↳ Set the files (${gb}${FILE_MOD}${ccb}) permissions... ${endp}"
sudo find "${APP_ABSPATH}" -type f -not -path "*/.git*" -exec chmod ${FILE_MOD} {} \; || sudo find "${APP_ABSPATH}" -type f -exec chmod 644 {} \;
printf "${ccb}Modifiying '${gb}${APP_CONTENT_DIR}${ccb}' directory:${endp}"
printf "${ccb}↳ Set Owner as server (${gb}${APACHE_USER}${ccb})... ${endp}"
sudo chown "${APACHE_USER}" -R "${APP_CONTENT_DIR}"
printf "${ccb}↳ Set Ownership to shared group (${gb}${APACH_GROUP}${ccb})... ${endp}"
sudo find "${APP_CONTENT_DIR}" -exec chgrp ${APACH_GROUP} {} \;
printf "${ccb}↳ Set folders (${gb}${DIRS_APP_MOD}${ccb}) permissions... ${endp}"
sudo find "${APP_CONTENT_DIR}" -type d -exec chmod ${DIRS_APP_MOD} {} \; || sudo find "${APP_CONTENT_DIR}" -type d -exec chmod 775 {} \;
printf "${ccb}↳ Set files (${gb}${FILE_APP_MOD}${ccb}) permissions... ${endp}"
sudo find "${APP_CONTENT_DIR}" -type f -exec chmod ${FILE_APP_MOD} {} \; || sudo find "${APP_CONTENT_DIR}" -type f -exec chmod 664 {} \;
sudo setfacl -R -m u:${DEV_USER}:rwx "${APP_ABSPATH}"
printf "${ccb}Allowing group '${gb}${APACH_GROUP}${ccb}' to manage '${gb}wp-config.php${ccb}'...${endp}"
sudo chgrp ${APACH_GROUP} "${APP_ABSPATH}/wp-config.php"
printf "${ccb}↳ Prevent world access (${gb}${CONF_MOD}${ccb})...${endp}"
sudo chmod ${CONF_MOD} "${APP_ABSPATH}/wp-config.php" || sudo chmod 440 "${APP_ABSPATH}/wp-config.php"
printf "${ccb}Ensuring '${gb}.htaccess${ccb}' files are protected (${gb}${HTAC_MOD}${ccb})...${endp}"
sudo find "${APP_ABSPATH}" -name ".htaccess" -exec chmod ${HTAC_MOD} {} \;
# printf "${ccb}Ensuring git repo retains its permissions...${endp}${gb}"
# sudo chgrp -R ${DEV_USER} "${APP_ABSPATH}/.git"
# sudo find "${APP_ABSPATH}/.git" -type d -exec chmod g+s {} \;
# sudo chown -R ${DEV_USER}:${APACH_GROUP} "${APP_ABSPATH}/.git"
# sudo chmod -R ug+ws "${APP_ABSPATH}/.git" || sudo chmod -R 775 "${APP_ABSPATH}/.git"
# # git config core.sharedRepository true
################################################
################################################
echo "################################################"
printf "${gb}SUCCESS!${endp}"
printf "${gb}Permissions have been reset to your template${endp}"
printf "${endp}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment