forked from littlebizzy/slickstack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathss-perms.txt
192 lines (156 loc) · 6.33 KB
/
ss-perms.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#!/bin/bash
###########################################################
#### author: SlickStack ###################################
#### link: https://slickstack.io ##########################
#### mirror: http://mirrors.slickstack.io/ss-perms.txt ####
#### path: /var/www/ss-perms ##############################
#### destination: n/a #####################################
#### purpose: resets all file and server permissions ######
#### ss version: SlickStack alpha ss4b ####################
#### module version: n/a ##################################
###########################################################
## slickstack config ##
source /var/www/ss-config
## create wordpress group if does not exist ##
addgroup wordpress
## add sftp user and nginx user to the wordpress group ##
adduser $user wordpress
adduser www-data wordpress
## reset sudoers permissions ##
chown root:root /etc/sudoers
chmod 440 /etc/sudoers
## slickstack file permissions ##
chown root:root /var/www/1-cron-often
chown root:root /var/www/2-cron-regular
chown root:root /var/www/3-cron-hourly
chown root:root /var/www/4-cron-quarter-daily
chown root:root /var/www/5-cron-half-daily
chown root:root /var/www/6-cron-daily
chown root:root /var/www/7-cron-weekly
chown root:root /var/www/8-cron-monthly
chown root:root /var/www/9-cron-sometimes
chown root:root /var/www/ss-check
chown root:root /var/www/ss-clean
chown root:root /var/www/ss-config
chown root:root /var/www/ss-config-sample
chown root:root /var/www/ss-install
chown root:root /var/www/ss-muplugs
chown root:root /var/www/ss-perms
chown root:root /var/www/ss-update
chown root:root /var/www/ss-worker
chmod 755 /var/www/1-cron-often
chmod 755 /var/www/2-cron-regular
chmod 755 /var/www/3-cron-hourly
chmod 755 /var/www/4-cron-quarter-daily
chmod 755 /var/www/5-cron-half-daily
chmod 755 /var/www/6-cron-daily
chmod 755 /var/www/7-cron-weekly
chmod 755 /var/www/8-cron-monthly
chmod 755 /var/www/9-cron-sometimes
chmod 755 /var/www/ss-check
chmod 755 /var/www/ss-clean
chmod 660 /var/www/ss-config
chmod 755 /var/www/ss-config-sample
chmod 755 /var/www/ss-install
chmod 755 /var/www/ss-muplugs
chmod 755 /var/www/ss-perms
chmod 755 /var/www/ss-update
chmod 755 /var/www/ss-worker
## (root user/group) everything in /var/www ##
chown root:root /var/www
chmod 755 /var/www
## (non-root sftp user/group) everything in /var/www/html ##
chown -R $user:wordpress /var/www/html
chmod 755 /var/www/html
find /var/www/html/ -type d -exec chmod 775 {} \;
find /var/www/html/ -type f -not -path "*var/www/html/wp-content/uploads*" -exec chmod 664 {} \;
find /var/www/html/wp-content/uploads/ -not -name "*.jpg" -not -name "*.jpeg" -not -name "*.png" -not -name "*.bmp" -not -name "*.webp" -not -name "*.gif" -not -name "*.tiff" -not -name "*.mp4" -not -name "*.vid" -type f -exec chmod 664 {} \;
## cache directory ##
# chown -R www-data:wordpress /var/www/html/wp-content/cache
# find /var/www/html/wp-content/cache/ -type d -exec chmod 777 {} \;
# find /var/www/html/wp-content/cache/ -type f -exec chmod 777 {} \;
## (nginx server user/group) everything in /var/www/html/wp-content/mu-plugins ##
chown -R www-data:wordpress /var/www/html/wp-content/mu-plugins
## wordpress temp ##
mkdir /var/www/html/wp-content/temp
chown -R www-data:wordpress /var/www/html/wp-content/temp
chmod 775 /var/www/html/wp-content/temp
## reset permissions: plugin blacklist ##
chown -R www-data:www-data /var/www/html/wp-content/blacklist.txt
chmod 400 /var/www/html/wp-content/blacklist.txt
## reset permissions: object cache ##
chown -R www-data:wordpress /var/www/html/wp-content/object-cache.php
chmod 664 /var/www/html/wp-content/object-cache.php
## wp-config ##
# chown -R www-data:www-data /var/www/html/wp-config.php
chmod 660 /var/www/html/wp-config.php
## misc ##
chmod -R g+s /var/www/html/
###############################
#### reset log permissions ####
###############################
## ensure log directory exists ##
mkdir /var/www/logs
## ensure all log files exist ##
if [ ! -f "/var/www/logs/clamav.log" ]; then touch "/var/www/logs/clamav.log"; fi
if [ ! -f "/var/www/logs/error.log" ]; then touch "/var/www/logs/error.log"; fi
if [ ! -f "/var/www/logs/monit.log" ]; then touch "/var/www/logs/monit.log"; fi
if [ ! -f "/var/www/logs/mysql.log" ]; then touch "/var/www/logs/mysql.log"; fi
if [ ! -f "/var/www/logs/nginx.log" ]; then touch "/var/www/logs/nginx.log"; fi
if [ ! -f "/var/www/logs/redis.log" ]; then touch "/var/www/logs/redis.log"; fi
## reset log permissions ##
chown -R www-data:www-data /var/www/logs
chown -R clamav:clamav /var/www/logs/clamav.log*
chown -R redis:redis /var/www/logs/redis.log*
chmod -R 775 /var/www/logs
#### reset Redis permissions ####
mkdir /var/run/redis
chown redis:redis /etc/redis/redis.conf
## old ##
mkdir /var/run/php
###############################
## reset Nginx permissions ####
###############################
## ensure nginx fastcgi cache directory exists ##
mkdir /var/www/cache
## reset nginx permissions ##
chown www-data:www-data /var/www/cache
chmod 775 /var/www/cache
chown root:root /etc/nginx/nginx.conf
chown root:root /etc/nginx/fastcgi.conf
## reset openssl permissions ##
chown root:root /etc/ssl/nginx.crt
chown root:root /etc/ssl/nginx.key
chown root:root /etc/ssl/nginx.pem
chmod -R 700 /etc/ssl/nginx.crt
chmod -R 700 /etc/ssl/nginx.key
chmod -R 700 /etc/ssl/nginx.pem
## reset ssh/sftp permissions ##
chown root:root /etc/ssh/sshd_config
## reset wp-cli permissions ##
## https://github.com/wp-cli/wp-cli/issues/3181 ##
## https://github.com/wp-cli/wp-cli/issues/1241 ##
## https://www.alexgeorgiou.gr/wp-cli-www-data-user-permissions-linux/ ##
chown root:root /usr/local/bin/
chown www-data:www-data /usr/local/bin/wp
chmod 6775 /usr/local/bin/wp
## reset php permissions ##
# chown www-data:www-data /var/run/php
chown root:root /etc/php/7.2/fpm/php.ini
chown root:root /etc/php/7.2/fpm/php-fpm.conf
chown root:root /etc/php/7.2/cli/php.ini
## create mysql files if do not exist ##
mkdir /var/run/mysqld
## reset mysql permissions ##
chown mysql:mysql /var/run/mysqld
chown root:root /etc/mysql/my.cnf
chown root:root /etc/mysql/mysql.cnf
chown root:root /etc/mysql/mysql.conf.d/mysqld.cnf
## create redis files if do not exist ##
mkdir /var/run/redis
## reset redis permissions ##
chown redis:redis /var/run/redis
chown redis:redis /etc/redis/redis.conf
## reset monit permissions ##
chown root:root /etc/monit/monitrc
chmod -R 700 /etc/monit/monitrc