gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eeaa0d2f37
secubox-openwrt/luci-app-secubox/root/usr/libexec/secubox/fix-permissions.sh
CyberMind-FR a53e5f7068 feat: Add comprehensive permission management system (v0.3.1) 
Implement three-tier permission management across all SecuBox modules:

**1. Package-Level Permissions (PKG_FILE_MODES)**
- Add PKG_FILE_MODES to all 15 module Makefiles
- RPCD scripts: 755 (executable)
- CSS/JS/JSON files: 644 (default, no config needed)
- Ensures correct permissions at installation time

**2. Runtime Permission Fix**
- New script: /usr/libexec/secubox/fix-permissions.sh
- RPCD method: luci.secubox fix_permissions
- UI control: "🔧 Fix Perms" button in Quick Actions
- Fixes all permissions and restarts services

**3. Automation & Documentation**
- secubox-tools/add-pkg-file-modes.sh: Auto-configure PKG_FILE_MODES
- PERMISSIONS-GUIDE.md: Comprehensive permissions guide
- MODULE-ENABLE-DISABLE-DESIGN.md: Enable/disable system design doc
- Updated Makefile template with PKG_FILE_MODES pattern

**Modules Updated:**
- luci-app-auth-guardian
- luci-app-bandwidth-manager
- luci-app-cdn-cache
- luci-app-client-guardian
- luci-app-crowdsec-dashboard
- luci-app-ksm-manager
- luci-app-media-flow
- luci-app-netdata-dashboard
- luci-app-netifyd-dashboard
- luci-app-network-modes
- luci-app-secubox (+ fix-permissions.sh script)
- luci-app-system-hub
- luci-app-traffic-shaper
- luci-app-vhost-manager
- luci-app-wireguard-dashboard

**Benefits:**
- No more manual permission fixes after installation
- Users can fix permissions from UI without SSH access
- Proper OpenWrt package management compliance
- Automated detection and configuration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-28 02:19:30 +01:00

170 lines
4.5 KiB
Bash
Raw Blame History

#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
# SecuBox Permissions Fix Script
# Automatically fixes file permissions for SecuBox modules
# Copyright (C) 2025 CyberMind.fr
set -e
LOG_TAG="secubox-fix-perms"
log_info() {
logger -t "$LOG_TAG" -p info "$1"
echo "[INFO] $1"
}
log_error() {
logger -t "$LOG_TAG" -p err "$1"
echo "[ERROR] $1" >&2
}
fix_rpcd_permissions() {
log_info "Fixing RPCD script permissions..."
local rpcd_scripts="
/usr/libexec/rpcd/luci.secubox
/usr/libexec/rpcd/luci.system-hub
/usr/libexec/rpcd/luci.network-modes
/usr/libexec/rpcd/luci.crowdsec-dashboard
/usr/libexec/rpcd/luci.netdata-dashboard
/usr/libexec/rpcd/luci.netifyd-dashboard
/usr/libexec/rpcd/luci.wireguard-dashboard
/usr/libexec/rpcd/luci.client-guardian
/usr/libexec/rpcd/luci.bandwidth-manager
/usr/libexec/rpcd/luci.auth-guardian
/usr/libexec/rpcd/luci.media-flow
/usr/libexec/rpcd/luci.vhost-manager
/usr/libexec/rpcd/luci.traffic-shaper
/usr/libexec/rpcd/luci.cdn-cache
/usr/libexec/rpcd/luci.ksm-manager
"
local count=0
for script in $rpcd_scripts; do
if [ -f "$script" ]; then
chmod 755 "$script" 2>/dev/null && count=$((count + 1))
fi
done
log_info "Fixed $count RPCD scripts (755)"
}
fix_web_permissions() {
log_info "Fixing web resources permissions..."
# Fix CSS files
local css_count=0
if [ -d "/www/luci-static/resources" ]; then
css_count=$(find /www/luci-static/resources -type f -name "*.css" -exec chmod 644 {} \; -print 2>/dev/null | wc -l)
fi
log_info "Fixed $css_count CSS files (644)"
# Fix JS files
local js_count=0
if [ -d "/www/luci-static/resources" ]; then
js_count=$(find /www/luci-static/resources -type f -name "*.js" -exec chmod 644 {} \; -print 2>/dev/null | wc -l)
fi
log_info "Fixed $js_count JS files (644)"
}
fix_config_permissions() {
log_info "Fixing configuration file permissions..."
local count=0
# Fix ACL files
for acl in /usr/share/rpcd/acl.d/luci-app-*.json; do
if [ -f "$acl" ]; then
chmod 644 "$acl" 2>/dev/null && count=$((count + 1))
fi
done
# Fix menu files
for menu in /usr/share/luci/menu.d/luci-app-*.json; do
if [ -f "$menu" ]; then
chmod 644 "$menu" 2>/dev/null && count=$((count + 1))
fi
done
log_info "Fixed $count config files (644)"
}
restart_services() {
log_info "Restarting services..."
if /etc/init.d/rpcd restart >/dev/null 2>&1; then
log_info "RPCD restarted successfully"
else
log_error "Failed to restart RPCD"
fi
if /etc/init.d/uhttpd restart >/dev/null 2>&1; then
log_info "uHTTPd restarted successfully"
else
log_error "Failed to restart uHTTPd"
fi
}
verify_permissions() {
log_info "Verifying permissions..."
local errors=0
# Check RPCD scripts
for script in /usr/libexec/rpcd/luci.*; do
if [ -f "$script" ]; then
local perms=$(ls -l "$script" 2>/dev/null | cut -c1-10)
if [ "$perms" != "-rwxr-xr-x" ]; then
log_error "Invalid permissions on $script: $perms (expected -rwxr-xr-x)"
errors=$((errors + 1))
fi
fi
done
# Check critical files
for file in /www/luci-static/resources/secubox/api.js /www/luci-static/resources/secubox/dashboard.css; do
if [ -f "$file" ]; then
local perms=$(ls -l "$file" 2>/dev/null | cut -c1-10)
if [ "$perms" != "-rw-r--r--" ]; then
log_error "Invalid permissions on $file: $perms (expected -rw-r--r--)"
errors=$((errors + 1))
fi
fi
done
if [ $errors -eq 0 ]; then
log_info "All permissions verified successfully"
return 0
else
log_error "Found $errors permission errors"
return 1
fi
}
main() {
echo "================================================"
echo " SecuBox Permissions Fix Script v0.3.1"
echo "================================================"
echo ""
fix_rpcd_permissions
fix_web_permissions
fix_config_permissions
echo ""
restart_services
echo ""
verify_permissions
echo ""
echo "================================================"
echo " Permissions fix completed!"
echo "================================================"
}
# Run if executed directly
if [ "${0##*/}" = "fix-permissions.sh" ]; then
main "$@"
fi
Reference in New Issue View Git Blame Copy Permalink