#!/bin/bash
# 2021-08-02 <tom@bitfit.hu> www-data r-x
d=$1
if [ -z "$d" ]; then
    echo "usage: $0 <directory under /www>"
    exit 1
fi
d=$(echo $d | sed -e 's/\/$//')

cd /www
if [ ! -d $d ]; then
    echo "directory does not exist: $d"
    exit 1
fi

user="www-$d"
id $user >/dev/null 2>&1
if [ $? -gt 0 ]; then
    echo "corresponding web user does not exist: $user"
    exit 1
fi

chown -R $user:$user $d

setfacl -R -b -k $d
setfacl -R -d -m m:rwx $d
setfacl -R -d -m u::rwx $d
setfacl -R -d -m g::--- $d
setfacl -R -d -m o::--- $d
setfacl -R -d -m u:$user:rwx $d
setfacl -R -d -m g:wwwadmin:rwx $d
setfacl -R -d -m g:wwwsftp:rwx $d
setfacl -R -d -m g:www-data:r-x $d
#
setfacl -R -m m:rw- $d
setfacl -R -m u::rwx $d
setfacl -R -m g::--- $d
setfacl -R -m o::--- $d
setfacl -R -m u:$user:rwx $d
setfacl -R -m g:wwwadmin:rwx $d
setfacl -R -m g:wwwsftp:rwx $d
setfacl -R -m g:www-data:r-x $d
find $d -type d -print0 | xargs -0 setfacl -m m:rwx

# vim: set tabstop=4 shiftwidth=4 expandtab smarttab: