/usr/bin/horde-writable-config is in php-horde 5.2.17+debian0-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | #!/bin/sh
set -e
show_help() {
echo "Usage:"
echo " $0: Render configuration files writable by the web server"
echo " $0 --harden: Render configuration files writable by root only"
}
expected_owner='www-data'
expected_group='www-data'
expected_mode='640'
if [ "$#" = 1 -a "$1" = '--harden' ]; then
expected_owner='root'
elif [ "$#" != 0 ]; then
show_help
exit 1
fi
for app in /etc/horde/*; do
if [ ! -d "${app}" ]; then
continue
fi
for conf in conf.php; do
backup_conf=$(echo "$conf" | sed 's/.php$/.bak.php/')
if [ -L "${app}/${conf}" ]; then
echo "${app}/${conf}: is a symlink. Skipping."
continue
elif [ -f "${app}/${conf}" ]; then
echo "${app}/${conf}: already exists."
elif [ -f "${app}/${conf}" ]; then
echo "${app}/${conf}: already exists."
elif [ -f "${app}/${conf}.dist" ]; then
echo "${app}/${conf}: creating from ${app}/${conf}.dist"
cp "${app}/${conf}.dist" "${app}/${conf}"
else
echo "${app}/${conf}: creating empty"
touch "${app}/${conf}"
fi
if [ -L "${app}/${backup_conf}" ]; then
echo "${app}/${backup_conf}: is a symlink. Skipping."
continue
elif [ ! -f "${app}/${backup_conf}" ]; then
echo "${app}/${backup_conf}: creating empty"
touch "${app}/${backup_conf}"
fi
for file in "${app}/${conf}" "${app}/${backup_conf}"; do
current_owner="$(stat --format=%U "${file}")"
if [ "${current_owner}" != "${expected_owner}" ]; then
echo "${file}: changing owner from ${current_owner} to ${expected_owner}"
chown "${expected_owner}" "${file}"
fi
current_group="$(stat --format=%G "${file}")"
if [ "${current_group}" != "${expected_group}" ]; then
echo "${file}: changing group from ${current_group} to ${expected_group}"
chgrp "${expected_group}" "${file}"
fi
current_mode="$(stat --format=%a "${file}")"
if [ "${current_mode}" != "${expected_mode}" ]; then
echo "${file}: changing mode from ${current_mode} to ${expected_mode}"
chmod "${expected_mode}" "${file}"
fi
done
done
done
|