#!/bin/sh
##
#
# Author:	Roland Uuesoo ( roland@martem.ee )
# Date:		19 Oct 2012
#

. /usr/local/bin/telem/functions

VAR_TELEM=/var/local/telem

ETC_TELEM=/usr/local/etc/telem

GWS_GROUP=gws

CHOWN='chown -f' # quier mode
CHMOD='chmod -f' # quiet mode

_root=$1

###############################################################################
#                                                                             #
#                            Change file permissions                          #
#                                                                             #
###############################################################################

logger -s -p "user.info" -t "$0" "Starting check_permissions"

# /etc directory permissions
${CHOWN} -R root:root   $_root/etc
${CHMOD} a-rw,u+rw -R   $_root/etc
${CHMOD} a+rx,u+w       $_root/etc

${CHMOD} a=r,ug+w       $_root/etc/TZ \
                        $_root/etc/group \
                        $_root/etc/hostname \
                        $_root/etc/hosts \
                        $_root/etc/profile \
                        $_root/etc/ssh/sshd_config

${CHMOD} a=r,u+w        $_root/etc/passwd \
                        $_root/etc/ssh/ssh_config

${CHMOD} a=,ug+r,u+w    $_root/etc/shadow

${CHMOD} a=,u=rw        $_root/etc/ssh/ssh_host_dsa_key \
                        $_root/etc/ssh/ssh_host_ecdsa_key \
                        $_root/etc/ssh/ssh_host_ed25519_key \
                        $_root/etc/ssh/ssh_host_key \
                        $_root/etc/ssh/ssh_host_rsa_key \
                        $_root/etc/comtrade_id

${CHMOD} a=r,u+w        $_root/etc/ssh/ssh_host_dsa_key.pub \
                        $_root/etc/ssh/ssh_host_ecdsa_key.pub \
                        $_root/etc/ssh/ssh_host_ed25519_key.pub \
                        $_root/etc/ssh/ssh_host_key.pub \
                        $_root/etc/ssh/ssh_host_rsa_key.pub

${CHMOD} u+x            $_root/etc/init.d/* \
                        $_root/etc/ppp/ip-up \
                        $_root/etc/ppp/ip-down \
                        $_root/etc/ppp/auth-up \
                        $_root/etc/ppp/auth-down \
                        $_root/etc/ppp/l2tp-ip-up \
                        $_root/etc/ppp/l2tp-ip-down \
                        $_root/etc/racoon/phase1_l2tp \
                        $_root/etc/racoon/phase1_tun \
                        $_root/etc/racoon/ipsec-ip-up \
                        $_root/etc/racoon/ipsec-ip-down \
                        $_root/etc/network/if-up.d/*

${CHMOD} u+x            $_root/usr/local/bin/archiving/log_packer.sh \
                        $_root/usr/local/bin/comtrade/StartComtrade \
                        $_root/usr/local/bin/comtrade/comtradeSDCardHotplug.sh \
                        $_root/usr/local/bin/comtrade/comtradeSsh.sh \
                        $_root/usr/local/bin/comtrade/comtradeWorker.sh \
                        $_root/usr/local/bin/dns/StartDNS \
                        $_root/usr/local/bin/ftdi/write-eeprom.sh \
                        $_root/usr/local/bin/gwpinger/StartGWPinger \
                        $_root/usr/local/bin/gwpinger/gwpinger.sh \
                        $_root/usr/local/bin/imx/getwdbootmsg \
                        $_root/usr/local/bin/ipsec/StartIPSec \
                        $_root/usr/local/bin/l2tp/StartL2TP \
                        $_root/usr/local/bin/l2tp/l2tp_dialer \
                        $_root/usr/local/bin/ntp/StartNTP \
                        $_root/usr/local/bin/ntp/check_ntp_status \
                        $_root/usr/local/bin/openvpn/StartOpenVPNClient \
                        $_root/usr/local/bin/pinger/StartPingers.sh \
                        $_root/usr/local/bin/pinger/pinger.sh \
                        $_root/usr/local/bin/post_update/* \
                        $_root/usr/local/bin/ppp/InitPPP \
                        $_root/usr/local/bin/ppp/StartPPP \
                        $_root/usr/local/bin/ppp/kill-pppd \
                        $_root/usr/local/bin/rtc/InitialReadHwClock \
                        $_root/usr/local/bin/serialif/StartSerialif \
                        $_root/usr/local/bin/serialif/renameif \
                        $_root/usr/local/bin/sms/sync_sms_dirs \
                        $_root/usr/local/bin/snmp/StartSNMP \
                        $_root/usr/local/bin/snmp/send_trap.sh \
                        $_root/usr/local/bin/tcpdump/check-tcpdump.sh \
                        $_root/usr/local/bin/terminals/terminal.sh
                        
                        # telem-gw-stderr-checker.sh does not need exec perms, sourced in board/martem/telem-common/fs_skeleton/usr/local/bin/telem/gateway
                        # telit.sh does not need exec perms, sourced in board/martem/telem-random/usr/local/bin/ppp/generic_startppp.sh
${CHMOD} a=r,u+w        $_root/usr/local/bin/archiving/telem-gw-stderr-checker.sh \
                        $_root/usr/local/bin/archiving/telit.sh 
                    
${CHOWN} root:root      $_root/usr/local/bin/telem/*

${CHMOD} a=rx,u+w       $_root/usr/local/bin/telem/boardname.sh \
                        $_root/usr/local/bin/telem/dynmotd \
                        $_root/usr/local/bin/telem/dynmotd_gws \
                        $_root/usr/local/bin/telem/gateway \
                        $_root/usr/local/bin/telem/genhwinfo.sh \
                        $_root/usr/local/bin/telem/pack_logs \
                        $_root/usr/local/bin/telem/geterrors.sh \
                        $_root/usr/local/bin/telem/gpio.sh \
                        $_root/usr/local/bin/telem/modeminfo.sh \
                        $_root/usr/local/bin/telem/modemst.sh \
                        $_root/usr/local/bin/telem/motd/ \
                        $_root/usr/local/bin/telem/parse_ordercode.sh \
                        $_root/usr/local/bin/telem/service.sh \
                        $_root/usr/local/bin/telem/telem_syslog.sh \
                        $_root/usr/local/bin/telem/usb-network.sh
                    
${CHMOD} u=rxw          $_root/usr/local/bin/telem/check-usb.sh \
                        $_root/usr/local/bin/telem/geninfo.sh \
                        $_root/usr/local/bin/telem/post_update.sh \
                        $_root/usr/local/bin/telem/repair.sh \
                        $_root/usr/local/bin/telem/mdev_modem.sh

${CHMOD} a=r,u+w        $_root/usr/local/bin/telem/error_functions \
                        $_root/usr/local/bin/telem/functions \
                        $_root/usr/local/bin/telem/loadinfo \
                        $_root/usr/local/bin/telem/loadhwinfo \
                        $_root/usr/local/bin/telem/motd/*

pathWithGWSAccess() {
    # $1: directory
    # For GWS group to write some files
    # For dynmotd to read data
    mkdir -p "$1"
    ${CHOWN} -R :$GWS_GROUP     "$1"
    # directory needs +x for ls/cd command
    find "$1" -type d -exec ${CHMOD} a=,u=rwx,g=rx {} +
    find "$1" -type f -exec ${CHMOD} a=,u=rw,g=r   {} +
    # GWS group needs to create files here
    # and only file owner can delete files
    ${CHMOD} ug=rwx,g+s,+t      "$1"
}

pathWithGWSAccess "$_root/$ETC_TELEM"
pathWithGWSAccess "$_root/opt/protocol"
mkdir -p "$_root/$VAR_TELEM/log/archive"
pathWithGWSAccess "$_root/$VAR_TELEM"

logger -s -p "user.info" -t "$0" "check_permissions done"

sync
