#!/bin/sh
##
#
# Author:	Roland Uuesoo ( roland@martem.ee )
# Date:		19 Oct 2012
#

. /usr/local/bin/telem/functions

VAR_TELEM=/var/local/telem

ETC_TELEM=/usr/local/etc/telem

GWS_GROUP=gws

CHOWN='chown -f' # quier mode
CHMOD='chmod -f' # quiet mode

_root=$1

###############################################################################
#                                                                             #
#                            Change file permissions                          #
#                                                                             #
###############################################################################

logger -s -p "user.info" -t "$0" "Starting check_permissions"

# /etc directory permissions
${CHOWN} -R root:root   $_root/etc
${CHMOD} a-rw,u+rw -R   $_root/etc
${CHMOD} a+rx,u+w       $_root/etc

${CHMOD} a=r,ug+w       $_root/etc/TZ \
                        $_root/etc/group \
                        $_root/etc/hostname \
                        $_root/etc/hosts \
                        $_root/etc/profile \
                        $_root/etc/sshd_config

${CHMOD} a=r,u+w        $_root/etc/passwd \
                        $_root/etc/ssh_config

${CHMOD} a=,ug+r,u+w    $_root/etc/shadow

${CHMOD} u=rw           $_root/etc/ssh_host_dsa_key \
                        $_root/etc/ssh_host_ecdsa_key \
                        $_root/etc/ssh_host_key \
                        $_root/etc/ssh_host_rsa_key

${CHMOD} a=r,u+w        $_root/etc/ssh_host_dsa_key.pub \
                        $_root/etc/ssh_host_ecdsa_key.pub \
                        $_root/etc/ssh_host_key.pub \
                        $_root/etc/ssh_host_rsa_key.pub

${CHMOD} u+x            $_root/etc/init.d/* \
                        $_root/etc/ppp/ip-up \
                        $_root/etc/ppp/ip-down \
                        $_root/etc/ppp/auth-up \
                        $_root/etc/ppp/auth-down \
                        $_root/etc/ppp/l2tp-ip-up \
                        $_root/etc/ppp/l2tp-ip-down \
                        $_root/etc/racoon/phase1_l2tp \
                        $_root/etc/racoon/phase1_tun \
                        $_root/etc/racoon/ipsec-ip-up \
                        $_root/etc/racoon/ipsec-ip-down \
                        $_root/etc/network/if-up.d/*

${CHMOD} u+x            $_root/usr/local/bin/archiving/log_packer.sh \
                        $_root/usr/local/bin/comtrade/StartComtrade \
                        $_root/usr/local/bin/comtrade/comtradeSDCardHotplug.sh \
                        $_root/usr/local/bin/comtrade/comtradeSsh.sh \
                        $_root/usr/local/bin/comtrade/comtradeWorker.sh \
                        $_root/usr/local/bin/dns/StartDNS \
                        $_root/usr/local/bin/ftdi/write-eeprom.sh \
                        $_root/usr/local/bin/gwpinger/StartGWPinger \
                        $_root/usr/local/bin/gwpinger/gwpinger.sh \
                        $_root/usr/local/bin/imx/getwdbootmsg \
                        $_root/usr/local/bin/ipsec/StartIPSec \
                        $_root/usr/local/bin/l2tp/StartL2TP \
                        $_root/usr/local/bin/l2tp/l2tp_dialer \
                        $_root/usr/local/bin/ntp/StartNTP \
                        $_root/usr/local/bin/ntp/check_gps_status \
                        $_root/usr/local/bin/openvpn/StartOpenVPNClient \
                        $_root/usr/local/bin/pinger/StartPingers.sh \
                        $_root/usr/local/bin/pinger/pinger.sh \
                        $_root/usr/local/bin/post_update/* \
                        $_root/usr/local/bin/ppp/InitPPP \
                        $_root/usr/local/bin/ppp/StartPPP \
                        $_root/usr/local/bin/ppp/kill-pppd \
                        $_root/usr/local/bin/rtc/InitialReadHwClock \
                        $_root/usr/local/bin/serialif/StartSerialif \
                        $_root/usr/local/bin/serialif/renameif \
                        $_root/usr/local/bin/sms/sync_sms_dirs \
                        $_root/usr/local/bin/snmp/StartSNMP \
                        $_root/usr/local/bin/snmp/send_trap.sh \
                        $_root/usr/local/bin/tcpdump/check-tcpdump.sh \
                        $_root/usr/local/bin/terminals/terminal.sh
                        
                        # telem-gw-stderr-checker.sh does not need exec perms, sourced in board/martem/telem-common/fs_skeleton/usr/local/bin/telem/gateway
                        # telit.sh does not need exec perms, sourced in board/martem/telem-random/usr/local/bin/ppp/generic_startppp.sh
${CHMOD} a=r,u+w        $_root/usr/local/bin/archiving/telem-gw-stderr-checker.sh \
                        $_root/usr/local/bin/archiving/telit.sh 
                    
${CHOWN} root:root      $_root/usr/local/bin/telem/*

${CHMOD} a=rx,u+w       $_root/usr/local/bin/telem/boardname.sh \
                        $_root/usr/local/bin/telem/dynmotd \
                        $_root/usr/local/bin/telem/dynmotd_gws \
                        $_root/usr/local/bin/telem/gateway \
                        $_root/usr/local/bin/telem/genhwinfo.sh \
                        $_root/usr/local/bin/telem/pack_logs \
                        $_root/usr/local/bin/telem/geterrors.sh \
                        $_root/usr/local/bin/telem/gpio.sh \
                        $_root/usr/local/bin/telem/modeminfo.sh \
                        $_root/usr/local/bin/telem/modemst.sh \
                        $_root/usr/local/bin/telem/motd/ \
                        $_root/usr/local/bin/telem/parse_ordercode.sh \
                        $_root/usr/local/bin/telem/service.sh \
                        $_root/usr/local/bin/telem/telem_syslog.sh \
                        $_root/usr/local/bin/telem/usb-network.sh
                    
${CHMOD} u=rxw          $_root/usr/local/bin/telem/check-usb.sh \
                        $_root/usr/local/bin/telem/geninfo.sh \
                        $_root/usr/local/bin/telem/post_update.sh \
                        $_root/usr/local/bin/telem/repair.sh

${CHMOD} a=r,u+w        $_root/usr/local/bin/telem/error_functions \
                        $_root/usr/local/bin/telem/functions \
                        $_root/usr/local/bin/telem/loadinfo \
                        $_root/usr/local/bin/telem/loadhwinfo \
                        $_root/usr/local/bin/telem/motd/*
                    

test ! -e $_root/$ETC_TELEM && mkdir -p $_root/$ETC_TELEM

# Make some directories accessible to GWS group
${CHOWN} -R :$GWS_GROUP     $_root/$ETC_TELEM
# directory needs +x for ls/cd command
${CHMOD} ug=wrx,g+s,o=      $_root/$ETC_TELEM
${CHMOD} ug=wr,o=           $_root/$ETC_TELEM/*
${CHMOD} -R a+x             $_root/$ETC_TELEM/rev


${CHOWN} -R :$GWS_GROUP     $_root/opt/protocol
${CHMOD} -R ug=wrx,o=       $_root/opt/protocol

${CHMOD} a+x                $_root/$ETC_TELEM/error_txt

# create folder for 'file commands' if it doesn't exist
test ! -e $_root/$VAR_TELEM/log/archive && mkdir -p $_root/$VAR_TELEM/log/archive

${CHOWN} -R :$GWS_GROUP     $_root/$VAR_TELEM
${CHMOD} -R ug=wr,o=        $_root/$VAR_TELEM
# directory needs +x for ls/cd command
${CHMOD} ug=wrx,-t,o=       $_root/$VAR_TELEM
${CHMOD} ug+x               $_root/$VAR_TELEM/stats
${CHMOD} ug+x               $_root/$VAR_TELEM/log
${CHMOD} ug+x               $_root/$VAR_TELEM/errors
${CHMOD} a+x                $_root/$VAR_TELEM/ordercode

logger -s -p "user.info" -t "$0" "check_permissions done"

sync
