diff options
-rwxr-xr-x | reset-perms.sh | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/reset-perms.sh b/reset-perms.sh new file mode 100755 index 0000000..e97c00e --- /dev/null +++ b/reset-perms.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Partial script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup + +DS=$(/bin/date +%Y%m%d) +LANG=C +TMPDIR=$(/bin/mktemp -d ${TMPDIR:-/tmp}/${0##*/}-XXXXX.log) +[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}" + +if [ "$(/usr/bin/whoami)" != "root" ]; then + echo "Must be run as root." + exit 1 +fi + +[ -x /usr/sbin/setenforce ] || yum install -y /usr/sbin/setenforce +/usr/sbin/setenforce 0 + +[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting user/group ownership' +time rpm -a --setugids > /dev/null 2>&1 +[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting permissions' +time rpm -a --setperms > /dev/null 2>&1 + +echo 'This may take a few minutes, resetting file capabilities' +time rpm -Va > ${TMPDIR}/rpm-Va0.txt 2>&1; +awk '/^.{8}P /{print$NF}' ${TMPDIR}/rpm-Va0.txt \ + |xargs rpm --filecaps -qf \ + |grep '= cap' \ + |while read fileName eq fileCaps; do + setcap "${fileCaps}" "${fileName}" + done + +/usr/sbin/setenforce 1 + +echo 'You should likely reboot now.' + +#EOF |