#!/bin/sh
# Copyright (c) EVOKNOW, Inc.
# Written by ops@evoknow.com
#
# Purpose: allows non-root users to chown as long as
#          they do it from a safe (chroot) directory
#
# Instructions:
# See : http://centoshacker.com/kabir/security/allowing-a-non-root-user-to-run-chmod-in-a-chroot-like-environment.html
# Same: http://tinyurl.com/8sob9x
#
# PS: We don't claim to be bash experts. We prefer perl. :)
#############################################################

# Get the current script name
SCRIPT_NAME=`/bin/basename $0`

# Set root directory to your chroot dir
ROOT_DIR='\/mnt\/www\/production\/'

# Set safe root to same as root without escaping forward-slashes
SAFE_ROOT_DIR=/mnt/www/production

# Set username that you want to own the file/dir
USER=production

# Set group that you want to own the file/dir
GROUP=httpd

###############################################################
# DO NOT CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW
# WHAT THE HACK YOU ARE DOING. :)
###############################################################

# Get the path for the system's chown utility
CHOWN=/bin/chown

# Get the command-line 
TARGET=$1

if [ "$TARGET" == "" ]
then
   echo "Syntax: $SCRIPT_NAME dir/file"
   exit;
fi;

# See if the target has a / and if not add the current path
if [[ "$TARGET" =~ '\/' ]]
then
   # Good, no need to append current path
   PREFIX=`dirname $TARGET`
else
   # Set current path prefix 
   PREFIX=$PWD
fi

FILENAME=`basename $TARGET`
TARGET=$PREFIX/$FILENAME

# Strip the root directory (if provided in the target dir)
TARGET=`echo $TARGET | sed "s/$ROOT_DIR//"`


# Refuse to continue if user has entered .. in the path 
# which is a security risk as user can go outside the root directory
if [[ "$TARGET" =~ '(\.\.)+' ]]
then
   echo "Don't be a smarty pant! You cannot have ${BASH_REMATCH[1]} in your path.";
   exit;
fi

# Now attach the root directory prefix
TARGET=$SAFE_ROOT_DIR/$TARGET

if [ -f $TARGET ]; then
   $CHOWN -R $USER:$GROUP $TARGET;
else
   echo $TARGET does not exists;
fi