#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-

# very dangerous
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
[ -d "$ROOT" ] ||   exit 1

ROLE=base

cd $ROOT || exit 2
GROUP=adm
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP

if [ -d ${ROOT}/var/local ] ; then
    # allow
    chgrp -R $GROUP    ${ROOT}/var/local/{bin,data,lib64,src,net}
    chmod -R g+rw,o-w  ${ROOT}/var/local/{bin,data,lib64,src,net}
    chmod a+x          ${ROOT}/var/local/{bin,src,share/bash}/*sh
    # if [ -d ${ROOT}/var/local/src/lynis ] ; then

    chgrp -R $GROUP    ${ROOT}/var/local/{bin,data,lib64,src,net}
    # forbid /var
    chgrp -R root      ${ROOT}/var/local/{etc,var,share}
    chmod -R g-w,o-w   ${ROOT}/var/local/{etc,var,share}
  fi
if [ -d ${ROOT}/usr/local ] ; then
    # forbid /usr but lib/python* will be created and allowed on install
    chgrp -R root 	   ${ROOT}/usr/local/
    chmod -R g-w,o-rw  ${ROOT}/usr/local/
fi
exit 0