#! /bin/bash # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # dir=$1 offset=$2 operation=$3 if [[ $operation == "" ]] then echo echo Usage: $0 dir offset \[plus\|minus\] echo echo Example for changing UID/GID 0 \(privileged container\) to 300000 \(unprivileged container\) inside a rootfs located in /mnt: echo $0 /mnt 300000 plus echo echo To change UID/GID range from an unprivileged LXC container to another UID/GID non-zero range, first change it to 0, then go for the final unprivileged range. echo echo Example for changing an unprivileged container from UID/GID 100000 to 200000: echo $0 /mnt 100000 minus echo $0 /mnt 200000 plus echo exit 0 elif [[ $dir == "/" ]] then echo "You really don't want to do this. Target another work dir." exit 1 fi OIFS="$IFS" IFS=" " for file in $(find $dir) do stats=$(stat -c '%u %g %a' $file) uid=$(echo $stats | cut -d' ' -f1) gid=$(echo $stats | cut -d' ' -f2) if [[ $uid -lt $offset && $operation == "plus" ]] then uid=$(expr $uid + $offset) elif [[ $uid -ge $offset && $operation == "minus" ]] then uid=$(expr $uid - $offset) else continue fi if [[ $gid -lt $offset && $operation == "plus" ]] then gid=$(expr $gid + $offset) elif [[ $gid -ge $offset && $operation == "minus" ]] then gid=$(expr $gid - $offset) else continue fi echo chown -h $uid:$gid $file chown -h $uid:$gid $file perms_octal=$(echo $stats | cut -d' ' -f3) setuid=$(echo $perms_octal | grep -E '^4[0-9][0-9][0-9]') setgid=$(echo $perms_octal | grep -E '^2[0-9][0-9][0-9]') setuidgid=$(echo $perms_octal | grep -E '^6[0-9][0-9][0-9]') [[ $setuid ]] && chmod u+s $file [[ $setgid ]] && chmod g+s $file [[ $setuidgid ]] && chmod ug+s $file done IFS="$OIFS"