#!/bin/bash 
# 
# ***** BEGIN LICENSE BLOCK *****
# Zimbra Collaboration Suite Server
# Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Zimbra, Inc.
# 
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software Foundation,
# version 2 of the License.
# 
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program.
# If not, see <http://www.gnu.org/licenses/>.
# ***** END LICENSE BLOCK *****
# 
# This may not be there, but we don't want to break the zimbramta package
# if it's installed.
shopt -s nullglob

root_user=root

if [ x`whoami` != xroot ]; then
  echo Error: must be run as root user
  exit 1
fi

PLAT=`/bin/sh /opt/zimbra/libexec/get_plat_tag.sh`
if [ "X$PLAT" = "XMACOSX" -o "X$PLAT" = "XMACOSXx86" ]; then
  root_group=wheel
else 
  root_group=root
fi

if [ "X$PLAT" = "XMACOSXx86_10.5" -o "X$PLAT" = "XMACOSXx86_10.6" -o "X$PLAT" = "XMACOSXx86_10.7" ]; then
  root_group=wheel
  postfix_owner=_postfix
  postfix_suid_group=_postdrop
else
  postfix_owner=postfix
  postfix_suid_group=postdrop
fi

if [ "X$PLAT" = "XUBUNTU10_64" -o "X$PLAT" = "XUBUNTU12_64" -o "X$PLAT" = "XUBUNTU14_64" ]; then
  syslog_user=syslog
  syslog_group=adm
else
  syslog_user=zimbra
  syslog_group=zimbra
fi

zimbra_user=zimbra
zimbra_group=zimbra

extended=no
verbose=no

components="\
  amavisd \
  aspell \
  bdb \
  cbpolicyd \
  clamav \
  curl \
  cyrus-sasl \
  altermime \
  dspam \
  heimdal \
  httpd \
  keyview \
  ldns \
  libmemcached \
  libtool \
  memcached \
  mariadb \
  mysql \
  net-snmp \
  nginx \
  opendkim \
  openldap \
  openldap-clibs \
  openssl \
  pflogsumm \
  rsync \
  snmp \
  tcmalloc \
  unbound \
  zeromq \
  zimbramon/bin \
  zimbramon/crontabs \
  zimbramon/rrdtool \
  zimbramon/pylibs \
"
  

usage() {
  echo "$0 [-help] [-extended] [-verbose]"
  echo "-help     Usage"
  echo "-verbose  Verbose output"
  echo "-extended Extended fix, includes store,index,backup directories"
  echo "          * Using extended option can take a signifcant amount of time."
  echo 
  exit
}

for opt in "$@"; do
  case "$opt" in
    -verbose|--verbose|-v)
      verbose=yes
      shift
      ;;
    -help|--help|-h|--h)
      usage
      shift
      ;;
    -extended|--extended|-e)
      extended=yes 
      shift
      ;;
    *)
      echo "Unknown option $opt"
      usage
      shift
      ;;
  esac
done

printMsg() {
  if [ $verbose = "yes" ]; then
    echo $*
  fi
}

# NOT /opt/zimbra/{store,backup,index}
if [ ${extended} = "yes" ]; then
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/a* /opt/zimbra/[c-hj-ot-z]* /opt/zimbra/s[a-su-z]* 2> /dev/null
fi

if [ -d /opt/zimbra ]; then
  chown ${root_user}:${root_group} /opt/zimbra
  chmod 755 /opt/zimbra

  if [ -f /opt/zimbra/.viminfo ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.viminfo
  fi

  if [ -f /opt/zimbra/.ldaprc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.ldaprc
  fi

  if [ -f /opt/zimbra/.exrc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.exrc
  fi

  if [ -f /opt/zimbra/.bash_profile ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.bash_profile
  fi

  if [ -f /opt/zimbra/.bashrc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.bashrc
  fi

  if [ -f /opt/zimbra/.platform ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.platform
  fi

  for i in .zmmailbox_history .zmprov_history .bash_history; do
    if [ ! -f /opt/zimbra/${i} ]; then
      touch /opt/zimbra/${i}
    fi
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/${i}
    chmod 640 /opt/zimbra/${i}
  done

  if [ -f /selinux/enforce ]; then
    if [ "`cat /selinux/enforce 2> /dev/null`" = "1" ]; then
      # make sure ssh keys are in home dir selinux type
      chcon -R -v -u system_u -t user_home_t /opt/zimbra/.ssh/
      if [ -f /opt/zimbra/httpd/modules/libphp5.so ]; then
        # allow text relocation for these problem files
        chcon -t textrel_shlib_t /opt/zimbra/httpd/modules/libphp5.so
      fi
      # Fix Zimbra upgrades selinux perms
      restorecon -R /etc/security
    fi
  fi

  if [ -d /opt/zimbra/contrib ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/contrib
    chmod 755 /opt/zimbra/contrib/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/libexec ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/libexec
    chmod 755 /opt/zimbra/libexec/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/log ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/log
    if [ -f /opt/zimbra/log/.hotspot_compiler ]; then
      chown ${root_user}:${root_group} /opt/zimbra/log/.hotspot_compiler
      chmod 444 /opt/zimbra/log/.hotspot_compiler
    fi
  fi

  if [ -d /opt/zimbra/logger ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/logger 2> /dev/null
    chmod 755 /opt/zimbra/logger/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/bin ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/bin
    chmod 755 /opt/zimbra/bin/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/lib ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/lib
  fi

  if [ -d /opt/zimbra/wiki ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/wiki
  fi

  if [ -d /opt/zimbra/convertd ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/convertd
    chmod 755 /opt/zimbra/convertd
    if [ -d /opt/zimbra/convertd/bin ]; then
      chown -R ${root_user}:${root_group} /opt/zimbra/convertd/bin
      chmod 755 /opt/zimbra/convertd/bin
    fi
    if [ -d /opt/zimbra/convertd/lib ]; then
      chown -R ${root_user}:${root_group} /opt/zimbra/convertd/lib
      chmod 755 /opt/zimbra/convertd/lib
    fi
    if [ ! -d /opt/zimbra/convertd/convert ]; then
      mkdir -p /opt/zimbra/convertd/convert
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/convertd/convert
      chmod 700 /opt/zimbra/convertd/convert
    fi
  fi

  if [ -d /opt/zimbra/conf ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/conf"
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/conf

    if [ -f /opt/zimbra/conf/ZCSLicense.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/ZCSLicense.xml
      chmod 440 /opt/zimbra/conf/ZCSLicense.xml
    fi

    if [ -f /opt/zimbra/conf/localconfig.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/localconfig.xml
      chmod 640 /opt/zimbra/conf/localconfig.xml
    fi

    if [ -f /opt/zimbra/conf/attrs/zimbra-attrs.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/attrs/zimbra-attrs.xml
      chmod 444 /opt/zimbra/conf/attrs/zimbra-attrs.xml
    fi

    if [ -d /opt/zimbra/conf/spamassassin ]; then
      printMsg "Fixing permissions on /opt/zimbra/conf/spamassassin"
      chmod 755 /opt/zimbra/conf/spamassassin
    fi

    if [ -f /opt/zimbra/conf/nginx.conf ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/nginx.conf
      chmod 644 /opt/zimbra/conf/nginx.conf
    fi

    for i in /opt/zimbra/conf/*-{scm,slm,transport,vad,vam,vmd,vmm}.cf; do
      printMsg "Fixing ownership and permissions on ${i}"
      chgrp -f ${postfix_owner} ${i}
      chmod 640 ${i}
    done 

    if [ -f /opt/zimbra/conf/my.cnf ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/my.cnf
      chmod 640 /opt/zimbra/conf/my.cnf
    fi

    if [ -f /opt/zimbra/conf/saslauthd.conf.in ]; then
      chmod 640 /opt/zimbra/conf/saslauthd.conf.in
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/saslauthd.conf.in
    fi
    if [ -f /opt/zimbra/conf/saslauthd.conf ]; then
      chmod 440 /opt/zimbra/conf/saslauthd.conf
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/saslauthd.conf
    fi
    if [ -f /opt/zimbra/conf/sasl2/smtpd.conf.in ]; then
      chmod 640 /opt/zimbra/conf/sasl2/smtpd.conf.in
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/sasl2/smtpd.conf.in
    fi
    if [ -f /opt/zimbra/conf/sasl2/smtpd.conf ]; then
      chmod 640 /opt/zimbra/conf/sasl2/smtpd.conf
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/sasl2/smtpd.conf
    fi
  fi

  if [ -d /opt/zimbra/docs ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/docs
    find /opt/zimbra/docs -type d -exec chmod 755 {} \;
    find /opt/zimbra/docs -type f -exec chmod 444 {} \;
  fi

  for i in /opt/zimbra/zimlets*; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done

  for i in /opt/zimbra/conf/*.key; do
    printMsg "Fixing permissions and ownership on ${i}"
    chown ${zimbra_user}:${zimbra_group} $i
    chmod 640 $i
  done

  if [ ! -d /opt/zimbra/data ]; then
    mkdir -p /opt/zimbra/data
  fi
  chmod 755 /opt/zimbra/data
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data

  if [ -d /opt/zimbra/extensions-network-extra ]; then
    chmod 755 /opt/zimbra/extensions-network-extra
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/extensions-network-extra
  fi

  if [ -d /opt/zimbra/extensions-extra ]; then
    chmod 755 /opt/zimbra/extensions-extra
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/extensions-extra
  fi

fi

# fix the temp directory
if [ ! -d /opt/zimbra/data/tmp ]; then
  mkdir -p /opt/zimbra/data/tmp
fi
# Handle nginx path problems bug#42156
if [ ! -d /opt/zimbra/data/tmp/nginx ]; then
  mkdir -p /opt/zimbra/data/tmp/nginx/client
  mkdir -p /opt/zimbra/data/tmp/nginx/proxy
  mkdir -p /opt/zimbra/data/tmp/nginx/fastcgi
fi
chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/tmp
chmod 1777 /opt/zimbra/data/tmp
chmod 755 /opt/zimbra/data/tmp/nginx
chmod 755 /opt/zimbra/data/tmp/nginx/client
chmod 755 /opt/zimbra/data/tmp/nginx/proxy
chmod 755 /opt/zimbra/data/tmp/nginx/fastcgi

if [ -f /opt/zimbra/.install_history ]; then
  chmod 644 /opt/zimbra/.install_history
fi

if [ -d /var/log/ ]; then
  printMsg "Fixing ownership and permissions on /var/log/zimbra.log"
  if [ ! -f /var/log/zimbra.log ]; then
    touch /var/log/zimbra.log
  fi
  chown ${syslog_user}:${syslog_group} /var/log/zimbra.log
  chmod 644 /var/log/zimbra.log
fi

for i in ${components}; do
  if [ -L /opt/zimbra/${i} ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/${i}"
    for l in /opt/zimbra/${i}-*; do
      chown ${root_user}:${root_group} ${l} 2> /dev/null
    done
    for l in /opt/zimbra/${i}/* /opt/zimbra/${i}/.???*; do
      chown -R ${root_user}:${root_group} ${l} 2> /dev/null
    done
  elif [ -d /opt/zimbra/${i} ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/${i}"
    chown -R ${root_user}:${root_group} /opt/zimbra/${i} 2> /dev/null
    if [ x$i = "xzimbramon/pylibs" ]; then
      chmod a+r /opt/zimbra/${i}/*.class 2>/dev/null
    fi
  fi
done

for i in /opt/zimbra/jdk*; do
  printMsg "Fixing ownership and permissions on ${i}"
  chown -R ${root_user}:${root_group} ${i}
  chmod 755 ${i}
done

for i in /opt/zimbra/j2sdk*; do
  printMsg "Fixing ownership and permissions on ${i}"
  chown -R ${root_user}:${root_group} ${i}
  chmod 755 ${i}
done

if [ -d /opt/zimbra/lib ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/lib"
  for i in /opt/zimbra/lib/lib*so*; do
    chown ${root_user}:${root_group} $i
    chmod 755 $i
  done
  if [ -d /opt/zimbra/lib/jars ]; then
    for i in /opt/zimbra/lib/jars/*; do
      chown ${root_user}:${root_group} $i
      chmod 444 $i
    done
  fi
 
  if [ -d /opt/zimbra/lib/ext ]; then
    find /opt/zimbra/lib/ext -type f -exec chown ${root_user}:${root_group} {} \;
    find /opt/zimbra/lib/ext -type f -exec chmod 444 {} \;
  fi
  if [ -d /opt/zimbra/lib/ext-common ]; then
    find /opt/zimbra/lib/ext-common -type f -exec chown ${root_user}:${root_group} {} \;
    find /opt/zimbra/lib/ext-common -type f -exec chmod 444 {} \;
  fi
fi
   
if [ -d /opt/zimbra/db ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/db"
  if [ ! -d /opt/zimbra/db/data ]; then
    mkdir -p /opt/zimbra/db/data
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/db
  chmod 444 /opt/zimbra/db/*.sql /opt/zimbra/db/*.sql.in
fi

if [ -L /opt/zimbra/cbpolicyd ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/cbpolicyd"
  chown -fR ${root_user}:${root_group} /opt/zimbra/cbpolicyd*
  if [ -d /opt/zimbra/cbpolicyd/bin ]; then
    for i in /opt/zimbra/cbpolicyd/bin/* /opt/zimbra/cbpolicyd/share/database/*tsql; do
      chmod 755 ${i}
    done
  fi
    
  for i in data/cbpolicyd data/cbpolicyd/db; do
    if [ ! -d "/opt/zimbra/${i}" ]; then
      mkdir -p /opt/zimbra/${i}
    fi
  done
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/cbpolicyd
fi

if [ -d /opt/zimbra/mta ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/mta"
  chown -R ${root_user}:${root_group} /opt/zimbra/mta
  chmod 755 /opt/zimbra/mta
fi

if [ -L /opt/zimbra/cyrus-sasl ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/sasl2/state"
  if [ ! -d /opt/zimbra/data/sasl2/state ]; then  
    mkdir -p /opt/zimbra/data/sasl2/state
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/sasl2/state
  chmod 755 /opt/zimbra/data/sasl2/state 
fi

if [ -L /opt/zimbra/dspam ]; then
  if [ ! -d "/opt/zimbra/data/dspam" ]; then
    mkdir -p /opt/zimbra/data/dspam
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/dspam
fi

if [ -L /opt/zimbra/altermime ]; then
  if [ ! -d "/opt/zimbra/data/altermime" ]; then
    mkdir -p /opt/zimbra/data/altermime
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/altermime
fi

if [ -L /opt/zimbra/amavisd ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/amavisd"
  if [ ! -d "/opt/zimbra/data/amavisd" ]; then
    mkdir -p /opt/zimbra/data/amavisd/.spamassassin
  fi
  if [ ! -d "/var/spamassassin" ]; then
    mkdir -p /var/spamassassin
    chown -R ${zimbra_user}:${zimbra_group} /var/spamassassin
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/amavisd
  if [ -d /opt/zimbra/amavisd/.spamassassin ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/amavisd/.spamassassin
  fi
  if [ -d /opt/zimbra/.spamassassin ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/.spamassassin
  fi
  if [ -d /opt/zimbra/data/spamassassin ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/spamassassin
  fi
fi


if [ -L /opt/zimbra/jetty ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/jetty"

  if [ ! -d "/opt/zimbra/data/tmp/libreoffice" ]; then
    mkdir -p /opt/zimbra/data/tmp/libreoffice
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/tmp/libreoffice
  fi
  chown  ${root_user}:${root_group} /opt/zimbra/jetty-* 2> /dev/null
  if [ -f /opt/zimbra/jetty/etc/keystore ]; then
    chmod 444 /opt/zimbra/jetty/etc/keystore
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/keystore
  fi
  if [ -f /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr
    chmod 444 /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr
  fi
  if [ -f /opt/zimbra/jetty/etc/jetty.xml.in ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/jetty.xml.in
    chmod 640 /opt/zimbra/jetty/etc/jetty.xml.in
  fi
  if [ -f /opt/zimbra/jetty/etc/jetty.xml ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/jetty.xml
    chmod 640 /opt/zimbra/jetty/etc/jetty.xml
  fi
  if [ -f /opt/zimbra/jetty/etc/service.web.xml.in ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/service.web.xml.in
    chmod 640 /opt/zimbra/jetty/etc/service.web.xml.in
  fi
  if [ -f /opt/zimbra/jetty/etc/zimbra.web.xml.in ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/zimbra.web.xml.in
    chmod 640 /opt/zimbra/jetty/etc/zimbra.web.xml.in
  fi
  if [ -f /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in
    chmod 640 /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in
  fi
  if [ -f /opt/zimbra/jetty/etc/zimlet.web.xml.in ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/zimlet.web.xml.in
    chmod 640 /opt/zimbra/jetty/etc/zimlet.web.xml.in
  fi

  if [ ! -d /opt/zimbra/jetty/webapps/zimlet/WEB-INF ]; then
    mkdir -p /opt/zimbra/jetty/webapps/zimlet/WEB-INF
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/webapps/zimlet
  chmod 755 /opt/zimbra/jetty/webapps/zimlet /opt/zimbra/jetty/webapps/zimlet/WEB-INF

  if [ ! -d /opt/zimbra/jetty/work/zimlet ]; then
    mkdir -p /opt/zimbra/jetty/work/zimlet
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/work/zimlet
  chmod 750 /opt/zimbra/jetty/work/zimlet

  if [ ! -d /opt/zimbra/jetty/work/spnego ]; then
    mkdir -p /opt/zimbra/jetty/work/spnego
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/work/spnego
  chmod 750 /opt/zimbra/jetty/work/spnego

  if [ ! -d /opt/zimbra/fbqueue ]; then
    mkdir -p /opt/zimbra/fbqueue
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/fbqueue
  chmod 755 /opt/zimbra/fbqueue

  if [ ! -d /opt/zimbra/zimlets-deployed ]; then
    mkdir -p /opt/zimbra/zimlets-deployed
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/zimlets-deployed
  chmod 755 /opt/zimbra/zimlets-deployed

  for i in /opt/zimbra/jetty/*; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done

  if [ -d /opt/zimbra/jetty/lib ]; then
    find /opt/zimbra/jetty/lib -type f -name '*.jar' -exec chown ${root_user}:${root_group} {} \; -exec chmod 444 {} \;
    find /opt/zimbra/jetty/lib -type d -exec chown ${root_user}:${root_group} {} \; -exec chmod 755 {} \;
  fi

  if [ -d /opt/zimbra/jetty/common/lib ]; then
    find /opt/zimbra/jetty/common/lib -type f -name '*.jar' -exec chown ${root_user}:${root_group} {} \; -exec chmod 444 {} \;
  fi

  if [ -d /opt/zimbra/jetty/common ]; then
    find /opt/zimbra/jetty/common -type d -exec chown ${root_user}:${root_group} {} \; -exec chmod 755 {} \;
  fi  

  if [ ! -d /opt/zimbra/data/mailboxd ]; then
    mkdir -p /opt/zimbra/data/mailboxd
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/mailboxd
  chmod 755 /opt/zimbra/data/mailboxd

  if [ ! -d /opt/zimbra/data/mailboxd/spnego ]; then
    mkdir -p /opt/zimbra/data/mailboxd/spnego
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/mailboxd/spnego
  chmod 755 /opt/zimbra/data/mailboxd/spnego

fi

if [ -d /opt/zimbra/ssl ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/ssl"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/ssl
  find /opt/zimbra/ssl -type f -exec chmod 640 {} \;
fi

if [ -L /opt/zimbra/openldap ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/openldap"
  chown ${root_user}:${root_group} /opt/zimbra/openldap-* 2> /dev/null
  if [ -d /opt/zimbra/data/ldap ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/ldap
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/ldap
  fi
  if [ -e /opt/zimbra/openldap ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/openldap/* 2> /dev/null
    if [ -d /opt/zimbra/openldap/etc ]; then
      chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/openldap/etc
    fi
    if [ -d /opt/zimbra/openldap/var ]; then
      chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/openldap/var
    fi
    if [ -d /opt/zimbra/openldap/sbin ]; then
      for i in /opt/zimbra/openldap/sbin/*; do
        chmod 755 ${i}
      done
    fi
  fi
fi

if [ -d /opt/zimbra/snmp/var ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/snmp/var"
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/snmp/var
fi

if [ -d /opt/zimbra/logger/db ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/logger/db"
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/logger/db
  if [ ! -d /opt/zimbra/logger/db/data ]; then
    mkdir -p /opt/zimbra/logger/db/data
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/logger/db/data
fi

if [ -d /opt/zimbra/clamav/db ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/clamav/db"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/clamav/db
fi

if [ -d /opt/zimbra/data/clamav ]; then
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/clamav
fi

if [ -d /opt/zimbra/zmstat ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/zmstat"
  for i in /opt/zimbra/zmstat/????-??-??; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done
fi

if [ -d /opt/zimbra/zimbramon/lib ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/zimbramon/lib"
  chown ${root_user}:${root_group} /opt/zimbra/zimbramon
  chown -R ${root_user}:${root_group} /opt/zimbra/zimbramon/lib
fi

if [ -L /opt/zimbra/opendkim ]; then
  if [ -d /opt/zimbra/data/opendkim ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/opendkim
  fi
fi

if [ -L /opt/zimbra/postfix ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/postfix"
  chown -fR ${root_user}:${root_group} /opt/zimbra/postfix* 2> /dev/null

  if [ -e /opt/zimbra/postfix/conf ]; then
    if [ ! -f /opt/zimbra/postfix/conf/main.cf ]; then
      touch /opt/zimbra/postfix/conf/main.cf
    fi

    chown -fR ${root_user}:${postfix_owner} /opt/zimbra/postfix/conf

    chmod 775 /opt/zimbra/postfix/conf

    chmod -fR 644 /opt/zimbra/postfix/conf/* 2> /dev/null
    if [ -f /opt/zimbra/postfix/conf/postfix-script ]; then
      chmod -f 755 /opt/zimbra/postfix/conf/postfix-script
    fi
    if [ -f /opt/zimbra/postfix/conf/post-install ]; then
      chmod -f 755 /opt/zimbra/postfix/conf/post-install
    fi
    if [ -f /opt/zimbra/postfix/conf/master.cf.in ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/postfix/conf/master.cf.in
    fi
    if [ -f /opt/zimbra/postfix/conf/master.cf ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/postfix/conf/master.cf
    fi
    if [ -f /opt/zimbra/postfix/conf/main.cf ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/postfix/conf/main.cf
    fi
    if [ -f /opt/zimbra/postfix/conf/tag_as_foreign.re ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/postfix/conf/tag_as_foreign.re
    fi
    if [ -f /opt/zimbra/postfix/conf/tag_as_originating.re ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/postfix/conf/tag_as_originating.re
    fi
  fi

  # Postfix specific permissions
  if [ -d /opt/zimbra/postfix/sbin ]; then
    chgrp -f ${postfix_suid_group} /opt/zimbra/postfix/sbin/postqueue
    chgrp -f ${postfix_suid_group} /opt/zimbra/postfix/sbin/postdrop
    chmod -f g+s /opt/zimbra/postfix/sbin/postqueue
    chmod -f g+s /opt/zimbra/postfix/sbin/postdrop
  fi
  if [ -f /opt/zimbra/bin/zmbackup ]; then
    mkdir -p /opt/zimbra/data/postfix-journal
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/postfix-journal
  fi
fi

if [ -d /opt/zimbra/data/postfix ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/postfix"
  if [ ! -d /opt/zimbra/data/postfix/data ]; then
    mkdir -p /opt/zimbra/data/postfix/data
  fi
  if [ ! -d /opt/zimbra/data/postfix/spool/pid ]; then
    mkdir -p /opt/zimbra/data/postfix/spool/pid
  fi
  chmod 755 /opt/zimbra/data/postfix
  chown -fR ${postfix_owner}:${postfix_owner} /opt/zimbra/data/postfix/spool
  chown -f ${root_user} /opt/zimbra/data/postfix/spool
  chown -f ${postfix_owner} /opt/zimbra/data/postfix/spool/pid
  chgrp -f ${root_group} /opt/zimbra/data/postfix/spool/pid
  # Postfix specific permissions
  if [ -d /opt/zimbra/data/postfix/spool/public ]; then
    chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/spool/public
  fi
  if [ -d /opt/zimbra/data/postfix/spool/maildrop ]; then
    chmod 730 /opt/zimbra/data/postfix/spool/maildrop
    chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/spool/maildrop
    chmod 730 /opt/zimbra/data/postfix/spool/maildrop
  fi
  chown -f ${postfix_owner} /opt/zimbra/data/postfix
  chown -f ${postfix_owner} /opt/zimbra/data/postfix/* 2> /dev/null
  chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/data
  chown -f ${postfix_owner}:${postfix_owner} /opt/zimbra/data/postfix/data/* 2> /dev/null
  chown -f ${root_user} /opt/zimbra/data/postfix/spool
  chgrp -f ${root_group} /opt/zimbra/data/postfix/spool
fi

if [ -d /opt/zimbra/index -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/index"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/index
fi

if [ -d /opt/zimbra/backup -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/backup"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/backup
fi

if [ -d /opt/zimbra/redolog -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/redolog"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/redolog
fi

if [ -d /opt/zimbra/store -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/store"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/store
fi

if [ -f /opt/zimbra/libexec/ZmSetup.app/Contents/MacOS/ZmSetup ]; then
  chown ${root_user}:${root_group} /opt/zimbra/libexec/ZmSetup.app/Contents/MacOS/ZmSetup
  chmod 544 /opt/zimbra/libexec/ZmSetup.app/Contents/MacOS/ZmSetup
fi

if [[ "x$PLAT" == "xRHEL7_64" && ! -d /opt/zimbra/.cache ]]; then
  mkdir -p /opt/zimbra/.cache
  chown zimbra:zimbra /opt/zimbra/.cache
  chmod 775 /opt/zimbra/.cache
fi


exit 0

