#!/bin/bash 
# 
# ***** BEGIN LICENSE BLOCK *****
# Zimbra Collaboration Suite Server
# Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Synacor, Inc.
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software Foundation,
# version 2 of the License.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program.
# If not, see <https://www.gnu.org/licenses/>.
# ***** END LICENSE BLOCK *****
# 
# This may not be there, but we don't want to break the zimbramta package
# if it's installed.
shopt -s nullglob

root_user=root

if [ x`whoami` != xroot ]; then
  echo Error: must be run as root user
  exit 1
fi

PLAT=`/bin/sh /opt/zimbra/libexec/get_plat_tag.sh`
if [ "X$PLAT" = "XMACOSX" -o "X$PLAT" = "XMACOSXx86" ]; then
  root_group=wheel
else 
  root_group=root
fi

postfix_owner=postfix
postfix_suid_group=postdrop

if [ "X$PLAT" = "XUBUNTU10_64" -o "X$PLAT" = "XUBUNTU12_64" -o "X$PLAT" = "XUBUNTU14_64" -o X$PLAT = "XUBUNTU16_64" -o X$PLAT = "XUBUNTU18_64" -o X$PLAT = "XUBUNTU20_64" ]; then
  syslog_user=syslog
  syslog_group=adm
else
  syslog_user=zimbra
  syslog_group=zimbra
fi

zimbra_user=zimbra
zimbra_group=zimbra

extended=no
verbose=no

components="\
  keyview \
  conf/crontabs \
  common/lib/jylibs \
"
  

usage() {
  echo "$0 [-help] [-extended] [-verbose]"
  echo "-help     Usage"
  echo "-verbose  Verbose output"
  echo "-extended Extended fix, includes store,index,backup directories"
  echo "          * Using extended option can take a signifcant amount of time."
  echo 
  exit
}

for opt in "$@"; do
  case "$opt" in
    -verbose|--verbose|-v)
      verbose=yes
      shift
      ;;
    -help|--help|-h|--h)
      usage
      shift
      ;;
    -extended|--extended|-e)
      extended=yes 
      shift
      ;;
    *)
      echo "Unknown option $opt"
      usage
      shift
      ;;
  esac
done

printMsg() {
  if [ $verbose = "yes" ]; then
    echo $*
  fi
}

# NOT /opt/zimbra/{store,backup,index}
if [ ${extended} = "yes" ]; then
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/a* /opt/zimbra/[c-hj-ot-z]* /opt/zimbra/s[a-su-z]* 2> /dev/null
fi

chown ${root_user}:${root_group} /opt
chmod 755 /opt
chown ${root_user}:${root_group} /opt/zimbra
chmod 755 /opt/zimbra
chown -R ${root_user}:${root_group} /opt/zimbra/common
chmod 755 /opt/zimbra/common
chown -R ${root_user}:${zimbra_group} /opt/zimbra/common/conf
chmod 775 /opt/zimbra/common/conf

for i in master.cf master.cf.in bysender bysender.lmdb tag_as_foreign.re tag_as_foreign.re.in tag_as_originating.re tag_as_originating.re.in;
do
  if [ -f /opt/zimbra/common/conf/${i} ]; then
    chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/common/conf/${i};
  fi
done

for i in snmp.conf main.cf; do
  if [ -f /opt/zimbra/common/conf/${i} ]; then
    chown -f ${root_user}:${root_group} /opt/zimbra/common/conf/${i};
  fi
done


if [ -d /opt/zimbra ]; then
  chown ${root_user}:${root_group} /opt/zimbra
  chmod 755 /opt/zimbra

  if [ -f /opt/zimbra/.viminfo ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.viminfo
  fi

  if [ -f /opt/zimbra/.ldaprc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.ldaprc
  fi

  if [ -f /opt/zimbra/.exrc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.exrc
  fi

  if [ -f /opt/zimbra/.bash_profile ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.bash_profile
  fi

  if [ -f /opt/zimbra/.bashrc ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.bashrc
  fi

  if [ -f /opt/zimbra/.platform ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.platform
  fi

  if [ -d /opt/zimbra/.saveconfig/ ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/.saveconfig/
  fi

  for i in .zmmailbox_history .zmprov_history .bash_history; do
    if [ ! -f /opt/zimbra/${i} ]; then
      touch /opt/zimbra/${i}
    fi
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/${i}
    chmod 640 /opt/zimbra/${i}
  done

  if [ -f /selinux/enforce ]; then
    if [ "`cat /selinux/enforce 2> /dev/null`" = "1" ]; then
      # make sure ssh keys are in home dir selinux type
      chcon -R -v -u system_u -t user_home_t /opt/zimbra/.ssh/
      if [ -f /opt/zimbra/common/lib/apache2/modules/libphp5.so ]; then
        # allow text relocation for these problem files
        chcon -t textrel_shlib_t /opt/zimbra/common/lib/apache2/modules/libphp5.so
      fi
      # Fix Zimbra upgrades selinux perms
      restorecon -R /etc/security
    fi
  fi

  if [ -d /opt/zimbra/contrib ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/contrib
    chmod 755 /opt/zimbra/contrib/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/libexec ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/libexec
    chmod 755 /opt/zimbra/libexec/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/log ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/log
    if [ -f /opt/zimbra/log/.hotspot_compiler ]; then
      chown ${root_user}:${root_group} /opt/zimbra/log/.hotspot_compiler
      chmod 444 /opt/zimbra/log/.hotspot_compiler
    fi
  fi

  if [ -d /opt/zimbra/logger ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/logger 2> /dev/null
    chmod 755 /opt/zimbra/logger/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/bin ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/bin
    chmod 755 /opt/zimbra/bin/* 2> /dev/null
  fi

  if [ -d /opt/zimbra/lib ]; then
    chown -R ${root_user}:${root_group} /opt/zimbra/lib
  fi

  if [ -d /opt/zimbra/wiki ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/wiki
  fi

  if [ -d /opt/zimbra/convertd ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/convertd
    chmod 755 /opt/zimbra/convertd
    if [ -d /opt/zimbra/convertd/bin ]; then
      chown -R ${root_user}:${root_group} /opt/zimbra/convertd/bin
      chmod 755 /opt/zimbra/convertd/bin
    fi
    if [ -d /opt/zimbra/convertd/lib ]; then
      chown -R ${root_user}:${root_group} /opt/zimbra/convertd/lib
      chmod 755 /opt/zimbra/convertd/lib
    fi
    if [ ! -d /opt/zimbra/convertd/convert ]; then
      mkdir -p /opt/zimbra/convertd/convert
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/convertd/convert
      chmod 700 /opt/zimbra/convertd/convert
    fi
  fi

  if [ -d /opt/zimbra/conf ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/conf"
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/conf

    if [ -f /opt/zimbra/conf/ZCSLicense.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/ZCSLicense.xml
      chmod 440 /opt/zimbra/conf/ZCSLicense.xml
    fi

    if [ -f /opt/zimbra/conf/localconfig.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/localconfig.xml
      chmod 640 /opt/zimbra/conf/localconfig.xml
    fi

    if [ -f /opt/zimbra/conf/attrs/zimbra-attrs.xml ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/attrs/zimbra-attrs.xml
      chmod 444 /opt/zimbra/conf/attrs/zimbra-attrs.xml
    fi

    if [ -d /opt/zimbra/conf/ca ]; then
      printMsg "Fixing permissions on /opt/zimbra/conf/ca"
      chmod 755 /opt/zimbra/conf/ca
      for i in /opt/zimbra/conf/ca/*.{crt,pem}; do
        if [ -f "$i" ]; then
          printMsg "Fixing permissions on ${i}"
          chmod 644 "${i}"
        fi
      done
    fi

    if [ -d /opt/zimbra/conf/spamassassin ]; then
      printMsg "Fixing permissions on /opt/zimbra/conf/spamassassin"
      chmod 755 /opt/zimbra/conf/spamassassin
    fi

    if [ -f /opt/zimbra/conf/nginx.conf ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/nginx.conf
      chmod 644 /opt/zimbra/conf/nginx.conf
    fi

    for i in /opt/zimbra/conf/*-{canonical,slm,transport,vad,vam,vmd,vmm}.cf; do
      printMsg "Fixing ownership and permissions on ${i}"
      chgrp -f ${postfix_owner} ${i}
      chmod 640 ${i}
    done 

    if [ -f /opt/zimbra/conf/my.cnf ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/my.cnf
      chmod 640 /opt/zimbra/conf/my.cnf
    fi

    if [ -f /opt/zimbra/conf/saslauthd.conf.in ]; then
      chmod 640 /opt/zimbra/conf/saslauthd.conf.in
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/saslauthd.conf.in
    fi
    if [ -f /opt/zimbra/conf/saslauthd.conf ]; then
      chmod 440 /opt/zimbra/conf/saslauthd.conf
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/saslauthd.conf
    fi
    if [ -f /opt/zimbra/conf/sasl2/smtpd.conf.in ]; then
      chmod 640 /opt/zimbra/conf/sasl2/smtpd.conf.in
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/sasl2/smtpd.conf.in
    fi
    if [ -f /opt/zimbra/conf/sasl2/smtpd.conf ]; then
      chmod 640 /opt/zimbra/conf/sasl2/smtpd.conf
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/sasl2/smtpd.conf
    fi

    if [ -d /opt/zimbra/conf/templates/ ]; then
      chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/conf/templates
      find /opt/zimbra/conf/templates/ -type d -exec chmod 755 {} \;
      find /opt/zimbra/conf/templates/ -type f -exec chmod 644 {} \;
    fi
  fi

  if [ -d /opt/zimbra/docs ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/docs
    find /opt/zimbra/docs -type d -exec chmod 755 {} \;
    find /opt/zimbra/docs -type f -exec chmod 444 {} \;
  fi

  for i in /opt/zimbra/zimlets*; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done

  for i in /opt/zimbra/conf/*.crt /opt/zimbra/conf/*.key /opt/zimbra/conf/zmssl.cnf; do
    if [ -f ${i} ]; then
      printMsg "Fixing permissions and ownership on ${i}"
      chown ${zimbra_user}:${zimbra_group} "$i"
      chmod 640 "$i"
    fi
  done

  if [ ! -d /opt/zimbra/data ]; then
    mkdir -p /opt/zimbra/data
  fi

  if [ ! -d /opt/zimbra/data/license ]; then
    mkdir -p /opt/zimbra/data/license # create it if it doesn't exist
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/license
  fi

  chmod 755 /opt/zimbra/data
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data

  if [ -d /opt/zimbra/extensions-network-extra ]; then
    chmod 755 /opt/zimbra/extensions-network-extra
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/extensions-network-extra
  fi

  if [ -d /opt/zimbra/extensions-extra ]; then
    chmod 755 /opt/zimbra/extensions-extra
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/extensions-extra
  fi

fi

# fix the temp directory
if [ ! -d /opt/zimbra/data/tmp ]; then
  mkdir -p /opt/zimbra/data/tmp
fi
if [ -f /opt/zimbra/data/tmp/current.csr ]; then
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/tmp/current.csr
  chmod 644 /opt/zimbra/data/tmp/current.csr
fi

# Handle nginx path problems bug#42156
if [ ! -d /opt/zimbra/data/tmp/nginx ]; then
  mkdir -p /opt/zimbra/data/tmp/nginx/client
  mkdir -p /opt/zimbra/data/tmp/nginx/proxy
  mkdir -p /opt/zimbra/data/tmp/nginx/fastcgi
fi
chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/tmp
chmod 1777 /opt/zimbra/data/tmp
chmod 755 /opt/zimbra/data/tmp/nginx
chmod 755 /opt/zimbra/data/tmp/nginx/client
chmod 755 /opt/zimbra/data/tmp/nginx/proxy
chmod 755 /opt/zimbra/data/tmp/nginx/fastcgi

if [ -f /opt/zimbra/.install_history ]; then
  chmod 644 /opt/zimbra/.install_history
fi

if [ -d /var/log/ ]; then
  printMsg "Fixing ownership and permissions on /var/log/zimbra.log"
  if [ ! -f /var/log/zimbra.log ]; then
    touch /var/log/zimbra.log
  fi
  chown ${syslog_user}:${syslog_group} /var/log/zimbra.log
  chmod 644 /var/log/zimbra.log
fi

for i in ${components}; do
  if [ -L /opt/zimbra/${i} ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/${i}"
    for l in /opt/zimbra/${i}-*; do
      chown ${root_user}:${root_group} ${l} 2> /dev/null
    done
    for l in /opt/zimbra/${i}/* /opt/zimbra/${i}/.???*; do
      chown -R ${root_user}:${root_group} ${l} 2> /dev/null
    done
  elif [ -d /opt/zimbra/${i} ]; then
    printMsg "Fixing ownership and permissions on /opt/zimbra/${i}"
    chown -R ${root_user}:${root_group} /opt/zimbra/${i} 2> /dev/null
    if [ x$i = "xcommon/lib/jylibs" ]; then
      chmod a+r /opt/zimbra/${i}/*.class 2>/dev/null
    fi
  fi
done

if [ -d /opt/zimbra/lib ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/lib"
  for i in /opt/zimbra/lib/lib*so*; do
    chown ${root_user}:${root_group} $i
    chmod 755 $i
  done
  if [ -d /opt/zimbra/lib/jars ]; then
    for i in /opt/zimbra/lib/jars/*; do
      chown ${root_user}:${root_group} $i
      chmod 444 $i
    done
  fi
 
  if [ -d /opt/zimbra/lib/ext ]; then
    find /opt/zimbra/lib/ext -type f -exec chown ${root_user}:${root_group} {} \;
    find /opt/zimbra/lib/ext -type f -exec chmod 444 {} \;
  fi
  if [ -d /opt/zimbra/lib/ext-common ]; then
    find /opt/zimbra/lib/ext-common -type f -exec chown ${root_user}:${root_group} {} \;
    find /opt/zimbra/lib/ext-common -type f -exec chmod 444 {} \;
  fi
fi
   
if [ -d /opt/zimbra/db ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/db"
  if [ ! -d /opt/zimbra/db/data ]; then
    mkdir -p /opt/zimbra/db/data
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/db
  chmod 444 /opt/zimbra/db/*.sql /opt/zimbra/db/*.sql.in
fi

if [ -d /opt/zimbra/common/share/database ]; then
  for i in data/cbpolicyd data/cbpolicyd/db; do
    if [ ! -d "/opt/zimbra/${i}" ]; then
      mkdir -p /opt/zimbra/${i}
    fi
  done
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/cbpolicyd
fi

if [ -x /opt/zimbra/common/sbin/saslauthd ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/sasl2/state"
  if [ ! -d /opt/zimbra/data/sasl2/state ]; then  
    mkdir -p /opt/zimbra/data/sasl2/state
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/sasl2/state
  chmod 755 /opt/zimbra/data/sasl2/state 
fi

if [ -x /opt/zimbra/common/bin/altermime ]; then
  if [ ! -d "/opt/zimbra/data/altermime" ]; then
    mkdir -p /opt/zimbra/data/altermime
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/altermime
fi

if [ -x /opt/zimbra/common/sbin/amavisd ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/amavisd"
  if [ ! -d "/opt/zimbra/data/amavisd" ]; then
    mkdir -p /opt/zimbra/data/amavisd/.spamassassin
  fi
  if [ ! -d "/var/spamassassin" ]; then
    mkdir -p /var/spamassassin
    chown -R ${zimbra_user}:${zimbra_group} /var/spamassassin
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/amavisd
  if [ -d /opt/zimbra/data/amavisd/.spamassassin ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/amavisd/.spamassassin
  fi
  if [ -d /opt/zimbra/data/spamassassin ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/spamassassin
  fi
fi


if [ -L /opt/zimbra/jetty ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/jetty"

  if [ ! -d "/opt/zimbra/data/tmp/libreoffice" ]; then
    mkdir -p /opt/zimbra/data/tmp/libreoffice
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/tmp/libreoffice
  fi
  chown  ${root_user}:${root_group} /opt/zimbra/jetty-* 2> /dev/null
  for i in \
    keystore mailboxd.{der,pem} jetty.xml{,.in} service.web.xml.in \
    zimbra.web.xml.in zimbraAdmin.web.xml.in zimlet.web.xml.in
  do
    if [ -f /opt/zimbra/jetty/etc/${i} ]; then
      chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/etc/${i}
      chmod 640 /opt/zimbra/jetty/etc/${i}
    fi
  done
  if [ -f /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr
    chmod 644 /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.csr
  fi

  if [ ! -d /opt/zimbra/jetty/webapps/zimlet/WEB-INF ]; then
    mkdir -p /opt/zimbra/jetty/webapps/zimlet/WEB-INF
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/webapps/zimlet
  chmod 755 /opt/zimbra/jetty/webapps/zimlet /opt/zimbra/jetty/webapps/zimlet/WEB-INF

  if [ ! -d /opt/zimbra/jetty/work/zimlet ]; then
    mkdir -p /opt/zimbra/jetty/work/zimlet
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/work/zimlet
  chmod 750 /opt/zimbra/jetty/work/zimlet

  if [ ! -d /opt/zimbra/jetty/work/spnego ]; then
    mkdir -p /opt/zimbra/jetty/work/spnego
  fi
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/jetty/work/spnego
  chmod 750 /opt/zimbra/jetty/work/spnego

  if [ ! -d /opt/zimbra/fbqueue ]; then
    mkdir -p /opt/zimbra/fbqueue
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/fbqueue
  chmod 755 /opt/zimbra/fbqueue

  if [ ! -d /opt/zimbra/zimlets-deployed ]; then
    mkdir -p /opt/zimbra/zimlets-deployed
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/zimlets-deployed
  chmod 755 /opt/zimbra/zimlets-deployed

  for i in /opt/zimbra/jetty/*; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done

  if [ -d /opt/zimbra/jetty/lib ]; then
    find /opt/zimbra/jetty/lib -type f -name '*.jar' -exec chown ${root_user}:${root_group} {} \; -exec chmod 444 {} \;
    find /opt/zimbra/jetty/lib -type d -exec chown ${root_user}:${root_group} {} \; -exec chmod 755 {} \;
  fi

  if [ -d /opt/zimbra/jetty/common/lib ]; then
    find /opt/zimbra/jetty/common/lib -type f -name '*.jar' -exec chown ${root_user}:${root_group} {} \; -exec chmod 444 {} \;
  fi

  if [ -d /opt/zimbra/jetty/common ]; then
    find /opt/zimbra/jetty/common -type d -exec chown ${root_user}:${root_group} {} \; -exec chmod 755 {} \;
  fi  

  if [ ! -d /opt/zimbra/data/mailboxd ]; then
    mkdir -p /opt/zimbra/data/mailboxd
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/mailboxd
  chmod 755 /opt/zimbra/data/mailboxd

  if [ ! -d /opt/zimbra/data/mailboxd/spnego ]; then
    mkdir -p /opt/zimbra/data/mailboxd/spnego
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/mailboxd/spnego
  chmod 755 /opt/zimbra/data/mailboxd/spnego

fi

if [ -f /opt/zimbra/common/etc/java/cacerts ]; then
  chown zimbra:zimbra /opt/zimbra/common/etc/java/cacerts
  chmod 644 /opt/zimbra/common/etc/java/cacerts
fi

if [ -d /opt/zimbra/ssl ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/ssl"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/ssl
  find /opt/zimbra/ssl -type f -exec chmod 640 {} \;
fi

if [ -x /opt/zimbra/common/libexec/slapd ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/ldap"
  if [ -d /opt/zimbra/data/ldap ]; then
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/ldap
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/data/ldap
  fi
fi

if [ -d /opt/zimbra/logger/db ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/logger/db"
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/logger/db
  if [ ! -d /opt/zimbra/logger/db/data ]; then
    mkdir -p /opt/zimbra/logger/db/data
  fi
  chown ${zimbra_user}:${zimbra_group} /opt/zimbra/logger/db/data
fi

if [ -d /opt/zimbra/data/clamav ]; then
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/clamav
fi

if [ -d /opt/zimbra/zmstat ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/zmstat"
  for i in /opt/zimbra/zmstat/????-??-??; do
    chown -R ${zimbra_user}:${zimbra_group} ${i}
  done
fi

if [ -x /opt/zimbra/common/sbin/postfix ]; then
  printMsg "Fixing postfix related permissions"

  if [ -f /opt/zimbra/common/sbin/postqueue ]; then
    chgrp -f ${postfix_suid_group} /opt/zimbra/common/sbin/postqueue
    chmod -f u=rwx,g=rsx,o=rx /opt/zimbra/common/sbin/postqueue
  fi
  if [ -f /opt/zimbra/common/sbin/postdrop ]; then
    chgrp -f ${postfix_suid_group} /opt/zimbra/common/sbin/postdrop
    chmod -f u=rwx,g=rsx,o=rx /opt/zimbra/common/sbin/postdrop
  fi
  if [ -e /opt/zimbra/common/conf ]; then
    if [ -f /opt/zimbra/common/conf/master.cf.in ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/common/conf/master.cf.in
    fi
    if [ -f /opt/zimbra/common/conf/tag_as_foreign.re ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/common/conf/tag_as_foreign.re
    fi
    if [ -f /opt/zimbra/common/conf/tag_as_originating.re ]; then
      chown -f ${zimbra_user}:${zimbra_group} /opt/zimbra/common/conf/tag_as_originating.re
    fi
  fi

  # Postjournal specific permissions
  if [ -f /opt/zimbra/bin/zmbackup ]; then
    mkdir -p /opt/zimbra/data/postfix-journal
    chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/postfix-journal
  fi
fi

if [ -d /opt/zimbra/data/postfix ]; then
  printMsg "Fixing ownership and permissions on /opt/zimbra/data/postfix"
  if [ ! -d /opt/zimbra/data/postfix/data ]; then
    mkdir -p /opt/zimbra/data/postfix/data
  fi
  if [ ! -d /opt/zimbra/data/postfix/spool/pid ]; then
    mkdir -p /opt/zimbra/data/postfix/spool/pid
  fi
  chmod 755 /opt/zimbra/data/postfix
  chown -fR ${postfix_owner}:${postfix_owner} /opt/zimbra/data/postfix/spool
  chown -f ${root_user} /opt/zimbra/data/postfix/spool
  chown -f ${postfix_owner} /opt/zimbra/data/postfix/spool/pid
  chgrp -f ${root_group} /opt/zimbra/data/postfix/spool/pid
  # Postfix specific permissions
  if [ -d /opt/zimbra/data/postfix/spool/public ]; then
    chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/spool/public
  fi
  if [ -d /opt/zimbra/data/postfix/spool/maildrop ]; then
    chmod 730 /opt/zimbra/data/postfix/spool/maildrop
    chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/spool/maildrop
    chmod 730 /opt/zimbra/data/postfix/spool/maildrop
  fi
  chown -f ${postfix_owner} /opt/zimbra/data/postfix
  chown -f ${postfix_owner} /opt/zimbra/data/postfix/* 2> /dev/null
  chgrp -f ${postfix_suid_group} /opt/zimbra/data/postfix/data
  chmod 755 /opt/zimbra/data/postfix/data
  chown -f ${postfix_owner}:${postfix_owner} /opt/zimbra/data/postfix/data/* 2> /dev/null
  # `postfix check` checks that everything under data is not group or other writable
  chmod -R go-w /opt/zimbra/data/postfix/data
  chown -f ${root_user} /opt/zimbra/data/postfix/spool
  chgrp -f ${root_group} /opt/zimbra/data/postfix/spool
fi

if [ -d /opt/zimbra/index -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/index"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/index
fi

if [ -d /opt/zimbra/backup -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/backup"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/backup
fi

if [ -d /opt/zimbra/redolog -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/redolog"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/redolog
fi

if [ -d /opt/zimbra/store -a ${extended} = "yes" ]; then
  printMsg "Fixing ownership of /opt/zimbra/store"
  chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/store
fi

if [[ "x$PLAT" == "xRHEL7_64" && ! -d /opt/zimbra/.cache ]]; then
  mkdir -p /opt/zimbra/.cache
  chown zimbra:zimbra /opt/zimbra/.cache
  chmod 775 /opt/zimbra/.cache
fi

# Fix permissions for default openldap configuration files
for i in slapd.conf slapd.conf.default slapd.ldif slapd.ldif.default;
do
  if [ -f /opt/zimbra/common/etc/openldap/${i} ]; then
    chown -f ${root_user}:${root_group} /opt/zimbra/common/etc/openldap/${i}
    chmod 644 /opt/zimbra/common/etc/openldap/${i}
  fi
done

# Fix permissions for rabbitmq
if [ -d /opt/zimbra/common/lib/rabbitmq ]; then
	chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/common/lib/rabbitmq
fi

if [ -d /opt/zimbra/data/rabbitmq ]; then
	chown -R ${zimbra_user}:${zimbra_group} /opt/zimbra/data/rabbitmq
fi


##### Fix permissions for ldap and proxy #####

if [ -x /opt/zimbra/common/sbin/nginx ]; then
  chown ${root_user}:${zimbra_group} /opt/zimbra/common/sbin/nginx
  chmod 750 /opt/zimbra/common/sbin/nginx

  if [ -f /opt/zimbra/log/nginx.log ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/log/nginx.log
    chmod 644 /opt/zimbra/log/nginx.log
  fi

  if [ -f /opt/zimbra/log/nginx.access.log ]; then
    chown ${zimbra_user}:${zimbra_group} /opt/zimbra/log/nginx.access.log
    chmod 644 /opt/zimbra/log/nginx.access.log
  fi

  # changing permission will reset capabilities so set it again
  echo "Set capability for /opt/zimbra/common/sbin/nginx"
  setcap CAP_NET_BIND_SERVICE=+ep /opt/zimbra/common/sbin/nginx
fi

if [ -x /opt/zimbra/common/libexec/slapd ]; then
  chown ${root_user}:${zimbra_group} /opt/zimbra/common/libexec/slapd
  chmod 750 /opt/zimbra/common/libexec/slapd

  # changing permission will reset capabilities so set it again
  echo "Set capability for /opt/zimbra/common/libexec/slapd"
  setcap CAP_NET_BIND_SERVICE=+ep /opt/zimbra/common/libexec/slapd
fi

##### Execute zmacl #####
if [ -f /opt/zimbra/bin/zmacl ]; then
	/opt/zimbra/bin/zmacl enable
fi

exit 0
