scc: pavon owncloud diagnostic scratch scripts from 2026-04-29 session

Six small bash scripts uploaded to /tmp on 172.16.3.22 during the OwnCloud cron stacking incident — investigation, group enumeration, failed group-restrict attempt, occ subcommand discovery. Captured for audit; full context in clients/pavon/session-logs/2026-04-29-session.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 08:25:11 -07:00
parent f22d33f2ae
commit d62a14ca4e
6 changed files with 110 additions and 0 deletions
--- a/temp/owncloud-versioning-restrict.sh
+++ b/temp/owncloud-versioning-restrict.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+set -e
+OCC="sudo -u apache php /var/www/owncloud/occ"
+
+echo "=== STEP 1: Create group 'versioning_users' ==="
+$OCC group:add versioning_users 2>&1 || true
+
+echo
+echo "=== STEP 2: Add all non-pavon users to the group ==="
+for u in Martell anaise bst jburger mara minrec rohrbach sysadmin themarcgroup; do
+    $OCC group:add-member versioning_users --member "$u" 2>&1 || true
+done
+
+echo
+echo "=== STEP 3: Verify membership ==="
+$OCC group:list-members versioning_users 2>&1
+
+echo
+echo "=== STEP 4: Disable files_versions globally ==="
+$OCC app:disable files_versions 2>&1
+
+echo
+echo "=== STEP 5: Re-enable for versioning_users group only ==="
+$OCC app:enable files_versions --groups versioning_users 2>&1
+
+echo
+echo "=== STEP 6: Verify app status ==="
+$OCC app:list 2>&1 | grep -A 2 -i versions
+echo
+echo "=== STEP 7: Verify pavon excluded ==="
+$OCC user:list-groups pavon 2>&1