diff options
-rwxr-xr-x | init-sh/grpuser.sh | 45 | ||||
-rwxr-xr-x | init-sh/level1.sh | 11 | ||||
-rwxr-xr-x | init-sh/level2.sh | 2 | ||||
-rw-r--r-- | init-sh/lib.sh | 3 |
4 files changed, 43 insertions, 18 deletions
diff --git a/init-sh/grpuser.sh b/init-sh/grpuser.sh index 6fa0e5d..d2f2daf 100755 --- a/init-sh/grpuser.sh +++ b/init-sh/grpuser.sh @@ -13,6 +13,7 @@ user_name=$3 Usage() { echo "Usage :" + echo " --clean ---> Remove all group change." echo " --refresh ---> Read group name in /etc/security/msec/group.conf" echo " and add each user in /etc/security/msec/user.conf" echo " in these groups ( if security level is <= 2 )" @@ -25,12 +26,16 @@ ModifyFile() { echo "${new_group_line}" >> /etc/${file} tail +$((group_line_number + 1)) /tmp/${file}.old >> /etc/${file} + new_group_line="" + rm -f /tmp/${file}.old } RemoveUserFromGroup() { new_group_line=${group}`echo ${group_users} | sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g` + + echo ${new_group_line} } AppendUserToGroup() { @@ -75,7 +80,7 @@ IsUserExisting() { return 1; } -Refresh() { +RefreshAdd() { if [[ ${SECURE_LEVEL} > 2 ]]; then echo "You are in a secure level > 2, in this level you need to add group user by yourself." echo "Use the command : usermod -G group_name user_name" @@ -91,15 +96,17 @@ Refresh() { IsUserExisting; if [[ $? != 0 ]]; then # user doesn't exist - echo "Can't add user \"${user_name}\" to group \"${group_name}\"." - echo "\"${user_name}\" doesn't exist. skiping." + echo "Can't add user \"${user_name}\" to group \"${group_name}\" user doesn't exist. skiping." IsUserAlreadyInGroup; if [[ $? == 0 ]]; then - # user doesn't exist but is in a group... delete user from this group. - RemoveUserFromgroup; + echo "User doesn't exist but is in a group... delete user from this group." + RemoveUserFromGroup; ModifyFile; fi else + echo "Adding user \"${user_name}\" to group \"${group_name}\"." + #AppendUserToGroup; + #ModifyFile; usermod -G ${group_name} ${user_name} fi done @@ -107,6 +114,27 @@ Refresh() { done } +RefreshDel() { + cat /etc/security/msec/group.conf | while read group_name; do + IsGroupExisting; + if [[ $? != 0 ]]; then + echo "Group \"${group_name}\" doesn't exist. skiping it." + else + cat /etc/security/msec/user.conf | while read user_name; do + IsGroupExisting; # We need some variable at each turn. + IsUserAlreadyInGroup; + if [[ $? == 0 ]]; then + echo "Removing \"${user_name}\" from group \"${group_name}\"." + RemoveUserFromGroup; + ModifyFile; + fi + done + fi + done +} + + + Perm() { if [[ ${UID} != 0 ]]; then echo "You need root access to use this tool." @@ -134,7 +162,12 @@ if [[ $# == 1 ]]; then case $1 in "--refresh") Perm; - Refresh; + RefreshAdd; + exit 0 + ;; + "--clean") + Perm; + RefreshDel; exit 0 ;; esac diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 370d65d..342752d 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -78,16 +78,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc ### # Group -if [[ ! -z ${DRAKX_USERS} ]]; then - echo -n "Adding \"${DRAKX_USERS}\" to audio group :" - for user in ${DRAKX_USERS}; do - usermod -G audio "${user}" - done - echo "done." -fi - - - +/etc/security/msec/init-sh/grpuser.sh --refresh diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 3bf1157..bfadce8 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -74,5 +74,7 @@ echo "Allowing users to connect X server from localhost :" AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xdm/Xsession quiet AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc +# group +/etc/security/msec/init-sh/grpuser.sh --refresh diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 8340552..891ebf1 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -212,8 +212,7 @@ groupadd audio >& /dev/null groupadd xgrp >& /dev/null usermod -G xgrp xfs -/etc/security/msec/init-sh/grpuser.sh --refresh - +/etc/security/msec/init-sh/grpuser.sh --clean |