aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinit-sh/grpuser.sh45
-rwxr-xr-xinit-sh/level1.sh11
-rwxr-xr-xinit-sh/level2.sh2
-rw-r--r--init-sh/lib.sh3
4 files changed, 43 insertions, 18 deletions
diff --git a/init-sh/grpuser.sh b/init-sh/grpuser.sh
index 6fa0e5d..d2f2daf 100755
--- a/init-sh/grpuser.sh
+++ b/init-sh/grpuser.sh
@@ -13,6 +13,7 @@ user_name=$3
Usage() {
echo "Usage :"
+ echo " --clean ---> Remove all group change."
echo " --refresh ---> Read group name in /etc/security/msec/group.conf"
echo " and add each user in /etc/security/msec/user.conf"
echo " in these groups ( if security level is <= 2 )"
@@ -25,12 +26,16 @@ ModifyFile() {
echo "${new_group_line}" >> /etc/${file}
tail +$((group_line_number + 1)) /tmp/${file}.old >> /etc/${file}
+ new_group_line=""
+
rm -f /tmp/${file}.old
}
RemoveUserFromGroup() {
new_group_line=${group}`echo ${group_users} |
sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g`
+
+ echo ${new_group_line}
}
AppendUserToGroup() {
@@ -75,7 +80,7 @@ IsUserExisting() {
return 1;
}
-Refresh() {
+RefreshAdd() {
if [[ ${SECURE_LEVEL} > 2 ]]; then
echo "You are in a secure level > 2, in this level you need to add group user by yourself."
echo "Use the command : usermod -G group_name user_name"
@@ -91,15 +96,17 @@ Refresh() {
IsUserExisting;
if [[ $? != 0 ]]; then
# user doesn't exist
- echo "Can't add user \"${user_name}\" to group \"${group_name}\"."
- echo "\"${user_name}\" doesn't exist. skiping."
+ echo "Can't add user \"${user_name}\" to group \"${group_name}\" user doesn't exist. skiping."
IsUserAlreadyInGroup;
if [[ $? == 0 ]]; then
- # user doesn't exist but is in a group... delete user from this group.
- RemoveUserFromgroup;
+ echo "User doesn't exist but is in a group... delete user from this group."
+ RemoveUserFromGroup;
ModifyFile;
fi
else
+ echo "Adding user \"${user_name}\" to group \"${group_name}\"."
+ #AppendUserToGroup;
+ #ModifyFile;
usermod -G ${group_name} ${user_name}
fi
done
@@ -107,6 +114,27 @@ Refresh() {
done
}
+RefreshDel() {
+ cat /etc/security/msec/group.conf | while read group_name; do
+ IsGroupExisting;
+ if [[ $? != 0 ]]; then
+ echo "Group \"${group_name}\" doesn't exist. skiping it."
+ else
+ cat /etc/security/msec/user.conf | while read user_name; do
+ IsGroupExisting; # We need some variable at each turn.
+ IsUserAlreadyInGroup;
+ if [[ $? == 0 ]]; then
+ echo "Removing \"${user_name}\" from group \"${group_name}\"."
+ RemoveUserFromGroup;
+ ModifyFile;
+ fi
+ done
+ fi
+ done
+}
+
+
+
Perm() {
if [[ ${UID} != 0 ]]; then
echo "You need root access to use this tool."
@@ -134,7 +162,12 @@ if [[ $# == 1 ]]; then
case $1 in
"--refresh")
Perm;
- Refresh;
+ RefreshAdd;
+ exit 0
+ ;;
+ "--clean")
+ Perm;
+ RefreshDel;
exit 0
;;
esac
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index 370d65d..342752d 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -78,16 +78,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
###
# Group
-if [[ ! -z ${DRAKX_USERS} ]]; then
- echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
- for user in ${DRAKX_USERS}; do
- usermod -G audio "${user}"
- done
- echo "done."
-fi
-
-
-
+/etc/security/msec/init-sh/grpuser.sh --refresh
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index 3bf1157..bfadce8 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -74,5 +74,7 @@ echo "Allowing users to connect X server from localhost :"
AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xdm/Xsession quiet
AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
+# group
+/etc/security/msec/init-sh/grpuser.sh --refresh
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 8340552..891ebf1 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -212,8 +212,7 @@ groupadd audio >& /dev/null
groupadd xgrp >& /dev/null
usermod -G xgrp xfs
-/etc/security/msec/init-sh/grpuser.sh --refresh
-
+/etc/security/msec/init-sh/grpuser.sh --clean