aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--Makefile8
-rw-r--r--init-sh/group.conf2
-rwxr-xr-xinit-sh/grpuser125
-rwxr-xr-xinit-sh/grpuser.sh161
-rw-r--r--init-sh/lib.sh20
6 files changed, 247 insertions, 72 deletions
diff --git a/ChangeLog b/ChangeLog
index 32adea3..753317e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
1999-15-10 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+ * grpuser.sh take only one opt ( --refresh ),
+ take group name from /etc/security/msec/init-sh/group.conf
+ and add user from /etc/security/msec/init-sh/user.conf if secure level > 2
* level0.sh fixed inittab entry
* fix a typo
* As requested, direct shell access for level 0
diff --git a/Makefile b/Makefile
index 1f3a005..d242c50 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION = 0.5
+VERSION = 0.7
all: promisc_check
@@ -20,7 +20,8 @@ rpm_install: all
cp init-sh/file_perm.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp init-sh/perm.[0-5] $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp init-sh/server.* $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
- cp init-sh/grpuser $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
+ cp init-sh/group.conf $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
+ cp init-sh/grpuser.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp init-sh/custom.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp cron-sh/*.sh $(RPM_BUILD_ROOT)/etc/security/msec/cron-sh
touch $(RPM_BUILD_ROOT)/etc/security/msec/security.conf
@@ -43,7 +44,8 @@ install:
(cp init-sh/level* /etc/security/msec/init-sh)
(cp init-sh/init.sh /etc/security/msec/init.sh);
(cp init-sh/lib.sh /etc/security/msec/init-sh);
- (cp init-sh/grpuser /etc/security/msec/init-sh);
+ (cp init-sh/grpuser.sh /etc/security/msec/init-sh);
+ (cp init-sh/group.conf /etc/security/msec/init-sh);
(cp init-sh/file_perm.sh /etc/security/msec/init-sh);
(cp init-sh/*.[0-5] /etc/security/msec/init-sh/)
(cp init-sh/custom.sh /etc/security/msec/init-sh);
diff --git a/init-sh/group.conf b/init-sh/group.conf
new file mode 100644
index 0000000..bdbca9d
--- /dev/null
+++ b/init-sh/group.conf
@@ -0,0 +1,2 @@
+audio
+urpmi
diff --git a/init-sh/grpuser b/init-sh/grpuser
index fb2ad25..6fa0e5d 100755
--- a/init-sh/grpuser
+++ b/init-sh/grpuser
@@ -13,12 +13,13 @@ user_name=$3
Usage() {
echo "Usage :"
- echo " --add [ groupname ] [ username ] ---> Add an user to a group."
- echo " --del [ groupname ] [ username ] ---> Delete an user from a group."
+ echo " --refresh ---> Read group name in /etc/security/msec/group.conf"
+ echo " and add each user in /etc/security/msec/user.conf"
+ echo " in these groups ( if security level is <= 2 )"
}
ModifyFile() {
- mv /etc/${file} /tmp/${file}.old
+ cp /etc/${file} /tmp/${file}.old
head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file}
echo "${new_group_line}" >> /etc/${file}
@@ -42,10 +43,10 @@ AppendUserToGroup() {
IsUserAlreadyInGroup() {
if echo ${group_users} | grep -qw "${user_name}"; then
- return 1
+ return 0
fi
- return 0
+ return 1
}
IsGroupExisting() {
@@ -60,8 +61,9 @@ IsGroupExisting() {
group_users=`echo ${tmp} | awk -F: '{print $5}'`
group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'`
- [ -z "${tmp}" ] && return 0
- return 1
+ [ -z "${tmp}" ] && return 1
+
+ return 0
}
IsUserExisting() {
@@ -73,68 +75,66 @@ IsUserExisting() {
return 1;
}
-Add() {
- IsGroupExisting;
- if [[ $? == 0 ]]; then
- echo "Sorry, group \"${group_name}\" does not exist."
- echo "Please create it using the \"groupadd\" command."
- exit 1
- fi
-
- IsUserExisting;
- if [[ $? == 1 ]]; then
- echo "Sorry, user \"${user_name}\" does not exist."
- exit 1
- fi
-
- IsUserAlreadyInGroup;
- if [[ $? == 1 ]]; then
- echo "Sorry, user \"${user_name}\" is already in group \"${group_name}\"."
- exit 1
+Refresh() {
+ if [[ ${SECURE_LEVEL} > 2 ]]; then
+ echo "You are in a secure level > 2, in this level you need to add group user by yourself."
+ echo "Use the command : usermod -G group_name user_name"
+ exit 1;
fi
- AppendUserToGroup;
- ModifyFile;
-
- exit 0
-}
-
-Del() {
- IsGroupExisting;
- if [[ $? == 0 ]]; then
- echo "Sorry, group \"${group_name}\" does not exist."
- exit 1
- fi
-
- IsUserAlreadyInGroup;
- if [[ $? == 0 ]]; then
- echo "Sorry, user \"${user_name}\" is not in group \"${group_name}\"."
- exit 1
- fi
-
- RemoveUserFromGroup;
- ModifyFile;
-
- exit 0
+ cat /etc/security/msec/group.conf | while read group_name; do
+ IsGroupExisting;
+ if [[ $? != 0 ]]; then
+ echo "Group \"${group_name}\" doesn't exist. skiping it."
+ else
+ cat /etc/security/msec/user.conf | while read user_name; do
+ IsUserExisting;
+ if [[ $? != 0 ]]; then
+ # user doesn't exist
+ echo "Can't add user \"${user_name}\" to group \"${group_name}\"."
+ echo "\"${user_name}\" doesn't exist. skiping."
+ IsUserAlreadyInGroup;
+ if [[ $? == 0 ]]; then
+ # user doesn't exist but is in a group... delete user from this group.
+ RemoveUserFromgroup;
+ ModifyFile;
+ fi
+ else
+ usermod -G ${group_name} ${user_name}
+ fi
+ done
+ fi
+ done
}
Perm() {
+ if [[ ${UID} != 0 ]]; then
+ echo "You need root access to use this tool."
+ echo "And this script shouldn't be used by users."
+ exit 1
+ fi
+
if [[ ! -w /etc/${file} ]]; then
- echo "You're not allowed to write to /etc/group..."
- exit 1
+ echo "You're not allowed to write to /etc/group..."
+ exit 1
+ fi
+
+ if [[ ! -f /etc/security/msec/group.conf ]]; then
+ echo "/etc/security/msec/group.conf doesn't exist..."
+ exit 1
+ fi
+
+ if [[ ! -f /etc/security/msec/user.conf ]]; then
+ echo "/etc/security/msec/user.conf doesn't exist..."
+ exit 1
fi
}
-if [[ $# == 3 ]]; then
+if [[ $# == 1 ]]; then
case $1 in
- "--add")
- Perm;
- Add;
- exit 0
- ;;
- "--del")
+ "--refresh")
Perm;
- Del;
+ Refresh;
exit 0
;;
esac
@@ -150,3 +150,12 @@ fi
+
+
+
+
+
+
+
+
+
diff --git a/init-sh/grpuser.sh b/init-sh/grpuser.sh
new file mode 100755
index 0000000..6fa0e5d
--- /dev/null
+++ b/init-sh/grpuser.sh
@@ -0,0 +1,161 @@
+#!/bin/sh
+
+#
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+# Thanks to Francis Galiegue.
+#
+
+file="group"
+group_line=""
+new_group_line=""
+group_name=$2
+user_name=$3
+
+Usage() {
+ echo "Usage :"
+ echo " --refresh ---> Read group name in /etc/security/msec/group.conf"
+ echo " and add each user in /etc/security/msec/user.conf"
+ echo " in these groups ( if security level is <= 2 )"
+}
+
+ModifyFile() {
+ cp /etc/${file} /tmp/${file}.old
+
+ head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file}
+ echo "${new_group_line}" >> /etc/${file}
+ tail +$((group_line_number + 1)) /tmp/${file}.old >> /etc/${file}
+
+ rm -f /tmp/${file}.old
+}
+
+RemoveUserFromGroup() {
+ new_group_line=${group}`echo ${group_users} |
+ sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g`
+}
+
+AppendUserToGroup() {
+ if [[ -z ${group_users} ]]; then
+ new_group_line=${group_line}${user_name}
+ else
+ new_group_line=${group_line}",${user_name}"
+ fi
+}
+
+IsUserAlreadyInGroup() {
+ if echo ${group_users} | grep -qw "${user_name}"; then
+ return 0
+ fi
+
+ return 1
+}
+
+IsGroupExisting() {
+ group_line=""
+ group_line_number=""
+
+ # We get some group infos as well, will be used later
+ tmp=`grep -n "^${group_name}:" /etc/${file} | tr -d " "`
+
+ group_line_number=`echo ${tmp} | awk -F: '{print $1}'`
+ group=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"}'`
+ group_users=`echo ${tmp} | awk -F: '{print $5}'`
+ group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'`
+
+ [ -z "${tmp}" ] && return 1
+
+ return 0
+}
+
+IsUserExisting() {
+ grep -qn "^${user_name}:" /etc/passwd
+ if [[ $? == 0 ]]; then
+ return 0;
+ fi
+
+ return 1;
+}
+
+Refresh() {
+ if [[ ${SECURE_LEVEL} > 2 ]]; then
+ echo "You are in a secure level > 2, in this level you need to add group user by yourself."
+ echo "Use the command : usermod -G group_name user_name"
+ exit 1;
+ fi
+
+ cat /etc/security/msec/group.conf | while read group_name; do
+ IsGroupExisting;
+ if [[ $? != 0 ]]; then
+ echo "Group \"${group_name}\" doesn't exist. skiping it."
+ else
+ cat /etc/security/msec/user.conf | while read user_name; do
+ IsUserExisting;
+ if [[ $? != 0 ]]; then
+ # user doesn't exist
+ echo "Can't add user \"${user_name}\" to group \"${group_name}\"."
+ echo "\"${user_name}\" doesn't exist. skiping."
+ IsUserAlreadyInGroup;
+ if [[ $? == 0 ]]; then
+ # user doesn't exist but is in a group... delete user from this group.
+ RemoveUserFromgroup;
+ ModifyFile;
+ fi
+ else
+ usermod -G ${group_name} ${user_name}
+ fi
+ done
+ fi
+ done
+}
+
+Perm() {
+ if [[ ${UID} != 0 ]]; then
+ echo "You need root access to use this tool."
+ echo "And this script shouldn't be used by users."
+ exit 1
+ fi
+
+ if [[ ! -w /etc/${file} ]]; then
+ echo "You're not allowed to write to /etc/group..."
+ exit 1
+ fi
+
+ if [[ ! -f /etc/security/msec/group.conf ]]; then
+ echo "/etc/security/msec/group.conf doesn't exist..."
+ exit 1
+ fi
+
+ if [[ ! -f /etc/security/msec/user.conf ]]; then
+ echo "/etc/security/msec/user.conf doesn't exist..."
+ exit 1
+ fi
+}
+
+if [[ $# == 1 ]]; then
+ case $1 in
+ "--refresh")
+ Perm;
+ Refresh;
+ exit 0
+ ;;
+ esac
+ Usage;
+ exit 0
+else
+ Usage;
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index e519ad8..124fc63 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -57,10 +57,10 @@ AddBegRules() {
echo "Modifying config in ${file}..."
fi
- mv ${file} /tmp/secure.tmp
+ cp -f ${file} /tmp/secure.tmp
if ! grep -Eqx "^${string}" /tmp/secure.tmp; then
- echo -e "${COMMENT}" >> ${file};
+ echo -e "${COMMENT}" > ${file};
echo -e "${string}" >> ${file};
fi
@@ -81,8 +81,7 @@ CleanRules() {
fi
echo -en "\t- Cleaning msec appended line in ${file} : "
- mv -f ${file} /tmp/secure.tmp
- touch ${file}
+ cp -f ${file} /tmp/secure.tmp
while read line; do
if [[ ${ctrl} == 1 ]]; then
@@ -95,7 +94,7 @@ CleanRules() {
fi
if [[ ${ctrl} == 0 ]]; then
- echo "${line}" >> ${file}
+ echo "${line}" > ${file}
fi
done < /tmp/secure.tmp
@@ -113,12 +112,11 @@ CommentUserRules() {
echo -en "\t- Cleaning user appended line in ${file} : "
- mv -f ${file} /tmp/secure.tmp
- touch ${file}
-
+ cp -f ${file} /tmp/secure.tmp
+
while read line; do
if ! echo "${line}" | grep -qE "^#"; then
- echo "# ${line}" >> ${file}
+ echo "# ${line}" > ${file}
fi
done < /tmp/secure.tmp
@@ -158,10 +156,10 @@ LiloUpdate() {
fi
if [[ ! -z "${password}" ]]; then
- mv /etc/lilo.conf /tmp/secure.tmp
+ cp -f /etc/lilo.conf /tmp/secure.tmp
while read line; do
if ! echo "${line}" | grep -q "password"; then
- echo "${line}" >> /etc/lilo.conf
+ echo "${line}" > /etc/lilo.conf
fi
done < /tmp/secure.tmp