diff options
-rw-r--r-- | man/C/mseclib.3 | 4 | ||||
-rw-r--r-- | share/libmsec.py | 20 | ||||
-rwxr-xr-x | share/msec.py | 2 |
3 files changed, 26 insertions, 0 deletions
diff --git a/man/C/mseclib.3 b/man/C/mseclib.3 index e564444..82907aa 100644 --- a/man/C/mseclib.3 +++ b/man/C/mseclib.3 @@ -216,6 +216,10 @@ Set the shell timeout. A value of zero means no timeout. .TP 4 .B \fIset_user_umask(umask)\fP Set the user umask. + +.TP 4 +.B \fIset_win_parts_umask(umask)\fP +Set umask option for mounting vfat and ntfs partitions. A value of None means default umask. .RE .SH "SEE ALSO" msec(8) diff --git a/share/libmsec.py b/share/libmsec.py index 01beee8..3174108 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -41,6 +41,7 @@ AUTOLOGIN = '/etc/sysconfig/autologin' BASTILLENOLOGIN = '/etc/bastille-no-login' CRON = '/etc/cron.d/msec' CRONALLOW = '/etc/cron.allow' +FSTAB = '/etc/fstab' GDM = '/etc/pam.d/gdm' GDMCONF = '/etc/X11/gdm/gdm.conf' HALT = '/usr/bin/halt' @@ -376,6 +377,25 @@ def set_shell_history_size(size): if val != None: _interactive and log(_('Removing limit on shell history size')) msec.remove_line_matching('^HISTFILESIZE=') + +################################################################################ + +def set_win_parts_umask(umask): + ''' Set umask option for mounting vfat and ntfs partitions. A value of None means default umask.''' + fstab = ConfigFile.get_config_file(FSTAB) + + # don't lower security when not changing security level + if same_level(): + if umask != None: + return + + if umask == None: + fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)umask=\d+(\s.*)", "@1defaults@3", 0, 1) + fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)umask=\d+,(.*)", "@1@3", 0, 1) + fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+\S+),umask=\d+(.*)", "@1@3", 0, 1) + else: + fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+\S*)umask=\d+(.*)", "@1umask=0@3", 0, 1) + fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)(?!.*umask=)(\S+)(.*)", "@1@3,umask=0@4", 0, 1) ################################################################################ diff --git a/share/msec.py b/share/msec.py index f4e6a13..4120c8e 100755 --- a/share/msec.py +++ b/share/msec.py @@ -202,12 +202,14 @@ if server: allow_issues(LOCAL) enable_log_strange_packets(yes) enable_pam_root_from_wheel(no) + set_win_parts_umask(None) else: allow_autologin(yes) enable_console_log(no) allow_issues(ALL) enable_log_strange_packets(no) enable_pam_root_from_wheel(yes) + set_win_parts_umask('0') # differences between level 0 and others if level != 0: |