aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--man/C/mseclib.34
-rw-r--r--share/libmsec.py20
-rwxr-xr-xshare/msec.py2
3 files changed, 26 insertions, 0 deletions
diff --git a/man/C/mseclib.3 b/man/C/mseclib.3
index e564444..82907aa 100644
--- a/man/C/mseclib.3
+++ b/man/C/mseclib.3
@@ -216,6 +216,10 @@ Set the shell timeout. A value of zero means no timeout.
.TP 4
.B \fIset_user_umask(umask)\fP
Set the user umask.
+
+.TP 4
+.B \fIset_win_parts_umask(umask)\fP
+Set umask option for mounting vfat and ntfs partitions. A value of None means default umask.
.RE
.SH "SEE ALSO"
msec(8)
diff --git a/share/libmsec.py b/share/libmsec.py
index 01beee8..3174108 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -41,6 +41,7 @@ AUTOLOGIN = '/etc/sysconfig/autologin'
BASTILLENOLOGIN = '/etc/bastille-no-login'
CRON = '/etc/cron.d/msec'
CRONALLOW = '/etc/cron.allow'
+FSTAB = '/etc/fstab'
GDM = '/etc/pam.d/gdm'
GDMCONF = '/etc/X11/gdm/gdm.conf'
HALT = '/usr/bin/halt'
@@ -376,6 +377,25 @@ def set_shell_history_size(size):
if val != None:
_interactive and log(_('Removing limit on shell history size'))
msec.remove_line_matching('^HISTFILESIZE=')
+
+################################################################################
+
+def set_win_parts_umask(umask):
+ ''' Set umask option for mounting vfat and ntfs partitions. A value of None means default umask.'''
+ fstab = ConfigFile.get_config_file(FSTAB)
+
+ # don't lower security when not changing security level
+ if same_level():
+ if umask != None:
+ return
+
+ if umask == None:
+ fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)umask=\d+(\s.*)", "@1defaults@3", 0, 1)
+ fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)umask=\d+,(.*)", "@1@3", 0, 1)
+ fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+\S+),umask=\d+(.*)", "@1@3", 0, 1)
+ else:
+ fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+\S*)umask=\d+(.*)", "@1umask=0@3", 0, 1)
+ fstab.replace_line_matching("(.*\s(vfat|ntfs)\s+)(?!.*umask=)(\S+)(.*)", "@1@3,umask=0@4", 0, 1)
################################################################################
diff --git a/share/msec.py b/share/msec.py
index f4e6a13..4120c8e 100755
--- a/share/msec.py
+++ b/share/msec.py
@@ -202,12 +202,14 @@ if server:
allow_issues(LOCAL)
enable_log_strange_packets(yes)
enable_pam_root_from_wheel(no)
+ set_win_parts_umask(None)
else:
allow_autologin(yes)
enable_console_log(no)
allow_issues(ALL)
enable_log_strange_packets(no)
enable_pam_root_from_wheel(yes)
+ set_win_parts_umask('0')
# differences between level 0 and others
if level != 0: