aboutsummaryrefslogtreecommitdiffstats
path: root/profile.d
diff options
context:
space:
mode:
Diffstat (limited to 'profile.d')
-rwxr-xr-xprofile.d/msec.csh62
-rwxr-xr-xprofile.d/msec.sh31
2 files changed, 93 insertions, 0 deletions
diff --git a/profile.d/msec.csh b/profile.d/msec.csh
new file mode 100755
index 0000000..0a6bd70
--- /dev/null
+++ b/profile.d/msec.csh
@@ -0,0 +1,62 @@
+# shell security options
+
+if ( -r /etc/security/shell ) then
+ eval `sed -n 's/^\([^#]*\)=\([^#]*\)/set \1=\2;/p' < /etc/security/shell`
+endif
+
+if ( $uid >= 500 ) then
+ if ( ${?UMASK_USER} ) then
+ umask ${UMASK_USER}
+ else
+ umask 022
+ endif
+else
+ if ( ${?UMASK_ROOT} ) then
+ umask ${UMASK_ROOT}
+ else
+ umask 002
+ endif
+endif
+
+
+# (pixel) tcsh doesn't handle directory in the PATH being non-readable
+# in security high, /usr/bin is 751, aka non-readable
+# using unhash *after modifying PATH* fixes the pb
+# So while modifying the PATH, do not rely on the PATH until unhash is done
+
+if ! { (echo "${PATH}" | /bin/grep -q /usr/X11R6/bin) } then
+ setenv PATH "${PATH}:/usr/X11R6/bin"
+endif
+
+if ! { (echo "${PATH}" | /bin/grep -q /usr/games) } then
+ setenv PATH "${PATH}:/usr/games"
+endif
+
+if ( ${?SECURE_LEVEL} ) then
+ if ( ${SECURE_LEVEL} <= 1 ) then
+ if ! { (echo "${PATH}" | /bin/fgrep -q :.) } then
+ setenv PATH "${PATH}:."
+ endif
+ endif
+endif
+
+# using unhash *after modifying PATH* (see above)
+if (! -r /usr/bin) then
+ unhash
+endif
+
+
+# translate sh variables from /etc/security/shell to their equivalent in csh
+if ( ${?TMOUT} ) then
+ set autologout=`expr $TMOUT / 60`
+endif
+
+if ( ${?HISTFILESIZE} ) then
+ set history=$HISTFILESIZE
+endif
+
+if ( ${?SECURE_LEVEL} ) then
+ setenv SECURE_LEVEL ${SECURE_LEVEL}
+endif
+
+# msec.csh ends here
diff --git a/profile.d/msec.sh b/profile.d/msec.sh
new file mode 100755
index 0000000..288d72b
--- /dev/null
+++ b/profile.d/msec.sh
@@ -0,0 +1,31 @@
+# shell security options
+
+if [ -r /etc/security/shell ]; then
+ . /etc/security/shell
+fi
+
+if [ `id -u` -ge 500 ]; then
+ if [ -n "$UMASK_USER" ]; then
+ umask $UMASK_USER
+ else
+ umask 022
+ fi
+else
+ if [ -n "$UMASK_ROOT" ]; then
+ umask $UMASK_ROOT
+ else
+ umask 022
+ fi
+fi
+
+if [ -n "$SECURE_LEVEL" ]; then
+ if [ "$SECURE_LEVEL" -le 1 ] && ! echo ${PATH} | fgrep -q :.; then
+ export PATH=$PATH:.
+ fi
+fi
+
+export SECURE_LEVEL
+
+[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT
+
+# msec.sh ends here