home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 1999 March B / SCO_CASTOR4RRT.iso / base / root.16 / etc / inst / scripts / adminobj / adminobj~
Text File  |  1998-08-19  |  3KB  |  131 lines
  1. # Copyright (c) 1998 The Santa Cruz Operation, Inc.. All Rights Reserved. 
  2. #                                                                         
  3. #        THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF THE               
  4. #                   SANTA CRUZ OPERATION INC.                             
  5. #                                                                         
  6. #   The copyright notice above does not evidence any actual or intended   
  7. #   publication of such source code.                                      
  8.  
  9. #ident    "@(#)adminobj.sh    15.1"
  10.  
  11. ROLE=false
  12. USER=false
  13. while getopts ru c
  14. do
  15.     case $c in
  16.     r)    ROLE=true
  17.         ;;
  18.     u)    USER=true
  19.         ;;
  20.     \?) exit 1
  21.         ;;
  22.     *)    echo Internal error during getopts. >&2
  23.         exit 2
  24.         ;;
  25.     esac
  26. done
  27. $ROLE && $USER && {
  28.     echo Bad usage >&2
  29.     exit 1
  30. }
  31. $ROLE || $USER || {
  32.     echo Bad usage >&2
  33.     exit 1
  34. }
  35.  
  36. # The following while loop reads the commands and the roles or users to which
  37. # these commands are to be assigned.  If privileges, separated by a colon,
  38. # appear next to the role or user in the input it means that those privileges
  39. # are to be shut off for that command when it is assigned to the role or user.
  40.  
  41. while read cmd objects
  42. do
  43.     echo $cmd | egrep "^#" > /dev/null 2>&1 && continue    # Skip comments
  44.     base=`basename $cmd`
  45.     privs=`
  46.     egrep ":${cmd}$" /etc/security/tcb/privs |    # find command in tcb database
  47.     sed 's/^.*%inher,\(.*\):.*/\1/p' |            # get the set of inher privs
  48.     sed 's/^.*%fixed,\(.*\):.*//p' |            # delete the fixed privs
  49.     sed 's/,/:/gp'                                # change ,'s to :'s
  50.     `
  51.     if [ -z "$privs" ]
  52.     then
  53.         continue
  54.     else
  55.         prvd="yes"
  56.     fi
  57.     set $objects
  58.     save="$privs"
  59.     while [ $# -gt 0 ]
  60.     do
  61.         object=$1
  62.         if echo "$1" | grep ":" > /dev/null
  63.         then
  64.             object=`echo "$1" | sed 's/:.*$//p'`
  65.             if [ "$prvd" = "yes" ]
  66.             then
  67.                 shutoff=`echo "$1" | sed 's/^[A-Z]*://p'`
  68.                 shutoff=`echo "$shutoff"|sed 's/:/ /gp'`
  69.                 fullset=`echo "$save"|sed 's/:/ /gp'`
  70.                 for i in $shutoff    #check if privileges to be shut off
  71.                 do                    #are in full set of privilges
  72.                     found="false"
  73.                     for j in $fullset
  74.                     do
  75.                         if [ "$i" = "$j" ]
  76.                         then
  77.                             found="true"
  78.                             break
  79.                         fi
  80.                     done
  81.                     privs=""
  82.                     if [ "$found" = "false" ]
  83.                     then
  84.                         echo "Warning: \c"
  85.                         echo "$i privilege specified to be shut off for $cmd,"
  86.                         echo "\tbut it is NOT in its set of privileges."
  87.                         break
  88.                     fi
  89.                 done
  90.                 if [ -z "$shutoff" ]
  91.                 then
  92.                     privs="$save"
  93.                 else
  94.                     for i in $fullset
  95.                     do
  96.                         found="false"
  97.                         for j in $shutoff
  98.                         do
  99.                             if [ "$i" = "$j" ]
  100.                             then
  101.                                 found="true"
  102.                                 break
  103.                             fi
  104.                         done
  105.                         if [ "$found" = "false" ]
  106.                         then
  107.                             if [ -z "$privs" ]
  108.                             then
  109.                                 privs=$i
  110.                             else
  111.                                 privs=$privs:$i
  112.                             fi
  113.                         fi
  114.                     done
  115.                 fi
  116.             fi
  117.         else
  118.             privs="$save"
  119.         fi
  120.         if $ROLE
  121.         then
  122.             adminrole -a $base:$cmd:$privs $object
  123.         fi
  124.         if $USER
  125.         then
  126.             adminuser -a $base:$cmd:$privs $object
  127.         fi
  128.         shift
  129.     done
  130. done
  131.