source: trunk/packs/maint/config_afs.sh @ 14055

Revision 14055, 1.8 KB checked in by danw, 25 years ago (diff)
Make "-" by itself in SuidCells mean "never make any cell setuid"
  • Property svn:executable set to *
Line 
1#!/bin/sh -
2#
3# $Id: config_afs.sh,v 1.17 1999-12-07 21:46:24 danw Exp $
4#
5# This script configures the workstation's notion of AFS.
6# 1. It updates the cell location information from /usr/vice/etc/CellServDB
7# 2. It updates the cell setuid information from /usr/vice/etc/SuidCells
8PATH=/bin:/bin/athena:/usr/bin; export PATH
9
10VICEDIR=/usr/vice/etc
11CELLDB=${VICEDIR}/CellServDB
12SUIDDB=${VICEDIR}/SuidCells
13
14echo "Updating cell location information"
15rm -f ${VICEDIR}/Ctmp
16cp /afs/athena.mit.edu/service/CellServDB ${VICEDIR}/Ctmp &&
17        [ -s ${VICEDIR}/Ctmp ] &&
18        mv -f ${VICEDIR}/Ctmp ${CELLDB}.public &&
19        cat ${CELLDB}.public ${CELLDB}.local >${VICEDIR}/Ctmp 2>/dev/null
20[ -s ${VICEDIR}/Ctmp ] && {
21        cmp -s ${VICEDIR}/Ctmp ${CELLDB} || {
22                rm -f ${CELLDB}.last &&
23                ln ${CELLDB} ${CELLDB}.last &&
24                mv -f ${VICEDIR}/Ctmp ${CELLDB} &&
25                chmod 644 ${CELLDB} &&
26                sync &&
27                awk '
28                        /^>/ {printf("\nfs newcell %s", \
29                                substr($1,2,length($1)-1))};
30                        /^[0-9]/ {printf(" %s",$1)};
31                        END {printf("\n")}' ${CELLDB} | sh
32        }
33}
34
35echo "Updating setuid cell information"
36rm -f ${VICEDIR}/Ctmp
37cp /afs/athena.mit.edu/service/SuidCells ${VICEDIR}/Ctmp &&
38        [ -s ${VICEDIR}/Ctmp ] &&
39        mv -f ${VICEDIR}/Ctmp ${SUIDDB}.public &&
40        cat ${SUIDDB}.public ${SUIDDB}.local >${VICEDIR}/Ctmp 2>/dev/null
41[ -s ${VICEDIR}/Ctmp ] &&
42        mv -f ${VICEDIR}/Ctmp ${SUIDDB} &&
43        chmod 644 ${SUIDDB}
44
45echo "Only allowing setuid/setgid programs from the following cells:"
46
47for cellname in `/etc/athena/listsuidcells`; do
48        fs setcell "$cellname" -nosuid
49done
50cat ${SUIDDB} | awk '
51        /^-$/   { numcells = 0; exit; }
52        /^-/    { suid[substr($1,2,length($1)-1)] = 0; }
53        /^[^-]/ { suid[$1] = 1;
54                  cells[numcells++] = $1; }
55        END     { for (i = 0; i < numcells; i++) {
56                        if (suid[cells[i]]) {
57                                printf("fs setcell %s -suid\n", cells[i]);
58                                printf("echo %s\n", cells[i]); } } }' | sh
59
60rm -f ${VICEDIR}/Ctmp
61exit 0
Note: See TracBrowser for help on using the repository browser.