ref: 721047e033a918cb9ade136244b9fa5b4a3c4541
dir: /changeblog/1596011563.txt/
Restrict RCPU User Access to Groups This is how to restrict user access to groups. You can use this to enable [[[ms .CW rcpu ]]] [[[ebook <code>rcpu</code> ]]] access for all users of a specific group. All other groups will not be allowed. [[[ms To allow access only to .CW sys group members: adjust your .CW /rc/bin/service/tcp17019 ]]] [[[ebook To allow access only to <code>sys</code> group members: adjust your <code>/rc/bin/service/tcp17019</code> ]]] [[[ms .P1 #!/bin/rc userfile=/adm/users fn useringroup{ grep $1 $userfile | { found=0 while(~ $found 0 && line=`:{read}){ if(~ $line(2) $2){ found=1 } } if(~ $found 1) status='' if not status='not found' } } if(~ $#* 3){ netdir=$3 remote=$2!`{cat $3/remote} } fn server { ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args rm -f /env/'fn#server' . <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1] } exec tlssrv -a /bin/rc -c 'useringroup $user sys && server' .P2 ]]] [[[ebook <code><pre> #!/bin/rc userfile=/adm/users fn useringroup{ grep $1 $userfile | { found=0 while(~ $found 0 && line=`:{read}){ if(~ $line(2) $2){ found=1 } } if(~ $found 1) status='' if not status='not found' } } if(~ $#* 3){ netdir=$3 remote=$2!`{cat $3/remote} } fn server { ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args rm -f /env/'fn#server' . <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1] } exec tlssrv -a /bin/rc -c 'useringroup $user sys && server' </pre></code> ]]] [[[ms This checks if the user is in group .CW sys and only then calls the .CW server function. Otherwise the connection is terminated. ]]] [[[ebook This checks if the user is in group <code>sys</code> and only then calls the <code>server</code> function. Otherwise the connection is terminated. ]]] This is especially useful if you want a CPU server to expose filesystems ‥and‥ have cpu access for administrators only.