shithub: sirjofri_de

ref: 88238de7b3307a1b02a7d2c87883be5b3a2f5539
dir: /changeblog/1596011563.ms/

View raw version
.HTML Restrict RCPU User Access to Groups
.TL
Restrict RCPU User Access to Groups
.LP
This is how to restrict user access to groups.
You can use this to enable
.CW rcpu
access for all users of a specific group.
All other groups will not be allowed.
.LP
To allow access only to
.CW sys
group members: adjust your
.CW /rc/bin/service/tcp17019
.P1
#!/bin/rc
userfile=/adm/users
fn useringroup{
	grep $1 $userfile | {
		found=0
		while(~ $found 0 && line=`:{read}){
			if(~ $line(2) $2){
				found=1
			}
		}
		if(~ $found 1)
			status=''
		if not
			status='not found'
	}
}
if(~ $#* 3){
	netdir=$3
	remote=$2!`{cat $3/remote}
}
fn server {
	~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
	rm -f /env/'fn#server'
	. <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
}
exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
.P2
.LP
This checks if the user is in group
.CW sys
and only then calls the
.CW server
function.
Otherwise the connection is terminated.
.LP
This is especially useful if you want a CPU server to expose filesystems
.I and
have cpu access for administrators only.