ref: a8046b955aa0a6bad91b212f2c269e2e012eb113
parent: 2cc852c2e63a2c75556a2cdc3816926ebee59098
author: sirjofri <sirjofri@sirjofri.de>
date: Wed Jul 29 04:43:21 EDT 2020
new blog post: restricted cpu access
--- a/changeblog.ht
+++ b/changeblog.ht
@@ -5,6 +5,7 @@
<a href="changeblog.pdf">Download pdf</a><br>
<a href="/changeblog.xml">Feed</a><br>
<ul>
+<li><a href="/changeblog/1596011563/">Wed, 29 Jul 2020 10:32:43 +0200: Restrict RCPU User Access to Groups</a></li>
<li><a href="/changeblog/1594885496/">Thu, 16 Jul 2020 09:44:56 +0200: lib/profile quick hack</a></li>
<li><a href="/changeblog/1594881674/">Thu, 16 Jul 2020 08:41:14 +0200: Mail Server Configuration</a></li>
<li><a href="/changeblog/1593621046/">Wed, 01 Jul 2020 18:30:46 +0200: Guided Replica</a></li>
--- /dev/null
+++ b/changeblog/1596011563.ht
@@ -1,0 +1,99 @@
+<article>
+<header>
+<h2>Restrict RCPU User Access to Groups</h2>
+<b>Wed, 29 Jul 2020 10:32:43 +0200</b>
+</header>
+<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="line-height: 1.4em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: center;">
+<span style="font-size: 12pt"><b>Restrict RCPU User Access to Groups</b></span></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.42in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+<p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is how to restrict user access to groups.
+You can use this to enable
+</span><span style="font-size: 10pt"><tt>rcpu</tt></span><span style="font-size: 10pt">
+access for all users of a specific group.
+All other groups will not be allowed.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">To allow access only to
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+group members: adjust your
+</span><span style="font-size: 10pt"><tt>/rc/bin/service/tcp17019</tt></span><span style="font-size: 10pt">
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>#!/bin/rc
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>userfile=/adm/users
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn useringroup{
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> grep $1 $userfile | {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=0
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> while(~ $found 0 && line=‘:{read}){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $line(2) $2){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=1
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $found 1)
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if not
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’not found’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>if(~ $#* 3){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> netdir=$3
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> remote=$2!‘{cat $3/remote}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn server {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> rm -f /env/’fn#server’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> . <{n=‘{read} && ! ~ $#n 0 && read -c $n} >[2=1]
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>exec tlssrv -a /bin/rc -c ’useringroup $user sys && server’
+</tt></span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This checks if the user is in group
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+and only then calls the
+</span><span style="font-size: 10pt"><tt>server</tt></span><span style="font-size: 10pt">
+function.
+Otherwise the connection is terminated.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is especially useful if you want a CPU server to expose filesystems
+</span><span style="font-size: 10pt"><i>and</i></span><span style="font-size: 10pt">
+have cpu access for administrators only.
+</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>
+
+</article>
--- /dev/null
+++ b/changeblog/1596011563.ms
@@ -1,0 +1,78 @@
+.HTML Restrict RCPU User Access to Groups
+.TL
+Restrict RCPU User Access to Groups
+.LP
+This is how to restrict user access to groups.
+You can use this to enable
+.CW rcpu
+access for all users of a specific group.
+All other groups will not be allowed.
+.LP
+To allow access only to
+.CW sys
+group members: adjust your
+.CW /rc/bin/service/tcp17019
+.IP
+.CW
+#!/bin/rc
+.br
+userfile=/adm/users
+.br
+fn useringroup{
+.br
+ grep $1 $userfile | {
+.br
+ found=0
+.br
+ while(~ $found 0 && line=`:{read}){
+.br
+ if(~ $line(2) $2){
+.br
+ found=1
+.br
+ }
+.br
+ }
+.br
+ if(~ $found 1)
+.br
+ status=''
+.br
+ if not
+.br
+ status='not found'
+.br
+ }
+.br
+}
+.br
+if(~ $#* 3){
+.br
+ netdir=$3
+.br
+ remote=$2!`{cat $3/remote}
+.br
+}
+.br
+fn server {
+.br
+ ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
+.br
+ rm -f /env/'fn#server'
+.br
+ . <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
+.br
+}
+.br
+exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
+.LP
+This checks if the user is in group
+.CW sys
+and only then calls the
+.CW server
+function.
+Otherwise the connection is terminated.
+.LP
+This is especially useful if you want a CPU server to expose filesystems
+.I and
+have cpu access for administrators only.
--- a/pub/changeblog.xml
+++ b/pub/changeblog.xml
@@ -8,8 +8,109 @@
<rights>© Copyright 2020 sirjofri</rights>
<id>https://sirjofri.de/</id>
<title>changeblog</title>
-<updated>2020-07-16T23:02:55+02:00</updated>
+<updated>2020-07-29T10:41:35+02:00</updated>
<entry>
+ <title>Restrict RCPU User Access to Groups</title>
+ <id>https://sirjofri.de/changeblog/1596011563/</id>
+ <link href="https://sirjofri.de/changeblog/1596011563/"/>
+ <updated>2020-07-29T10:32:43+02:00</updated>
+ <content type="html"><![CDATA[<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="line-height: 1.4em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: center;">
+<span style="font-size: 12pt"><b>Restrict RCPU User Access to Groups</b></span></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.42in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+<p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is how to restrict user access to groups.
+You can use this to enable
+</span><span style="font-size: 10pt"><tt>rcpu</tt></span><span style="font-size: 10pt">
+access for all users of a specific group.
+All other groups will not be allowed.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">To allow access only to
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+group members: adjust your
+</span><span style="font-size: 10pt"><tt>/rc/bin/service/tcp17019</tt></span><span style="font-size: 10pt">
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>#!/bin/rc
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>userfile=/adm/users
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn useringroup{
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> grep $1 $userfile | {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=0
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> while(~ $found 0 && line=‘:{read}){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $line(2) $2){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=1
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $found 1)
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if not
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’not found’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>if(~ $#* 3){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> netdir=$3
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> remote=$2!‘{cat $3/remote}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn server {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> rm -f /env/’fn#server’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> . <{n=‘{read} && ! ~ $#n 0 && read -c $n} >[2=1]
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>exec tlssrv -a /bin/rc -c ’useringroup $user sys && server’
+</tt></span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This checks if the user is in group
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+and only then calls the
+</span><span style="font-size: 10pt"><tt>server</tt></span><span style="font-size: 10pt">
+function.
+Otherwise the connection is terminated.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is especially useful if you want a CPU server to expose filesystems
+</span><span style="font-size: 10pt"><i>and</i></span><span style="font-size: 10pt">
+have cpu access for administrators only.
+</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>
+
+]]></content>
+</entry>
+
+<entry>
<title>lib/profile quick hack</title>
<id>https://sirjofri.de/changeblog/1594885496/</id>
<link href="https://sirjofri.de/changeblog/1594885496/"/>
@@ -242,7 +343,7 @@
<span style="font-size: 10pt">Links:
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
-<span style="font-size: 10pt">→ https://fqa.9front.org/fqa7.html#7.7
+<span style="font-size: 10pt">→ https://fqa.9front.org/fqa7.html#7.7
</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>
]]></content>
--- /dev/null
+++ b/pub/changeblog/1596011563/index.html
@@ -1,0 +1,136 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>sirjofri • changeblog/1596011563</title>
+<style type="text/css">
+body {
+ font-family: sans-serif;
+ max-width: 960px;
+ margin: auto;
+ padding: 10px;
+}
+</style>
+</head>
+<body>
+<header>
+<h1>changeblog/1596011563</h1>
+<nav>
+<a href="/">start</a> •
+<a href="/changeblog/">changeblog</a> •
+<a href="/files/">files</a> •
+<a href="/imprint/">imprint</a>
+</nav>
+</header>
+<main>
+<article>
+<header>
+<h2>Restrict RCPU User Access to Groups</h2>
+<b>Wed, 29 Jul 2020 10:32:43 +0200</b>
+</header>
+<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="line-height: 1.4em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: center;">
+<span style="font-size: 12pt"><b>Restrict RCPU User Access to Groups</b></span></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+
+<p style="margin-top: 0; margin-bottom: 0.42in"></p>
+<p style="margin-top: 0; margin-bottom: 0.21in"></p>
+<p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="margin-top: 0; margin-bottom: 0.50in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is how to restrict user access to groups.
+You can use this to enable
+</span><span style="font-size: 10pt"><tt>rcpu</tt></span><span style="font-size: 10pt">
+access for all users of a specific group.
+All other groups will not be allowed.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">To allow access only to
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+group members: adjust your
+</span><span style="font-size: 10pt"><tt>/rc/bin/service/tcp17019</tt></span><span style="font-size: 10pt">
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>#!/bin/rc
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>userfile=/adm/users
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn useringroup{
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> grep $1 $userfile | {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=0
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> while(~ $found 0 && line=‘:{read}){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $line(2) $2){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> found=1
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if(~ $found 1)
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> if not
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> status=’not found’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> }
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>if(~ $#* 3){
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> netdir=$3
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> remote=$2!‘{cat $3/remote}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>fn server {
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> rm -f /env/’fn#server’
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt> . <{n=‘{read} && ! ~ $#n 0 && read -c $n} >[2=1]
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>}
+</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt"><tt>exec tlssrv -a /bin/rc -c ’useringroup $user sys && server’
+</tt></span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This checks if the user is in group
+</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
+and only then calls the
+</span><span style="font-size: 10pt"><tt>server</tt></span><span style="font-size: 10pt">
+function.
+Otherwise the connection is terminated.
+</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
+<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
+<span style="font-size: 10pt">This is especially useful if you want a CPU server to expose filesystems
+</span><span style="font-size: 10pt"><i>and</i></span><span style="font-size: 10pt">
+have cpu access for administrators only.
+</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>
+
+</article>
+</main>
+<hr>
+<footer>
+<a href="/">start</a> •
+<a href="/changeblog/">changeblog</a> •
+<a href="/imprint/">imprint (german)</a>
+<br>
+© Copyright 2020 sirjofri
+</footer>
+</body>
+</html>
binary files a/pub/changeblog/changeblog.pdf b/pub/changeblog/changeblog.pdf differ
--- a/pub/changeblog/index.html
+++ b/pub/changeblog/index.html
@@ -31,6 +31,7 @@
<a href="changeblog.pdf">Download pdf</a><br>
<a href="/changeblog.xml">Feed</a><br>
<ul>
+<li><a href="/changeblog/1596011563/">Wed, 29 Jul 2020 10:32:43 +0200: Restrict RCPU User Access to Groups</a></li>
<li><a href="/changeblog/1594885496/">Thu, 16 Jul 2020 09:44:56 +0200: lib/profile quick hack</a></li>
<li><a href="/changeblog/1594881674/">Thu, 16 Jul 2020 08:41:14 +0200: Mail Server Configuration</a></li>
<li><a href="/changeblog/1593621046/">Wed, 01 Jul 2020 18:30:46 +0200: Guided Replica</a></li>