shithub: sirjofri_de

Info • Files • Log • Branches
ref: eb07ec1213e2552c1bcf79a9615fc7e646ba82a7
dir: /changeblog/1596011563.ht/
<article>
<header>
<h2>Restrict RCPU User Access to Groups</h2>
<b>Wed, 29 Jul 2020 10:32:43 +0200</b>
</header>
<p style="margin-top: 0; margin-bottom: 0.50in"></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="line-height: 1.4em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: center;">
<span style="font-size: 12pt"><b>Restrict RCPU User Access to Groups</b></span></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="margin-top: 0; margin-bottom: 0.42in"></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>
<p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="margin-top: 0; margin-bottom: 0.50in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This is how to restrict user access to groups.
You can use this to enable
</span><span style="font-size: 10pt"><tt>rcpu</tt></span><span style="font-size: 10pt">
access for all users of a specific group.
All other groups will not be allowed.
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">To allow access only to
</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
group members: adjust your
</span><span style="font-size: 10pt"><tt>/rc/bin/service/tcp17019</tt></span><span style="font-size: 10pt">
</span></p><p style="margin-top: 0; margin-bottom: 0.08in"></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>#!/bin/rc</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>userfile=/adm/users</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>fn useringroup{</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    grep $1 $userfile | {</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>        found=0</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>        while(~ $found 0 &amp;&amp; line=&lsquo;:{read}){</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>            if(~ $line(2) $2){</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>                found=1</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>            }</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>        }</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>        if(~ $found 1)</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>            status=&rsquo;&rsquo;</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>        if not</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>            status=&rsquo;not found&rsquo;</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    }</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>}</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>if(~ $#* 3){</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    netdir=$3</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    remote=$2!&lsquo;{cat $3/remote}</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>}</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>fn server {</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    ~ $#remote 0 || echo -n $netdir $remote &gt;/proc/$pid/args</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    rm -f /env/&rsquo;fn#server&rsquo;</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>    . &lt;{n=&lsquo;{read} &amp;&amp; ! ~ $#n 0 &amp;&amp; read -c $n} &gt;[2=1]</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>}</tt></span></p>
<p style="line-height: 1.1em; margin-left: 1.28in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 9pt"><tt>exec tlssrv -a /bin/rc -c &rsquo;useringroup $user sys &amp;&amp; server&rsquo;</tt></span></p>
<p style="margin-top: 0; margin-bottom: 0.17in"></p>

<p style="margin-top: 0; margin-bottom: 0.08in"></p>
<p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This checks if the user is in group
</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
and only then calls the
</span><span style="font-size: 10pt"><tt>server</tt></span><span style="font-size: 10pt">
function.
Otherwise the connection is terminated.
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This is especially useful if you want a CPU server to expose filesystems
</span><span style="font-size: 10pt"><i>and</i></span><span style="font-size: 10pt">
have cpu access for administrators only.
</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>

</article>