shithub: sirjofri_de

Info • Files • Log • Branches
ref: ec4bf38b40ed9952e857292750d541c438a587b1
dir: /changeblog/1596011563.ht/
<article>
<header>
<h2>Restrict RCPU User Access to Groups</h2>
<b>Wed, 29 Jul 2020 10:32:43 +0200</b>
</header>
<p style="margin-top: 0; margin-bottom: 0.50in"></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="line-height: 1.4em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: center;">
<span style="font-size: 12pt"><b>Restrict RCPU User Access to Groups</b></span></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="margin-top: 0; margin-bottom: 0.21in"></p>

<p style="margin-top: 0; margin-bottom: 0.42in"></p>
<p style="margin-top: 0; margin-bottom: 0.21in"></p>
<p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="margin-top: 0; margin-bottom: 0.50in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This is how to restrict user access to groups.
You can use this to enable
</span><span style="font-size: 10pt"><tt>rcpu</tt></span><span style="font-size: 10pt">
access for all users of a specific group.
All other groups will not be allowed.
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">To allow access only to
</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
group members: adjust your
</span><span style="font-size: 10pt"><tt>/rc/bin/service/tcp17019</tt></span><span style="font-size: 10pt">
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>#!/bin/rc
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>userfile=/adm/users
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>fn useringroup{
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    grep $1 $userfile | {
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>        found=0
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>        while(~ $found 0 &amp;&amp; line=&lsquo;:{read}){
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>            if(~ $line(2) $2){
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>                found=1
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>            }
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>        }
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>        if(~ $found 1)
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>            status=&rsquo;&rsquo;
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>        if not
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>            status=&rsquo;not found&rsquo;
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    }
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>}
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>if(~ $#* 3){
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    netdir=$3
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    remote=$2!&lsquo;{cat $3/remote}
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>}
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>fn server {
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    ~ $#remote 0 || echo -n $netdir $remote &gt;/proc/$pid/args
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    rm -f /env/&rsquo;fn#server&rsquo;
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>    . &lt;{n=&lsquo;{read} &amp;&amp; ! ~ $#n 0 &amp;&amp; read -c $n} &gt;[2=1]
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>}
</tt></span></p><p style="line-height: 1.2em; margin-left: 1.35in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt"><tt>exec tlssrv -a /bin/rc -c &rsquo;useringroup $user sys &amp;&amp; server&rsquo;
</tt></span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This checks if the user is in group
</span><span style="font-size: 10pt"><tt>sys</tt></span><span style="font-size: 10pt">
and only then calls the
</span><span style="font-size: 10pt"><tt>server</tt></span><span style="font-size: 10pt">
function.
Otherwise the connection is terminated.
</span></p><p style="margin-top: 0; margin-bottom: 0.05in"></p>
<p style="line-height: 1.2em; margin-left: 1.00in; text-indent: 0.00in; margin-right: 1.00in; margin-top: 0; margin-bottom: 0; text-align: justify;">
<span style="font-size: 10pt">This is especially useful if you want a CPU server to expose filesystems
</span><span style="font-size: 10pt"><i>and</i></span><span style="font-size: 10pt">
have cpu access for administrators only.
</span></p><p style="margin-top: 0; margin-bottom: 0.50in"></p>

</article>