rsalz@uunet.uu.net (Rich Salz) (03/06/91)
Submitted-by: Bud Hovell <bh@mtek.mtek.com>
Posting-number: Volume 24, Issue 24
Archive-name: policy
[ This is a rather interesting submission. Should I have posted it?
Send me email. --r$ ]
The need for more-formal policy definition seems to be gaining increasing
recognition as a real problem at many sites, and this little package is an
attempt to give SAs a leg up on addressing that concern by providing them
some basic tools and suggestions.
Rob Kolstad has made reference to this package on two occasions in his
column, and Bjorn Satdeva at Sysadmin, Inc., has mentioned it also in the
sysadmin subscriber list.
Consequently, I have had a number of requests for it - and it may be time
to make this info more-generally accessible. Let me say, though, that if
you feel it is *not* an appropriate addition, then it isn't going to hurt
my feelings if you reject it. :-)
This is the latest version, which is a *vast* improvement over some of the
earlier scripts. Hopefully, it will run on all common machines, but I am
not certain, since my limited experience is only with sysv. Suggestions
are welecome.
Bud Hovell
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 1 (of 1)."
# Contents: 1stlogin.ann MANIFEST README gen logins policy usenet
# Wrapped by bbh@mtek.com on Fri Mar 1 22:50:16 1991
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f '1stlogin.ann' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'1stlogin.ann'\"
else
echo shar: Extracting \"'1stlogin.ann'\" \(2394 characters\)
sed "s/^X//" >'1stlogin.ann' <<'END_OF_FILE'
X# $Id: 1stlogin.ann,v 1.10 91/02/07 09:55:17 bbh Rel $
X# Tell the new user what the rules are:
X
X# Give him a temp terminal for this script, which is run from /etc/profile:
XTERM=vt100
Xexport TERM
X
Xdone=
Xuntil [ "$done" = "yes" ];do
X # Clear the screen
X tput clear
X cat << "END_PAGE_1"
X
X WELCOME!!!
X
XFirst, you should invoke 'menu' from the command line, then select 'policy'
Xto review the basic policies which govern the operation of this system and
Xwho is responsible for what.
X
XIf a policy has provisions with which you do not agree, please notify the
Xadministrator AT ONCE voicing your concerns/suggestions. Absent such notice,
Xyou are assumed to have reviewed, understood, and agreed to conform to all
Xwritten policy prevailing during any period you have authorized access to
Xthis host, as evidenced by your continuing to log in.
X
XIf policies are significantly changed at any time, you will be sent email
Xto inform you that a change has been effected, *or* there will be an announce-
Xment in the system 'news' that will show up when you log in.
X
X[ You are responsible for reading all system 'news' messages containing the
Xword "policy", since these will contain information effecting specific policy
Xchanges, which should occur rarely. ]
X
XEND_PAGE_1
X echo " (Touch 'RETURN' to continue)"
X read nothing
X cat << "END_PAGE_2"
X
XAn initial .profile and .kshrc are provided for your convenience. If you
Xwant to see the special (read "usenet") features available on this machine,
Xmost of them have man pages, and 'manlist' will give you a brief list of
Xwhat non-AT&T commands are available. Detail, of course, can be gotten
Xby reading the man pages themselves.
X
XAgain, welcome to 'mtek' - if we can assist you in any way, please let us
Xknow!
X
XEND_PAGE_2
X
X echo "Do you wish to re-read this message? [y]/n > \c"
X read done
X case $done in
X y*|Y*|"") # No -wants to see it again
X :
X ;;
X *) # He's done
X done="yes"
X break
X ;;
X esac
Xdone
X
X# Make a permanent record that this user has seen this announcement
Xrecord="$HOME/..."
Xecho "Announcement presented to this user, '$LOGNAME.'" > $record
Xchmod 440 $record
Xchgrp root $record
Xchown root $record
X
X# Clear the screen
Xtput clear
X
X# Take away the temp terminal (user's .profile will supply the real one
X# hereafter):
XTERM=
Xexport TERM
X
X# end of file
END_OF_FILE
if test 2394 -ne `wc -c <'1stlogin.ann'`; then
echo shar: \"'1stlogin.ann'\" unpacked with wrong size!
fi
# end of '1stlogin.ann'
fi
if test -f 'MANIFEST' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'MANIFEST'\"
else
echo shar: Extracting \"'MANIFEST'\" \(527 characters\)
sed "s/^X//" >'MANIFEST' <<'END_OF_FILE'
X File Name Archive # Description
X-----------------------------------------------------------
X 1stlogin.ann 1 1st notice for new login users
X MANIFEST 1 This shipping list
X README 1 Information on the use of this stuff
X gen 1 Example: general policy
X logins 1 Example: specific user responsibilities
X policy 1 Executable: policy shell script
X usenet 1 Example: policy regarding new hookups
END_OF_FILE
if test 527 -ne `wc -c <'MANIFEST'`; then
echo shar: \"'MANIFEST'\" unpacked with wrong size!
fi
# end of 'MANIFEST'
fi
if test -f 'README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'README'\"
else
echo shar: Extracting \"'README'\" \(2844 characters\)
sed "s/^X//" >'README' <<'END_OF_FILE'
X$Id: README,v 1.8 91/03/01 22:39:36 bbh Rel $
X
XWhat is in this package and how to use it:
X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
XThe file '1stlogin.ann' (first-login annnouncement) is something we call
Xfrom /etc/profile by adding this entry:
X
X if [ -r /usr/local/etc/1stlogin.ann -a ! -f $HOME/... ]
X then . /usr/local/etc/1stlogin.ann
X fi
X
X...which tests to see if the '...' file exists in the user's home
Xdirectory, and presents him with the announcement if it does not. This
Xassures that every new user, on first login, gets the instructions
Xregarding his responsibility to read, understand, and comply with local
Xpolicy. It directs him to the use of the 'policy' command to become
Xand stay current on in-house policy. You may choose to use it or not.
XIf you do, this file should be set to 444 to make it read-only.
X
XAll other files listed in the MANIFEST relate to the 'policy' script
Xitself, or to the example policy text files it might call:
X
XMuch of the 'gen' file was outright lifted directly from the text of a
Xsimilar file used in one of the Canadian universities - have since for-
Xgotten who/where was responsible (sorry). We have made a number of
Xchanges for local circumstances. You may wish to start with this as a
Xtemplate for your own general policy statement.
X
XA few other text files are provided simply as examples of supplementary
Xpolicy descriptions. Because I tend to be a hard-ass, they probably won't
Xbe appropriate at your site, but the subjects may be some you wish to cover.
X
XThe executable file, 'policy', should be useful to you even if you decide
Xto drop-kick the use of our example policy files, since it provides an easy
Xway to manage a full screen of policy-file listings for selection by the
Xuser. If you make improvements on this script, I'd sure like to see them
Xso they can be incorporated into future revisions, with proper credit to
Xyou for the contribution. Since I don't claim to know about all the various
Xunixen out there (remember, I'm a 'suit', not a 'tech' :-), this script
Xmay need minor modification for some non-sysV machines. So far, though, I
Xhaven't gotten any complaints, so it must be working with most of them.
X
XInstallation: you must create the policy directory, by default named 'Policy',
Xand within that directory an empty menu file, by default named 'polmenu',
Xwhich must be set mode 666 (read and write for everyone). The directory also
Xwill contain the individual policy text files that you create - see the
Xinstructions in the 'policy' script for more info, if needed.
X
XOnce set up, the script automatically updates the menu any time a new text
Xfile is added. NOTE: in those instances that you may choose to *remove*
Xa named text file, just empty the menu file and allow the script to rebuild
Xa new menu of entries.
X
XHope this is useful to your purposes...bud@mtek.com
END_OF_FILE
if test 2844 -ne `wc -c <'README'`; then
echo shar: \"'README'\" unpacked with wrong size!
fi
# end of 'README'
fi
if test -f 'gen' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'gen'\"
else
echo shar: Extracting \"'gen'\" \(4492 characters\)
sed "s/^X//" >'gen' <<'END_OF_FILE'
Xgen - general overview $Revision: 1.10 $ $Date: 91/02/06 12:48:51 $
X^^^^^^^^^^^^^^^^^^^^^^^^^^
X
X USE OF MTEK COMPUTING FACILITIES
X
XThis host is privately owned and operated in support of a business. Business
Xpriorities will thus be served first, if there is a conflict for time of the
Xadministrator. We will be as helpful as conditions allow.
X
XWe run alot of usenet software on this host. So if you wonder if a desired
Xcommand is in your PATH, type in 'which <command>'.
X
XTo find information about other users, use 'finger'. (Do 'man finger', if
Xyou want to read the man page describing the use of 'finger').
X
XPlease furnish your office telephone number and extension so that we can enter
Xit into the password file, available for 'finger' to find you. If you like,
Xyou may also furnish your home number to be included, as well.
X
XBelow are presented the main elements of local policy, which apply to all
Xusers:
X
X * * * * * * * * * * * * * * *
X * Computer Resources Policy *
X * * * * * * * * * * * * * * *
X1. General
X
XComputing facilities are provided by MTEK International, Inc. (the "company")
Xfor use by local and remote users. It is expected that all users will make
Xuse of local computing resources in a manner which is ethical, legal, and not
Xcontrary to the interests of others, including the company.
X
XThe basic guidelines are that any use must be legal and not such as to
Xinterfere with use by other authorized users, nor compromise the confiden-
Xtiality of the company's internal business practices or records.
X
X2. Notice
X
XIf any policy has provisions with which you do not agree, please notify the
Xadministrator describing your concerns/suggestions. Absent such notice, it is
Xassumed you have reviewed and understood, and fully agree to conform to, all
Xprevailing published policies governing the use of this system.
X
X2. Disclaimer
X
X* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
X* *
X* The company accepts NO RESPONSIBILITY for any damage to or loss of *
X* data arising directly or indirectly from the use of these or other *
X* facilities or for any consequential loss or damage. It makes NO *
X* WARRANTY, express or implied, regarding the computing services *
X* offered, or their fitness for any particular purpose. *
X* *
X* The company's liability in the event of any loss or damage shall *
X* be LIMITED TO THE FEES AND CHARGES, IF ANY, PAID TO THE COMPANY *
X* for use of the computing facilities which resulted in said loss *
X* or damage. *
X* *
X* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
X
X3. Failure to abide by the policies described below and in related docu-
Xments may result in denial of access to computing facilities:
X
X A. You may only use those facilities which have been authorized
X for your use. If access is protected by a password, you are not
X to make this password available to others. You may not use any
X account set up for another user, nor may you attempt to find out
X the password of another user.
X
X B. You may only use authorized facilities for authorized purposes.
X
X C. You must be aware of the law of copyright as it affects computer
X software. Software must not be copied except with the express
X permission of the copyright owner (which may be expressed in the
X copyright notice contained within the software). Note that a
X formal copyright need not be in evidence in order for copyright
X protection to be in force.
X
X D. You may not attempt to copy information belonging to other users
X without their express permission.
X
X E. You may not attempt to interfere with the operation of computing
X facilities.
X
X F. You may not attempt to subvert the security of any of the company's
X computing facilities.
X
X G. You may not use the company's computing facilities to send messages
X which are obscene or otherwise harassing in their intent.
X
X H. You may disagree with one or more of these policies, publically or
X privately, in accordance with your First Amendment rights, but you
X may not violate any of these policies for any reason or purpose.
END_OF_FILE
if test 4492 -ne `wc -c <'gen'`; then
echo shar: \"'gen'\" unpacked with wrong size!
fi
# end of 'gen'
fi
if test -f 'logins' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'logins'\"
else
echo shar: Extracting \"'logins'\" \(1711 characters\)
sed "s/^X//" >'logins' <<'END_OF_FILE'
Xlogins - responsibilities of users $Revision: 1.4 $ $Date: 90/12/18 19:43:56 $
X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
XThis section should be considered as an extension of the 'gen' file which
X contains the general policies governing local computer usage.
X
XWhile it is not the intent of local policy to restrict unduly the exercise
X of free and unbounded communication, it is to be likewise clearly
X understood that no one having login privileges on this host has any
X "right of free speech" whatsoever as it relates to exercise of that
X privilege.
X
XBecause any login user has actual (or potential) access to usenet, the
X administrator reserves the absolute and unfettered right to terminate,
X with or without stated cause, any login which may have been granted
X on this host at any time.
X
XThis policy exists primarily to provide recourse to the administrator in the
X event a login user creates traffic onto the usenet which is considered
X *by the administrator* to be of such character as to create a negative
X reputation for this site and/or its management. Such actions will not
X be tolerated.
X
XReceipt of messages from other *system administrators* (not users) register-
X ing complaints about a local user will be considered compelling
X evidence that the login should be withdrawn. Except....
X
XIt is true that it is relatively simple (if one has root privilege on a host)
X to create 'bogus' mail. Any login user who believes that someone has
X sent bogus mail under his name and this site name should notify the
X administrator immediately. These events, while rare, do happen, and
X are a recognized risk faced by everyone. A plea of "I didn't DO it"
X will usually prove to be a fully adequate defense....:-)
END_OF_FILE
if test 1711 -ne `wc -c <'logins'`; then
echo shar: \"'logins'\" unpacked with wrong size!
fi
# end of 'logins'
fi
if test -f 'policy' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'policy'\"
else
echo shar: Extracting \"'policy'\" \(2837 characters\)
sed "s/^X//" >'policy' <<'END_OF_FILE'
X# $Id: policy,v 1.19 91/01/16 10:55:28 bbh Rel $
X#
X# Author: Bud Hovell <bud@mtek.com>
X# MTEK International, Inc.
X# 311 B Avenue - Suite 200
X# Lake Oswego, OR 97034
X#
X################################# edit these ################################
Xpoldir=/usr/local/adm/Policy # Where named policy files live.
Xpager=/usr/local/bin/less # Your favorite pager.
Xmyname="uuname -l" # How to get local host name[
Xtmp=/tmp # Preferred tmp directory
X################################ edit no more ###############################
X# Note: any policy file must be named identically to the first word of the
X# first line in the file itself. Consider the file "logins", with
X# this as line one (or the last line if you must use 'tail', see
X# above) :
X#
X# logins - responsibilities of users
X#
X# .....where the word "logins" begins at character one of line
X# one of the file named "logins". This first line will then be
X# extracted to the ad-hoc menu file to provide the menu id for
X# the user to select the "logins" policy file.
X
X# Some variables:
Xhost=`$myname | tr [a-z] [A-Z]`
Xmenu=$poldir/polmenu
X
X# Do we have a "clear" function?
Xif [ -x /bin/clear -o -x /usr/bin/clear ]
Xthen clear=`clear`
X# ....or curses?
Xelif [ -x /usr/bin/tput ]
Xthen clear=`tput clear`
Xelse clear=
Xfi
X# WORK
X# Any files newer than menu?
Xcd $poldir
Xnew=`find . -newer $menu -print`
X
X# If so, menu needs to be updated:
Xif [ "$new" != "" ]
Xthen echo "\nOoops...hold on while I build a new menu for '$0'...\n"
X > $menu
X filelist=`ls | sed -e 's/polmenu//g' \
X -e 's/^[ ]$//g' \
X -e 's/$//g'; echo "\n"`
X for file in $filelist
X do
X echo " \c" >> $menu
X # This will read out all of line 1 into the user menu,
X # except for any trailing Id or Header stuff for RCS
X # (if you show your revision info on line one):
X cat $file | sed -n '1p' | cut -d"$" -f1 >> $menu
X done
Xfi
X
X# WORK
X
X# Re-run the menu until 'quit' from user:
Xi=x
Xuntil [ $i = "q|Q" ]; do
X
Xecho $clear
X
Xecho "\n DIRECTORY OF LOCAL POLICY FOR HOST '$host'\n"
Xcat $menu
Xecho "\n .....or 'q'uit"
Xecho "\n To review a policy, type in subject: > \c"
Xread i
Xcase $i in
Xq|Q) # Wants to quit
X echo "\n Policy review concluded. Thanks for your interest.\n"
X break ;;
X"") # No entry
X i=x
X echo "\n You must provide a name or 'q'uit.\007"
X sleep 2
X continue ;;
X*) # Wants another
X if [ -r $poldir/$i ]
X then $pager $poldir/$i
X i=x
X else echo "\n You must provide a name or 'q'uit.\007"
X sleep 2
X i=x
X fi
X continue ;;
Xesac
Xdone
END_OF_FILE
if test 2837 -ne `wc -c <'policy'`; then
echo shar: \"'policy'\" unpacked with wrong size!
fi
chmod +x 'policy'
# end of 'policy'
fi
if test -f 'usenet' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'usenet'\"
else
echo shar: Extracting \"'usenet'\" \(698 characters\)
sed "s/^X//" >'usenet' <<'END_OF_FILE'
Xusenet - requests for connection $Revision: 1.5 $ $Date: 91/03/01 21:51:15 $
X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
X
XUsenet connections to this host may be granted on a case-by-case basis,
X and shall not be considered unless the requesting system adminis-
X trator agrees to timely maintain a current usenet map for his/her
X host. Failure to fulfill this requirement will *certainly* result
X in termination of uucp connection.
X
XIf a new host login is granted, the administrator will bend every effort
X to assist in getting the connection working properly and, if it
X is necessary, filing a properly-documented uucp map.
X
XAny request for uucp connection should be mailed to postmaster@mtek.com.
X
X
X
X
X
X
X
X
X
END_OF_FILE
if test 698 -ne `wc -c <'usenet'`; then
echo shar: \"'usenet'\" unpacked with wrong size!
fi
# end of 'usenet'
fi
echo shar: End of archive 1 \(of 1\).
cp /dev/null ark1isdone
MISSING=""
for I in 1 ; do
if test ! -f ark${I}isdone ; then
MISSING="${MISSING} ${I}"
fi
done
if test "${MISSING}" = "" ; then
echo You have the archive.
rm -f ark[1-9]isdone
else
echo You still need to unpack the following archives:
echo " " ${MISSING}
fi
## End of shell archive.
exit 0
exit 0 # Just in case...
--
Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.
Use a domain-based address or give alternate paths, or you may lose out.