system@aurum.chem.utoronto.ca (System Admin (Mike Peterson)) (02/28/91)
Here are my protection scripts for SR10.2, SR10.3, SR10.2.p and
SR10.3.p (probably still works for SR10.0/1/0.p/1.p but I can't test
them any more). They will close up a BSD node pretty tightly, and try to
do so for Aegis/SYS5 but we don't use those environments so don't be
surprised if a few things don't work any more. You should probably do
ls -lgR / >& /tmp/ls.out &
as root before starting so you have a baseline of what the uid/gid/perms were
on all your files before running these scripts. You can then search this
list for things like suid/sgid programs that may not have been set
correctly for your environment. We don't use any optional Aegis services (like
printing) or 3'rd party stuff that may require suid/sgid programs or
special owners -- if you have such stuff, beware. I regard with extreme
annoyance any vendor who requires their software be mingled with the system
software - we keep all our stuff in /usr/local/......, or put it in
a separate tree at the / level if necessary. If you have mingled
software, beware, since these scripts make blanket uid/gid/perms changes
on entire trees, then only fix what has to be specially tweaked.
The scripts will change the entire node from // down to have BSD
directory inheritance except on specific subtrees where that is not
appropriate (mainly parts of /sys and UUCP); if you want SYS5 or Aegis,
don't run these scripts.
These scripts will remove most "dangerous" commands from users, so that
only root and members of the staff group can access many system admin
tools/directories.
See 'do_prot' and 'do_prot.hlp' for details on how to run them. The
scripts will take several hours to run on a node with a USENET news
spooling area, about a hour on most systems.
If you find problems with these scripts, or can add a tighter permission
than I am using, I would love to hear about it.
Mike.
------- cut here and feed to "sh" as directed --------
#!/bin/sh
# This is a shell archive (produced by shar 3.49)
# To extract the files from this archive, save it to a file, remove
# everything above the "!/bin/sh" line above, and type "sh file_name".
#
# made 02/27/1991 18:38 UTC by system@aurum
# Source directory //alchemy/usr/local/src/Protection
#
# existing files will NOT be overwritten unless -c is specified
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 2662 -rwxr--r-- check_prot
# 5398 -rwxr--r-- do_bsd4.3
# 4020 -rwxr--r-- do_etc
# 3954 -rwxr--r-- do_install
# 1254 -rwxr--r-- do_local
# 5038 -rwxr--r-- do_prot
# 1661 -rwxr--r-- do_prot.hlp
# 5689 -rwxr--r-- do_prot.man
# 14042 -rwxr--r-- do_sys
# 6508 -rwxr--r-- do_sys5.3
# 9653 -rwxr--r-- do_sys_sw
# 1165 -rwxr--r-- do_systest
# 9435 -rwxr--r-- do_usr
# 250 -rwxr--r-- find_setuid
#
# ============= check_prot ==============
if test -f 'check_prot' -a X"$1" != X"-c"; then
echo 'x - skipping check_prot (File already exists)'
else
echo 'x - extracting check_prot (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'check_prot' &&
#!/bin/sh
#
# This script checks the node where the script is run.
# Normally, it is run after the "do_prot" script, to
# locate files/directories that may still have inappropriate
# permissions. Note that some files in the system software
# MUST have wide open permissions, so not every file that
# is flagged is necessarily a problem. The same applies for some
# directories.
#
# One major improvement would be to spawn remote processes with the
# crp command on each host on which the protection script is to be
# run. Then, the protections on all the hosts can be set in parallel
# thereby greatly reducing the total wall clock time required to
# run these scripts.
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
#
#
# AUTHORS
#
# Mike Peterson University of Toronto
#
#
# MODIFICATIONS
#
# 1989/01/24 MRP Script created.
#
########################################################################
#
# The intent of this shell script is to check protections for all
# of the standard system software on the current node.
#
X
echo '##############################################################'
echo '### Start of the protection check procedure. #'
echo '##############################################################'
X
nodename=`hostname`
echo " "
echo "Doing syncids -l $nodename >/tmp/$nodename.syncids :"
syncids -l //$nodename >/tmp/$nodename.syncids
echo " "
echo "Doing find //$nodename/ -user none -group none >/tmp/$nodename.find.none :"
find //$nodename/ \( -user none -o -group none \) -ls >/tmp/$nodename.find.none
echo " "
echo "Doing find //$nodename/ -perm 666 -perm 777 >/tmp/$nodename.find.perm :"
find //$nodename/ \! -type l \( -perm 666 -o -perm 777 \) -ls >/tmp/$nodename.find.perm
echo " "
echo "Files ready for printing:"
echo "/tmp/$nodename.syncids"
echo "/tmp/$nodename.find.none"
echo "/tmp/$nodename.find.perm"
echo " "
echo "If the /install directory is present on any system, the 'find'"
echo "output files should be editted to remove that directory tree."
X
echo " "
echo '##############################################################'
echo '### End of the protection check procedure. #'
echo '##############################################################'
X
Xexit 0
SHAR_EOF
chmod 0744 check_prot ||
echo 'restore of check_prot failed'
Wc_c="`wc -c < 'check_prot'`"
test 2662 -eq "$Wc_c" ||
echo 'check_prot: original size 2662, current size' "$Wc_c"
fi
# ============= do_bsd4.3 ==============
if test -f 'do_bsd4.3' -a X"$1" != X"-c"; then
echo 'x - skipping do_bsd4.3 (File already exists)'
else
echo 'x - extracting do_bsd4.3 (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_bsd4.3' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/05/10 STD Script created.
# 1989/12/04 MRP Changed perms for /bsd4.3/usr/include and
# /bsd4.3/usr/man subdirectories from 775 to 755.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1989/12/05 MRP Change perms on /bsd4.3/usr/man/whatis to 644.
# Changed perms on /bsd4.3/usr/lib/ex3.7* to 4755.
# 1989/12/07 MRP Added /bsd4.3/usr/msgs subtree perms.
# Removed setuid on /bsd4.3/usr/bin/uu??code.
# 1990/04/05 MRP Changed /bsd4.3/bin/rcp, /bsd4.3/usr/ucb/rsh and
# /bsd4.3/usr/ucb/rlogin permissions to 4755.
# 1990/04/16 MRP Changed /bsd4.3/usr/ucb/biff from setuid 'daemon'
# to setuid 'root'.
# 1990/04/16 MRP Changed /bsd4.3/usr/lib/lpd from group 'staff' to
# 'daemon'.
# 1990/04/16 MRP Changed /bsd4.3/usr/ucb/lp{q,r,rm} from group
# 'staff' to 'daemon'.
#
########################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
chmd=/bsd4.3/bin/chmod
X
dir=$host/bsd4.3
if [ -d $dir/bin ]; then
X set -x
X chacl -B $dir/bin
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/bin
X $chmd -R 755 $dir/bin
X ( cd $dir/bin; chown bin.mail rmail )
X ( cd $dir/bin; $chmd 4755 login mail rcp su )
X ( cd $dir/bin; $chmd 2755 rmail )
X set -
fi
X
if [ -d $dir/usr ]; then
X set -x
X chacl -B $dir/usr
X chacl -u $default_owner -g $default_group -z $default_org $dir/usr
X $chmd 755 $dir/usr
X set -
fi
X
if [ -d $dir/usr/bin ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/bin
X chacl -R -B $dir/usr/bin
X $chmd -R 755 $dir/usr/bin
X ( cd $dir/usr/bin; chown daemon.staff at atq atrm )
X ( cd $dir/usr/bin; chown uucp.daemon cu tip uucp uudecode uuencode uulog )
X ( cd $dir/usr/bin; chown uucp.daemon uuname uupick uustat uuto uux )
X ( cd $dir/usr/bin; $chmd 4711 cu tip uucp uuname uustat uux )
X ( cd $dir/usr/bin; $chmd 555 uudecode uuencode )
X ( cd $dir/usr/bin; $chmd 4555 uulog uupick uuto )
X ( cd $dir/usr/bin; $chmd 4755 at atq atrm )
X set -
fi
X
if [ -d $dir/usr/dict ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/dict
X chacl -R -B $dir/usr/dict
X $chmd -R 755 $dir/usr/dict
X set -
fi
X
if [ -d $dir/usr/include ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/include
X chacl -R -B $dir/usr/include
X chacl -R u=pwrx,g=rx,z=I,o=rx $dir/usr/include
X find $dir/usr/include -type f -exec $chmd 644 {} \;
X set -
fi
X
if [ -d $dir/usr/lib ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/lib
X chacl -R -B $dir/usr/lib
X $chmd -R 755 $dir/usr/lib
X set -
X file_list=""
X for file in Mail.help Mail.help.~ Mail.rc aliases dict.d eign explain.d \
X gprof.callg gprof.flat lib.b more.help sendmail.cf sendmail.hf \
X sendmail.st units vgrindefs yaccpar
X do
X if [ -f "$dir/usr/lib/$file" ]
X then
X file_list="$file_list $file"
X fi
X done
X if [ -n "$file_list" ]; then
X set -x
X ( cd $dir/usr/lib; $chmd 644 $file_list )
X set -
X fi
X set -x
X ( cd $dir/usr/lib; chown root.staff sendmail )
X ( cd $dir/usr/lib; $chmd 750 makekey makewhatis )
X ( cd $dir/usr/lib; chown root.daemon lpd )
X ( cd $dir/usr/lib; $chmd 4755 ex3.7preserve ex3.7recover lpd sendmail )
X ( cd $dir/usr/lib/font; $chmd 644 * )
X ( cd $dir/usr/lib/help; $chmd 644 * )
X ( cd $dir/usr/lib/help; $chmd 755 lib )
X ( cd $dir/usr/lib/me; $chmd 644 * )
X ( cd $dir/usr/lib/tabset; $chmd 644 * )
X ( cd $dir/usr/lib/term; $chmd 644 * )
X set -
fi
X
if [ -d $dir/usr/man ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/man
X chacl -R -B $dir/usr/man
X chacl -R u=prwx,g=rx,o=rx $dir/usr/man
X find $dir/usr/man -type f -exec $chmd 644 {} \;
X $chmd 644 $dir/usr/man/whatis
X set -
fi
X
if [ -d $dir/usr/msgs -a ! -L $dir/usr/msgs ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/usr/msgs
X chacl -B $dir/usr/msgs
X $chmd 777 $dir/usr/msgs
X find $dir/usr/msgs -type f -exec $chmd 644 {} \;
X chown root.staff $dir/usr/msgs/bounds
X $chmd 666 $dir/usr/msgs/bounds
X set -
fi
X
if [ -d $dir/usr/ucb ]; then
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/usr/ucb
X chacl -R -B $dir/usr/ucb
X $chmd -R 755 $dir/usr/ucb
X ( cd $dir/usr/ucb; chown bin.mail Mail mail )
X ( cd $dir/usr/ucb; chown root.staff biff )
X ( cd $dir/usr/ucb; chown root.daemon lpq lpr lprm )
X ( cd $dir/usr/ucb; $chmd 4755 biff lpq lpr lprm rdist rlogin rsh )
X set -
fi
X
Xexit 0
SHAR_EOF
chmod 0744 do_bsd4.3 ||
echo 'restore of do_bsd4.3 failed'
Wc_c="`wc -c < 'do_bsd4.3'`"
test 5398 -eq "$Wc_c" ||
echo 'do_bsd4.3: original size 5398, current size' "$Wc_c"
fi
# ============= do_etc ==============
if test -f 'do_etc' -a X"$1" != X"-c"; then
echo 'x - skipping do_etc (File already exists)'
else
echo 'x - extracting do_etc (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_etc' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/05/16 STD Script created.
# 1989/07/07 STD Changed perms on netsvc and rtsvc from 750 to 700.
# 1989/11/26 MRP Changed perms on find_orphans, lprotect, salacl,
# server, suid_exec and syncids from 750 to 4750.
# 1989/11/26 MRP Added /etc/bsd4.3/mknod to 750 perm list.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1989/12/05 MRP Added /etc/imagen.d?, /etc/resolv.conf, /etc/syslog.*.
# Changed 664 perms to 644 perms everywhere.
# Added /etc/cron.templates and /etc/templates trees.
# 1990/04/05 MRP Added chmod 4755 for /etc/ping.
# 1990/04/16 MRP Added chacl for /etc/server at SR10.2.
# 1990/04/16 MRP Added chgrp 'daemon' for /etc/lpc (no setuid root).
# 1990/04/16 MRP Added chmod 4755 for /etc/timedc.
# 1990/10/25 MRP Removed chmod 4755 for /etc/suid_exec.
#
########################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
chmd=/bsd4.3/bin/chmod
X
dir=$host
X
# /etc files/
#
# Note that lprotect has its own permissions scheme determined by
# `node_data/node_owners.
#
set -x
chacl -R -u $default_owner -g $default_group -z $default_org $dir/etc
chacl -R -B $dir/etc
$chmd -R 755 $dir/etc
(cd $dir/etc; chgrp daemon lpc )
(cd $dir/etc; $chmd 644 copyright dmmsg gettytab group hosts )
(cd $dir/etc; $chmd 644 hosts.equiv networks org passwd printcap profile )
(cd $dir/etc; $chmd 644 profile.ksh protocols services )
(cd $dir/etc; $chmd 700 netsvc rtsvc )
(cd $dir/etc; $chmd 750 ac accton chuvol crpty ctnode ctob dm_or_spm )
(cd $dir/etc; $chmd 750 edmtdesc halt ifconfig import_passwd )
(cd $dir/etc; $chmd 750 mkdevno obty reboot rgy_admin )
(cd $dir/etc; $chmd 750 rgy_merge rgyd sa salvol shutspm uctnode uctob )
(cd $dir/etc; $chmd 4750 find_orphans lprotect salacl syncids timedc )
(cd $dir/etc; chown root.staff ping; $chmd 4755 ping )
( cd $dir/etc; bldt -n $host | grep '10\.1' >/dev/null;
X if [ "$?" = "0" ]; then
X chacl -o -u root -g staff -z none server
X chacl -o u=sprwx,g=rx,z=I,o= server
X else
X chacl -o -u user -g server -z none server
X chacl -o u=sprx,gz=sI,o=rx server
X fi )
(cd $dir/etc; if [ -f helpadm ]; then $chmd 644 helpadm; fi )
(cd $dir/etc; if [ -f imagen.db ]; then $chmd 644 imagen.db; fi )
(cd $dir/etc; if [ -f imagen.df ]; then $chmd 644 imagen.df; fi )
(cd $dir/etc; if [ -f motd ]; then $chmd 644 motd; fi )
(cd $dir/etc; if [ -f resolv.conf ]; then $chmd 644 resolv.conf; fi )
(cd $dir/etc; if [ -f syslog.conf ]; then $chmd 644 syslog.conf; fi )
(cd $dir/etc; if [ -f syslog.pid ]; then $chmd 644 syslog.pid; fi )
set -
X
# /etc/bsd4.3
#
if [ -d $dir/etc/bsd4.3 ]
then
X set -x
X (cd $dir/etc/bsd4.3; $chmd 644 termcap )
X (cd $dir/etc/bsd4.3; $chmd 750 cron mknod shutdown )
X set -
fi
X
# /etc/cron.templates
#
set -x
find $dir/etc/cron.templates -type f -exec $chmd 644 {} \;
set -
X
# /etc/ncs
#
set -x
$chmd -R 750 $dir/etc/ncs
$chmd -R 755 $dir/etc/ncs/perf
set -
X
# /etc/sys5.3
#
if [ -d $dir/etc/sys5.3 ]
then
X set -x
X (cd $dir/etc/sys5.3; $chmd 644 termcap )
X (cd $dir/etc/sys5.3; $chmd 750 cron mknod shutdown )
X set -
fi
X
# /etc/templates
#
set -x
find $dir/etc/templates -type f -exec $chmd 644 {} \;
set -
X
Xexit 0
SHAR_EOF
chmod 0744 do_etc ||
echo 'restore of do_etc failed'
Wc_c="`wc -c < 'do_etc'`"
test 4020 -eq "$Wc_c" ||
echo 'do_etc: original size 4020, current size' "$Wc_c"
fi
# ============= do_install ==============
if test -f 'do_install' -a X"$1" != X"-c"; then
echo 'x - skipping do_install (File already exists)'
else
echo 'x - extracting do_install (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_install' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# The authorized area should be protected tightly to prevent
# unauthorized changes to it. The only remaining question is,
# "What happens to permissions on software installations?" If
# the installation software simply copies the permissions from the
# authorized area, then the permissions will be wrong until this
# protection script system is run to fix the permissions.
#
# On alternative is to have the authorized area permissions set to be
# the same as the in-place software. However, this would mean duplicating
# the protection scripts (one for in-place, one for authorized area)
# and will leave the authorized area insufficiently protected.
#
# In fact, if you have hard links into your authorized area then you
# need not protect the software in the authorized area since setting
# the perms on that software is taken care of in other scripts.
# (Setting perms on /bin/su when /bin/su is a hard link into the
# authorized area is the same as setting the object in the authorized
# area since they are, via hard links, one and the same object.)
# So, don't run this script if you hard link into your authorized
# area. This should be automated at some point to check.
#
# You could have this script run first before any other permissions
# are set on system software. Then, all permission would be correct
# when all the scripts have run. However, the node will be in an
# odd state (improper permissions set) after this script has run
# and before the permissions are restored by the other scripts.
# Empirically, this approach seems to work but it was done on a
# lightly-loaded node with only one other user (who was idle).
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/06/15 STD Script created.
# 1989/07/05 STD Added third incoming argument for determining whether
# to set protections on the authorized area.
# 1989/11/29 MRP Removed recursive BSD acl's and set perms to 740.
# Set permissions for first level subdirectories to
# 755, and all files in /install/site to 644.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
#
########################################################################
X
host=$1
default_owner=$2
do_aa=$3
default_group="staff"
default_org="none"
X
if [ "$do_aa" != "do_aa" ]
then
X echo "** Further protection of /install on: $host is being skipped."
X echo " because the appropriate option to the do_prot protection"
X echo " script was not set."
X exit 0
fi
X
echo ""
echo "** Protection of /install on: $host"
echo "** NOTE: Protection of /install, when hard links into the authorized"
echo " area are present, should be run only with minimal node"
echo " activity since changing of permissions on the authorized area"
echo " can interrupt proper operation of linked-to software until"
echo " proper permissions are set on the rest of the system software."
echo ""
X
dir=$host
X
# /install objects.
#
set -x
#chacl -R -u $default_owner -g $default_group -z $default_org $dir/install
#chacl -R -B $dir/install
#chacl -R u=prwx,g=r,o= $dir/install
chmod 755 $dir/install/*
if [ -d $dir/install/site ]; then
X chmod 644 $dir/install/site/*
fi
set -
X
Xexit 0
SHAR_EOF
chmod 0744 do_install ||
echo 'restore of do_install failed'
Wc_c="`wc -c < 'do_install'`"
test 3954 -eq "$Wc_c" ||
echo 'do_install: original size 3954, current size' "$Wc_c"
fi
# ============= do_local ==============
if test -f 'do_local' -a X"$1" != X"-c"; then
echo 'x - skipping do_local (File already exists)'
else
echo 'x - extracting do_local (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_local' &&
#!/bin/sh
### Procedure for protection of the local site/node-specific trees.
#
# File: do_local
#
# Date: May 9, 1989
#
# Authors: Scott Darlington (University of Waterloo)
#
# Modifications:
#
# 1989/05/09 STD Original creation.
# 1989/11/29 MRP Removed Waterloo stuff, added /ws.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1989/12/06 MRP Corrected /ws/tapeat/install perms.
# 1990/11/23 MRP Changed file names for /ws/tapeat rev. 3.1.1.
#
######################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
dfu=$default_owner
dfg=$default_group
dfz=$default_org
X
chmd=/bsd4.3/bin/chmod
X
dir=$host
X
if [ -d $dir/ws ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/ws
X chacl -R -B $dir/ws
X if [ -d $dir/ws/install ]; then
X $chmd -R 750 $dir/ws/install
X fi
X if [ -d $dir/ws/tapeat ]; then
X $chmd -R 755 $dir/ws/tapeat
X if [ -d $dir/ws/tapeat/install ]; then
X $chmd 750 $dir/ws/tapeat/install/ddf_builder*
X $chmd 750 $dir/ws/tapeat/install/exerciser_.template
X fi
X fi
X set -
fi
X
Xexit 0
SHAR_EOF
chmod 0744 do_local ||
echo 'restore of do_local failed'
Wc_c="`wc -c < 'do_local'`"
test 1254 -eq "$Wc_c" ||
echo 'do_local: original size 1254, current size' "$Wc_c"
fi
# ============= do_prot ==============
if test -f 'do_prot' -a X"$1" != X"-c"; then
echo 'x - skipping do_prot (File already exists)'
else
echo 'x - extracting do_prot (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_prot' &&
#!/bin/sh
#
# The protection scripts could be improved considerably. For one,
# the environments at the University of Waterloo all have Aegis
# and bsd4.3 loaded and so the protection scripts rely on the presence
# of those two environments (they use commands from them). This
# should be changed in the future although the use of the find
# command is quite handy. Similarly, the bsd4.3 version of the
# chmod command has been used because of its "-R" option for
# recursively descending trees. All these instances will eventually
# be replaced with equivalent chacl commands.
#
# One major improvement would be to spawn remote processes with the
# crp command on each host on which the protection script is to be
# run. Then, the protections on all the hosts can be set in parallel
# thereby greatly reducing the total wall clock time required to
# run these scripts.
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/05/10 STD Script created.
# 1989/07/05 STD Added support for the "-aa" option to specify that
# permissions are to be set on the authorized area.
# I really should stick to single-char options as per
# unix but then I'd have to add code to parse combined
# option flags.
#
########################################################################
#
# The intent of this shell script is to establish protections for all
# of the standard system software on the specified nodes.
#
# The script takes hostnames as arguments. The protection scripts will
# be run on every machine whose name is supplied to this script as an
# argument.
#
default_owner="root"
PROT_DIR=//alchemy/usr/local/src/Protection
PATH=:${PROT_DIR}:/usr/ucb:/bin:/usr/bin:/etc:/usr/apollo/bin
X
my_name=`basename $0`
help_file=$PROT_DIR/$my_name.hlp
X
# Allow only effective userid 'root' to run the protection script.
# Of course, the permissions on these scripts should enforce this as well.
# Actually, locksmiths should be allowed to run this script, too.
#
WMI=`whoami`
if [ $WMI != 'root' ]
then
X echo "${WMI}: YOU MUST BE root TO RUN THE PROTECTION SCRIPTS."
X exit 1
fi
X
# Parse command line arguments looking for usage or help requests.
#
if [ $# -le 0 -o "$1" = "-u" -o "$1" = "-U" -o "$1" = "-h" -o "$1" = "-H" ]
then
X echo "Usage: $my_name [ -u | -U | -h | -H ]"
X echo " $my_name [ -r <default_owner> ] <node_name> [ <node_name>... ]"
X if [ $# -le 0 -o "$1" = "-h" -o "$1" = "-H" ]
X then
X if [ -r $help_file ]
X then
X echo " "
X echo "Help file coming in 5 seconds ..."
X sleep 5
X page $help_file
X else
X echo "${my_name}: The help file for this script is not available."
X fi
X fi
X exit 0
fi
X
# Parse command line arguments looking for host names and command switches.
# The parsing algorithm could be a lot more robust.
#
do_aa="ignore_aa"
just_saw_a_flag="false"
for i
do
X arg=$1
X host=//`basename $arg`
X if [ "$just_saw_a_flag" = "it_was_r" ]
X then # Previous arg was "-r" so this arg must be the owner specifier.
X default_owner=$1
X just_saw_a_flag="false"
X elif [ "$arg" = "-aa" ]
X then
X do_aa="do_aa"
X elif [ "$arg" = "-r" ]
X then
X just_saw_a_flag="it_was_r"
X elif [ -d $host ]
X then
X host_list="$host_list $host"
X else
X echo "${my_name}: Bad argument ignored: $arg"
X fi
X shift
done
X
# Test for null host list.
#
if [ "$host_list" = "" ]
then
X echo "$my_name: No hosts specified. Aborting."
X exit 1;
fi
X
X
# Output the configuration settings of this backup.
#
echo "** Hosts to have permissions set:"
echo " ${host_list}"
echo "** Ownership of system software directories and their contents will be"
echo " set to '${default_owner}'."
X
echo "##############################################################"
echo "### Beginning the protection procedure. #"
echo "##############################################################"
X
for host in $host_list
do
X ./do_sys_sw $host $default_owner $do_aa
X
X if [ -f ./do_local -a -r ./do_local ]
X then
X echo ""
X echo "**"
X echo "** Doing local protections on: $host "
X echo "**"
X
X ./do_local $host $default_owner
X fi
done
X
echo ""
echo "##############################################################"
echo "### Finished the protection procedure. #"
echo "##############################################################"
X
Xexit 0
SHAR_EOF
chmod 0744 do_prot ||
echo 'restore of do_prot failed'
Wc_c="`wc -c < 'do_prot'`"
test 5038 -eq "$Wc_c" ||
echo 'do_prot: original size 5038, current size' "$Wc_c"
fi
# ============= do_prot.hlp ==============
if test -f 'do_prot.hlp' -a X"$1" != X"-c"; then
echo 'x - skipping do_prot.hlp (File already exists)'
else
echo 'x - extracting do_prot.hlp (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_prot.hlp' &&
X
This command will set the permissions on the system software
directories, and their contents, on the specified nodes.
X
The -r switch can be used to specify a default owner other than
root. This might be desirable in a network with distributed
authority ie. one where numerous system administrators know the
root password. In this case, 'lprotect' can be used to deny root
privileges but if root owns an object then root privileges are
not necessary to delete that object. So, default ownership can
be set to any other person using the -r switch. If omited,
the default owner will be 'root'.
X
The script will take arguments which are not associated with the
-r switch to be node names. The protection scripts will apply
their protections to all system software directories, and their
contents, on the nodes specified as arguments to this script.
X
Note that the use of 'lprotect' can prevent this script from setting
permissions on remote nodes since this script relies on root
privileges in order to set permissions appropriately.
X
Examples:
X
X $my_name -h
X Give this help information
X
X $my_name //mynode //yournode
X Applies protections to the system software directories, and
X contents, on the nodes //mynode and //yournode. The ownership
X of the system software directories and their contents will be
X set to 'root'.
X
X $my_name -r johnb mynode yournode
X Applies protections to the system software directories, and
X contents, on the nodes //mynode and //yournode. The ownership
X of the system software directories and their contents will be
X set to 'johnb'. Note that the leading slashes on node names
X are optional.
X
SHAR_EOF
chmod 0744 do_prot.hlp ||
echo 'restore of do_prot.hlp failed'
Wc_c="`wc -c < 'do_prot.hlp'`"
test 1661 -eq "$Wc_c" ||
echo 'do_prot.hlp: original size 1661, current size' "$Wc_c"
fi
# ============= do_prot.man ==============
if test -f 'do_prot.man' -a X"$1" != X"-c"; then
echo 'x - skipping do_prot.man (File already exists)'
else
echo 'x - extracting do_prot.man (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_prot.man' &&
.TH DO_PROT local
.SH NAME
do_prot \- Set permissions, ownership, and inheritance on the system
software on an Apollo node.
.SH SYNOPSIS
.B do_prot
[ \-u | \-U ]
.PP
.B do_prot
[ \-r <default_owner> ] [ \-aa ] <node_name> ...
.SH DESCRIPTION
.PP
Do_prot is a shell script which sets the permissions, ownership, and
inheritance on the system software directories, and their contents,
on the specified Apollo nodes.
.PP
The
.B \-r
switch specifies the owner of the objects which will have their
ownership set.
Some objects do not use the default owner specified by the
.B \-r
switch but, rather, are set to explicit owners in the scripts.
If the
.B \-r
switch is not used, then the default owner is set to root.
.PP
The
.B \-r
switch is useful in a network with distributed authority such
as one where numerous, independent system administrators know the
(single) root password.
In such a case, each independent system administrator may choose to
use the 'lprotect' command to deny root privileges to remote users
running as root.
However, a remote user running as root does not need root privileges
to alter an object owned by root.
So, system administrators may prefer to have objects owned by someone
other than root.
That is why the
.B \-r
switch was provided for this command.
If the
.B \-r
switch is omitted, the default owner will be 'root'.
.PP
The script will take arguments which are not associated with the
-r switch to be node names. The protection scripts will apply
their protections to all system software directories, and their
contents, on the nodes specified as arguments to this script.
.PP
The script will check for the existence of a script named "do_local"
in its home directory and will execute that script, if it exists,
after the protections on the system software have been set.
Someday, a command line option will be added to specify a particular
user-supplied shell script for execution in addition to the "do_local"
script.
.PP
Note that the use of 'lprotect' can prevent this script from setting
permissions on remote nodes since this script relies on root
privileges in order to set permissions appropriately.
.SH
OPTIONS
.IP "\-aa"
specifies that permissions and ownership of the authorized area should
be set.
The scripts set the protection of the authorized area to a very restricted
state.
If some system software is hard-linked into the authorized area, then
the severe protection may affect execution of that system software.
However, since the protection scripts set the protection of the system
software after setting the protection of the authorized area, the protection
of the system software will be set properly by the time the protection
scripts finish execution.
So, if you have some system software hard-linked into the authorized area
and you use the \-aa switch, run the protection scripts when there is little
other activity on the node.
This will minimize any service interruption during the period when the
authorized area has been protected but the system software has not yet
had its protection set by the scripts.
.IP "\-r"
explicitly specifies a default owner.
If omitted, the default owner will be 'root'.
Ownership of objects will be set to the default owner unless
correct system software operation requires that a particular
object be owned by a specific userid.
.IP "\-u"
produces a short usage description on standard output showing how to call
the program.
.IP "\-U"
a synonym for the \-u option.
.SH
EXAMPLES
.PP
do_prot //mynode //yournode
.PP
.RS
Applies protections to the system software directories, and
contents, on the nodes //mynode and //yournode. The ownership
of the system software directories and their contents will be
set to 'root'.
.RE
.PP
do_prot -r johnb mynode yournode
.PP
.RS
Applies protections to the system software directories, and
contents, on the nodes //mynode and //yournode. The ownership
of the system software directories and their contents will be
set to 'johnb'. Note that the leading slashes on node names
are optional.
.RE
.SH
COMMENTS
.PP
The protection scripts could be improved considerably. For one,
the environments at the University of Waterloo all have Aegis
and bsd4.3 loaded and so the protection scripts rely on the presence
of those two environments (they use commands from them). This
should be changed in the future although the use of the find
command is quite handy. Similarly, the bsd4.3 version of the
chmod command has been used because of its "-R" option for
recursively descending trees. All these chmod commands will
be replaced with equivalent chacl commands someday.
.PP
One major improvement would be to spawn remote processes with the
crp command on each host on which the protection script is to be
run.
Then, the protection scripts can be run simultaneously on all
the hosts specified on the command line.
This would greatly reduce the total wall clock time required to
run these scripts.
This enhancement should be fairly easy to implement considering
the structure of the scripts.
.PP
Note that system software, as shipped, has no extended entries in
acls and so the difference between chmod and chacl becomes mostly
irrelevant.
.PP
Note: This script has not been checked for its effect when the
default owner is not "root". Some things may break.
.SH AUTHOR
.nf
Scott T. Darlington
Department of Computing Services
University of Waterloo
Waterloo, Ontario N2L 3G1
.SH ACKNOWLEDGMENTS
This script was based on ideas embodied in scripts originally written
by
.PP
.RS
.nf
Jean-Claude Nadeau (Universite de Montreal)
Debbie Voth (Apollo Computer Inc)
Greg Foise (Apollo Computer Inc)
Mike Peterson (University of Toronto)
.RE
SHAR_EOF
chmod 0744 do_prot.man ||
echo 'restore of do_prot.man failed'
Wc_c="`wc -c < 'do_prot.man'`"
test 5689 -eq "$Wc_c" ||
echo 'do_prot.man: original size 5689, current size' "$Wc_c"
fi
# ============= do_sys ==============
if test -f 'do_sys' -a X"$1" != X"-c"; then
echo 'x - skipping do_sys (File already exists)'
else
echo 'x - extracting do_sys (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_sys' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/06/16 STD Script created.
# 1989/12/01 MRP Deactivated most chacl -B commands.
# Added 644 perms to /sys/debug/help.
# Set /sys/ns directory tree to original perms.
# Removed /sys/registry directory tree changes.
# Set /sys/sf directory tree to original perms.
# Removed /sys/siologin, /sys/spm and /sys/subsys
# directory tree changes (protected login subsystems).
# 1989/12/04 MRP Set original perms on /sys/mpx, /sys/mbx/mbx_helper,
# /sys/spm, /sys/spm/spm, /sys/node_data/systmp,
# /sys/node_data/systmp/*, /sys/node_data and
# /sys/node_data/dev.
# Added chown root.staff and chmod 666 to
# /sys/node_data/dev/crp*.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1989/12/05 MRP Set original perms on /sys/registry.
# 1989/12/06 MRP Added chmod 755 for /sys/spm/startup_templates.
# 1989/12/07 MRP Added perms for /sys/siologin and
# sys/siologin/siologin.
# 1990/04/05 MRP Added /sys/boot_shell{,.a88k} permissions
# (file was moved at SR10.2).
# 1990/04/16 MRP Changed /sys/net/netman perms to z=I from z=rx.
# 1990/04/16 MRP Changed /sys/vtserver to setuid root (SR10.2).
# 1990/04/17 MRP Added /sys/node_data/etc/{xdm,xinit} directories.
# 1990/05/02 MRP Added /sys/node_data/dev/.mkdev permissions.
# 1990/05/02 MRP Added /sys/node_data/system_logs/???acct permissions.
# 1990/11/08 MRP Added /sys/nfs permissions.
#
########################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
dfu=$default_owner
dfg=$default_group
dfz=$default_org
X
chmd=/bsd4.3/bin/chmod
X
dir=$host/sys
X
#
# Establish permissions on objects in the /sys directory.
#
set -x
( cd $dir; chacl -odf -u $dfu -g $dfg -z $dfz * )
( cd $dir; chacl -odf u=pwrx,go=rx,z=I * )
#( cd $dir; chacl -B * )
X
if [ -f $dir/boot_shell ]; then
X ( cd $dir; chacl -u root -g staff -z none boot_shell )
X ( cd $dir; chacl ugz=I,o=prwx boot_shell )
fi
if [ -f $dir/boot_shell.a88k ]; then
X ( cd $dir; chacl -u root -g staff -z none boot_shell.a88k )
X ( cd $dir; chacl ugz=I,o=prwx boot_shell.a88k )
fi
( cd $dir; bldt -n $host | grep '10\.1' >/dev/null;
X if [ "$?" = "0" ]; then
X echo "$dir/vtserver left with 755 permissions."
X else
X chmod 4755 $dir/vtserver
X fi )
set -
X
#
# Set protection of most directory trees in /sys. Where these generic
# default protections are incorrect, they will be modified later in this
# script.
#
set -x
( cd $dir; chacl -Rodf -u $dfu -g $dfg -z $dfz \
X alarm debug dialog dm help ins mgrs net nfs ns )
( cd $dir; chacl -Rodf -u $dfu -g $dfg -z $dfz \
X sf source traits vstreams )
#( cd $dir; chacl -R -B alarm debug dialog dm help ins mgrs net nfs ns )
#( cd $dir; chacl -R -B sf source traits vstreams )
( cd $dir; $chmd -R 755 alarm debug dialog dm help ins mgrs net nfs ns )
( cd $dir; $chmd -R 755 sf source traits vstreams )
set -
X
#
# Set protection on specific directory trees when the generic defaults
# applied above are insufficient, incorrect, or inappropriate.
#
set -x
find $dir/debug/help -type f -exec $chmd 644 {} \;
find $dir/dm/fonts -type f -exec $chmd 644 {} \;
find $dir/dm/startup_templates -type f -exec $chmd 644 {} \;
find $dir/help -type f -exec $chmd 644 {} \;
find $dir/ins -type f -exec $chmd 644 {} \;
find $dir/source -type f -exec $chmd 644 {} \;
find $dir/spm/startup_templates -type f -exec $chmd 644 {} \;
( cd $dir/dm; chacl -o -u sys_person -g locksmith -z sys_org input output )
( cd $dir/dm; chacl u=pwrx,go=rx,z=I input output )
( cd $dir/dm; $chmd 644 start* std_keys* )
( cd $dir/dm; $chmd 755 startup_templates )
( cd $dir/net; $chmd 644 diskless_list )
( cd $dir/net; chacl u=pwrxs,go=rx,z=I netman )
( cd $dir/spm; chacl -oR -u $dfu -g $dfg -z $dfz startup_templates )
( cd $dir/spm; chacl u=pwrx,go=rx,z=I startup_templates )
( cd $dir/spm; chacl -df u=Ppwrx,g=Prx,z=PI,o=rx startup_templates )
set -
X
# Set perms on the /sys/hardcopy directory.
#
if [ -d $dir/hardcopy ]; then
X set -x
X ( cd $dir; chacl -Rodf -u $dfu -g $dfg -z $dfz hardcopy )
# ( cd $dir; chacl -R -B hardcopy )
X ( cd $dir; $chmd -R 755 hardcopy )
X set -
fi
X
# Set perms on the /sys/mbx directory.
# These permissions are what I found on the /sys/mbx directory. I don't
# know if they can be tightened further.
# Note that mbx_helper was setuid, setgid, and setzid.
#
set -x
chacl -odf -u none -g none -z none $dir/mbx
chacl -odf ugz=I,o=pwrx $dir/mbx
chacl -o -u user -g server -z none $dir/mbx/mbx_helper
chacl -o ugz=sI,o=prx $dir/mbx/mbx_helper
set -
X
# Set perms on the /sys/node_data directory.
# These permissions are what I found on the /sys/node_data directory.
# I don't know if they can be tightened further.
# Note that the subdirectories are handled later.
#
set -x
chacl -o -u root -g wheel -z none $dir/node_data
chacl -o ugo=pwrx,z=I $dir/node_data
chacl -df ug=Ppwrx,z=PI,o=pwrx $dir/node_data
set -
X
# Set perms on the /sys/ns/helper_data directory.
# These permissions are what I found on the /sys/ns/helper_data directory.
# I don't know if they can be tightened further.
#
set -x
chacl -R -odf -u root -g staff -z none $dir/ns/helper_data
chacl -R -odf ugzo=pwrx,z=I $dir/ns/helper_data
set -
X
# Set perms on the /sys/print... directories.
# These permissions are what I found on the /sys/print... directories.
# Note that I've commented out these permissions so the tighter default
# permissions applied above are left intact.
#
# set -x
# chacl -df -u root -g staff -z none $dir/print
# chacl -df ugzo=pwrx,z=I $dir/print
# chacl -odf -u root -g staff -z none $dir/print/queue $dir/print/spooler
# chacl -odf ugzo=pwrx,z=I $dir/print/queue $dir/print/spooler
# set -
X
# Set perms on the /sys/registry directory.
# These permissions are what I found on the /sys/registry directory.
# I don't know if they can be tightened further.
#
set -x
chacl -o -u $dfu -g $dfg -z $dfz $dir/registry
chacl -o ugo=pwrx,z=I $dir/registry
chacl -df ug=Ppwrx,z=I,o=pwrx $dir/registry
set -
X
# Set perms on the /sys/sf/local_q directory.
# These permissions are what I found on the /sys/sf/local_q directory.
# I don't know if they can be tightened further.
#
set -x
chacl -odf -u root -g staff -z none $dir/sf/local_q
chacl -odf ugzo=pwrx,z=I $dir/sf/local_q
set -
X
# Set perms on the /sys/siologin directory.
# These permissions are what I found on the /sys/siologin directory.
# I don't know if they can be tightened further.
#
set -x
chacl -u root -g staff -z none $dir/siologin
chacl -o ugo=prwx,z=I $dir/siologin
chacl -df ug=Pprwx,z=PI,o=prwx $dir/siologin
chacl -u root -g staff -z none $dir/siologin/siologin
chacl ugz=I,o=prx $dir/siologin/siologin
set -
X
# Set perms on the /sys/spm directory.
# These permissions are what I found on the /sys/spm directory. I don't
# know if they can be tightened further.
#
set -x
chacl -odf -u none -g none -z none $dir/spm
chacl -odf ugz=I,o=pwrx $dir/spm
chacl -o -u none -g none -z none $dir/spm/spm
chacl -o ugz=I,o=pwrx $dir/spm/spm
set -
X
# Set perms on /sys/sysdev.
#
( cd $dir/sysdev; $chmd 666 console display null sio* tty* )
X
#####
#
# Set permissions on node_data* directories.
#
for i in $dir/node_data*
do
X set -x
X # node_data*
X if [ -f $i/boot_shell ]; then
X ( cd $i; chacl -u root -g staff -z none boot_shell )
X ( cd $i; chacl ugz=I,o=prwx boot_shell )
X fi
X if [ -f $i/boot_shell.template ]; then
X ( cd $i; chacl -u root -g staff -z none boot_shell.template )
X ( cd $i; chacl ugz=I,o=prwx boot_shell.template )
X fi
X if [ -f $i/boot_shell.a88k ]; then
X ( cd $i; chacl -u root -g staff -z none boot_shell.a88k )
X ( cd $i; chacl ugz=I,o=prwx boot_shell.a88k )
X fi
X if [ -f $i/boot_shell.template.a88k ]; then
X ( cd $i; chacl -u root -g staff -z none boot_shell.template.a88k )
X ( cd $i; chacl ugz=I,o=prwx boot_shell.template.a88k )
X fi
X if [ -f $i/data\$ ]; then
X ( cd $i; chacl -o -u sys_person -g sys_proj -z sys_org data\$ )
X ( cd $i; chacl ugo=pwrx,z=I data\$ )
X fi
X if [ -f $i/device_numbers ]; then
X ( cd $i; chacl -u root -g staff -z none device_numbers )
X ( cd $i; $chmd 775 device_numbers )
X fi
X if [ -f $i/glb.e ]; then
X (cd $i; chown root.staff glb.e )
X (cd $i; $chmd 755 glb.e )
X fi
X if [ -f $i/glb.p ]; then
X (cd $i; chown root.staff glb.p )
X (cd $i; $chmd 755 glb.p )
X fi
X if [ -f $i/hint_file ]; then
X ( cd $i; chacl -o -u sys_person -g sys_proj -z sys_org hint_file )
X fi
X if [ -f $i/ipc_data ]; then
X ( cd $i; chacl -o -u user -g locksmith -z none ipc_data )
X ( cd $i; chacl -o ugo=prwx,z=I ipc_data )
X fi
X if [ -f $i/node_owners ]; then
X ( cd $i; chacl -u root -g staff -z none node_owners )
X ( cd $i; chacl u=pwrx,g=r,o=,z=I node_owners )
X fi
X if [ -f $i/null_hint_file ]; then
X ( cd $i; chacl -u none -g none -z none null_hint_file )
X ( cd $i; chacl ugz=I,o=pwrx null_hint_file )
X fi
X if [ -f $i/spm_control ]; then
X ( cd $i; chacl -u root -g staff -z none spm_control )
X ( cd $i; chacl ugo=pwrx,z=I spm_control )
X fi
X ( cd $i; $chmd 644 startup* )
X # cron
X $chmd 755 $i/cron
X ( cd $i/cron; chacl -S at at/past atjobs crontabs )
X ( cd $i/cron; chacl -o -u root -g staff -z none .proto README at.deny atjobs )
X ( cd $i/cron; chacl -o -u root -g staff -z none cron.deny crontab crontabs )
X ( cd $i/cron; chacl -o -u root -g staff -z none queuedefs at/past )
X ( cd $i/cron; chacl -o -u root -g staff -z none crontabs/root)
X ( cd $i/cron; chacl -u daemon -g daemon -z none at )
X ( cd $i/cron; $chmd 644 .proto README at.deny cron.deny crontab queuedefs )
X ( cd $i/cron; $chmd 644 at/lasttimedone crontabs/root )
X ( cd $i/cron; $chmd 755 at atjobs crontabs at/past )
X # dev: Should set perms here someday.
X # The following perms taken from SR10.1.p (SR10.1 uses none.none.none
X # with I, and other with prwx for the -df ACL's).
X chacl -o -u none -g none -z none $i/dev
X chacl -o ugz=I,o=pwrx $i/dev
X chacl -df ug=Ppwrx,z=PI,o=pwrx $i/dev
X ( cd $i/dev; $chmd 644 .mkdev )
X ( cd $i/dev; chown root.staff .mkdev crp* sio.spm )
X ( cd $i/dev; $chmd 666 crp* null )
X # dm_display
X if [ -d $i/dm_display ]; then
X chown -R $dfu.$dfg $i/dm_display
X $chmd 755 $i/dm_display
X $chmd 644 $i/dm_display/color_map*
X fi
X # etc
X ( cd $i/etc; chacl -oR -u root -g staff -z none . )
X ( cd $i/etc; chacl -S -R . )
X ( cd $i/etc; $chmd 644 * )
X ( cd $i/etc; $chmd 755 . daemons dm_display ncs xdm xinit )
X ( cd $i/etc; $chmd 777 utmp )
X ( cd $i/etc/daemons; $chmd 644 * )
X if [ -d $i/etc/dm_display ]; then
X chown -R $dfu.$dfg $i/etc/dm_display
X $chmd 644 $i/etc/dm_display/color_map*
X fi
X if [ -d $i/etc/xdm ]; then
X chown -R $dfu.$dfg $i/etc/xdm
X $chmd 755 $i/etc/xdm/*
X fi
X if [ -d $i/etc/xinit ]; then
X chown -R $dfu.$dfg $i/etc/xinit
X $chmd 755 $i/etc/xinit/.[a-zA-Z]* $i/etc/xinit/*
X fi
X # locks
X ( cd $i/locks; chacl -oR -u uucp -g daemon -z none . )
X ( cd $i/locks; chacl -B -R . )
X ( cd $i/locks; $chmd 775 . )
X # paste_buffers: I wonder if these perms can be tightened?
X if [ -d $i/paste_buffers ]; then
X ( cd $i; chacl -o -u sys_person -g locksmith -z sys_org paste_buffers )
X ( cd $i; chacl ugo=pwrx,z=I paste_buffers )
X ( cd $i; chacl -df ug=Ppwrx,z=PI,o=pwrx paste_buffers )
X ( cd $i/paste_buffers; chacl -o -u sys_person -g locksmith -z sys_org \
X all_group icon_group invis_group )
X ( cd $i/paste_buffers; chacl ugo=pwrx,z=I \
X all_group icon_group invis_group )
X fi
X # preserve: I wonder if these perms can be tightened?
X if [ -d $i/preserve ]; then
X ( cd $i; chacl -o -u $dfu -g $dfg -z $dfz preserve )
X ( cd $i; chacl -S preserve )
X ( cd $i; chacl -df ugo=pwrx preserve )
X fi
X # preserve.bsd4: I wonder if these perms can be tightened?
X if [ -d $i/preserve.bsd4 ]; then
X ( cd $i; chacl -o -u $dfu -g $dfg -z $dfz preserve.bsd4 )
X ( cd $i; chacl -S preserve.bsd4 )
X ( cd $i; chacl -df ugo=pwrx preserve.bsd4 )
X fi
X # preserve.sys5: I wonder if these perms can be tightened?
X if [ -d $i/preserve.sys5 ]; then
X ( cd $i; chacl -o -u $dfu -g $dfg -z $dfz preserve.sys5 )
X ( cd $i; chacl -S preserve.sys5 )
X ( cd $i; chacl -df ugo=pwrx preserve.sys5 )
X fi
X # proc_dir: I wonder if these perms can be tightened?
X ( cd $i; chacl -o -u root -g wheel -z none proc_dir )
X ( cd $i; chacl -S proc_dir )
X ( cd $i; chacl -odf ugo=pwrx,z=I proc_dir )
X # system_logs: I wonder if these perms can be tightened?
X ( cd $i; chacl -o -u root -g wheel -z none system_logs )
X ( cd $i; chacl -S system_logs )
X ( cd $i; chacl -odf ugo=pwrx,z=I system_logs )
X ( cd $i; chmod 644 system_logs/???acct )
X # systmp: I wonder if these perms can be tightened?
X ( cd $i; chacl -odf -u none -g none -z none systmp systmp/* )
X ( cd $i; chacl -odf ugz=I,o=pwrx systmp systmp/* )
X # tmp
X ( cd $i; chacl -o -u $dfu -g $dfg -z $dfz tmp )
X ( cd $i; $chmd 777 tmp )
X ( cd $i; chacl -S tmp )
X # usrtmp
X ( cd $i; chacl -o -u $dfu -g $dfg -z $dfz usrtmp )
X ( cd $i; $chmd 777 usrtmp )
X ( cd $i; chacl -S usrtmp )
X set -
done
X
Xexit 0
SHAR_EOF
chmod 0744 do_sys ||
echo 'restore of do_sys failed'
Wc_c="`wc -c < 'do_sys'`"
test 14042 -eq "$Wc_c" ||
echo 'do_sys: original size 14042, current size' "$Wc_c"
fi
# ============= do_sys5.3 ==============
if test -f 'do_sys5.3' -a X"$1" != X"-c"; then
echo 'x - skipping do_sys5.3 (File already exists)'
else
echo 'x - extracting do_sys5.3 (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_sys5.3' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# As with most of these protection scripts the permissions and ownership
# that are set on objects are those that existed as the software was
# installed except that some tightening of the permissions was done
# where I felt such tightening would produce no harm. If some ownerships
# look wrong (such as root.staff when most others are bin.bin within
# that directory), feel free to modify this script.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/06/20 STD Script created.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -S so that the former is set
# first, not last.
#
########################################################################
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
chmd=/sys5.3/bin/chmod # Use sys5.3 version of "chmod"
X
dfu=$default_owner
dfg=$default_group
dfz=$default_org
X
dir=$host/sys5.3
X
if [ -d $dir/bin ]; then
X set -x
X chacl -Rodf -u bin -g bin -z none $dir/bin
X chacl -S $dir/bin
X chacl -R u=prwx,go=rx $dir/bin
X ( cd $dir/bin; if [ -f login ]; then chown root.staff login; fi )
X ( cd $dir/bin; if [ -f login ]; then $chmd 4755 login; fi )
X ( cd $dir/bin; if [ -f mail ]; then chown bin.mail mail; fi )
X ( cd $dir/bin; if [ -f mail ]; then $chmd 2755 mail; fi )
X ( cd $dir/bin; if [ -f newgrp ]; then chown root.staff newgrp; fi )
X ( cd $dir/bin; if [ -f newgrp ]; then $chmd 4755 newgrp; fi )
X ( cd $dir/bin; if [ -f passwd ]; then chown root.staff passwd; fi )
X ( cd $dir/bin; if [ -f passwd ]; then $chmd 4755 passwd; fi )
X ( cd $dir/bin; if [ -f rmail ]; then chown bin.mail rmail; fi )
X ( cd $dir/bin; if [ -f rmail ]; then $chmd 2755 rmail; fi )
X ( cd $dir/bin; if [ -f start_csh ]; then chown root.staff start_csh; fi )
X ( cd $dir/bin; if [ -f start_ksh ]; then chown root.staff start_ksh; fi )
X ( cd $dir/bin; if [ -f start_rsh ]; then chown root.staff start_rsh; fi )
X ( cd $dir/bin; if [ -f start_sh ]; then chown root.staff start_sh; fi )
X ( cd $dir/bin; if [ -f su ]; then chown root.staff su; fi )
X ( cd $dir/bin; if [ -f su ]; then $chmd 4755 su; fi )
X set -
fi
X
if [ -d $dir/usr ]; then
X # Note: we set perms here for /sys5.3/usr and its first-level contents.
X # We could set perms recursively but I'll shy away from that.
X set -x
X chacl -S $dir/usr
X chacl -odf -u $dfu -g $dfg -z $dfz $dir/usr
X find $dir/usr \( -type f -o -type d \) \
X -exec chacl -odf -u $dfu -g $dfg -z $dfz {} \;
X $chmd 755 $dir/usr
X set -
fi
X
if [ -d $dir/usr/bin ]; then
X set -x
X chacl -odf -u $dfu -g $dfg -z $dfz $dir/usr/bin
X find $dir/usr/bin \( -type f -o -type d \) \
X -exec chacl -odf -u bin -g bin -z none {} \;
X chacl -R -S $dir/usr/bin
X chacl -R u=prwx,go=rx $dir/usr/bin
X ( cd $dir/usr/bin; chown bin.mail mailx )
X ( cd $dir/usr/bin; chown lp.bin disable enable lp lpstat )
X ( cd $dir/usr/bin; chown root.staff at chfn chrtbl chsh crontab graf )
X ( cd $dir/usr/bin; chown root.staff mailq newaliases rmail )
X ( cd $dir/usr/bin; chown uucp.daemon cu uucp uudecode uuencode uulog )
X ( cd $dir/usr/bin; chown uucp.daemon uuname uupick uustat uuto uux )
X ( cd $dir/usr/bin; $chmd 2755 mailx )
X ( cd $dir/usr/bin; $chmd 4711 cu uucp uuname uustat uux )
X ( cd $dir/usr/bin; $chmd 4555 uudecode uuencode uulog uupick uuto )
X ( cd $dir/usr/bin; $chmd 4755 at cancel chfn chrtbl chsh crontab )
X ( cd $dir/usr/bin; $chmd 4755 disable enable lp lpstat )
X ( cd $dir/usr/bin; if [ -f X11 ]; then chown root.staff X11; fi )
X ( cd $dir/usr/bin; if [ -f ccxlate ]; then chown root.staff ccxlate; fi )
X ( cd $dir/usr/bin; if [ -f cfxx ]; then chown root.staff cfxx; fi )
X ( cd $dir/usr/bin; if [ -f gcpp ]; then chown root.staff gcpp; fi )
X ( cd $dir/usr/bin; if [ -f mxx ]; then chown root.staff mxx; fi )
X set -
fi
X
if [ -d $dir/usr/catman ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/usr/catman
X chacl -R -S $dir/usr/catman
X chacl -R u=pwrx,g=rx,z=I,o=rx $dir/usr/catman
X find $dir/usr/catman -type f -exec $chmd 644 {} \;
X set -
fi
X
if [ -d $dir/usr/include ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/usr/include
X chacl -R -S $dir/usr/include
X chacl -R u=pwrx,g=rx,z=I,o=rx $dir/usr/include
X find $dir/usr/include -type f -exec $chmd 644 {} \;
X set -
fi
X
if [ -d $dir/usr/lib ]; then
X set -x
X chacl -R -u bin -g bin -z none $dir/usr/lib
X chacl -R -S $dir/usr/lib
X chacl -R u=prwx,go=rx $dir/usr/lib
X set -
X file_list=""
X for file in aliases arpaproto.cf libnsl_s lib* llib* sendmail.cf \
X sendmail.hf sendmail.st unittab uucpproto.cf
X do
X if [ -f "$dir/usr/lib/$file" ]; then
X file_list="$file_list $file"
X fi
X done
X if [ -n "$file_list" ]; then
X set -x
X ( cd $dir/usr/lib; $chmd 644 $file_list )
X set -
X fi
X set -x
X ( cd $dir/usr/lib; chown bin.mail mailx/rmmail )
X ( cd $dir/usr/lib; chown lp.bin accept lpadmin lpfilter lpfx lpmove lpsched )
X ( cd $dir/usr/lib; chown lp.bin lpshut reject )
X ( cd $dir/usr/lib; chown root.staff cpp expreserve exrecover )
X ( cd $dir/usr/lib; chown root.staff isp_m68k mv_dir sendmail )
X ( cd $dir/usr/lib; chacl -R u=prwx,go=rx help/lib )
X ( cd $dir/usr/lib; $chmd 2755 mailx/rmmail )
X ( cd $dir/usr/lib; $chmd 4755 accept expreserve exrecover lpadmin lpmove )
X ( cd $dir/usr/lib; $chmd 4755 lpsched lpshut mv_dir reject sendmail )
X ( cd $dir/usr/lib; if [ -d isp_a88k ]; then chown root.staff isp_a88k; fi )
X ( cd $dir/usr/lib/cftime; $chmd 644 * )
X ( cd $dir/usr/lib/chrclass; $chmd 644 * )
X ( cd $dir/usr/lib/ctrace; $chmd 644 * )
X ( cd $dir/usr/lib/help; $chmd 644 * )
X ( cd $dir/usr/lib/mailx; $chmd 644 mailx.help* )
X ( cd $dir/usr/lib/spell; $chmd 644 hlista hlistb hstop spellhist )
X ( cd $dir/usr/lib/tabset; $chmd 644 * )
X find $dir/usr/lib/terminfo -type f -exec $chmd 644 {} \;
X find $dir/usr/lib/terminfo.local -type f -exec $chmd 644 {} \;
X set -
fi
X
Xexit 0
SHAR_EOF
chmod 0744 do_sys5.3 ||
echo 'restore of do_sys5.3 failed'
Wc_c="`wc -c < 'do_sys5.3'`"
test 6508 -eq "$Wc_c" ||
echo 'do_sys5.3: original size 6508, current size' "$Wc_c"
fi
# ============= do_sys_sw ==============
if test -f 'do_sys_sw' -a X"$1" != X"-c"; then
echo 'x - skipping do_sys_sw (File already exists)'
else
echo 'x - extracting do_sys_sw (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_sys_sw' &&
#!/bin/sh
#
# This script sets the acl on the // directory and the / directory of
# the specified host using the specified owner. Also, the script sets
# the acls on files and directories contained in the root directory of
# the specified host. The script will also call other scripts to set
# the acls further down the tree as necessary.
#
# To set permissions (as opposed to owners, groups, organizations),
# either the chacl command or the chmod command can be used. The chacl
# command will leave any extended rights untouched. The chmod command,
# in contrast, (1) sets the extended rights mask to be the same as the
# the "other" (or "world") rights, (2) removes any p and k rights from
# group and other entries, (3) removes any k rights from the user entry,
# and (4) marks the organization entry "ignored". This applies to the
# use of the chmod command to set "absolute" rights--using the chmod
# command to add or remove specific rights has a slightly different
# effect.
#
# Because of the different actions of the chacl command versus the
# chmod command, some sites may have a preference for one or the
# other when setting permissions. These protection scripts can
# be modified to use the appropriate command if desired.
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/05/10 STD Script created.
# 1989/07/05 STD Added support for third incoming argument that specifies
# whether to set permissions on the authorized area.
# 1989/11/29 MRP Changed root level perms from 775 to 755.
# Added /.mailrc and /.msgrc files.
# Deactivated chacl -B on /install and /sys.
# Added 4755 perms to sigp and xsubs in /com.
# 1989/12/04 MRP Set owner.group inheritance on // and /.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1990/07/26 MRP Changed permissions on /install to 750.
#
########################################################################
X
host=$1
default_owner=$2
do_aa=$3
default_group="staff"
default_org="none"
X
chmd=/bsd4.3/bin/chmod
X
# If /install exists, set its permissions first so that, should there
# be hard links into the authorized area, later permission setting
# will override the permissions we are now applying to /install.
#
if [ -d $dir/install ]; then
X echo ""
X echo "** Protection of /install on: $host"
X set -x
# chacl -B $dir/install
X chacl -u $default_owner -g $default_group -z $default_org $dir/install
X $chmd 750 $dir/install
X set -
X ./do_install $host $default_owner $do_aa
fi
X
echo ""
echo "** Protection of // on: $host"
set -x
chacl -B $host/..
chacl -odf -u $default_owner -g $default_group -z $default_org $host/..
$chmd 755 $host/..
set -
X
echo ""
echo "** Protection of / on: $host"
X
set -x
chacl -B $host
chacl -odf -u $default_owner -g $default_group -z $default_org $host
$chmd 755 $host
set -
X
echo ""
echo "**"
echo "** Protection of files in / on: $host"
echo "**"
X
dir=$host
X
if [ -f $dir/.cshrc ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.cshrc
X $chmd 744 $dir/.cshrc
X set -
fi
X
if [ -f $dir/.logout ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.logout
X $chmd 744 $dir/.logout
X set -
fi
X
if [ -f $dir/.login ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.login
X $chmd 744 $dir/.login
X set -
fi
X
if [ -f $dir/.mailrc ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.mailrc
X $chmd 644 $dir/.mailrc
X set -
fi
X
if [ -f $dir/.msgrc ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.msgrc
X $chmd 644 $dir/.msgrc
X set -
fi
X
if [ -f $dir/.profile ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/.profile
X $chmd 744 $dir/.profile
X set -
fi
X
# The "load_history" file seems to exist only on DN10000 nodes.
if [ -f $dir/load_history ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/load_history
X $chmd 644 $dir/load_history
X set -
fi
X
if [ -f $dir/lost+found.list ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/lost+found.list
X $chmd 644 $dir/lost+found.list
X set -
fi
X
if [ -f $dir/sysboot ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $dir/sysboot
X $chmd 755 $dir/sysboot
X set -
fi
X
echo ""
echo "**"
echo "** Protection of links in / on: $host"
echo "**"
X
for root_link in $dir/*
do
X if [ -L $root_link ]; then
X set -x
X chacl -u $default_owner -g $default_group -z $default_org $root_link
X set -
X fi
done
X
echo ""
echo "**"
echo "** Protection of directories in / on: $host"
echo "**"
X
if [ -d $dir/bscom ]; then
X echo ""
X echo "** Protection of /bscom on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/bscom
X chacl -B $dir/bscom
X $chmd -R 755 $dir/bscom
X set -
fi
X
if [ -d $dir/bsd4.3 ]; then
X echo ""
X echo "** Protection of /bsd4.3 on: $host"
X set -x
X chacl -B $dir/bsd4.3
X chacl -u $default_owner -g $default_group -z $default_org $dir/bsd4.3
X $chmd 755 $dir/bsd4.3
X set -
X ./do_bsd4.3 $host $default_owner
fi
X
if [ -d $dir/com ]; then
X echo ""
X echo "** Protection of /com on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/com
X chacl -B $dir/com
X $chmd -R 755 $dir/com
X ( cd $dir/com; $chmd 750 ctnode uctnode )
X ( cd $dir/com; $chmd 4755 sigp xsubs )
X set -
fi
X
if [ -d $dir/domain_examples ]; then
X echo ""
X echo "** Protection of /domain_examples on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org \
X $dir/domain_examples
X chacl -R -B $dir/domain_examples
X $chmd -R 755 $dir/domain_examples
X set -
fi
X
if [ -d $dir/etc ]; then
X echo ""
X echo "** Protection of /etc on: $host"
X set -x
X chacl -B $dir/etc
X chacl -u $default_owner -g $default_group -z $default_org $dir/etc
X $chmd 755 $dir/etc
X set -
X ./do_etc $host $default_owner
fi
X
if [ -d $dir/lib ]; then
X echo ""
X echo "** Protection of /lib on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/lib
X chacl -R -B $dir/lib
X $chmd -R 755 $dir/lib
X set -
fi
X
# o gets no permissions since we don't know what acls will exist on
# contents of lost+found. Alternative would be to set initial acls
# on lost+found so that contents are protected--then o could have read perms.
if [ -d $dir/lost+found ]; then
X echo ""
X echo "** Protection of /lost+found on: $host"
X set -x
X chacl -B $dir/lost+found
X chacl -u $default_owner -g $default_group -z $default_org $dir/lost+found
X $chmd 755 $dir/lost+found
X set -
fi
X
# o can be granted no perms if desired.
for sau_dir in sau2 sau3 sau4 sau5 sau6 sau7 sau8 sau9 sau10
do
X if [ -d $dir/$sau_dir ]; then
X echo ""
X echo "** Protection of /$sau_dir on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/$sau_dir
X chacl -R -B $dir/$sau_dir
X $chmd -R 750 $dir/$sau_dir
X set -
X if [ -d $dir/$sau_dir/help ]; then
X set -x
X find $dir/$sau_dir/help -type f -exec $chmd 644 {} \;
X fi
X set -
X fi
done
X
if [ -d $dir/sau_sys ]; then
X echo ""
X echo "** Protection of /sau_sys on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/sau_sys
X chacl -R -B $dir/sau_sys
X $chmd -R 750 $dir/sau_sys
X set -
X if [ -d $dir/sau_sys/help ]; then
X set -x
X ( cd $dir/sau_sys/help; $chmd ugo-x *.hlp )
X fi
X set -
fi
X
if [ -d $dir/sr9.7_compatibility ]; then
X echo ""
X echo "** Protection of /sr9.7_compatibility on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org \
X $dir/sr9.7_compatibility
X chacl -R -B $dir/sr9.7_compatibility
X $chmd -R 755 $dir/sr9.7_compatibility
X set -
fi
X
if [ -d $dir/sys ]; then
X echo ""
X echo "** Protection of /sys on: $host"
X set -x
# chacl -B $dir/sys
X chacl -u $default_owner -g $default_group -z $default_org $dir/sys
X $chmd 755 $dir/sys
X set -
X ./do_sys $host $default_owner
fi
X
if [ -d $dir/sys5.3 ]; then
X echo ""
X echo "** Protection of /sys5.3 on: $host"
X set -x
X chacl -S $dir/sys5.3
X chacl -u $default_owner -g $default_group -z $default_org $dir/sys5.3
X $chmd 755 $dir/sys5.3
X set -
X ./do_sys5.3 $host $default_owner
fi
X
if [ -d $dir/systest ]; then
X echo ""
X echo "** Protection of /systest on: $host"
X set -x
X chacl -B $dir/systest
X chacl -u $default_owner -g $default_group -z $default_org $dir/systest
X $chmd 755 $dir/systest
X set -
X ./do_systest $host $default_owner
fi
X
if [ -d $dir/user_data ]; then
X echo ""
X echo "** Protection of /user_data on: $host"
X set -x
X chacl -R -u $default_owner -g $default_group -z $default_org $dir/user_data
X chacl -R -B $dir/user_data
X $chmd -R 750 $dir/user_data
X set -
fi
X
if [ -d $dir/usr ]; then
X echo ""
X echo "** Protection of /usr on: $host"
X set -x
X chacl -B $dir/usr
X chacl -u $default_owner -g $default_group -z $default_org $dir/usr
X $chmd 755 $dir/usr
X set -
X ./do_usr $host $default_owner
fi
X
Xexit 0
SHAR_EOF
chmod 0744 do_sys_sw ||
echo 'restore of do_sys_sw failed'
Wc_c="`wc -c < 'do_sys_sw'`"
test 9653 -eq "$Wc_c" ||
echo 'do_sys_sw: original size 9653, current size' "$Wc_c"
fi
# ============= do_systest ==============
if test -f 'do_systest' -a X"$1" != X"-c"; then
echo 'x - skipping do_systest (File already exists)'
else
echo 'x - extracting do_systest (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_systest' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/06/20 STD Script created.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
#
########################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
dir=$host/systest
X
set -x
chacl -R -u $default_owner -g $default_group -z $default_org $dir
chacl -R -B $dir
chacl -R u=prwx,go=rx $dir
( cd $dir/com; chacl u=prwx,g=rx,o= ctnode )
set -
X
Xexit 0
SHAR_EOF
chmod 0744 do_systest ||
echo 'restore of do_systest failed'
Wc_c="`wc -c < 'do_systest'`"
test 1165 -eq "$Wc_c" ||
echo 'do_systest: original size 1165, current size' "$Wc_c"
fi
# ============= do_usr ==============
if test -f 'do_usr' -a X"$1" != X"-c"; then
echo 'x - skipping do_usr (File already exists)'
else
echo 'x - extracting do_usr (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'do_usr' &&
#!/bin/sh
#
# Note that system software, as shipped, has no extended entries in
# acls and so the difference between chmod and chacl becomes mostly
# irrelevant.
#
# Note: This script has not been checked for its effect when the
# default owner is not "root". Some things may break.
#
# This script was based on ideas embodied in scripts originally written
# by
#
# Jean-Claude Nadeau (Universite de Montreal)
# Debbie Voth (Apollo Computer inc.)
# Mike Peterson (University of Toronto)
#
#
# AUTHORS
#
# Scott T. Darlington University of Waterloo
#
#
# MODIFICATIONS
#
# 1989/06/20 STD Script created.
# 1989/11/28 MRP Changed chown on /usr/spool/mail to not be
# recursive, and added /usr/spool/mail/:saved perms.
# Changed group for /usr/spool/mqueue/biff_users
# from none to staff.
# Changed chown on /usr/spool/rwho to not be
# recursive.
# Added 4755 perms to /usr/apollo/bin/tb.
# 1989/12/04 MRP Reversed order of recursive chacl's to set
# owner.group.org and -B so that the former is set
# first, not last.
# 1989/12/05 MRP Changed 775 perms to 755 on /usr/adm.
# Changed find /usr/spool/lpd/*/errs to log.
# Added find /usr/new/lib/bmac to set 644 perms.
# Changed perm setting to be done by subdirectory,
# so that /usr/local can be omitted.
# Changed perms on /usr/games/lib/cfscores to 666.
# 1989/12/06 MRP Modified /usr/spool/mail perms.
# 1990/04/16 MRP Added chmod 4755 for /usr/apollo/bin/login.
# 1990/04/16 MRP Added /usr/X11 protections.
# 1990/05/10 MRP Changed permissions on /usr/spool/mail to 775,
# changed initial file permissions so other has no
# permission to read files, and added chgrp to mail
# and chmod 660 for all files in /usr/spool/mail.
# 1990/06/02 MRP Changed permissions on /usr/spool/news to 775,
# and all subdirectories to 775 and files to 664.
# The owner.group is set to news.news if they exist.
# 1991/01/11 MRP Changed permissions on /usr/lib.uucp/{Dialcodes,
# Permissions,Systems} to 400. Changed permissions on
# /usr/lib.uucp/{uucico,uusched,uuxqt} to 4511.
# 1991/01/24 MRP Changed permissions on /usr/spool/uucp and
# /usr/spool/uucppublic directory trees.
# 1991/01/31 MRP Removed recursive chacl/chmod on /usr/spool.
# Added /usr/spool/batch directory permissions.
# Added directory search to /usr/spool/lp and
# /usr/spool/lpd. Changed /usr/spool/rwho to group
# daemon. Removed permission changes on files in
# /usr/spool/uucppublic.
# 1991/02/14 MRP Added chmod 755 for binaries in
# /usr/X11/examples/motif/bin.
#
########################################################################
X
host=$1
default_owner=$2
default_group="staff"
default_org="none"
X
dfu=$default_owner
dfg=$default_group
dfz=$default_org
X
chmd=/bsd4.3/bin/chmod
dir=$host/usr
X
if [ -d $dir/X11 ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/X11
X chacl -R -B $dir/X11
X find $dir/X11 -type d -exec $chmd 755 {} \;
X find $dir/X11 -type f -exec $chmd 644 {} \;
X (cd $dir/X11/bin; $chmd 755 * )
X (cd $dir/X11/bin; $chmd 4755 xterm )
X (cd $dir/X11/examples/motif/bin; $chmd 755 motifgif motifshell pict wid* xm* )
X (cd $dir/X11/lib; $chmd 755 lib*.a isp_*/lib*.a )
X set -
fi
X
if [ -d $dir/apollo ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/apollo
X chacl -R -B $dir/apollo
X $chmd -R 755 $dir/apollo
X (cd $dir/apollo/bin; $chmd 750 crddf crty crtyobj dlty intm inty )
X (cd $dir/apollo/bin; $chmd 4755 login tb )
X if [ -d $dir/apollo/include ]; then
X find $dir/apollo/include -type f -exec $chmd 644 {} \;
X fi
X find $dir/apollo/man -type f -exec $chmd 644 {} \;
X set -
fi
X
if [ -d $dir/games ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/games
X chacl -R -B $dir/games
X $chmd -R 755 $dir/games
X (cd $dir/games; chown daemon.staff fortune robots sail snake )
X (cd $dir/games; chown daemon.daemon snscore )
X (cd $dir/games; $chmd 4755 fortune robots sail snake )
X (cd $dir/games/lib; chown daemon.daemon fortunes.dat robots_roll )
X (cd $dir/games/lib; chown daemon.daemon snakerawscores )
X (cd $dir/games/lib; $chmd 600 fortunes.dat )
X (cd $dir/games/lib; $chmd 644 bogdict btlfortunes btlgammon.rules cards.pck )
X (cd $dir/games/lib; $chmd 644 crib.instr robots_roll snakerawscores )
X (cd $dir/games/lib; $chmd 644 w2006 ching.d/* )
X (cd $dir/games/lib; $chmd 666 cfscores )
X (cd $dir/games/lib; $chmd 755 hunt.driver mmhow )
X set -
fi
X
if [ -d $dir/lib.uucp ]; then
X set -x
X chown -R uucp.daemon $dir/lib.uucp
X chacl -R -B $dir/lib.uucp
X $chmd -R 755 $dir/lib.uucp
X # I'd like to remove read permission for other if possible.
X (cd $dir/lib.uucp; $chmd 110 uucheck uucleanup uucpd )
X (cd $dir/lib.uucp; $chmd 444 Devconfig Devices Dialers )
X (cd $dir/lib.uucp; $chmd 444 Maxuuscheds Maxuuxqts Sysfiles )
X (cd $dir/lib.uucp; $chmd 555 SetUp Uutry remote.unknown uudemon.admin )
X (cd $dir/lib.uucp; $chmd 555 uudemon.cleanup uudemon.hour uudemon.poll )
X (cd $dir/lib.uucp; $chmd 400 Dialcodes Permissions Systems )
X (cd $dir/lib.uucp; $chmd 644 Poll )
X (cd $dir/lib.uucp; $chmd 4511 uucico uusched uuxqt )
X set -
fi
X
if [ -d $dir/new ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/new
X chacl -R -B $dir/new
X $chmd -R 755 $dir/new
X (cd $dir/new/lib; $chmd 644 *.Makefile )
X find $dir/new/lib/bmac -type f -exec $chmd 644 {} \;
X find $dir/new/mann -type f -exec $chmd 644 {} \;
X set -
fi
X
if [ -d $dir/pub ]; then
X set -x
X chacl -R -u $dfu -g $dfg -z $dfz $dir/pub
X chacl -R -B $dir/pub
X $chmd -R 755 $dir/pub
X (cd $dir/pub; $chmd 644 ascii compose eqnchar latin1 )
X set -
fi
X
if [ -d $dir/spool ]; then
X
X set -x
X chacl -u $dfu -g $dfg -z $dfz $dir/spool $dir/spool/*
X chacl -B $dir/spool $dir/spool/*
X $chmd 755 $dir/spool $dir/spool/*
X set -
X
X if [ -d $dir/spool/batch ]
X then
X set -x
X chown -R $dfu.$dfg $dir/spool/batch
X chacl -R -B $dir/spool/batch
X find $dir/spool/batch -type d -exec chmod 755 {} \;
X find $dir/spool/batch -type f -exec chmod 644 {} \;
X set -
X fi
X
X if [ -d $dir/spool/lp ]
X then
X set -x
X chown -R lp.bin $dir/spool/lp
X chacl -R -B $dir/spool/lp
X find $dir/spool/lp -type d -exec chmod 755 {} \;
X ( cd $dir/spool/lp; $chmd 644 pstatus qstatus )
X ( cd $dir/spool/lp/model; $chmd 644 * )
X set -
X fi
X
X if [ -d $dir/spool/lpd ]
X then
X set -x
X chown -R daemon.daemon $dir/spool/lpd
X chacl -R -B $dir/spool/lpd
X find $dir/spool/lpd -type d -exec chmod 755 {} \;
X find $dir/spool/lpd -name .seq -exec $chmd 641 {} \;
X find $dir/spool/lpd -name lock -exec $chmd 644 {} \;
X find $dir/spool/lpd -name log -exec $chmd 644 {} \;
X find $dir/spool/lpd -name status -exec $chmd 664 {} \;
X set -
X fi
X
X if [ -f $dir/spool/lpd.lock ]
X then
X set -x
X chacl -u $dfu -g $dfg -z $dfz $dir/spool/lpd.lock
X $chmd 644 $dir/spool/lpd.lock;
X set -
X fi
X
X if [ ! -L $dir/spool/mail ]
X then
X set -x
X chacl -odf -u bin -g mail -z none $dir/spool/mail
X chacl -o u=prwx,g=rwx,z=I,o=rx $dir/spool/mail
X chacl -d ug=PU,z=I,o=U $dir/spool/mail
X chacl -f ug=PU,z=I,o= $dir/spool/mail
X chgrp mail $dir/spool/mail/*
X $chmd 660 $dir/spool/mail/*
X chown bin.mail $dir/spool/mail/:saved
X $chmd 775 $dir/spool/mail/:saved
X set -
X fi
X
X if [ -d $dir/spool/mqueue ]
X then
X set -x
X chown -R daemon.daemon $dir/spool/mqueue
X chacl -R -B $dir/spool/mqueue
X $chmd 775 $dir/spool/mqueue
X set -
X if [ -f $dir/spool/mqueue/biff_users ]
X then
X set -x
X chown daemon.staff $dir/spool/mqueue/biff_users
X $chmd 644 $dir/spool/mqueue/biff_users
X set -
X fi
X fi
X
X if [ -d $dir/spool/news ]
X then
X i=`grep '^news:' /etc/passwd`
X if [ $? = 0 ]; then
X newsuser=news
X else
X newsuser=daemon
X fi
X i=`grep '^news:' /etc/group`
X if [ $? = 0 ]; then
X newsgroup=news
X else
X newsgroup=daemon
X fi
X set -x
X if [ ! -L $dir/spool/news ]; then
X chown -R $newsuser.$newsgroup $dir/spool/news
X chacl -R -B $dir/spool/news
X find $dir/spool/news -type d -exec chmod 775 {} \;
X find $dir/spool/news -type f -exec chmod 664 {} \;
X else
X chown $newsuser.$newsgroup $dir/spool/news
X chacl -B $dir/spool/news
X fi
X set -
X fi
X
X if [ -d $dir/spool/rwho ]
X then
X set -x
X chacl -R -u $dfu -g daemon -z $dfz $dir/spool/rwho
X chown uucp.daemon $dir/spool/rwho
X chgrp daemon $dir/spool/rwho/*
X $chmd 644 $dir/spool/rwho/*
X set -
X fi
X
X if [ -d $dir/spool/uucp ]
X then
X set -x
X chown -R uucp.daemon $dir/spool/uucp
X chacl -R -S $dir/spool/uucp
X find $dir/spool/uucp -type d -exec $chmd 755 {} \;
X find $dir/spool/uucp -type f -exec $chmd 644 {} \;
X $chmd 755 $dir/spool/uucp
X set -
X fi
X
X if [ -d $dir/spool/uucppublic ]
X then
X set -x
X chown -R uucp.daemon $dir/spool/uucppublic
X chacl -R -S $dir/spool/uucppublic
X $chmd 777 $dir/spool/uucppublic
X set -
X fi
fi
X
Xexit 0
SHAR_EOF
chmod 0744 do_usr ||
echo 'restore of do_usr failed'
Wc_c="`wc -c < 'do_usr'`"
test 9435 -eq "$Wc_c" ||
echo 'do_usr: original size 9435, current size' "$Wc_c"
fi
# ============= find_setuid ==============
if test -f 'find_setuid' -a X"$1" != X"-c"; then
echo 'x - skipping find_setuid (File already exists)'
else
echo 'x - extracting find_setuid (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'find_setuid' &&
#! /bin/sh
#
# Check all user files/directories for setuid/setgid permissions on
# files/directories.
#
setuidlist=/tmp/setuidlist
/bin/rm -f $setuidlist
/usr/bin/find / \( -perm -4000 -o -perm -2000 \) \
X -xdev -exec /bin/ls -lgd {} \; >$setuidlist
SHAR_EOF
chmod 0744 find_setuid ||
echo 'restore of find_setuid failed'
Wc_c="`wc -c < 'find_setuid'`"
test 250 -eq "$Wc_c" ||
echo 'find_setuid: original size 250, current size' "$Wc_c"
fi
exit 0
--
Mike Peterson, System Administrator, U/Toronto Department of Chemistry
E-mail: system@alchemy.chem.utoronto.ca
Tel: (416) 978-7094 Fax: (416) 978-8775