deraadt@cpsc.ucalgary.ca (Theo de Raadt) (05/26/91)
Archive-name: internet/authorization/permissions/1991-05-24 Archive: cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z [136.159.2.1] Original-posting-by: deraadt@cpsc.ucalgary.ca (Theo de Raadt) Original-subject: Permissions library Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) The permissions library and other sources I posted to alt.sources on Wednesday is also available for anonymous FTP. Find it at, cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z (aliases: fsa.cpsc.ucalgary.ca, 136.159.2.1, 136.159.3.1) Here is the readme: DESCRIPTION: In a basic BSD environemt only three utilities let people onto a machine: login, rshd, and ftpd. These three programs are modified to check a YP map called 'permissions' which determines whether a person is allowed to login. Control over login is given based on four parameters: hostname, ttyname, login, and groups. The permissions library routines have been tested on suns, iris, and mips boxes. The problem is not so much that permissions might be nonportable, but rather that source for login is unavailable on the other machines I have access to. Writing a workalike login for a system V box is nontrivial. permtest, rshd and ftpd have been tested to work though, with minor hacks. On a BSD-like box, permissions should be trivial to install. Perhaps someone who has written a free system V login could send it to me. I'd love to support more architectures/operating systems. The permissions library can be used for other purposes too. We also use it for printer access. Someone suggested doing device access like dialin/dailout and tape drives through it. INSTALLATION: 1. Building permissions: # make 2. Build a permissions map for your network and install it into YP. See your systems manuals for the correct way to install a YP map in your system. Here's what we use in /var/yp/Makefile, permissions.time: $(DIR)/permissions @(sed -e "/^#/d" -e s/#.*$$// $(DIR)/permissions $(CHKPIPE)) | \ $(MAKEDBM) - $(YPDBDIR)/$(DOM)/permissions; @touch permissions.time; @echo "updated permissions"; @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) permissions; fi @if [ ! $(NOPUSH) ]; then echo "pushed permissions"; fi To install the map, on sunos4.1, I would use the following: # touch /etc/permissions # ypmake NOPUSH=1 permissions # foreach i ( `ypcat ypservers` ) > rsh $i /usr/etc/yp/ypxfr -h `hostname` permissions > end # 5. Test the permissions database with permtest. For example, # permtest -v deraadt ttyh0 fsa 8 groups: staff wheel daemon kmem bin oldstaff telnet cdrom user deraadt permitted on fsa:ttyh0 4. Now install the three remaining parts. login/login -> /bin/login in.ftpd/in.ftpd -> /usr/etc/in.ftpd in.rshd/in.rshd -> /usr/etc/in.rshd Be sure to save copies of your old utilities. Remember, on most systems, login is setuid root. One request. Please clear all changes to this through me. I would be very unhappy to see five different incompatible versions of this in use. Enjoy. - -- SunOS 4.0.3: /usr/include/vm/as.h, Line 44 | Theo de Raadt SunOS 4.1.1: /usr/include/vm/as.h, Line 49 | deraadt@cpsc.ucalgary.ca Is it a typo? Should the '_' be an 's'?? :-) | deraadt@cpsc.ucalgary.ca ------- End of Forwarded Message -- comp.archives file verification cpsc.ucalgary.ca -rw-r--r-- 1 0 1 53983 May 23 22:49 /pub/deraadt/permissions.tar.Z found permissions ok cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z