deraadt@cpsc.ucalgary.ca (Theo de Raadt) (05/26/91)
Archive-name: internet/authorization/permissions/1991-05-24
Archive: cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z [136.159.2.1]
Original-posting-by: deraadt@cpsc.ucalgary.ca (Theo de Raadt)
Original-subject: Permissions library
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)
The permissions library and other sources I posted to alt.sources on Wednesday
is also available for anonymous FTP. Find it at,
cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z
(aliases: fsa.cpsc.ucalgary.ca, 136.159.2.1, 136.159.3.1)
Here is the readme:
DESCRIPTION:
In a basic BSD environemt only three utilities let people onto a machine:
login, rshd, and ftpd.
These three programs are modified to check a YP map called 'permissions'
which determines whether a person is allowed to login.
Control over login is given based on four parameters: hostname, ttyname,
login, and groups.
The permissions library routines have been tested on suns, iris, and mips
boxes. The problem is not so much that permissions might be nonportable,
but rather that source for login is unavailable on the other machines I
have access to. Writing a workalike login for a system V box is nontrivial.
permtest, rshd and ftpd have been tested to work though, with minor hacks.
On a BSD-like box, permissions should be trivial to install.
Perhaps someone who has written a free system V login could send it to
me. I'd love to support more architectures/operating systems.
The permissions library can be used for other purposes too. We also use it
for printer access. Someone suggested doing device access like dialin/dailout
and tape drives through it.
INSTALLATION:
1. Building permissions:
# make
2. Build a permissions map for your network and install it into YP.
See your systems manuals for the correct way to install a YP map
in your system. Here's what we use in /var/yp/Makefile,
permissions.time: $(DIR)/permissions
@(sed -e "/^#/d" -e s/#.*$$// $(DIR)/permissions $(CHKPIPE)) | \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/permissions;
@touch permissions.time;
@echo "updated permissions";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) permissions; fi
@if [ ! $(NOPUSH) ]; then echo "pushed permissions"; fi
To install the map, on sunos4.1, I would use the following:
# touch /etc/permissions
# ypmake NOPUSH=1 permissions
# foreach i ( `ypcat ypservers` )
> rsh $i /usr/etc/yp/ypxfr -h `hostname` permissions
> end
#
5. Test the permissions database with permtest. For example,
# permtest -v deraadt ttyh0 fsa
8 groups: staff wheel daemon kmem bin oldstaff telnet cdrom
user deraadt permitted on fsa:ttyh0
4. Now install the three remaining parts.
login/login -> /bin/login
in.ftpd/in.ftpd -> /usr/etc/in.ftpd
in.rshd/in.rshd -> /usr/etc/in.rshd
Be sure to save copies of your old utilities.
Remember, on most systems, login is setuid root.
One request. Please clear all changes to this through me. I would be very
unhappy to see five different incompatible versions of this in use.
Enjoy.
- --
SunOS 4.0.3: /usr/include/vm/as.h, Line 44 | Theo de Raadt
SunOS 4.1.1: /usr/include/vm/as.h, Line 49 | deraadt@cpsc.ucalgary.ca
Is it a typo? Should the '_' be an 's'?? :-) | deraadt@cpsc.ucalgary.ca
------- End of Forwarded Message
-- comp.archives file verification
cpsc.ucalgary.ca
-rw-r--r-- 1 0 1 53983 May 23 22:49 /pub/deraadt/permissions.tar.Z
found permissions ok
cpsc.ucalgary.ca:/pub/deraadt/permissions.tar.Z