* shell based replacement for genhomedircon
@ 2005-04-03 18:10 Andreas Steinmetz
2005-04-04 15:19 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Andreas Steinmetz @ 2005-04-03 18:10 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 244 bytes --]
Attached is a shell based replacement for genhomedircon that seems to
work properly, at least for me. Not everybody installs python on servers
just for a single script.
--
Andreas Steinmetz SPAMmers use robotrap@domdv.de
[-- Attachment #2: genhomedircon --]
[-- Type: text/plain, Size: 3362 bytes --]
#!/bin/sh
usage()
{
echo "Usage: $1 [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]"
exit 1
}
homelist()
{
minuid="$1"
bdir="$2"
type="$3"
cfile="$bdir/$type/contexts/files/file_contexts"
IFS=":"
while [ 1 ]
do
read user pw uid gid info dir shell || return 0
[ $uid -lt $minuid ] && continue
[ "$shell" = "/bin/false" ] && continue
[ "$shell" = "/sbin/nologin" ] && continue
[ "${dir:0:1}" != "/" ] && continue
[ "$dir" = "/" ] && continue
[ `echo "$dir" | sed 's#/#\\
#g' | grep -c .` -lt 2 ] && continue
[ ! -d "$dir" ] && continue
egrep -q '^$dir[^[:alnum:]_-]' "$cfile" 2> /dev/null
if [ $? = 0 ]
then
(
echo "$dir is already defined in $cfile,"
echo "genhomedircon will not create a new context."
) 1>&2
else
echo "$user $dir"
fi
done
}
rootlist()
{
bdir="$1"
type="$2"
cfile="$bdir/$type/contexts/files/file_contexts"
IFS=":"
while [ 1 ]
do
read user pw uid gid info dir shell || return 0
[ "$user" != "root" ] && continue
[ "$shell" = "/bin/false" ] && continue
[ "$shell" = "/sbin/nologin" ] && continue
[ "${dir:0:1}" != "/" ] && continue
[ ! -d "$dir" ] && continue
egrep -q '^$dir[^[:alnum:]_-]' "$cfile" 2> /dev/null
if [ $? = 0 ]
then
(
echo "$dir is already defined in $cfile,"
echo "genhomedircon will not create a new context."
) 1>&2
else
echo "$user $dir"
fi
done
}
gen()
{
bdir="$1"
type="$2"
tfile="$bdir/$type/contexts/files/homedir_template"
while [ 1 ]
do
read user dir || return 0
[ "$user" = "" ] && continue
if [ "$dir" = "" ]
then
dftdir="$user"
dir="$user/"'[^/]*'
user="user_u"
fi
mode="user"
if [ "$user" = "root" ]
then
mode="staff"
sed -n -e "s:HOME_ROOT:&:" -e "t wrk" -e "b done" \
-e ":wrk" -e "s:^HOME_ROOT:$dftdir:" \
-e "p" -e ":done" "$tfile" 2> /dev/null
fi
echo
echo
echo "#"
echo "# Context for user $user"
echo "#"
echo
sed -n -e "s:^HOME_DIR:$dir:" -e "t wrk" -e "b done" \
-e ":wrk" -e "s:ROLE:$mode:" -e "s:system_u:$user:" \
-e "p" -e ":done" "$tfile" 2> /dev/null
done
}
doit()
{
dir="$1"
type="$2"
usepw="$3"
cat - << EOF
#
#
# User-specific file contexts, generated via $self
# edit $dir/$type/users/local.users to change file_context
#
#
EOF
home=`sed -n -e 's#^HOME=##' -e 't out' -e 'b done' \
-e ':out' -e 'p' -e ':done' /etc/default/useradd 2> /dev/null | \
tail -n 1`
[ "$home" = "" ] && home="/home"
minuid=`sed -n -e 's#^UID_MIN[ ]\+##' -e 't out' -e 'b done' \
-e ':out' -e 'p' -e ':done' /etc/login.defs 2> /dev/null | \
tail -n 1`
[ "$minuid" = "" ] && minuid="500"
if [ "$usepw" = "1" ]
then
homes=`getent passwd | homelist "$minuid" "$dir" "$type" | \
sort -u -k2,2`
root=`getent passwd | rootlist "$dir" "$type" | tail -n 1`
else
homes=""
root=""
fi
( echo "$home" ; echo "$root" ; echo "$homes" ) | gen "$dir" "$type"
echo
}
self=`which "$0"`
dir=/etc/selinux
usepw=1;
type=""
while [ "$1" != "" ]
do
case "$1" in
-d|--directory)
[ "$2" = "" ] && usage $self
dir="$2"
shift
;;
-n|--nopasswd)
usepw=0
;;
-t|--type)
[ "$2" = "" ] && usage $self
type="$2"
shift
;;
*)
usage $self
;;
esac
shift
done
if [ "$type" = "" ]
then
type=`sed -n 's#^SELINUXTYPE=##' -e 't out' -e 'b done' \
-e ':out' -e 'p' -e ':done' $dir/config 2> /dev/null`
[ "$type" = "" ] && type="targeted"
fi
doit "$dir" "$type" "$usepw" > $dir/$type/contexts/files/file_contexts.homedirs
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: shell based replacement for genhomedircon
2005-04-03 18:10 shell based replacement for genhomedircon Andreas Steinmetz
@ 2005-04-04 15:19 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2005-04-04 15:19 UTC (permalink / raw)
To: Andreas Steinmetz; +Cc: selinux
On Sun, 2005-04-03 at 20:10 +0200, Andreas Steinmetz wrote:
> Attached is a shell based replacement for genhomedircon that seems to
> work properly, at least for me. Not everybody installs python on servers
> just for a single script.
You might want to look at recent changes to genhomedircon, see:
http://cvs.sourceforge.net/viewcvs.py/selinux/nsa/selinux-usr/policycoreutils/scripts/genhomedircon?rev=1.19&view=log
--
Stephen Smalley <sds@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-04-04 15:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-03 18:10 shell based replacement for genhomedircon Andreas Steinmetz
2005-04-04 15:19 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.