shithub: sirjofri_de

ref: 5d3e0b627b5d4f220ce20949230e70f1ea5ac378
dir: /changeblog/1596011563.txt/

View raw version
Restrict RCPU User Access to Groups

This is how to restrict user access to groups.
You can use this to enable
[[[ms
.CW rcpu
]]]
[[[ebook
<code>rcpu</code>
]]]
access for all users of a specific group.
All other groups will not be allowed.

[[[ms
To allow access only to
.CW sys
group members: adjust your
.CW /rc/bin/service/tcp17019
]]]
[[[ebook
To allow access only to <code>sys</code>
group members: adjust your
<code>/rc/bin/service/tcp17019</code>
]]]

[[[ms
.P1
#!/bin/rc
userfile=/adm/users
fn useringroup{
	grep $1 $userfile | {
		found=0
		while(~ $found 0 && line=`:{read}){
			if(~ $line(2) $2){
				found=1
			}
		}
		if(~ $found 1)
			status=''
		if not
			status='not found'
	}
}
if(~ $#* 3){
	netdir=$3
	remote=$2!`{cat $3/remote}
}
fn server {
	~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
	rm -f /env/'fn#server'
	. <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
}
exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
.P2
]]]
[[[ebook
<code><pre>
#!/bin/rc
userfile=/adm/users
fn useringroup{
	grep $1 $userfile | {
		found=0
		while(~ $found 0 && line=`:{read}){
			if(~ $line(2) $2){
				found=1
			}
		}
		if(~ $found 1)
			status=''
		if not
			status='not found'
	}
}
if(~ $#* 3){
	netdir=$3
	remote=$2!`{cat $3/remote}
}
fn server {
	~ $#remote 0 || echo -n $netdir $remote &gt;/proc/$pid/args
	rm -f /env/'fn#server'
	. &lt;{n=`{read} && ! ~ $#n 0 && read -c $n} &gt;[2=1]
}
exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
</pre></code>
]]]

[[[ms
This checks if the user is in group
.CW sys
and only then calls the
.CW server
function.
Otherwise the connection is terminated.
]]]
[[[ebook
This checks if the user is in group <code>sys</code>
and only then calls the <code>server</code> function.
Otherwise the connection is terminated.
]]]

This is especially useful if you want a CPU server to expose filesystems ‥and‥ have cpu access for administrators only.