2006-07-26 11:40:38 +00:00
|
|
|
#! /bin/sh
|
|
|
|
|
2009-02-21 02:42:50 +00:00
|
|
|
# This file is part of BOINC.
|
2006-07-26 11:40:38 +00:00
|
|
|
# http://boinc.berkeley.edu
|
2018-07-16 07:34:48 +00:00
|
|
|
# Copyright (C) 2018 University of California
|
2006-07-26 11:40:38 +00:00
|
|
|
#
|
2009-02-21 02:42:50 +00:00
|
|
|
# BOINC is free software; you can redistribute it and/or modify it
|
|
|
|
# under the terms of the GNU Lesser General Public License
|
|
|
|
# as published by the Free Software Foundation,
|
|
|
|
# either version 3 of the License, or (at your option) any later version.
|
2006-07-26 11:40:38 +00:00
|
|
|
#
|
2009-02-21 02:42:50 +00:00
|
|
|
# BOINC is distributed in the hope that it will be useful,
|
2006-07-26 11:40:38 +00:00
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
# See the GNU Lesser General Public License for more details.
|
|
|
|
#
|
2009-02-21 02:42:50 +00:00
|
|
|
# You should have received a copy of the GNU Lesser General Public License
|
|
|
|
# along with BOINC. If not, see <http://www.gnu.org/licenses/>.
|
2006-07-26 11:40:38 +00:00
|
|
|
|
2006-07-27 08:55:59 +00:00
|
|
|
# Mac_SA_Insecure.sh user group
|
2006-07-26 11:40:38 +00:00
|
|
|
#
|
|
|
|
# Undo making a Macintosh BOINC installation secure.
|
|
|
|
# - Set file/dir ownership to the specified user and group
|
|
|
|
# - Remove BOINC groups and users
|
|
|
|
#
|
2007-02-27 09:58:53 +00:00
|
|
|
# IMPORTANT NOTE: earlier versions of the Mac_SA_Insecure.sh and
|
|
|
|
# Mac_SA_Secure.sh scripts had serious problems when run under OS 10.3.x.
|
|
|
|
# They sometimes created bad users and groups with IDs that were duplicates
|
|
|
|
# of other users and groups. They ran correctly under OS 10.4.x
|
|
|
|
#
|
2007-02-27 09:52:01 +00:00
|
|
|
# If you ran an older version of either script under OS 10.3.x, you should
|
|
|
|
# first run the current version of Mac_SA_Insecure.sh to delete the bad
|
|
|
|
# entries and then run Mac_SA_Secure.sh to create new good entries.
|
|
|
|
#
|
|
|
|
#
|
2018-07-16 07:34:48 +00:00
|
|
|
# Execute this as root in the BOINC Data directory:
|
|
|
|
# cd "/Library/Application Support/BOINC Data"
|
2006-07-27 08:55:59 +00:00
|
|
|
# sudo sh {path}/Mac_SA_Insecure.sh user group
|
|
|
|
#
|
2006-09-22 02:54:27 +00:00
|
|
|
# After running this script, the boinc client must be run with
|
|
|
|
# the --insecure option.
|
|
|
|
# NOTE: running BOINC with security disabled is not recommended.
|
|
|
|
#
|
2011-01-27 11:46:09 +00:00
|
|
|
# Last updated 1/27/11 for BOINC versions 6.8.19, 6.10.30 and 6.11.1
|
2010-01-27 07:50:07 +00:00
|
|
|
# WARNING: do not use this script with older versions of BOINC older
|
|
|
|
# than 6.8.17 and 6.10.3
|
2006-07-26 11:40:38 +00:00
|
|
|
|
|
|
|
function remove_boinc_users() {
|
2007-02-27 09:52:01 +00:00
|
|
|
name=$(dscl . search /users RecordName boinc_master | cut -f1 -s)
|
2006-09-22 02:54:27 +00:00
|
|
|
if [ "$name" = "boinc_master" ] ; then
|
|
|
|
sudo dscl . -delete /users/boinc_master
|
|
|
|
fi
|
|
|
|
|
2007-02-27 09:52:01 +00:00
|
|
|
name=$(dscl . search /groups RecordName boinc_master | cut -f1 -s)
|
2006-09-22 02:54:27 +00:00
|
|
|
if [ "$name" = "boinc_master" ] ; then
|
|
|
|
sudo dscl . -delete /groups/boinc_master
|
|
|
|
fi
|
|
|
|
|
2007-02-27 09:52:01 +00:00
|
|
|
name=$(dscl . search /users RecordName boinc_project | cut -f1 -s)
|
2006-09-22 02:54:27 +00:00
|
|
|
if [ "$name" = "boinc_project" ] ; then
|
|
|
|
sudo dscl . -delete /users/boinc_project
|
|
|
|
fi
|
2006-07-26 11:40:38 +00:00
|
|
|
|
2007-02-27 09:52:01 +00:00
|
|
|
name=$(dscl . search /groups RecordName boinc_project | cut -f1 -s)
|
2006-09-22 02:54:27 +00:00
|
|
|
if [ "$name" = "boinc_project" ] ; then
|
|
|
|
sudo dscl . -delete /groups/boinc_project
|
|
|
|
fi
|
2006-07-26 11:40:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function check_login() {
|
|
|
|
if [ `whoami` != 'root' ]
|
|
|
|
then
|
|
|
|
echo 'This script must be run as root'
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
check_login
|
|
|
|
|
|
|
|
if [ $# -eq 2 ]
|
|
|
|
then
|
|
|
|
user=$1
|
|
|
|
group=$2
|
|
|
|
else
|
|
|
|
echo "usage: $0 user group"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2006-07-26 13:39:59 +00:00
|
|
|
echo "Changing directory $(pwd) file ownership to user $user and group $group - OK? (y/n)"
|
2006-07-26 11:40:38 +00:00
|
|
|
read line
|
|
|
|
if [ "$line" != "y" ]
|
|
|
|
then
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2011-01-27 11:46:09 +00:00
|
|
|
if [ ! -x "switcher/switcher" ]
|
2006-07-26 13:39:59 +00:00
|
|
|
then
|
2011-01-27 11:46:09 +00:00
|
|
|
echo "Can't find switcher application in directory $(pwd); exiting"
|
2006-07-26 13:39:59 +00:00
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2006-07-26 11:40:38 +00:00
|
|
|
chown -R ${user}:${group} .
|
2010-01-27 07:50:07 +00:00
|
|
|
chmod -R +Xu+rw-s,g+r-w-s,o+r-w .
|
2006-07-26 11:40:38 +00:00
|
|
|
chmod 600 gui_rpc_auth.cfg
|
2006-08-01 12:36:19 +00:00
|
|
|
|
2006-09-25 22:32:09 +00:00
|
|
|
if [ -f switcher/AppStats ] ; then
|
2007-03-01 07:40:36 +00:00
|
|
|
# AppStats application must run setuid root (used in BOINC 5.7 through 5.8.14 only)
|
2006-09-25 10:49:39 +00:00
|
|
|
chown root:${group} switcher/AppStats
|
|
|
|
chmod 4550 switcher/AppStats
|
2006-09-25 22:32:09 +00:00
|
|
|
fi
|
2006-09-25 10:49:39 +00:00
|
|
|
|
2006-08-01 12:36:19 +00:00
|
|
|
if [ -x /Applications/BOINCManager.app/Contents/MacOS/BOINCManager ] ; then
|
|
|
|
chown ${user}:${group} /Applications/BOINCManager.app/Contents/MacOS/BOINCManager
|
2009-09-02 02:32:30 +00:00
|
|
|
chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/MacOS/BOINCManager
|
2006-08-01 12:36:19 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -x /Applications/BOINCManager.app/Contents/Resources/boinc ] ; then
|
2007-09-19 09:41:23 +00:00
|
|
|
chown ${user}:${group} /Applications/BOINCManager.app/Contents/Resources/boinc
|
2006-08-01 12:36:19 +00:00
|
|
|
chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/Resources/boinc
|
|
|
|
fi
|
|
|
|
|
2007-09-19 09:41:23 +00:00
|
|
|
# Version 6 screensaver has its own embedded switcher application, but older versions don't.
|
2007-10-03 07:00:34 +00:00
|
|
|
if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" ] ; then
|
|
|
|
chown ${user}:${group} "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
|
|
|
|
chmod -R u+r-ws,g+r-ws,o+r-ws "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
|
2007-09-19 09:41:23 +00:00
|
|
|
fi
|
|
|
|
|
2006-07-26 11:40:38 +00:00
|
|
|
remove_boinc_users
|