Mac Sandbox: make user boinc_master part of group boinc_project.

svn path=/trunk/boinc/; revision=14584
2008-01-17 10:11:30 +00:00 · 2008-01-17 10:11:30 +00:00 · caed968f50
parent feb3441601
commit caed968f50
4 changed files with 30 additions and 4 deletions
--- a/11
+++ b/11
@ -645,3 +645,14 @@ Rom    Jan 16 2008
    clientgui/
        AdvancedFrame.cpp
        sg_BoincSimpleGUI.cpp
+
+Charlie Jan 17 2008
+    Mac Sandbox: make user boinc_master part of group boinc_project.
+        
+    client/
+        check_security.C
+    clientgui/
+        mac/
+            SetupSecurity.cpp
+    doc/
+        sandbox.php
--- a/client/check_security.C
+++ b/client/check_security.C
@ -81,11 +81,9 @@ int use_sandbox, int isManager
    ProcessSerialNumber ourPSN;
    ProcessInfoRec      pInfo;
    FSRef               ourFSRef;
-    char                *p;
 #endif
-#ifdef _MAC_INSTALLER
+    int                 i;
    char                *p;
-#endif

    useFakeProjectUserAndGroup = ! use_sandbox;
 #ifdef _DEBUG
@ -203,6 +201,17 @@ int use_sandbox, int isManager
        if (grp == NULL)
            return -1011;                // Group boinc_project does not exist
        boinc_project_gid = grp->gr_gid;
+
+        i = 0;
+        while ((p = grp->gr_mem[i]) != NULL) {  // Step through all users in group admin
+            if (strcmp(p, boinc_master_user_name) == 0) {
+                // User boinc_master is a member of group boinc_project
+                break;
+            }
+            ++i;
+        }
+        if (p == NULL)
+            return -1012;       // user boinc_master is not a member of group boinc_project
    }

 #if (defined(__WXMAC__) || defined(_MAC_INSTALLER)) // If Mac BOINC Manager or installer
--- a/clientgui/mac/SetupSecurity.cpp
+++ b/clientgui/mac/SetupSecurity.cpp
@ -92,6 +92,12 @@ int CreateBOINCUsersAndGroups() {
    err = CreateUserAndGroup(REAL_BOINC_PROJECT_NAME, REAL_BOINC_PROJECT_NAME);
    if (err != noErr)
        return err;
+        
+    // Add user boinc_master to group boinc_project
+    // "dscl . -merge /groups/boinc_project users user_name"
+    err = DoPrivilegedExec(dsclPath, ".", "-merge", "/groups/" REAL_BOINC_PROJECT_NAME, "users", REAL_BOINC_MASTER_NAME);
+    if (err)
+        return err;
    
    err = ResynchSystem();
    if (err != noErr)
--- a/doc/sandbox.php
+++ b/doc/sandbox.php
@ -82,7 +82,7 @@ These users and groups are created by the installation process.
 <li>User: <b>boinc_master</b>
 <ul>
 <li>Primary group: <b>boinc_master</b>
-<li>Supplementary groups: none
+<li>Supplementary groups: <b>boinc_project</b>
 </ul>
 <li>User: <b>boinc_project</b>
 <ul>