mirror of https://github.com/BOINC/boinc.git
89 lines
2.2 KiB
Bash
Executable File
89 lines
2.2 KiB
Bash
Executable File
#! /bin/sh
|
|
|
|
# Make a BOINC installation "secure"
|
|
# Create groups and users, set file/dir ownership and protection
|
|
#
|
|
# Execute this as root in the BOINC directory
|
|
# You must have already run the installer script
|
|
# that creates the switcher/ and locale/ directories, and their contents
|
|
|
|
# In addition, you should add boinc_master and boinc_projects
|
|
# to the supplementary group list of users who will administer BOINC.
|
|
# e.g.:
|
|
# usermod -G boinc_master,boinc_projects -a mary
|
|
|
|
function make_boinc_users() {
|
|
groupadd boinc_master
|
|
groupadd boinc_projects
|
|
useradd boinc_master -g boinc_master
|
|
useradd boinc_projects -g boinc_projects
|
|
}
|
|
|
|
function check_login() {
|
|
if [ `whoami` != 'root' ]
|
|
then
|
|
echo 'This script must be run as root'
|
|
exit
|
|
fi
|
|
}
|
|
|
|
# set_perm path user group perm
|
|
# set a file or directory to the given ownership/permissions
|
|
function set_perm() {
|
|
chown $2:$3 $1
|
|
chmod $4 $1
|
|
}
|
|
|
|
# same, but apply to all subdirs and files
|
|
#
|
|
function set_perm_recursive() {
|
|
chown -R $2:$3 $1
|
|
chmod -R $4 $1
|
|
}
|
|
|
|
# same, but apply to items in the given dir
|
|
#
|
|
function set_perm_dir() {
|
|
for file in $(ls $1)
|
|
do
|
|
path=$1/$file
|
|
set_perm $path $2 $3 $4
|
|
done
|
|
}
|
|
|
|
check_login
|
|
|
|
echo "Changing file ownership to user $user and group $group - OK? (y/n)"
|
|
read line
|
|
if [ "$line" != "y" ]
|
|
then
|
|
exit
|
|
fi
|
|
|
|
make_boinc_users
|
|
|
|
set_perm_recursive . boinc_master boinc_master u+rw,g+rw,o+r-w
|
|
set_perm . boinc_master boinc_master 0775
|
|
if [ -f gui_rpc_auth.cfg ] ; then
|
|
set_perm gui_rpc_auth.cfg boinc_master boinc_master 0660
|
|
fi
|
|
|
|
if [ -d projects ] ; then
|
|
set_perm_recursive projects boinc_master boinc_project u+rw,g+rw,o+r-w
|
|
set_perm projects boinc_master boinc_master 0775
|
|
fi
|
|
|
|
if [ -d slots ] ; then
|
|
set_perm_recursive slots boinc_master boinc_project u+rw,g+rw,o+r-w
|
|
set_perm slots boinc_master boinc_master 0775
|
|
fi
|
|
|
|
set_perm switcher/switcher boinc_project boinc_project 6551
|
|
set_perm switcher/setprojectgrp boinc_master boinc_project 2500
|
|
set_perm switcher boinc_master boinc_master 0550
|
|
|
|
set_perm_recursive locale boinc_master boinc_master u+r-w,g+r-w,o-rwx
|
|
|
|
set_perm boinc_client boinc_master boinc_master 6555
|
|
set_perm boinc_manager boinc_master boinc_master 2555
|