Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
permissions
checkpermissionfiles.pl
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File checkpermissionfiles.pl of Package permissions
#!/usr/bin/perl -w # perform some consistency checks on permission files use Getopt::Long; use strict; use Data::Dumper; use File::Basename; my @deflevels = ('easy', 'secure', 'paranoid'); my @defpermfiles = ('permissions', 'permissions.easy', 'permissions.secure', 'permissions.paranoid'); # filename # - level (DEFAULT, easy, secure, paranoid) # - owner # - mode my %perms; my($nodups, $checkmissing, $defonly, $showsuid, $showsgid, $showww, $showgw, $show, @levels, $showsame, $dump, @permfiles, $help, $checkdirs); Getopt::Long::Configure("no_ignore_case"); GetOptions ( "nodups" => \$nodups, "missing" => \$checkmissing, "defonly" => \$defonly, "show" => \$show, "suid" => \$showsuid, "sgid" => \$showsgid, "ww" => \$showww, "gw" => \$showgw, "same" => \$showsame, "level=s" => \@levels, "dump" => \$dump, "checkdirs=s" => \$checkdirs, "help" => \$help, ); if($help) { print <<EOF; perform some consistency checks on permission files USAGE: $0 [OPTIONS] [FILES] OPTIONS: --nodups skip check for duplicate entries --same check for identical entries in all files --missing check whether entries are in all three files (default) --defonly run actions only on default file --show show entries --suid only suid files --sgid only sgid files --ww only world writeable files --gw only group writeable files --dump dump files as perl hash --level restrict checks to this coma separated list of levels --checkdirs DIR check for group writeable directories below DIR EOF exit 0; } @levels = @deflevels unless $#levels != -1; @levels = split(/,/,join(',',@levels)); if($#ARGV != -1) { while (my $permfile = shift @ARGV) { push @permfiles, $permfile; } } else { @permfiles = @defpermfiles; } for my $permfile (@permfiles) { my $level = 'DEFAULT'; $level =$1 if(basename($permfile) =~ /.*\.(.*)/); open(FH, '<', $permfile) or next; while(<FH>) { chomp; s/#.*//; next if(/^$/); my ($file, $owner, $mode) = split(/\s+/); if(!$nodups && exists($perms{$file}{$level})) { print STDERR "$permfile:$. File listed twice: $file already in $level\n"; } else { $perms{$file}{$level}{'owner'} = $owner; $perms{$file}{$level}{'mode'} = $mode; } if($checkdirs) { if(! -e $checkdirs.$file) { #print STDERR "$permfile:$.: can't check $file\n"; } elsif(-d $checkdirs.$file && oct($mode)&020 && !(oct($mode)&01000)) { print STDERR "$permfile:$.: $file group writeable but not sticky\n" } } } close(FH); } my ($file, $owner, $mode, $level); format FORMATTED = @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<< @>>>> (@*) $file, $owner, $mode, $level . open FORMATTED, ">&STDOUT"; $checkmissing = 1 unless ($show || $showsuid || $showsgid || $showww || $showgw || $dump || $showsame); foreach $file (sort keys %perms) { next if($defonly && !exists($perms{$file}{'DEFAULT'})); { my @l = ('DEFAULT'); push @l, @levels unless $defonly; my ($om, $modechanged, $numseen); $numseen = 0; for $level (@l) { next unless exists $perms{$file}{$level}; ++$numseen; $mode = $perms{$file}{$level}{'mode'}; $om = oct($mode) unless $om; $modechanged = 1 if($om != oct($mode)); $owner = $perms{$file}{$level}{'owner'}; next if( ($showsuid && !(oct($mode) & 04000)) || ($showsgid && !(oct($mode) & 02000)) || ($showww && !(oct($mode) & 0002)) || ($showgw && !(oct($mode) & 0020)) ); write FORMATTED if ($show); } if($numseen > 3) { print STDERR "Suspicious: $file in >3 levels\n"; } if($showsame && $numseen > 1 && !$modechanged) { print STDERR "Useless: $file\n"; } } if($checkmissing) { my $msg = ''; if(!exists($perms{$file}{'DEFAULT'})) { for $level (@levels) { if(!exists($perms{$file}{$level})) { $msg .= " not in $level\n"; } } } if(length $msg) { print STDERR "$file:\n$msg\n"; } } } close FORMATTED; print Dumper(\%perms) if($dump); # vim: sw=4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor