changeblog/1596011563

Restrict RCPU User Access to Groups

Wed, 29 Jul 2020 10:32:43 +0200

Restrict RCPU User Access to Groups

This is how to restrict user access to groups. You can use this to enable rcpu access for all users of a specific group. All other groups will not be allowed.

To allow access only to sys group members: adjust your /rc/bin/service/tcp17019

#!/bin/rc

userfile=/adm/users

fn useringroup{

    grep $1 $userfile | {

        found=0

        while(~ $found 0 && line=‘:{read}){

            if(~ $line(2) $2){

                found=1

            }

        }

        if(~ $found 1)

            status=’’

        if not

            status=’not found’

    }

}

if(~ $#* 3){

    netdir=$3

    remote=$2!‘{cat $3/remote}

}

fn server {

    ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args

    rm -f /env/’fn#server’

    . <{n=‘{read} && ! ~ $#n 0 && read -c $n} >[2=1]

}

exec tlssrv -a /bin/rc -c ’useringroup $user sys && server’

This checks if the user is in group sys and only then calls the server function. Otherwise the connection is terminated.

This is especially useful if you want a CPU server to expose filesystems and have cpu access for administrators only.