Attachment 2261 Details for Bug 3426 – control.txt

control.txt

links2-control.txt (text/plain), 6.39 KB, created by Michael Shigorin on 2007-11-10 22:08:57 MSK

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Shigorin

Created: 2007-11-10 22:08:57 MSK

Size: 6.39 KB

patch

obsolete

>
>                                   control(8)
>
>   [IMG]control(8) - ÆÒÅÊÍ×ÏÒË, ÎÁÐÉÓÁÎÎÙÊ ÎÁ ÏÂÙÞÎÏÍ shell É ÐÏÚ×ÏÌÑÀÝÉÊ
>   ÆÉËÓÉÒÏ×ÁÔØ É ÁÎÁÌÉÚÉÒÏ×ÁÔØ ÓÏÓÔÏÑÎÉÅ ÓÉÓÔÅÍÎÙÈ ÏÂßÅËÔÏ× - ÎÁÐÒÉÍÅÒ,
>   ÂÉÎÁÒÎÉËÏ× É ÆÁÊÌÏ× ËÏÎÆÉÇÕÒÁÃÉÉ (ÎÁÐÒÉÍÅÒ, ÐÒÉ×ÉÌÅÇÉÒÏ×ÁÎÎÙÈ ÕÔÉÌÉÔ ×ÒÏÄÅ
>   su(8)). ó ÅÇÏ ÐÏÍÏÝØÀ ÐÏÌÕÞÁÅÔÓÑ ÕÄÏÂÎÙÍ ÓÐÏÓÏÂÏÍ ×ÎÏÓÉÔØ ÐÅÒÅÖÉ×ÁÀÝÉÅ
>   ÏÂÎÏ×ÌÅÎÉÅ ÐÁËÅÔÁ ÉÌÉ ÐÒÏÓÔÏ ÓÌÏÖÎÙÅ ÉÚÍÅÎÅÎÉÑ <<ÏÄÎÉÍ ÒÏÓÞÅÒËÏÍ>>;
>   ÄÌÑ ÁÄÍÉÎÉÓÔÒÁÔÏÒÓËÏÇÏ ÏÚÎÁËÏÍÌÅÎÉÑ ÒÅËÏÍÅÎÄÕÀÔÓÑ control(8),
>   control-dump(8) É control-restore(8).
>
>   ðÒÉÍÅÒÙ ÄÌÑ ÓÉÓÁÄÍÉÎÁ:
>
>   $ /usr/sbin/control su help     
>   public: Any user can execute /bin/su
>   wheel: Any user can execute /bin/su, but only "wheel" group members can switch to superuser
>   wheelonly: Only "wheel" group members can execute /bin/su
>   restricted: Only root can execute /bin/su
>   $ /usr/sbin/control mtr help
>   public: Any user can execute /usr/bin/mtr
>   netadmin: Only "netadmin" group members can execute /usr/bin/mtr
>   restricted: Only root can execute /usr/bin/mtr
>
>   ôÅÍ ÎÅ ÍÅÎÅÅ ÐÏÌÅÚÎÅÊÛÁÑ (ÏÓÏÂÅÎÎÏ × ÐÅÒÅÓÞ£ÔÅ ÎÁ ÏÂß£Í ËÏÄÁ) ×ÅÝØ
>   ÎÅ ÖÁÌÕÅÔ ÄÏËÕÍÅÎÔÁÃÉÅÊ ÓÏÂÓÔ×ÅÎÎÏ ÖÅÌÁÀÝÅÇÏ ÕÌÕÞÛÉÔØ Ó×ÏÊ ÐÁËÅÔ
>   ÉÌÉ ÓÉÓÔÅÍÕ ÓÏÚÄÁÎÉÅÍ (É ÉÓÐÏÌØÚÏ×ÁÎÉÅÍ) control-ÆÁÊÌÏ×; ÄÁ×ÁÊÔÅ ÐÏÐÒÏÂÕÅÍ
>   ×ÏÓÐÏÌÎÉÔØ ÜÔÏÔ ÎÅÄÏÓÔÁÔÏË ÚÄÅÓØ.
>
>÷ËÒÁÔÃÅ
>
>   ÷ ÂÉÂÌÉÏÔÅËÕ ÆÕÎËÃÉÊ /etc/control.d/functions (ÒÁÚÍÅÒÏÍ 3947 ÂÁÊÔ
>   ÎÁ ÓÅÊÞÁÓ) ×ÈÏÄÑÔ ÉÓÐÏÌØÚÕÅÍÙÅ × /etc/control.d/facilities/* ÕÄÏÂÓÔ×Á:
>
>     * new_fmode - ËÏÎÓÔÒÕËÔÏÒ <<ÒÕÌÉÌËÉ ÐÒÁ×ÁÍÉ>>;
>     * new_subst - ... <<ÒÕÌÉÌËÉ ËÏÎÆÉÇÏÍ>>;
>     * new_help - ÄÏÂÁ×ÌÅÎÉÅ ÞÅÌÏ×ÅËÏÐÏÎÉÍÁÅÍÏÇÏ ËÏÍÍÅÎÔÁÒÉÑ Ë ÒÅÖÉÍÕ;
>     * new_summary - ...ËÏ ×ÓÅÍÕ control-ÆÁÊÌÕ.
>   óÌÅÄÕÅÔ ÐÏÎÉÍÁÔØ, ÞÔÏ ÏÂßÅËÔÙ ÐÏÌÕÞÁÀÔÓÑ Ä×ÕÎÁÐÒÁ×ÌÅÎÎÙÅ: ÒÁÂÏÔÁÅÔ
>   ËÁË ÎÁÐÒÁ×ÌÅÎÉÅ ÒÅÖÉÍ=>ÐÒÁ×Á, ÔÁË É ÏÂÒÁÔÎÏÅ ÅÍÕ ÐÒÁ×Á=>ÒÅÖÉÍ;
>   ËÁË ÒÅÖÉÍ=>ËÏÎÆÉÇ, ÔÁË É ËÏÎÆÉÇ=>ÒÅÖÉÍ. ôÁËÉÍ ÏÂÒÁÚÏÍ ×ÏÚÍÏÖÎÏ ÎÅ ÔÏÌØËÏ
>   ÚÁÄÁ×ÁÔØ, ÎÏ É ÐÒÏ×ÅÒÑÔØ ÐÒÁ×Á, ÞÔÏ ÏÓÏÂÅÎÎÏ ×ÁÖÎÏ ÐÒÉ ÏÂÎÏ×ÌÅÎÉÉ ÐÁËÅÔÏ×
>   - ÐÅÒÅÄ ÕÄÁÌÅÎÉÅÍ ÐÒÅÄÙÄÕÝÅÊ ×ÅÒÓÉÉ ÐÁËÅÔÎÙÍÉ ÓËÒÉÐÔÁÍÉ ÄÅÌÁÅÔÓÑ
>   control-dump, Á ÐÏÓÌÅ ÒÁÚ×ÏÒÁÞÉ×ÁÎÉÑ ÎÏ×ÏÊ - control-restore. ðÒÉ ÜÔÏÍ
>   ÄÌÑ ÉÚÂÅÖÁÎÉÑ ÐÒÏÍÅÖÕÔËÏ× ×ÒÅÍÅÎÉ Ó ÐÏÎÉÖÅÎÉÅÍ ÚÁÝÉÝ£ÎÎÏÓÔÉ (ÅÓÌÉ ÒÅÞØ
>   Ï ÒÅÇÕÌÉÒÏ×ÁÎÉÉ ÐÒÁ× ÎÁ SUID/SGID binaries, ÎÁÐÒÉÍÅÒ) × ÐÁËÅÔÅ ÓÌÅÄÕÅÔ
>   ÚÁÄÁ×ÁÔØ ÐÒÅÄÅÌØÎÏ Ö£ÓÔËÕÀ ËÏÎÆÉÇÕÒÁÃÉÀ, ËÏÔÏÒÕÀ ×ÏÚÍÏÖÎÏ ÏÓÌÁÂÉÔØ
>   ÕÖÅ ÓÒÅÄÓÔ×ÁÍÉ control × %post.
>
>   ëÓÔÁÔÉ Ï ÐÁËÅÔÁÈ - ÐÒÉÍÅÒÙ ÍÏÖÎÏ ÐÏÓÍÏÔÒÅÔØ × ÁÌØÔÏ×ÓËÉÈ su, ping, mtr,
>   samba... ÐÒÏÝÅ ÚÁÇÌÑÎÕÔØ × ÓÐÅËÉ, ÈÏÔÑ ÅÓÌÉ ËÔÏ ÄÏÐÉÛÅÔ, ÔÏÖÅ ÓÐÁÓÉÂÏ
>
>new_fmode(name, perms, user, group)
>
>   äÌÑ ÏÂÅÓÐÅÞÅÎÉÑ Ä×ÕÎÁÐÒÁ×ÌÅÎÎÏÓÔÉ ÎÉÞÅÇÏ ÏÓÏÂÅÎÎÏÇÏ ÎÅ ÔÒÅÂÕÅÔÓÑ, ÐÏÜÔÏÍÕ
>   ÁÒÇÕÍÅÎÔÙ ÎÅ ÎÕÖÄÁÀÔÓÑ × ÏÓÏÂÙÈ ÒÁÚßÑÓÎÅÎÉÑÈ - ÐÒÉ×ÅÄ£Í ÐÒÉÍÅÒ:
>
>   new_fmode restricted 700 root root
>
>   ÚÁÒÅÇÉÓÔÒÉÒÕÅÔ ÒÅÖÉÍ ÐÏ ÉÍÅÎÉ "restricted", ÈÁÒÁËÔÅÒÉÚÕÀÝÉÊÓÑ ÐÒÁ×ÁÍÉ 0700
>   (-rwx------) root:root. îÁ ÞÔÏ - ÒÅÛÁÅÔÓÑ ÏÔÄÅÌØÎÏ.
>
>new_subst(name, test, set)
>
>   ÷ÏÔ Ó ÍÏÄÉÆÉËÁÃÉÅÊ ÔÅËÓÔÏ×ÙÈ ÆÁÊÌÏ× ÓÌÏÖÎÅÅ - ÉÚ ÁÒÇÕÍÅÎÔÁ, Ñ×ÌÑÀÝÅÇÏÓÑ
>   ÐÁÒÁÍÅÔÒÏÍ ÄÌÑ subst(1) (sed(1)), ÎÅ ×Ù×ÅÓÔÉ ÔÅÓÔ, ÏÐÒÅÄÅÌÑÀÝÉÊ, ÞÔÏ ÂÙÌÁ
>   ÐÒÉÍÅÎÅÎÁ ÉÍÅÎÎÏ ÜÔÁ ÚÁÍÅÎÁ. ðÏÜÔÏÍÕ ÔÅÓÔ ÐÒÉÈÏÄÉÔÓÑ ÐÉÓÁÔØ ÔÏÖÅ ÞÅÌÏ×ÅËÕ
>   É × ×ÉÄÅ ÐÁÒÁÍÅÔÒÁ ÄÌÑ egrep(1). ðÒÉÍÅÒ ÉÚ /etc/control.d/facilities/su:
>   
>   new_subst public \
>        '^#auth[[:space:]]+required[[:space:]]+(/lib/security/)?pam_wheel\.so' \
>        's,^$auth[[:space:]]\+required[[:space:]]\+\(/lib/security/$\?pam_wheel\.so\),#\1,'
>
>   úÄÅÓØ public - ÏÐÑÔØ ÖÅ ÎÁÚ×ÁÎÉÅ ÓÏÓÔÏÑÎÉÑ (ÒÅÖÉÍ), ×ÔÏÒÁÑ ÓÔÒÏËÁ (×ÔÏÒÏÊ
>   ÁÒÇÕÍÅÎÔ) - ÜÔÏ ÔÅÓÔ, Á ÔÒÅÔØÑ - ÒÕËÏ×ÏÄÓÔ×Ï ÐÏ ÄÏÓÔÉÖÅÎÉÀ ÚÁÄÁÎÎÏÇÏ
>   ÓÏÓÔÏÑÎÉÑ. ïÐÑÔØ ÖÅ, ÆÁÊÌ, Ë ËÏÔÏÒÏÍÕ ÐÒÉÍÅÎÑÀÔÓÑ ÔÏ É ÄÒÕÇÏÅ, ÚÄÅÓØ
>   ÎÅ ÆÉÇÕÒÉÒÕÅÔ.
>
>new_help(name, text)
>
>   ïÞÅ×ÉÄÎÏ: ÒÅÖÉÍÕ ÓÏÐÏÓÔÁ×ÌÑÅÔÓÑ (ÚÁËÁ×ÙÞÅÎÎÙÊ) ÔÅËÓÔ, ËÏÔÏÒÙÊ ÂÕÄÅÔ
>   ×Ù×ÅÄÅÎ ÐÏ ËÏÍÁÎÄÅ /usr/sbin/control NAME help [MODE] (ÐÒÉ ÏÔÓÕÔÓÔ×ÉÉ
>   ÕËÁÚÁÎÉÑ ÒÅÖÉÍÁ - ×ÓÅ ÚÁÒÅÇÉÓÔÒÉÒÏ×ÁÎÎÙÅ).
>
>new_summary(text)
>
>   åÝ£ ÐÒÏÝÅ: ÅÄÉÎÓÔ×ÅÎÎÙÊ ÁÒÇÕÍÅÎÔ É ÓÏÐÏÓÔÁ×ÌÑÅÔÓÑ ËÏÍÁÎÄÅ control NAME
>   summary.
>
>ðÒÉÍÅÒ: su
>
>   ÷ ËÁÞÅÓÔ×Å ÓÐÏÄÒÕÞÎÏÇÏ ÏÂÒÁÚÃÁ ÐÒÉ×ÅÄÕ ÐÏÄÄÅÒÖËÕ control × su-0.60-alt24
>   (ÉÓÈÏÄÎÙÊ ÐÁËÅÔ - [IMG]SimplePAMApps).
>
>   /etc/control.d/facilities/su:
>   #!/bin/sh
>
>   . /etc/control.d/functions
>   
>   CONFIG=/etc/pam.d/su
>   BINARY=/bin/su
>   
>   new_subst public \
>           '^#auth[[:space:]]+required[[:space:]]+(/lib/security/)?pam_wheel\.so' \
>           's,^$auth[[:space:]]\+required[[:space:]]\+\(/lib/security/$\?pam_wheel\.so\),#\1,'
>   new_fmode public 4711 root root
>   new_subst wheel \
>           '^auth[[:space:]]+required[[:space:]]+(/lib/security/)?pam_wheel\.so' \
>           's,^#$auth[[:space:]]\+required[[:space:]]\+\(/lib/security/$\?pam_wheel\.so\),\1,'
>   new_fmode wheelonly 4710 root wheel
>   new_fmode restricted 700 root root
>   
>   new_help public "Any user can execute $BINARY"
>   new_help wheel "Any user can execute $BINARY, but only \"wheel\" group members can switch to superuser"
>   new_help wheelonly "Only \"wheel\" group members can execute $BINARY"
>   new_help restricted "Only root can execute $BINARY"
>   
>   case "$*" in
>   status|'')
>           STATUS="`control_fmode "$BINARY" status`" || exit 1
>           if [ "$STATUS" = "public" ]; then
>                   control_subst "$CONFIG" status || exit 1
>           else
>                   test -z "$STATUS" || echo "$STATUS"
>           fi
>           ;;
>   public|wheel)
>           control_fmode "$BINARY" public || exit 1
>           control_subst "$CONFIG" "$*" || exit 1
>           ;;
>   wheelonly|restricted)
>           control_fmode "$BINARY" "$*" || exit 1
>           control_subst "$CONFIG" public || exit 1
>           ;;
>   *)
>           control_fmode "$BINARY" "$*" || exit 1
>           ;;
>   esac
>
>   %pre -n su
>   %pre_control su
>   
>   %post -n su
>   %post_control -s wheelonly su
>
>   ÷ÏÔ ÉÓÐÏÌØÚÕÅÍÙÅ ÍÁËÒÏÓÙ ÉÚ ALT Linux RPM:
>
>   %pre_control
>
>   if [ $1 -ge 2 ]; then 
>        /usr/sbin/control-dump  
>   fi
>
>   %post_control
>
>   if [ $1 -ge 2 ]; then 
>        /usr/sbin/control-restore  
>   else 
>           for facility in ; do 
>                   /usr/sbin/control "$facility" public 
>           done 
>   fi
>   
>óÓÙÌËÉ
>
>     * ôÅËÕÝÁÑ ×ÅÒÓÉÑ ÜÔÏÇÏ ÄÏËÕÍÅÎÔÁ
>       http://www.freesource.info/wiki/ALTLinux/Sisyphus/devel/control
>     * ôÉÐÉÞÎÁÑ ÏÛÉÂËÁ ÐÒÉ ÄÏÂÁ×ÌÅÎÉÉ ÐÏÄÄÅÒÖËÉ control(8)
>       http://www.freesource.info/wiki/AltLinux/Sisyphus/devel/control/TypicalErrors
>     * #3426 (ÉÓÐÏÌØÚÏ×ÁÎÉÅ ÍÁËÒÏÓÏ× × .spec)
>       https://bugzilla.altlinux.org/show_bug.cgi?id=3426
>     * ëÒÁÔËÏ Ï control(8) ÄÌÑ ÁÄÍÉÎÁ
>       http://www.freesource.info/wiki/AltLinux/Sisyphus/admin/control

Actions: View

Attachments on bug 3426: 2261