1 #!/bin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # 23 #ident "%Z%%M% %I% %E% SMI" 24 # 25 # Copyright 2008 Sun Microsystems, Inc. All rights reserved. 26 # Use is subject to license terms. 27 # 28 29 PATH="/usr/bin:/usr/sbin:${PATH}" 30 export PATH 31 32 while read src dest 33 do 34 if [ ! -f $dest ] ; then 35 cp $src $dest 36 else 37 # 38 # Copy copyright and ident from new file ($src); 39 # update the AUTHS_GRANTED and PROFS_GRANTED field. 40 # Add the latter if it does not exist. 41 # Strip trailing spaces. 42 # 43 ag="AUTHS_GRANTED=solaris.device.cdrw" 44 pg="PROFS_GRANTED=Basic Solaris User" 45 wo="CONSOLE_USER=Console User" 46 sed -n -e '/^[^#]/q;p' < $src > $dest.$$ 47 sed -n \ 48 -e "s/^#AUTHS_GRANTED=$/$ag/" \ 49 -e "s/^#PROFS_GRANTED=$/$pg/" \ 50 -e "s/^PROFS_GRANTED=Default/$pg/" \ 51 -e "s/ *$//" \ 52 -e '/^[^#]/,$p' < $dest >> $dest.$$ 53 54 grep 'PROFS_GRANTED=' $dest > /dev/null 2>&1 55 if [ $? != 0 ] ; then 56 sed < $dest.$$ > $dest -e "/^AUTHS_GRANTED=/a\\ 57 $pg" 58 cat $dest > $dest.$$ 59 fi 60 61 if grep 'CONSOLE_USER=' $dest > /dev/null 2>&1 62 then 63 cat $dest.$$ > $dest 64 else 65 sed < $dest.$$ > $dest -e "/^PROFS_GRANTED=/a\\ 66 $wo" 67 echo "${dest} updating entries for CONSOLE_USER," \ 68 "see policy.conf(4) for details." \ 69 >> ${CLEANUP_FILE} 70 fi 71 72 rm -f $dest.$$ 73 74 grep 'CRYPT_' $dest > /dev/null 2>&1 75 if [ $? = 1 ] ; then 76 echo "${dest} updating entries for crypt(3c)," \ 77 "see policy.conf(4) for details." \ 78 >> ${CLEANUP_FILE} 79 cat >> $dest <<EOM 80 81 # crypt(3c) Algorithms Configuration 82 # 83 # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to 84 # be used for new passwords. This is enforced only in crypt_gensalt(3c). 85 # 86 CRYPT_ALGORITHMS_ALLOW=1,2a,md5 87 88 # To deprecate use of the traditional unix algorithm, uncomment below 89 # and change CRYPT_DEFAULT= to another algorithm. For example, 90 # CRYPT_DEFAULT=1 for BSD/Linux MD5. 91 # 92 #CRYPT_ALGORITHMS_DEPRECATE=__unix__ 93 94 # The Solaris default is the traditional UNIX algorithm. This is not 95 # listed in crypt.conf(4) since it is internal to libc. The reserved 96 # name __unix__ is used to refer to it. 97 # 98 CRYPT_DEFAULT=__unix__ 99 EOM 100 fi 101 grep PRIV_ $dest >/dev/null 2>&1 102 if [ $? = 1 ]; then 103 echo "${dest} updating entries for privileges(5)," \ 104 "see policy.conf(4) for details." \ 105 >> ${CLEANUP_FILE} 106 cat >> $dest <<EOM 107 # 108 # These settings determine the default privileges users have. If not set, 109 # the default privileges are taken from the inherited set. 110 # There are two different settings; PRIV_DEFAULT determines the default 111 # set on login; PRIV_LIMIT defines the Limit set on login. 112 # Individual users can have privileges assigned or taken away through 113 # user_attr. Privileges can also be assigned to profiles in which case 114 # the users with those profiles can use those privileges through pfexec(1m). 115 # For maximum future compatibility, the specifications should 116 # always include "basic" or "all"; privileges should then be removed using 117 # the negation. E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the 118 # sys_linkdir privilege, regardless of future additional privileges. 119 # Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the 120 # file_link_any privilege from the basic privilege set; only that notation 121 # is immune from a future addition of currently unprivileged operations to 122 # the basic privilege set. 123 # NOTE: removing privileges from the the Limit set requires EXTREME care 124 # as any set-uid root program may suddenly fail because it lacks certain 125 # privilege(s). 126 # 127 #PRIV_DEFAULT=basic 128 #PRIV_LIMIT=all 129 EOM 130 fi 131 grep 'LOCK_AFTER_RETRIES' $dest > /dev/null 2>&1 132 if [ $? = 1 ] ; then 133 echo "${dest} updating entry for LOCK_AFTER_RETRIES," \ 134 "see pam_unix_auth(5) for details." \ 135 >> ${CLEANUP_FILE} 136 cat >> $dest <<EOM 137 # 138 # LOCK_AFTER_RETRIES specifies the default account locking policy for local 139 # user accounts (passwd(4)/shadow(4)). The default may be overridden by 140 # a user's user_attr(4) "lock_after_retries" value. 141 # YES enables local account locking, NO disables local account locking. 142 # The default value is NO. 143 # 144 #LOCK_AFTER_RETRIES=NO 145 EOM 146 fi 147 fi 148 done 149 150 exit 0 151
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.