2018-07-18 07:03:13 +03:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
import os
|
|
|
|
from pathlib import Path
|
|
|
|
|
2018-10-02 10:21:42 +03:00
|
|
|
def getPaths(base):
|
|
|
|
out = []
|
|
|
|
for root, dirs, files in os.walk(base):
|
|
|
|
for i in dirs:
|
|
|
|
out.append(os.path.join(root,i))
|
|
|
|
for i in files:
|
|
|
|
out.append(os.path.join(root,i))
|
|
|
|
return out
|
|
|
|
|
2018-07-18 07:03:13 +03:00
|
|
|
with open('util/devtable','w') as devtable:
|
2018-07-19 08:09:49 +03:00
|
|
|
|
|
|
|
# Set sudo apps to setuid, executable, no write
|
|
|
|
devtable.write('/bin/gsudo f 4555 0 0 - - - - -\n')
|
|
|
|
devtable.write('/bin/sudo f 4555 0 0 - - - - -\n')
|
|
|
|
|
|
|
|
# Set master.passwd to not be visible except by root
|
2018-07-18 07:03:13 +03:00
|
|
|
devtable.write('/etc/master.passwd f 600 0 0 - - - - -\n') # /etc/master.passwd should be restricted
|
2018-10-31 04:28:41 +03:00
|
|
|
devtable.write('/etc/sudoers f 600 0 0 - - - - -\n')
|
2018-07-18 07:03:13 +03:00
|
|
|
|
2018-07-19 08:09:49 +03:00
|
|
|
# Copy permissions and set ownership for user files
|
2018-07-18 07:03:13 +03:00
|
|
|
for user_details in [('local',1000)]:
|
|
|
|
user, uid = user_details
|
2018-10-10 04:09:49 +03:00
|
|
|
devtable.write('/home/{user} d 755 {uid} {uid} - - - - -\n'.format(user=user,uid=uid))
|
2018-10-02 10:21:42 +03:00
|
|
|
for path in getPaths('./base/home/{user}'.format(user=user)):
|
2018-07-18 07:03:13 +03:00
|
|
|
p = Path(path)
|
2018-07-19 08:09:49 +03:00
|
|
|
path_mod = path.replace('./base','').rstrip('/')
|
2018-11-19 15:03:14 +03:00
|
|
|
path_type = 's' if p.is_symlink() else ('d' if p.is_dir() else 'f')
|
2018-07-18 07:03:13 +03:00
|
|
|
st = os.stat(path)
|
|
|
|
mode = '{:o}'.format(st.st_mode & 0o7777)
|
2018-07-19 03:38:20 +03:00
|
|
|
devtable.write('{path_mod} {path_type} {mode} {uid} {uid} - - - - -\n'.format(path_mod=path_mod,path_type=path_type,mode=mode,uid=uid))
|
2018-07-18 07:03:13 +03:00
|
|
|
|
2018-07-19 08:09:49 +03:00
|
|
|
# Special case /tmp to allow all users to write
|
|
|
|
devtable.write('/tmp d 777 0 0 - - - - -\n')
|
2018-10-31 04:51:08 +03:00
|
|
|
devtable.write('/var d 755 0 0 - - - - -\n')
|
2018-07-19 08:09:49 +03:00
|
|
|
|