3
# Berkeley Open Infrastructure for Network Computing
4
# http://boinc.berkeley.edu
5
# Copyright (C) 2006 University of California
7
# This is free software; you can redistribute it and/or
8
# modify it under the terms of the GNU Lesser General Public
9
# License as published by the Free Software Foundation;
10
# either version 2.1 of the License, or (at your option) any later version.
12
# This software is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15
# See the GNU Lesser General Public License for more details.
17
# To view the GNU Lesser General Public License visit
18
# http://www.gnu.org/copyleft/lesser.html
19
# or write to the Free Software Foundation, Inc.,
20
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22
# Make a BOINC installation "secure"
23
# Create groups and users, set file/dir ownership and protection
25
# Execute this as root in the BOINC directory
26
# You must have already run the installer script
27
# that creates the switcher/ and locale/ directories, and their contents
29
# In addition, you should add boinc_master and boinc_projects
30
# to the supplementary group list of users who will administer BOINC.
32
# usermod -G boinc_master,boinc_projects -a mary
36
groupadd boinc_projects
37
useradd boinc_master -g boinc_master
38
useradd boinc_projects -g boinc_projects
42
if [ `whoami` != 'root' ]
44
echo 'This script must be run as root'
49
# set_perm path user group perm
50
# set a file or directory to the given ownership/permissions
56
# same, but apply to all subdirs and files
58
set_perm_recursive() {
63
# same, but apply to items in the given dir
66
for file in $(ls "$1")
69
set_perm "${path}" $2 $3 $4
73
update_nested_dirs() {
74
chmod u+x,g+x,o+x "${1}"
76
for file in $(ls "$1")
78
if [ -d "${1}/${file}" ] ; then
79
update_nested_dirs "${1}/${file}"
86
# If the user forgets to cd to the boinc data directory, this script can do serious damage
87
# so show the directory we are about to modify
88
echo "Changing directory $(pwd) file ownership to user and group boinc_master - OK? (y/n)"
95
# if the booinc client is not here, assume it is the wrong directory
96
if [ ! -f "boinc_client" ]
98
echo "Can't find boinc_client in directory $(pwd); exiting"
104
set_perm_recursive . boinc_master boinc_master u+rw,g+rw,o+r-w
105
set_perm . boinc_master boinc_master 0775
106
if [ -f gui_rpc_auth.cfg ] ; then
107
set_perm gui_rpc_auth.cfg boinc_master boinc_master 0660
110
if [ -d projects ] ; then
111
set_perm_recursive projects boinc_master boinc_project u+rw,g+rw,o+r-w
112
set_perm projects boinc_master boinc_master 0775
113
update_nested_dirs projects
116
if [ -d slots ] ; then
117
set_perm_recursive slots boinc_master boinc_project u+rw,g+rw,o+r-w
118
set_perm slots boinc_master boinc_master 0775
119
update_nested_dirs slots
122
set_perm switcher/switcher boinc_project boinc_project 6551
123
set_perm switcher/setprojectgrp boinc_master boinc_project 2500
124
set_perm switcher boinc_master boinc_master 0550
126
set_perm_recursive locale boinc_master boinc_master u+r-w,g+r-w,o-rwx
128
set_perm boinc_client boinc_master boinc_master 6555
129
set_perm boinc_manager boinc_master boinc_master 2555