update-devtable.py 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839
  1. #!/usr/bin/env python3
  2. import os
  3. from pathlib import Path
  4. def getPaths(base):
  5. out = []
  6. for root, dirs, files in os.walk(base):
  7. for i in dirs:
  8. out.append(os.path.join(root,i))
  9. for i in files:
  10. out.append(os.path.join(root,i))
  11. return out
  12. with open('util/devtable','w') as devtable:
  13. # Set sudo apps to setuid, executable, no write
  14. devtable.write('/bin/gsudo f 4555 0 0 - - - - -\n')
  15. devtable.write('/bin/sudo f 4555 0 0 - - - - -\n')
  16. # Set master.passwd to not be visible except by root
  17. devtable.write('/etc/master.passwd f 600 0 0 - - - - -\n') # /etc/master.passwd should be restricted
  18. devtable.write('/etc/sudoers f 600 0 0 - - - - -\n')
  19. # Copy permissions and set ownership for user files
  20. for user_details in [('local',1000)]:
  21. user, uid = user_details
  22. devtable.write('/home/{user} d 755 {uid} {uid} - - - - -\n'.format(user=user,uid=uid))
  23. for path in getPaths('./base/home/{user}'.format(user=user)):
  24. p = Path(path)
  25. path_mod = path.replace('./base','').rstrip('/')
  26. path_type = 's' if p.is_symlink() else ('d' if p.is_dir() else 'f')
  27. st = os.stat(path)
  28. mode = '{:o}'.format(st.st_mode & 0o7777)
  29. devtable.write('{path_mod} {path_type} {mode} {uid} {uid} - - - - -\n'.format(path_mod=path_mod,path_type=path_type,mode=mode,uid=uid))
  30. # Special case /tmp to allow all users to write
  31. devtable.write('/tmp d 777 0 0 - - - - -\n')
  32. devtable.write('/var d 755 0 0 - - - - -\n')