Commit 1f851531 authored by David Johnson's avatar David Johnson

Can't check for uid running vnodesetup in plab the old way anymore, since

our slice prefixes could be anything.  Thus, have to ensure non-root group
users can't overwrite /etc/slicename, and grab the slicename (also the
name of the user we allow to run vnodesetup, if not real root).  Ugh.
parent 789823b2
......@@ -94,8 +94,9 @@ if ($UID) {
die("*** $0:\n".
" $UID is not in the password file!\n");
if ($pwname ne "emulabman" && !($pwname =~ /emulab_[-\@\w]*/) &&
!($pwname =~ /utah_[-\@\w]*/)) {
$slicename = `cat /etc/slicename`;
chomp($slicename);
if ($pwname ne "emulabman" && $pwname ne $slicename) {
die("*** $0:\n".
" You do not have permission to run this script!\n");
}
......
......@@ -34,4 +34,8 @@ EOF
su -c "install -c -m 440 $TMPSUDOERS /etc/sudoers"
# hack to ensure non-root users can't overwrite /etc/slicename
# XXX: shouldn't go here, but it's easy!
su -c "chmod 664 /etc/slicename"
exit $?
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment