Index of /tcl/ftparchive/sorted/file/groupie-1.1
Name Last modified Size Description
![[DIR]](http://www.neosoft.com/icons/back.gif)
Parent Directory 29-Jan-99 12:28 -
![[ ]](http://www.neosoft.com/icons/hand.right.gif)
README 06-Dec-94 10:54 10k
![[CMP]](http://www.neosoft.com/icons/compressed.gif)
groupie-1.1.tar.gz 09-Dec-94 03:11 18k
# groupie - Version 1.1
#
# Overview
# This program provides a handy dandy front-end for group-based
# permission schemes. By setting the permission bits on "important"
# executables to 750 (-rwxr-x---), and setting the group ownership to
# a reasonable groupname... it becomes possible to control access to
# important programs by controlling which users are allowed into which
# groups. This program helps manage the users and groups.
#
# Not all groups need to be managed by groupie. The original intention for
# this program was to limit access to licensed and potentially sensitive
# software (e.g. database query software, etc.) Note that the group-id
# assigned via the passwd file cannot be revoked or changed by groupie.
#
# When users are granted (or revoked) access to new groups, the changes
# become effective for their NEXT login session. Active login sessions
# will not be affected by changes in the group file (from a permissions
# perspective.)
#
# Groupie can be used to make modifications directly to the /etc/group
# file, or to a group file located elsewhere - if you're concerned about
# having a program named "groupie" massage your /etc/group. Groupie does
# not make any provisions for NIS/YP. Groupie users will have to perform
# the appropriate yppush or "/var/yp/make group" commands manually.
#
# If group ownership and permissions are set properly, you'll no longer
# have to go shoot the weenie who checked out all your Framemaker licenses
# when he shouldn't even have access to Framemaker. The janitor won't be
# able to fiddle with his stock portfolio using Lotus and Sybase, either.
#
# Groupie is written in Tcl/Tk. Version 7.3 of Tcl and version 3.6 of Tk
# are the current releases... get them if you don't already have them.
# The best site for Tcl/Tk stuff is harbor.ecn.purdue.edu, in /pub/tcl.
# No Tcl extensions are required for groupie, and as far as I can tell,
# there are no conflicts between any Tcl extensions (TclX, blt, itcl, etc.)
# and groupie. Please let me know if you find any.
#
# Tcl/Tk was written by John Ousterhout while at UC/Berkeley. If you don't
# know Tcl, then buy his book, read his book. Do not pass GO, do not
# collect $200 until you are done with his book. The title is "Tcl and
# the Tk Toolkit" and it was published by Addison-Wesley. It is as good
# as an O'Reilly book.
#
# Functional Overview
# This is a simple program. If you're getting confused, it's not because
# it's complicated... it's because my explanation stinks! Please send me
# a note pointing out the confusion so that I can save the next person
# from suffering through my lousy explanation.
#
# There are two cross-reference files that determine which users belong to
# which groups.
#
# The first file, function2group, maps job functions to UNIX group names.
# For example, a "stocktrader" job function needs access to sybase,
# lotus, reuters, and marketvision. A "programmer" job function needs
# access to compiler and guibuilder. A "secretary" needs frame and fax.
#
# The second file, users2group, maps users to their job functions. Users
# may have more than one function. User "jones" has both "stocktrader"
# and "backoffice" responsibilities, so he is allowed into the union of
# groups defined by "stocktrader" and "backoffice."
#
# The file $HOME/.groupie, if it exists, is used to hold the location of the
# configuration files used by groupie. Absolute pathnames are highly
# recommended when defining these files. If $HOME/.groupie does not exist,
# then an information-gathering screen will pop up and force the user to
# enter the pathnames of the configuration files.
#
# The groupie program reads these two files and it displays the users and the
# groups that they are allowed into. The program then looks for a file
# containing custom changes. This "custom changes" file is used to permit
# or deny access to particular groups in spite of what the two cross-
# reference files contain. The custom changes file merely contains a bunch
# of commands that invoke user checkbuttons. Custom changes are immediately
# obvious on the main screen since the foreground color of the corresponding
# button is changed to orange.
#
# Groupie permits modifications to the function2group and user2function
# files. There are buttons on the main screen to bring up a modification
# screen. There are two other buttons on the main screen: one is to erase
# all the custom changes (i.e. users' permissions are based solely on the
# cross-reference files), and the other is to save the current state of the
# main window to the group file. The group file can be either /etc/group
# (i.e. the real thing) or a copy of it (i.e. like the one I provided in the
# SampleFiles directory.)
#
# Usage
# It doesn't get any simpler than this... the command is "groupie" with no
# command line arguments.
#
# Installation
# 1) Install Tcl/Tk if you don't already have it.
# 2) Make sure that groupie has execute permission (chmod +x groupie.)
# 3) Make sure that the first line of groupie points to the "wish"
# executable.
# 4) enter the command "./groupie"
# 5) If you still have the "SampleFiles" directory supplied with the
# groupie distribution, then you can try out the sample files.
# 6) If you are not using the real /etc/group file, then you will have
# to manually move your group file to /etc/group after you save your
# changes.
# 7) Edit your group (whether /etc/group or whatever) to include group
# names that refer to the software packages you want to control.
# The SampleFiles directory gives some reasonable examples.
# 8) Groupie does not do yppush, so if you run NIS, then you have to
# yppush (i.e. "/var/yp/make group") manually.
# 9) Groupie is intended for system administrators, but it is possible
# to create a new group that has permission to modify the config
# files (including /etc/group) and permission to run groupie if it
# makes sense for your permission-control to be performed by a non-
# privileged user.
#
# Limitations
# 1) Refer to items 6 and 7 in the Installation section above.
# 2) Groupie will never modify permissions or ownership of any files.
# 3) Groupie does not create new groups in the group file. It merely
# adds usernames to the existing groups.
# 4) There is no history file or mechanism to track changes.
# 5) There is no nifty front-end to see which files are executable by
# which group. I thought of two ways to do this, but I'm not too
# excited about either one:
# a) using "find", but it won't work in a network environment
# and it would kill disk performance whenever it ran
# b) using another configuration file... but that's just
# another headache to keep track of
# My hope is that your group names make it clear exactly which files
# are accessible by each group.
# 6) If you are running an old version of NFS (i.e. before 4.0), then
# users are limited to a maximum of 8 groups. Newer NFS implementations
# support 16 groups. If you get "NFS getattr failed/RPC Authentication"
# errors, then you may be over the limit.
# 7) Group entries are limited to 1024 characters if you run NIS.
#
# History
# 10/06/94 Originally designed and cranked out by Peter Grina while his
# family was traipsing around in sunny Italy.
# 10/27/94 Version 1.0 released
# 11/08/94 Version 1.1 - catch error if the initial touch command fails on
# a configuration file. Added some more pearls of wisdom to this
# fascinating documentation section.
#
# Support and Bug Fixes
# This version of groupie is distributed as free software. Support will
# be provided via EMAIL (consult@grina.com, or grina@cnj.digex.net) on a
# whenever-I-have-time basis. I plan to provide bug fixes (at the very
# minimum) for this program.
#
# Please contact me if you need a guaranteed support contract, if you need
# custom modifications, etc.
#
# Peter A. Grina - Consulting
# 456 South Horizon Way
# Neshanic Station, NJ 08853
#
# email: consult@grina.com
# -or- grina@cnj.digex.net
# fax, answering machine: (908) 369-6852
#
# Once again, PLEASE USE EMAIL FOR SUPPORT QUESTIONS AND BUG REPORTS (unless
# you have a support contract.)
#
# Copyright Notices
# The groupie distribution is covered by the following copyright:
# Copyright(c) 1994, Peter A. Grina. All rights reserved.
#
# The permission to use and the disclaimer for groupie are the same
# as those for Tcl/Tk, but substitute "Peter A. Grina" in place of
# "University of California," and take note that I don't have any Regents.
#
# The Tcl/Tk distribution is covered by the following copyright:
# Copyright (c) 1991-1993 The Regents of the University of California.
# All rights reserved.
#
# Permission is hereby granted, without written agreement and without
# license or royalty fees, to use, copy, modify, and distribute this
# software and its documentation for any purpose, provided that the
# above copyright notice and the following two paragraphs appear in
# all copies of this software.
#
# IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
# DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
# OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE
# UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
# DAMAGE.
#
# THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
# ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATION
# TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
#
#EOF (end of fluff)