Index of /tcl/ftparchive/sorted/packages-7.6/file/groupie-1.1

      Name                   Last modified     Size  Description

[DIR] Parent Directory 29-Jan-99 12:28 - [   ] README 06-Dec-94 10:54 10k [CMP] groupie-1.1.tar.gz 09-Dec-94 03:11 18k

#			groupie - Version 1.1
#
# Overview
#    This program provides a handy dandy front-end for group-based
#    permission schemes.  By setting the permission bits on "important" 
#    executables to 750 (-rwxr-x---), and setting the group ownership to 
#    a reasonable groupname... it becomes possible to control access to 
#    important programs by controlling which users are allowed into which
#    groups.  This program helps manage the users and groups.
#
#    Not all groups need to be managed by groupie.  The original intention for
#    this program was to limit access to licensed and potentially sensitive
#    software (e.g.  database query software, etc.)  Note that the group-id
#    assigned via the passwd file cannot be revoked or changed by groupie.
#
#    When users are granted (or revoked) access to new groups, the changes
#    become effective for their NEXT login session.  Active login sessions
#    will not be affected by changes in the group file (from a permissions
#    perspective.) 
#
#    Groupie can be used to make modifications directly to the /etc/group
#    file, or to a group file located elsewhere - if you're concerned about
#    having a program named "groupie" massage your /etc/group.  Groupie does
#    not make any provisions for NIS/YP.  Groupie users will have to perform
#    the appropriate yppush or "/var/yp/make group" commands manually.
#
#    If group ownership and permissions are set properly, you'll no longer
#    have to go shoot the weenie who checked out all your Framemaker licenses 
#    when he shouldn't even have access to Framemaker.  The janitor won't be 
#    able to fiddle with his stock portfolio using Lotus and Sybase, either.
#
#    Groupie is written in Tcl/Tk.  Version 7.3 of Tcl and version 3.6 of Tk
#    are the current releases... get them if you don't already have them.
#    The best site for Tcl/Tk stuff is harbor.ecn.purdue.edu, in /pub/tcl.
#    No Tcl extensions are required for groupie, and as far as I can tell,
#    there are no conflicts between any Tcl extensions (TclX, blt, itcl, etc.)
#    and groupie.  Please let me know if you find any.
#
#    Tcl/Tk was written by John Ousterhout while at UC/Berkeley.  If you don't
#    know Tcl, then buy his book, read his book.  Do not pass GO, do not
#    collect $200 until you are done with his book.  The title is "Tcl and
#    the Tk Toolkit" and it was published by Addison-Wesley.  It is as good
#    as an O'Reilly book.
#
# Functional Overview
#    This is a simple program.  If you're getting confused, it's not because
#    it's complicated... it's because my explanation stinks!  Please send me
#    a note pointing out the confusion so that I can save the next person 
#    from suffering through my lousy explanation.
#
#    There are two cross-reference files that determine which users belong to
#    which groups.
#
#      The first file, function2group, maps job functions to UNIX group names. 
#      For example, a "stocktrader" job function needs access to sybase, 
#      lotus, reuters, and marketvision.  A "programmer" job function needs 
#      access to compiler and guibuilder.  A "secretary" needs frame and fax.
#
#      The second file, users2group, maps users to their job functions.  Users
#      may have more than one function.  User "jones" has both "stocktrader" 
#      and "backoffice" responsibilities, so he is allowed into the union of 
#      groups defined by "stocktrader" and "backoffice."
#
#   The file $HOME/.groupie, if it exists, is used to hold the location of the
#   configuration files used by groupie.  Absolute pathnames are highly
#   recommended when defining these files.  If $HOME/.groupie does not exist,
#   then an information-gathering screen will pop up and force the user to
#   enter the pathnames of the configuration files.
#
#   The groupie program reads these two files and it displays the users and the
#   groups that they are allowed into.  The program then looks for a file 
#   containing custom changes.  This "custom changes" file is used to permit 
#   or deny access to particular groups in spite of what the two cross-
#   reference files contain. The custom changes file merely contains a bunch 
#   of commands that invoke user checkbuttons.  Custom changes are immediately
#   obvious on the main screen since the foreground color of the corresponding
#   button is changed to orange.  
#
#   Groupie permits modifications to the function2group and user2function 
#   files.  There are buttons on the main screen to bring up a modification 
#   screen.  There are two other buttons on the main screen:  one is to erase
#   all the custom changes (i.e. users' permissions are based solely on the 
#   cross-reference files), and the other is to save the current state of the 
#   main window to the group file.  The group file can be either /etc/group 
#   (i.e. the real thing) or a copy of it (i.e. like the one I provided in the
#   SampleFiles directory.)
#
# Usage
#   It doesn't get any simpler than this... the command is "groupie" with no
#   command line arguments.
#
# Installation
#    1)  Install Tcl/Tk if you don't already have it.
#    2)  Make sure that groupie has execute permission (chmod +x groupie.)
#    3)  Make sure that the first line of groupie points to the "wish"
#        executable.
#    4)  enter the command "./groupie"
#    5)  If you still have the "SampleFiles" directory supplied with the
#        groupie distribution, then you can try out the sample files.
#    6)  If you are not using the real /etc/group file, then you will have
#        to manually move your group file to /etc/group after you save your
#        changes.
#    7)  Edit your group (whether /etc/group or whatever) to include group
#        names that refer to the software packages you want to control.
#        The SampleFiles directory gives some reasonable examples.
#    8)  Groupie does not do yppush, so if you run NIS, then you have to 
#        yppush (i.e. "/var/yp/make group") manually.  
#    9)  Groupie is intended for system administrators, but it is possible
#        to create a new group that has permission to modify the config
#        files (including /etc/group) and permission to run groupie if it
#        makes sense for your permission-control to be performed by a non-
#        privileged user.
#          
# Limitations
#    1)  Refer to items 6 and 7 in the Installation section above.
#    2)  Groupie will never modify permissions or ownership of any files.
#    3)  Groupie does not create new groups in the group file.  It merely
#        adds usernames to the existing groups.
#    4)  There is no history file or mechanism to track changes.
#    5)  There is no nifty front-end to see which files are executable by
#        which group.  I thought of two ways to do this, but I'm not too
#        excited about either one: 
#              a)  using "find", but it won't work in a network environment
#                  and it would kill disk performance whenever it ran
#              b)  using another configuration file... but that's just 
#                  another headache to keep track of
#        My hope is that your group names make it clear exactly which files 
#        are accessible by each group.
#    6)  If you are running an old version of NFS (i.e. before 4.0), then
#        users are limited to a maximum of 8 groups.  Newer NFS implementations
#        support 16 groups.  If you get "NFS getattr failed/RPC Authentication"
#        errors, then you may be over the limit.
#    7)  Group entries are limited to 1024 characters if you run NIS.
#
# History
#    10/06/94  Originally designed and cranked out by Peter Grina while his
#              family was traipsing around in sunny Italy.
#    10/27/94  Version 1.0 released
#    11/08/94  Version 1.1 - catch error if the initial touch command fails on
#              a configuration file.  Added some more pearls of wisdom to this
#              fascinating documentation section.
#
# Support and Bug Fixes
#    This version of groupie is distributed as free software.  Support will
#    be provided via EMAIL (consult@grina.com, or grina@cnj.digex.net) on a
#    whenever-I-have-time basis.  I plan to provide bug fixes (at the very
#    minimum) for this program.
#
#    Please contact me if you need a guaranteed support contract, if you need
#    custom modifications, etc.
#                     
#                     Peter A. Grina - Consulting
#                     456 South Horizon Way
#                     Neshanic Station, NJ  08853
#
#                     email:  consult@grina.com
#                             -or-  grina@cnj.digex.net
#                     fax, answering machine:  (908) 369-6852
#
#    Once again, PLEASE USE EMAIL FOR SUPPORT QUESTIONS AND BUG REPORTS (unless
#    you have a support contract.)
#
# Copyright Notices
#  The groupie distribution is covered by the following copyright:
#     Copyright(c) 1994, Peter A. Grina.  All rights reserved.
#
#     The permission to use and the disclaimer for groupie are the same
#     as those for Tcl/Tk, but substitute "Peter A. Grina" in place of
#     "University of California," and take note that I don't have any Regents.
#
#  The Tcl/Tk distribution is covered by the following copyright:
#     Copyright (c) 1991-1993 The Regents of the University of California.
#     All rights reserved.
#
#     Permission is hereby granted, without written agreement and without
#     license or royalty fees, to use, copy, modify, and distribute this
#     software and its documentation for any purpose, provided that the
#     above copyright notice and the following two paragraphs appear in
#     all copies of this software.
# 
#     IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
#     DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
#     OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE 
#     UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 
#     DAMAGE.
# 
#     THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
#     INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
#     AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
#     ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATION
#     TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
# 
#EOF (end of fluff)