1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
Source: trustees
Section: misc
Priority: extra
Maintainer: Piotr Roszatycki <dexter@debian.org>
Standards-Version: 3.5.6
Upstream-Source: <URL:http://trustees.sourceforge.net/download/>
Home-Page: <URL:http://trustees.sourceforge.net/>
Description: advanced permission management system for Linux
Packaged-For: Debian
Copyright: GPL
(c) 1999-2000 Vyacheslav Zavadsky
Patches: *.diff
Major-Changes:
[001] Quiet mode, removes "using syscall no 0" message.
Build: sh
mkdir build-tree
cd build-tree
mkdir linux
( cd linux; cat $(echo ../../*patch | tail -n 1) | patch -f )
CC=gcc
CFLAGS="-O2 -Wall -I."
if [ "${DEB_BUILD_OPTIONS#*debug}" != "$DEB_BUILD_OPTIONS" ]; then
CFLAGS="$CFLAGS -g"
fi
$CC $CFLAGS -o settrustee ../set-trustee.c
Clean: sh
rm -rf build-tree || true
Package: trustees
Architecture: any
Pre-Depends: ${debconf:trustees:Depends}
Description: Advanced permission management system for Linux.
The main goal of Linux trustees project is to create an advanced permission
management system for linux. In fact, UNIX permission system is not suitable
for solution of very common tasks.
.
E.g., let a system administrator wants to create a directory that available
for some groups in write mode, for another groups - in read only. The files
in the directory and subdirectories should inherits the parent's behavior,
unless other is stated explicitly. Using standard UNIX (and Linux) security
model it is generally speaking impossible to implement the situation when
different groups have read/write and read/only permissions. This issue can be
resolved by ext2-fs ACL project, but the problem is that nobody wants to copy
mask or ACLs from parent directory to subdirectories either by hands or using
special scripts.
.
Using the trustees, you can resolve this problems just typing
[/device]/path:+group1:REBX
.
The solution proposed is mainly inspired by Novell Netware approach and Java
security API.
.
Special objects (called trustees) can be bounded to every file or directory.
Trustee object means that access to file or directory or directory with
subdirectories is granted (or denied) to certain user or group (or all except
user or group).
.
This package provides settrustee utility, which enables new privileges from
trustee.conf.
Install: sh
yada install -bin build-tree/settrustee -into /sbin
yada install -conffile debian/trustee.conf -as trustee.conf.dist
yada install -doc README
yada install -doc *-patch debian/patches/*-patch
yada install -man debian/settrustee.8
yada dpkg-shlibdeps
Templates:
Template: trustees/upgrade
Type: boolean
Default: true
Description: Do you want to upgrade the package?
New trustees package requires new kernel patch. It is available in
/usr/share/doc/trustees directory.
.
If you say 'no', this will stop upgrade process of this package.
Description-de: Paket aktualisieren?
Ein neues trustees-Paket macht einen neuen Kernel-Patch notwendig.
Er ist im Verzeichnis /usr/share/doc/trustees verf=FCgbar.
.
Wenn Sie jetzt mit 'no' antworten, dann wird die Aktualisierung
des Paketes abgebrochen.
Description-pl: Czy zaktualizowa ten pakiet?
Nowa wersja trustees wymaga nowej aty na kernel. ata jest dostpna
w katalogu /usr/share/doc/trustees.
.
Jeli wybierzesz 'nie', zatrzyma to proces aktualizacji tego pakietu.
Config: sh
if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl "2.8"; then
db_input medium trustees/upgrade || true
db_go
db_stop
fi
Preinst: sh
. /usr/share/debconf/confmodule
db_version 2.0 || [ $? -lt 30 ]
.
if [ "$1" = "upgrade" ]; then
if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl "2.8"; then
RET=""
db_get trustees/upgrade || true
if [ "$RET" = "false" ]; then
upgrade="yes"
fi
db_reset trustees/upgrade || true
db_stop
if [ "$upgrade" = "yes" ]; then
exit 1
fi
fi
fi
Postinst: sh
if [ "$1" = "configure" ]; then
if [ ! -f /etc/trustee.conf -a -f /etc/trustee.conf.dist ]; then
cat /etc/trustee.conf.dist > /etc/trustee.conf
fi
fi
Postrm: sh
if [ "$1" = "purge" ]; then
rm -f /etc/trustee.conf || true
fi
Init: sh
start 10 2 3 4 5 .
.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=settrustee
DESC="Linux Trustees (ACL)"
.
test -x /sbin/settrustee || exit 0
test -r /etc/trustee.conf || exit 0
test -f /proc/trustee/syscall || exit 0
.
set -e
.
case "$1" in
start)
echo -n "Starting $DESC: "
/sbin/settrustee -d
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
/sbin/settrustee -D
echo "$NAME."
;;
reload|force-reload)
echo "Reloading $DESC configuration files."
/sbin/settrustee -d
;;
restart)
echo -n "Restarting $DESC: "
/sbin/settrustee -D
sleep 1
/sbin/settrustee -d
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
|
