Versions Compared

Old Version 7

changes.mady.by.user Anthony Burow

Saved on

compared with

New Version 8

changes.mady.by.user Anthony Burow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# stop services while we make this change:
sudo /usr/local/omk/bin/checkomkdaemons.sh stop;
sudo systemctl stop nmis9d;

# Add approved users, such as nmis, to omkadmin group as needed:
# Do this and validate outside of script
# sudo usermod -a -G omkadmin nmis;


# START of VM changes
# this directory exists on the OMK NMIS9 VM:
OMK_DIR=/data/omk

# Set OMK directory structure writable by group:
sudo chown -R omkadmin:omkadmin "${OMK_DIR:-FAIL_HERE}";
sudo find "${OMK_DIR:-FAIL_HERE}" -type d -exec chmod 0770 '{}' \;;

# Set user and group able to write files:
sudo find "${OMK_DIR:-FAIL_HERE}" -type f -exec chmod 0660 '{}' \;;

# Set scripts executable by user and group:
# This command is purely precautionary: this directory is not likely to exist
sudo find "${OMK_DIR:-FAIL_HERE}/script" -type f -exec chmod 0770 '{}' \;;

# This command is purely precautionary: this directory is not likely to exist
sudo find "${OMK_DIR:-FAIL_HERE}/}/bin" -type f -exec chmod 0770 '{}' \;;

# END of VM Changes


# START of standard installer changes
OMK_DIR=/usr/local/omk

# These command are exactly as for /data/omk:
#echo Set OMK directory structure writable by group:
sudo chown -R omkadmin:omkadmin "${OMK_DIR:-FAIL_HERE}";
sudo find "${OMK_DIR:-FAIL_HERE}" -type d -exec chmod 0770 '{}' \;;

#echo Set user and group able to write files:
sudo find "${OMK_DIR:-FAIL_HERE}" -type f -exec chmod 0660 '{}' \;;

#echo Set scripts executable by user and group:
# This command should succeed: this directory is likely to exist
sudo find "${OMK_DIR:-FAIL_HERE}/script" -type f -exec chmod 0770 '{} \;;

' \;;

echo Set scripts executable by user and group:
# This command should succeed: this directory is likely to exist
sudo find "${OMK_DIR:-FAIL_HERE}/bin" -type f -exec chmod 0770 '{}' \;;

# END of standard installer changes

# The following commands should be executed after any of the the above commands
# to ensure PAR directory structure is re-created with PAR's own permissions set:
#echo Set sticky bit on $PAR_GLOBAL_TMPDIR directory and only executable by root.
# This is a more secure implementation of the linux /tmp/ directory implementation which also uses
# sticky bit, but with chmod 1777:
sudo chmod 1700 "${PAR_GLOBAL_TMPDIR:-FAIL_HERE}";

#echo Delete existing PAR subdirectories as we may have set incorrect permissions on this directory
# structure when executing the previous commands.
# The PAR subdirectories are re-created automatically by PAR upon being deleted (at execution of any PAR
# script exe by that user):
sudo rm -rfRf "${PAR_GLOBAL_TMPDIR:-FAIL_HERE}"/*;}/par-*"
sudo rm -Rf "/tmp/par-*"


Info

A good check that PAR is working as envisaged is when a normal user can execute OMK PAR exe scripts (other than those scripts that explicitly require execution by sudo with elevated permissions) and when there aren't any directories found of pattern /tmp/par-*/. (Assuming that environment variable "$PAR_GLOBAL_TMPDIR" points to an existing and user accessible directory).

...