1*2810ac1bSKiyoung Kim#!/bin/sh 2*2810ac1bSKiyoung Kim# vim: tabstop=4 3*2810ac1bSKiyoung Kim# 4*2810ac1bSKiyoung Kim# author: chris friedhoff - [email protected] 5*2810ac1bSKiyoung Kim# version: pcaps4server 5 Tue Mar 11 2008 6*2810ac1bSKiyoung Kim# 7*2810ac1bSKiyoung Kim# 8*2810ac1bSKiyoung Kim# changelog: 9*2810ac1bSKiyoung Kim# 1 - initial release pcaps4convenience 10*2810ac1bSKiyoung Kim# 1 - 2007.02.15 - initial release 11*2810ac1bSKiyoung Kim# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; suppressed error of id 12*2810ac1bSKiyoung Kim# 3 - 2007.12.28 - changed to libcap2 package setcap/getcap 13*2810ac1bSKiyoung Kim# 4 - renamed to pcaps4server 14*2810ac1bSKiyoung Kim# removed suid0 and convenience files, 15*2810ac1bSKiyoung Kim# they are now in pcaps4suid0 resp. pcaps4convenience 16*2810ac1bSKiyoung Kim# 5 - changed 'attr -S -r' to 'setcap -r' and removed attr code 17*2810ac1bSKiyoung Kim# 18*2810ac1bSKiyoung Kim# 19*2810ac1bSKiyoung Kim########################################################################### 20*2810ac1bSKiyoung Kim# change the installation of different server to be able not to run as root 21*2810ac1bSKiyoung Kim# and have their own unpriviledged user. The binary has the needed POSIX 22*2810ac1bSKiyoung Kim# Capabilities. 23*2810ac1bSKiyoung Kim# to ensure that the server is really started as his respective user, we set 24*2810ac1bSKiyoung Kim# the suid bit (BUT NOT 0)! 25*2810ac1bSKiyoung Kim# paths are hard coded and derive from a slackware system 26*2810ac1bSKiyoung Kim# change it to your needs !! 27*2810ac1bSKiyoung Kim########################################################################### 28*2810ac1bSKiyoung Kim 29*2810ac1bSKiyoung Kim 30*2810ac1bSKiyoung Kim 31*2810ac1bSKiyoung KimVERBOSE="-v" 32*2810ac1bSKiyoung Kim#VERBOSE="" 33*2810ac1bSKiyoung KimAPPS="" 34*2810ac1bSKiyoung Kim 35*2810ac1bSKiyoung Kimmessage(){ 36*2810ac1bSKiyoung Kim printRedMessage "$1" 37*2810ac1bSKiyoung Kim} 38*2810ac1bSKiyoung Kim 39*2810ac1bSKiyoung KimprintRedMessage(){ 40*2810ac1bSKiyoung Kim # print message red and turn back to white 41*2810ac1bSKiyoung Kim echo -e "\n\033[00;31m $1 ...\033[00;00m\n" 42*2810ac1bSKiyoung Kim} 43*2810ac1bSKiyoung Kim 44*2810ac1bSKiyoung KimprintGreenMessage(){ 45*2810ac1bSKiyoung Kim # print message red and turn back to white 46*2810ac1bSKiyoung Kim echo -e "\033[00;32m $1 ...\033[00;00m\n" 47*2810ac1bSKiyoung Kim sleep 0.5 48*2810ac1bSKiyoung Kim} 49*2810ac1bSKiyoung Kim 50*2810ac1bSKiyoung KimcheckReturnCode(){ 51*2810ac1bSKiyoung Kim if [ "$?" != "0" ]; then 52*2810ac1bSKiyoung Kim printRedMessage "!! I'M HAVING A PROBLEM !! THE RETURNCODE IS NOT 0 !! I STOP HERE !!" 53*2810ac1bSKiyoung Kim exit 1 54*2810ac1bSKiyoung Kim else 55*2810ac1bSKiyoung Kim printGreenMessage ":-)" 56*2810ac1bSKiyoung Kim sleep 0.5 57*2810ac1bSKiyoung Kim fi 58*2810ac1bSKiyoung Kim} 59*2810ac1bSKiyoung Kim 60*2810ac1bSKiyoung Kim 61*2810ac1bSKiyoung Kim 62*2810ac1bSKiyoung Kimp4r_test(){ 63*2810ac1bSKiyoung Kim #for now, we work with root 64*2810ac1bSKiyoung Kim if [ "$( id -u )" != "0" ]; then 65*2810ac1bSKiyoung Kim echo "Sorry, you must be root !" 66*2810ac1bSKiyoung Kim exit 67*2810ac1bSKiyoung Kim fi 68*2810ac1bSKiyoung Kim} 69*2810ac1bSKiyoung Kim 70*2810ac1bSKiyoung Kim 71*2810ac1bSKiyoung Kim 72*2810ac1bSKiyoung Kim 73*2810ac1bSKiyoung Kim# apache 1.3 74*2810ac1bSKiyoung Kim######## 75*2810ac1bSKiyoung Kim#APPS="$APPS apache1" 76*2810ac1bSKiyoung Kimapache1_convert(){ 77*2810ac1bSKiyoung Kim message "converting apache1" 78*2810ac1bSKiyoung Kim if [ "$( id -g apache 2>/dev/null )" == "" ]; then 79*2810ac1bSKiyoung Kim groupadd -g 60 apache 80*2810ac1bSKiyoung Kim fi 81*2810ac1bSKiyoung Kim if [ "$( id -u apache 2>/dev/null )" == "" ]; then 82*2810ac1bSKiyoung Kim useradd -g apache -d / -u 600 apache 83*2810ac1bSKiyoung Kim fi 84*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 apache|; s|^\(Group\) .*|\1 apache|}" /etc/apache/httpd.conf 85*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /var/run/apache/ 86*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /etc/apache/ 87*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /var/log/apache/ 88*2810ac1bSKiyoung Kim chown $VERBOSE apache:apache /usr/sbin/httpd 89*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/httpd 90*2810ac1bSKiyoung Kim setcap cap_net_bind_service=ep /usr/sbin/httpd 91*2810ac1bSKiyoung Kim checkReturnCode 92*2810ac1bSKiyoung Kim} 93*2810ac1bSKiyoung Kimapache1_revert(){ 94*2810ac1bSKiyoung Kim message "reverting apache1" 95*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/run/apache/ 96*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /etc/apache/ 97*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/log/apache/ 98*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/httpd 99*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/httpd 100*2810ac1bSKiyoung Kim setcap -r /usr/sbin/httpd 101*2810ac1bSKiyoung Kim checkReturnCode 102*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 nobody|; s|^\(Group\).*|\1 nogroup|}" /etc/apache/httpd.conf 103*2810ac1bSKiyoung Kim userdel apache 104*2810ac1bSKiyoung Kim groupdel apache 105*2810ac1bSKiyoung Kim} 106*2810ac1bSKiyoung Kim 107*2810ac1bSKiyoung Kim 108*2810ac1bSKiyoung Kim# apache 2.x 109*2810ac1bSKiyoung Kim######## 110*2810ac1bSKiyoung KimAPPS="$APPS apache2" 111*2810ac1bSKiyoung Kimapache2_convert(){ 112*2810ac1bSKiyoung Kim message "converting apache2" 113*2810ac1bSKiyoung Kim if [ "$( id -g apache 2>/dev/null )" == "" ]; then 114*2810ac1bSKiyoung Kim groupadd -g 60 apache 115*2810ac1bSKiyoung Kim fi 116*2810ac1bSKiyoung Kim if [ "$( id -u apache 2>/dev/null )" == "" ]; then 117*2810ac1bSKiyoung Kim useradd -g apache -d / -u 600 apache 118*2810ac1bSKiyoung Kim fi 119*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 apache|; s|^\(Group\) .*|\1 apache|}" /etc/httpd/httpd.conf 120*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /var/run/httpd/ 121*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /etc/httpd/ 122*2810ac1bSKiyoung Kim chown $VERBOSE -R apache:apache /var/log/httpd/ 123*2810ac1bSKiyoung Kim chown $VERBOSE apache:apache /usr/sbin/httpd 124*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/httpd 125*2810ac1bSKiyoung Kim #setfcaps -c cap_net_bind_service=p -e /usr/sbin/httpd 126*2810ac1bSKiyoung Kim setcap cap_net_bind_service=ep /usr/sbin/httpd 127*2810ac1bSKiyoung Kim checkReturnCode 128*2810ac1bSKiyoung Kim} 129*2810ac1bSKiyoung Kimapache2_revert(){ 130*2810ac1bSKiyoung Kim message "reverting apache2" 131*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/run/httpd/ 132*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /etc/httpd/ 133*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/log/httpd/ 134*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/httpd 135*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/httpd 136*2810ac1bSKiyoung Kim setcap -r /usr/sbin/httpd 137*2810ac1bSKiyoung Kim checkReturnCode 138*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 nobody|; s|^\(Group\).*|\1 nogroup|}" /etc/httpd/httpd.conf 139*2810ac1bSKiyoung Kim userdel apache 140*2810ac1bSKiyoung Kim groupdel apache 141*2810ac1bSKiyoung Kim} 142*2810ac1bSKiyoung Kim 143*2810ac1bSKiyoung Kim 144*2810ac1bSKiyoung Kim# samba 145*2810ac1bSKiyoung Kim####### 146*2810ac1bSKiyoung KimAPPS="$APPS samba" 147*2810ac1bSKiyoung Kimsamba_convert(){ 148*2810ac1bSKiyoung Kim message "converting samba" 149*2810ac1bSKiyoung Kim if [ "$( id -g samba 2>/dev/null )" == "" ]; then 150*2810ac1bSKiyoung Kim groupadd -g 61 samba 151*2810ac1bSKiyoung Kim fi 152*2810ac1bSKiyoung Kim if [ "$( id -u samba 2>/dev/null )" == "" ]; then 153*2810ac1bSKiyoung Kim useradd -g samba -d / -u 610 samba 154*2810ac1bSKiyoung Kim fi 155*2810ac1bSKiyoung Kim chown $VERBOSE -R samba:samba /var/log/samba 156*2810ac1bSKiyoung Kim chown $VERBOSE -R samba:samba /etc/samba 157*2810ac1bSKiyoung Kim chown $VERBOSE -R samba:samba /var/run/samba 158*2810ac1bSKiyoung Kim chown $VERBOSE -R samba:samba /var/cache/samba 159*2810ac1bSKiyoung Kim chown $VERBOSE samba:samba /usr/sbin/smbd /usr/sbin/nmbd 160*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/smbd /usr/sbin/nmbd 161*2810ac1bSKiyoung Kim setcap cap_net_bind_service,cap_sys_resource,cap_dac_override=ep /usr/sbin/smbd 162*2810ac1bSKiyoung Kim checkReturnCode 163*2810ac1bSKiyoung Kim setcap cap_net_bind_service=ep /usr/sbin/nmbd 164*2810ac1bSKiyoung Kim checkReturnCode 165*2810ac1bSKiyoung Kim} 166*2810ac1bSKiyoung Kim 167*2810ac1bSKiyoung Kimsamba_revert(){ 168*2810ac1bSKiyoung Kim message "reverting samba" 169*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/log/samba 170*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /etc/samba 171*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/run/samba 172*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/cache/samba 173*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/smbd /usr/sbin/nmbd 174*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/smbd /usr/sbin/nmbd 175*2810ac1bSKiyoung Kim setcap -r /usr/sbin/smbd 176*2810ac1bSKiyoung Kim checkReturnCode 177*2810ac1bSKiyoung Kim setcap -r /usr/sbin/nmbd 178*2810ac1bSKiyoung Kim checkReturnCode 179*2810ac1bSKiyoung Kim userdel samba 180*2810ac1bSKiyoung Kim groupdel samba 181*2810ac1bSKiyoung Kim} 182*2810ac1bSKiyoung Kim 183*2810ac1bSKiyoung Kim 184*2810ac1bSKiyoung Kim# bind 185*2810ac1bSKiyoung Kim###### 186*2810ac1bSKiyoung KimAPPS="$APPS bind" 187*2810ac1bSKiyoung Kimbind_convert(){ 188*2810ac1bSKiyoung Kim message "converting bind" 189*2810ac1bSKiyoung Kim if [ "$( id -g bind 2>/dev/null )" == "" ]; then 190*2810ac1bSKiyoung Kim groupadd -g 62 bind 191*2810ac1bSKiyoung Kim fi 192*2810ac1bSKiyoung Kim if [ "$( id -u bind 2>/dev/null )" == "" ]; then 193*2810ac1bSKiyoung Kim useradd -g bind -d / -u 620 bind 194*2810ac1bSKiyoung Kim fi 195*2810ac1bSKiyoung Kim chown $VERBOSE -R bind:bind /var/run/named 196*2810ac1bSKiyoung Kim chown $VERBOSE -R bind:bind /var/named 197*2810ac1bSKiyoung Kim chown $VERBOSE bind:bind /etc/rndc.key 198*2810ac1bSKiyoung Kim chown $VERBOSE bind:bind /usr/sbin/named 199*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/named 200*2810ac1bSKiyoung Kim setcap cap_net_bind_service=ep /usr/sbin/named 201*2810ac1bSKiyoung Kim checkReturnCode 202*2810ac1bSKiyoung Kim} 203*2810ac1bSKiyoung Kimbind_revert(){ 204*2810ac1bSKiyoung Kim message "reverting bind" 205*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/run/named 206*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/named 207*2810ac1bSKiyoung Kim chown $VERBOSE root:root /etc/rndc.key 208*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/named 209*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/named 210*2810ac1bSKiyoung Kim setcap -r /usr/sbin/named 211*2810ac1bSKiyoung Kim checkReturnCode 212*2810ac1bSKiyoung Kim userdel bind 213*2810ac1bSKiyoung Kim groupdel bind 214*2810ac1bSKiyoung Kim} 215*2810ac1bSKiyoung Kim 216*2810ac1bSKiyoung Kim 217*2810ac1bSKiyoung Kim# dhcpd 218*2810ac1bSKiyoung Kim####### 219*2810ac1bSKiyoung KimAPPS="$APPS dhcpd" 220*2810ac1bSKiyoung Kimdhcpd_convert(){ 221*2810ac1bSKiyoung Kim message "converting dhcpd" 222*2810ac1bSKiyoung Kim if [ "$( id -g dhcpd 2>/dev/null )" == "" ]; then 223*2810ac1bSKiyoung Kim groupadd -g 63 dhcpd 224*2810ac1bSKiyoung Kim fi 225*2810ac1bSKiyoung Kim if [ "$( id -u dhcpd 2>/dev/null )" == "" ]; then 226*2810ac1bSKiyoung Kim useradd -g dhcpd -d / -u 630 dhcpd 227*2810ac1bSKiyoung Kim fi 228*2810ac1bSKiyoung Kim chown $VERBOSE dhcpd:dhcpd /var/run/dhcpd 229*2810ac1bSKiyoung Kim chown $VERBOSE dhcpd:dhcpd /etc/dhcpd.conf 230*2810ac1bSKiyoung Kim chown $VERBOSE -R dhcpd:dhcpd /var/state/dhcp/ 231*2810ac1bSKiyoung Kim chown $VERBOSE dhcpd:dhcpd /usr/sbin/dhcpd 232*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/dhcpd 233*2810ac1bSKiyoung Kim setcap cap_net_bind_service,cap_net_raw=ep /usr/sbin/dhcpd 234*2810ac1bSKiyoung Kim checkReturnCode 235*2810ac1bSKiyoung Kim} 236*2810ac1bSKiyoung Kimdhcpd_revert(){ 237*2810ac1bSKiyoung Kim message "reverting dhcpd" 238*2810ac1bSKiyoung Kim chown $VERBOSE root:root /var/run/dhcpd 239*2810ac1bSKiyoung Kim chown $VERBOSE root:root /etc/dhcpd.conf 240*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/state/dhcp/ 241*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/dhcpd 242*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/dhcpd 243*2810ac1bSKiyoung Kim setcap -r /usr/sbin/dhcpd 244*2810ac1bSKiyoung Kim checkReturnCode 245*2810ac1bSKiyoung Kim userdel dhcpd 246*2810ac1bSKiyoung Kim groupdel dhcpd 247*2810ac1bSKiyoung Kim} 248*2810ac1bSKiyoung Kim 249*2810ac1bSKiyoung Kim 250*2810ac1bSKiyoung Kim# cupsd 251*2810ac1bSKiyoung Kim####### 252*2810ac1bSKiyoung KimAPPS="$APPS cupsd" 253*2810ac1bSKiyoung Kimcupsd_convert(){ 254*2810ac1bSKiyoung Kim message "converting cupsd" 255*2810ac1bSKiyoung Kim if [ "$( id -g cupsd 2>/dev/null )" == "" ]; then 256*2810ac1bSKiyoung Kim groupadd -g 64 cupsd 257*2810ac1bSKiyoung Kim fi 258*2810ac1bSKiyoung Kim if [ "$( id -u cupsd 2>/dev/null )" == "" ]; then 259*2810ac1bSKiyoung Kim useradd -g cupsd -d / -u 640 cupsd 260*2810ac1bSKiyoung Kim fi 261*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 cupsd|; s|^\(Group\) .*|\1 cupsd|}" /etc/cups/cupsd.conf 262*2810ac1bSKiyoung Kim chown $VERBOSE -R cupsd:cupsd /etc/cups 263*2810ac1bSKiyoung Kim chown $VERBOSE -R cupsd:cupsd /var/cache/cups 264*2810ac1bSKiyoung Kim chown $VERBOSE -R cupsd:cupsd /var/log/cups 265*2810ac1bSKiyoung Kim chown $VERBOSE -R cupsd:cupsd /var/spool/cups 266*2810ac1bSKiyoung Kim chown $VERBOSE -R cupsd:cupsd /var/run/cups 267*2810ac1bSKiyoung Kim chown $VERBOSE cupsd:cupsd /usr/sbin/cupsd 268*2810ac1bSKiyoung Kim chmod $VERBOSE u+s /usr/sbin/cupsd 269*2810ac1bSKiyoung Kim setcap cap_net_bind_service,cap_dac_read_search=ep /usr/sbin/cupsd 270*2810ac1bSKiyoung Kim checkReturnCode 271*2810ac1bSKiyoung Kim} 272*2810ac1bSKiyoung Kimcupsd_revert(){ 273*2810ac1bSKiyoung Kim message "reverting cupsd" 274*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /etc/cups 275*2810ac1bSKiyoung Kim chown $VERBOSE -R root:lp /var/cache/cups 276*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/log/cups 277*2810ac1bSKiyoung Kim chown $VERBOSE -R root:root /var/spool/cups 278*2810ac1bSKiyoung Kim chown $VERBOSE root:lp /var/run/cups 279*2810ac1bSKiyoung Kim chown $VERBOSE lp:sys /var/run/cups/certs 280*2810ac1bSKiyoung Kim chmod $VERBOSE 750 /var/run/cups/certs 281*2810ac1bSKiyoung Kim chown $VERBOSE root:root /usr/sbin/cupsd 282*2810ac1bSKiyoung Kim chmod $VERBOSE u-s /usr/sbin/cupsd 283*2810ac1bSKiyoung Kim setcap -r /usr/sbin/cupsd 284*2810ac1bSKiyoung Kim checkReturnCode 285*2810ac1bSKiyoung Kim sed -i -e "{s|^\(User\).*|\1 lp|; s|^\(Group\) .*|\1 sys|}" /etc/cups/cupsd.conf 286*2810ac1bSKiyoung Kim userdel cupsd 287*2810ac1bSKiyoung Kim groupdel cupsd 288*2810ac1bSKiyoung Kim} 289*2810ac1bSKiyoung Kim 290*2810ac1bSKiyoung Kim 291*2810ac1bSKiyoung Kimusage_message(){ 292*2810ac1bSKiyoung Kim echo "Try 'pcaps4server help' for more information" 293*2810ac1bSKiyoung Kim} 294*2810ac1bSKiyoung Kim 295*2810ac1bSKiyoung Kim 296*2810ac1bSKiyoung Kimp4r_usage(){ 297*2810ac1bSKiyoung Kim echo 298*2810ac1bSKiyoung Kim echo "pcaps4server" 299*2810ac1bSKiyoung Kim echo 300*2810ac1bSKiyoung Kim echo "pcaps4server stores the needed POSIX Capabilities for server binaries to" 301*2810ac1bSKiyoung Kim echo "run successful into their Permitted and Effective Set." 302*2810ac1bSKiyoung Kim echo "The server are now able to run as an unpriviledged user." 303*2810ac1bSKiyoung Kim echo "For each server software an unpriviledged user is added the system." 304*2810ac1bSKiyoung Kim echo "The ownership of all the respective paths are changed to this user." 305*2810ac1bSKiyoung Kim echo "To ensure that the server is starting as this unpriviledgesd user, the" 306*2810ac1bSKiyoung Kim echo "suid bit (NOT 0) is set." 307*2810ac1bSKiyoung Kim echo "Effectively this means every user can start this server daemons (for now)." 308*2810ac1bSKiyoung Kim echo "All paths are hard coded!" 309*2810ac1bSKiyoung Kim echo "You have been warned. Enjoy!" 310*2810ac1bSKiyoung Kim echo 311*2810ac1bSKiyoung Kim echo "Your Filesystem has to support extended attributes and your kernel must have" 312*2810ac1bSKiyoung Kim echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." 313*2810ac1bSKiyoung Kim echo 314*2810ac1bSKiyoung Kim echo "Usage: pcaps4server [PROG] [con(vert)|rev(ert)|help]" 315*2810ac1bSKiyoung Kim echo 316*2810ac1bSKiyoung Kim echo " con|convert - from setuid0 to POSIX Capabilities" 317*2810ac1bSKiyoung Kim echo " rev|revert - from POSIX Capabilities back to setui0" 318*2810ac1bSKiyoung Kim echo " help - this help message" 319*2810ac1bSKiyoung Kim echo 320*2810ac1bSKiyoung Kim echo " PROG: $APPS" 321*2810ac1bSKiyoung Kim echo 322*2810ac1bSKiyoung Kim} 323*2810ac1bSKiyoung Kim 324*2810ac1bSKiyoung Kim 325*2810ac1bSKiyoung Kim 326*2810ac1bSKiyoung Kim 327*2810ac1bSKiyoung Kimcase "$1" in 328*2810ac1bSKiyoung Kim con|convert) 329*2810ac1bSKiyoung Kim p4r_test 330*2810ac1bSKiyoung Kim for j in $APPS; do 331*2810ac1bSKiyoung Kim ${j}_convert 332*2810ac1bSKiyoung Kim done 333*2810ac1bSKiyoung Kim exit 334*2810ac1bSKiyoung Kim ;; 335*2810ac1bSKiyoung Kim rev|renvert) 336*2810ac1bSKiyoung Kim p4r_test 337*2810ac1bSKiyoung Kim for j in $APPS; do 338*2810ac1bSKiyoung Kim ${j}_revert 339*2810ac1bSKiyoung Kim done 340*2810ac1bSKiyoung Kim exit 341*2810ac1bSKiyoung Kim ;; 342*2810ac1bSKiyoung Kim help) 343*2810ac1bSKiyoung Kim p4r_usage 344*2810ac1bSKiyoung Kim exit 345*2810ac1bSKiyoung Kim ;; 346*2810ac1bSKiyoung Kimesac 347*2810ac1bSKiyoung Kim 348*2810ac1bSKiyoung Kimfor i in ${APPS}; do 349*2810ac1bSKiyoung Kim if [ "$1" == "$i" ]; then 350*2810ac1bSKiyoung Kim case "$2" in 351*2810ac1bSKiyoung Kim con|convert) 352*2810ac1bSKiyoung Kim p4r_test 353*2810ac1bSKiyoung Kim ${i}_convert 354*2810ac1bSKiyoung Kim exit 355*2810ac1bSKiyoung Kim ;; 356*2810ac1bSKiyoung Kim rev|revert) 357*2810ac1bSKiyoung Kim p4r_test 358*2810ac1bSKiyoung Kim ${i}_revert 359*2810ac1bSKiyoung Kim exit 360*2810ac1bSKiyoung Kim ;; 361*2810ac1bSKiyoung Kim *) 362*2810ac1bSKiyoung Kim usage_message 363*2810ac1bSKiyoung Kim exit 1 364*2810ac1bSKiyoung Kim ;; 365*2810ac1bSKiyoung Kim esac 366*2810ac1bSKiyoung Kim fi 367*2810ac1bSKiyoung Kimdone 368*2810ac1bSKiyoung Kim 369*2810ac1bSKiyoung Kimusage_message 370