#!/bin/bash
#
# RC sample administration - grant General Users no write access outside
# /home tree.
#
#
# Redo security check
#if test "`attr_get_file_dir DIR /home rc_type_fd`" != "65"
#then echo "/home already has a rc_type_fd set, exiting!" ; exit
#fi
HOMEAREATYPE=`rc_get_item list_used_fd_types | grep 'Home_Area' | cut -f 1 -d ' '`
if test -z $HOMEAREATYPE
then HOMEAREATYPE=`rc_get_item list_unused_fd_type_nr | head -n 1`
else
echo Redoing settings for \"Home Area\" type $HOMEAREATYPE
fi
#
GENERALTYPE=0
GENERALUSERROLE=0
ROLEADMINROLE=1
SYSADMINROLE=2
#
echo ""
echo Create new type \"Home Area\"
rc_set_item TYPE $HOMEAREATYPE type_fd_name "Home Area"
#
echo ""
echo Give \"Role Admin\" read rights to HOMEAREATYPE $HOMEAREATYPE
rc_set_item ROLE $ROLEADMINROLE type_comp_fd $HOMEAREATYPE R 1
#
echo ""
echo Give \"System Admin\" SEARCH right to HOMEAREATYPE $HOMEAREATYPE
rc_set_item ROLE $SYSADMINROLE type_comp_fd $HOMEAREATYPE SEARCH 1
#
echo ""
echo Give \"General User\" read-write rights to HOMEAREATYPE $HOMEAREATYPE
rc_set_item ROLE $GENERALUSERROLE type_comp_fd $HOMEAREATYPE RW 1
#
#echo ""
#echo Revoke \"General User\" EXECUTE right to HOMEAREATYPE $HOMEAREATYPE
#rc_set_item ROLE $GENERALUSERROLE type_comp_fd $HOMEAREATYPE EXECUTE 0
#
echo ""
echo Revoke \"General User\" write rights to \"General FD\"
rc_set_item ROLE $GENERALUSERROLE type_comp_fd $GENERALTYPE A 0
rc_set_item ROLE $GENERALUSERROLE type_comp_fd $GENERALTYPE R 1
#
echo ""
echo Set type $HOMEAREATYPE \"Home Area\" for /home
attr_set_file_dir DIR /home rc_type_fd $HOMEAREATYPE