home *** CD-ROM | disk | FTP | other *** search
- Subject: v24i024: Scripts for setting site policies
- Newsgroups: comp.sources.unix
- Approved: rsalz@uunet.UU.NET
- X-Checksum-Snefru: 4bd55220 d00136f4 2c211cec 00fdfbc3
-
- Submitted-by: Bud Hovell <bh@mtek.mtek.com>
- Posting-number: Volume 24, Issue 24
- Archive-name: policy
-
- [ This is a rather interesting submission. Should I have posted it?
- Send me email. --r$ ]
-
- The need for more-formal policy definition seems to be gaining increasing
- recognition as a real problem at many sites, and this little package is an
- attempt to give SAs a leg up on addressing that concern by providing them
- some basic tools and suggestions.
-
- Rob Kolstad has made reference to this package on two occasions in his
- column, and Bjorn Satdeva at Sysadmin, Inc., has mentioned it also in the
- sysadmin subscriber list.
-
- Consequently, I have had a number of requests for it - and it may be time
- to make this info more-generally accessible. Let me say, though, that if
- you feel it is *not* an appropriate addition, then it isn't going to hurt
- my feelings if you reject it. :-)
-
- This is the latest version, which is a *vast* improvement over some of the
- earlier scripts. Hopefully, it will run on all common machines, but I am
- not certain, since my limited experience is only with sysv. Suggestions
- are welecome.
-
- Bud Hovell
-
- #! /bin/sh
- # This is a shell archive. Remove anything before this line, then unpack
- # it by saving it into a file and typing "sh file". To overwrite existing
- # files, type "sh file -c". You can also feed this as standard input via
- # unshar, or by typing "sh <file", e.g.. If this archive is complete, you
- # will see the following message at the end:
- # "End of archive 1 (of 1)."
- # Contents: 1stlogin.ann MANIFEST README gen logins policy usenet
- # Wrapped by bbh@mtek.com on Fri Mar 1 22:50:16 1991
- PATH=/bin:/usr/bin:/usr/ucb ; export PATH
- if test -f '1stlogin.ann' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'1stlogin.ann'\"
- else
- echo shar: Extracting \"'1stlogin.ann'\" \(2394 characters\)
- sed "s/^X//" >'1stlogin.ann' <<'END_OF_FILE'
- X# $Id: 1stlogin.ann,v 1.10 91/02/07 09:55:17 bbh Rel $
- X# Tell the new user what the rules are:
- X
- X# Give him a temp terminal for this script, which is run from /etc/profile:
- XTERM=vt100
- Xexport TERM
- X
- Xdone=
- Xuntil [ "$done" = "yes" ];do
- X # Clear the screen
- X tput clear
- X cat << "END_PAGE_1"
- X
- X WELCOME!!!
- X
- XFirst, you should invoke 'menu' from the command line, then select 'policy'
- Xto review the basic policies which govern the operation of this system and
- Xwho is responsible for what.
- X
- XIf a policy has provisions with which you do not agree, please notify the
- Xadministrator AT ONCE voicing your concerns/suggestions. Absent such notice,
- Xyou are assumed to have reviewed, understood, and agreed to conform to all
- Xwritten policy prevailing during any period you have authorized access to
- Xthis host, as evidenced by your continuing to log in.
- X
- XIf policies are significantly changed at any time, you will be sent email
- Xto inform you that a change has been effected, *or* there will be an announce-
- Xment in the system 'news' that will show up when you log in.
- X
- X[ You are responsible for reading all system 'news' messages containing the
- Xword "policy", since these will contain information effecting specific policy
- Xchanges, which should occur rarely. ]
- X
- XEND_PAGE_1
- X echo " (Touch 'RETURN' to continue)"
- X read nothing
- X cat << "END_PAGE_2"
- X
- XAn initial .profile and .kshrc are provided for your convenience. If you
- Xwant to see the special (read "usenet") features available on this machine,
- Xmost of them have man pages, and 'manlist' will give you a brief list of
- Xwhat non-AT&T commands are available. Detail, of course, can be gotten
- Xby reading the man pages themselves.
- X
- XAgain, welcome to 'mtek' - if we can assist you in any way, please let us
- Xknow!
- X
- XEND_PAGE_2
- X
- X echo "Do you wish to re-read this message? [y]/n > \c"
- X read done
- X case $done in
- X y*|Y*|"") # No -wants to see it again
- X :
- X ;;
- X *) # He's done
- X done="yes"
- X break
- X ;;
- X esac
- Xdone
- X
- X# Make a permanent record that this user has seen this announcement
- Xrecord="$HOME/..."
- Xecho "Announcement presented to this user, '$LOGNAME.'" > $record
- Xchmod 440 $record
- Xchgrp root $record
- Xchown root $record
- X
- X# Clear the screen
- Xtput clear
- X
- X# Take away the temp terminal (user's .profile will supply the real one
- X# hereafter):
- XTERM=
- Xexport TERM
- X
- X# end of file
- END_OF_FILE
- if test 2394 -ne `wc -c <'1stlogin.ann'`; then
- echo shar: \"'1stlogin.ann'\" unpacked with wrong size!
- fi
- # end of '1stlogin.ann'
- fi
- if test -f 'MANIFEST' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'MANIFEST'\"
- else
- echo shar: Extracting \"'MANIFEST'\" \(527 characters\)
- sed "s/^X//" >'MANIFEST' <<'END_OF_FILE'
- X File Name Archive # Description
- X-----------------------------------------------------------
- X 1stlogin.ann 1 1st notice for new login users
- X MANIFEST 1 This shipping list
- X README 1 Information on the use of this stuff
- X gen 1 Example: general policy
- X logins 1 Example: specific user responsibilities
- X policy 1 Executable: policy shell script
- X usenet 1 Example: policy regarding new hookups
- END_OF_FILE
- if test 527 -ne `wc -c <'MANIFEST'`; then
- echo shar: \"'MANIFEST'\" unpacked with wrong size!
- fi
- # end of 'MANIFEST'
- fi
- if test -f 'README' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'README'\"
- else
- echo shar: Extracting \"'README'\" \(2844 characters\)
- sed "s/^X//" >'README' <<'END_OF_FILE'
- X$Id: README,v 1.8 91/03/01 22:39:36 bbh Rel $
- X
- XWhat is in this package and how to use it:
- X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- XThe file '1stlogin.ann' (first-login annnouncement) is something we call
- Xfrom /etc/profile by adding this entry:
- X
- X if [ -r /usr/local/etc/1stlogin.ann -a ! -f $HOME/... ]
- X then . /usr/local/etc/1stlogin.ann
- X fi
- X
- X...which tests to see if the '...' file exists in the user's home
- Xdirectory, and presents him with the announcement if it does not. This
- Xassures that every new user, on first login, gets the instructions
- Xregarding his responsibility to read, understand, and comply with local
- Xpolicy. It directs him to the use of the 'policy' command to become
- Xand stay current on in-house policy. You may choose to use it or not.
- XIf you do, this file should be set to 444 to make it read-only.
- X
- XAll other files listed in the MANIFEST relate to the 'policy' script
- Xitself, or to the example policy text files it might call:
- X
- XMuch of the 'gen' file was outright lifted directly from the text of a
- Xsimilar file used in one of the Canadian universities - have since for-
- Xgotten who/where was responsible (sorry). We have made a number of
- Xchanges for local circumstances. You may wish to start with this as a
- Xtemplate for your own general policy statement.
- X
- XA few other text files are provided simply as examples of supplementary
- Xpolicy descriptions. Because I tend to be a hard-ass, they probably won't
- Xbe appropriate at your site, but the subjects may be some you wish to cover.
- X
- XThe executable file, 'policy', should be useful to you even if you decide
- Xto drop-kick the use of our example policy files, since it provides an easy
- Xway to manage a full screen of policy-file listings for selection by the
- Xuser. If you make improvements on this script, I'd sure like to see them
- Xso they can be incorporated into future revisions, with proper credit to
- Xyou for the contribution. Since I don't claim to know about all the various
- Xunixen out there (remember, I'm a 'suit', not a 'tech' :-), this script
- Xmay need minor modification for some non-sysV machines. So far, though, I
- Xhaven't gotten any complaints, so it must be working with most of them.
- X
- XInstallation: you must create the policy directory, by default named 'Policy',
- Xand within that directory an empty menu file, by default named 'polmenu',
- Xwhich must be set mode 666 (read and write for everyone). The directory also
- Xwill contain the individual policy text files that you create - see the
- Xinstructions in the 'policy' script for more info, if needed.
- X
- XOnce set up, the script automatically updates the menu any time a new text
- Xfile is added. NOTE: in those instances that you may choose to *remove*
- Xa named text file, just empty the menu file and allow the script to rebuild
- Xa new menu of entries.
- X
- XHope this is useful to your purposes...bud@mtek.com
- END_OF_FILE
- if test 2844 -ne `wc -c <'README'`; then
- echo shar: \"'README'\" unpacked with wrong size!
- fi
- # end of 'README'
- fi
- if test -f 'gen' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'gen'\"
- else
- echo shar: Extracting \"'gen'\" \(4492 characters\)
- sed "s/^X//" >'gen' <<'END_OF_FILE'
- Xgen - general overview $Revision: 1.10 $ $Date: 91/02/06 12:48:51 $
- X^^^^^^^^^^^^^^^^^^^^^^^^^^
- X
- X USE OF MTEK COMPUTING FACILITIES
- X
- XThis host is privately owned and operated in support of a business. Business
- Xpriorities will thus be served first, if there is a conflict for time of the
- Xadministrator. We will be as helpful as conditions allow.
- X
- XWe run alot of usenet software on this host. So if you wonder if a desired
- Xcommand is in your PATH, type in 'which <command>'.
- X
- XTo find information about other users, use 'finger'. (Do 'man finger', if
- Xyou want to read the man page describing the use of 'finger').
- X
- XPlease furnish your office telephone number and extension so that we can enter
- Xit into the password file, available for 'finger' to find you. If you like,
- Xyou may also furnish your home number to be included, as well.
- X
- XBelow are presented the main elements of local policy, which apply to all
- Xusers:
- X
- X * * * * * * * * * * * * * * *
- X * Computer Resources Policy *
- X * * * * * * * * * * * * * * *
- X1. General
- X
- XComputing facilities are provided by MTEK International, Inc. (the "company")
- Xfor use by local and remote users. It is expected that all users will make
- Xuse of local computing resources in a manner which is ethical, legal, and not
- Xcontrary to the interests of others, including the company.
- X
- XThe basic guidelines are that any use must be legal and not such as to
- Xinterfere with use by other authorized users, nor compromise the confiden-
- Xtiality of the company's internal business practices or records.
- X
- X2. Notice
- X
- XIf any policy has provisions with which you do not agree, please notify the
- Xadministrator describing your concerns/suggestions. Absent such notice, it is
- Xassumed you have reviewed and understood, and fully agree to conform to, all
- Xprevailing published policies governing the use of this system.
- X
- X2. Disclaimer
- X
- X* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- X* *
- X* The company accepts NO RESPONSIBILITY for any damage to or loss of *
- X* data arising directly or indirectly from the use of these or other *
- X* facilities or for any consequential loss or damage. It makes NO *
- X* WARRANTY, express or implied, regarding the computing services *
- X* offered, or their fitness for any particular purpose. *
- X* *
- X* The company's liability in the event of any loss or damage shall *
- X* be LIMITED TO THE FEES AND CHARGES, IF ANY, PAID TO THE COMPANY *
- X* for use of the computing facilities which resulted in said loss *
- X* or damage. *
- X* *
- X* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- X
- X3. Failure to abide by the policies described below and in related docu-
- Xments may result in denial of access to computing facilities:
- X
- X A. You may only use those facilities which have been authorized
- X for your use. If access is protected by a password, you are not
- X to make this password available to others. You may not use any
- X account set up for another user, nor may you attempt to find out
- X the password of another user.
- X
- X B. You may only use authorized facilities for authorized purposes.
- X
- X C. You must be aware of the law of copyright as it affects computer
- X software. Software must not be copied except with the express
- X permission of the copyright owner (which may be expressed in the
- X copyright notice contained within the software). Note that a
- X formal copyright need not be in evidence in order for copyright
- X protection to be in force.
- X
- X D. You may not attempt to copy information belonging to other users
- X without their express permission.
- X
- X E. You may not attempt to interfere with the operation of computing
- X facilities.
- X
- X F. You may not attempt to subvert the security of any of the company's
- X computing facilities.
- X
- X G. You may not use the company's computing facilities to send messages
- X which are obscene or otherwise harassing in their intent.
- X
- X H. You may disagree with one or more of these policies, publically or
- X privately, in accordance with your First Amendment rights, but you
- X may not violate any of these policies for any reason or purpose.
- END_OF_FILE
- if test 4492 -ne `wc -c <'gen'`; then
- echo shar: \"'gen'\" unpacked with wrong size!
- fi
- # end of 'gen'
- fi
- if test -f 'logins' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'logins'\"
- else
- echo shar: Extracting \"'logins'\" \(1711 characters\)
- sed "s/^X//" >'logins' <<'END_OF_FILE'
- Xlogins - responsibilities of users $Revision: 1.4 $ $Date: 90/12/18 19:43:56 $
- X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- XThis section should be considered as an extension of the 'gen' file which
- X contains the general policies governing local computer usage.
- X
- XWhile it is not the intent of local policy to restrict unduly the exercise
- X of free and unbounded communication, it is to be likewise clearly
- X understood that no one having login privileges on this host has any
- X "right of free speech" whatsoever as it relates to exercise of that
- X privilege.
- X
- XBecause any login user has actual (or potential) access to usenet, the
- X administrator reserves the absolute and unfettered right to terminate,
- X with or without stated cause, any login which may have been granted
- X on this host at any time.
- X
- XThis policy exists primarily to provide recourse to the administrator in the
- X event a login user creates traffic onto the usenet which is considered
- X *by the administrator* to be of such character as to create a negative
- X reputation for this site and/or its management. Such actions will not
- X be tolerated.
- X
- XReceipt of messages from other *system administrators* (not users) register-
- X ing complaints about a local user will be considered compelling
- X evidence that the login should be withdrawn. Except....
- X
- XIt is true that it is relatively simple (if one has root privilege on a host)
- X to create 'bogus' mail. Any login user who believes that someone has
- X sent bogus mail under his name and this site name should notify the
- X administrator immediately. These events, while rare, do happen, and
- X are a recognized risk faced by everyone. A plea of "I didn't DO it"
- X will usually prove to be a fully adequate defense....:-)
- END_OF_FILE
- if test 1711 -ne `wc -c <'logins'`; then
- echo shar: \"'logins'\" unpacked with wrong size!
- fi
- # end of 'logins'
- fi
- if test -f 'policy' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'policy'\"
- else
- echo shar: Extracting \"'policy'\" \(2837 characters\)
- sed "s/^X//" >'policy' <<'END_OF_FILE'
- X# $Id: policy,v 1.19 91/01/16 10:55:28 bbh Rel $
- X#
- X# Author: Bud Hovell <bud@mtek.com>
- X# MTEK International, Inc.
- X# 311 B Avenue - Suite 200
- X# Lake Oswego, OR 97034
- X#
- X################################# edit these ################################
- Xpoldir=/usr/local/adm/Policy # Where named policy files live.
- Xpager=/usr/local/bin/less # Your favorite pager.
- Xmyname="uuname -l" # How to get local host name[
- Xtmp=/tmp # Preferred tmp directory
- X################################ edit no more ###############################
- X# Note: any policy file must be named identically to the first word of the
- X# first line in the file itself. Consider the file "logins", with
- X# this as line one (or the last line if you must use 'tail', see
- X# above) :
- X#
- X# logins - responsibilities of users
- X#
- X# .....where the word "logins" begins at character one of line
- X# one of the file named "logins". This first line will then be
- X# extracted to the ad-hoc menu file to provide the menu id for
- X# the user to select the "logins" policy file.
- X
- X# Some variables:
- Xhost=`$myname | tr [a-z] [A-Z]`
- Xmenu=$poldir/polmenu
- X
- X# Do we have a "clear" function?
- Xif [ -x /bin/clear -o -x /usr/bin/clear ]
- Xthen clear=`clear`
- X# ....or curses?
- Xelif [ -x /usr/bin/tput ]
- Xthen clear=`tput clear`
- Xelse clear=
- Xfi
- X# WORK
- X# Any files newer than menu?
- Xcd $poldir
- Xnew=`find . -newer $menu -print`
- X
- X# If so, menu needs to be updated:
- Xif [ "$new" != "" ]
- Xthen echo "\nOoops...hold on while I build a new menu for '$0'...\n"
- X > $menu
- X filelist=`ls | sed -e 's/polmenu//g' \
- X -e 's/^[ ]$//g' \
- X -e 's/$//g'; echo "\n"`
- X for file in $filelist
- X do
- X echo " \c" >> $menu
- X # This will read out all of line 1 into the user menu,
- X # except for any trailing Id or Header stuff for RCS
- X # (if you show your revision info on line one):
- X cat $file | sed -n '1p' | cut -d"$" -f1 >> $menu
- X done
- Xfi
- X
- X# WORK
- X
- X# Re-run the menu until 'quit' from user:
- Xi=x
- Xuntil [ $i = "q|Q" ]; do
- X
- Xecho $clear
- X
- Xecho "\n DIRECTORY OF LOCAL POLICY FOR HOST '$host'\n"
- Xcat $menu
- Xecho "\n .....or 'q'uit"
- Xecho "\n To review a policy, type in subject: > \c"
- Xread i
- Xcase $i in
- Xq|Q) # Wants to quit
- X echo "\n Policy review concluded. Thanks for your interest.\n"
- X break ;;
- X"") # No entry
- X i=x
- X echo "\n You must provide a name or 'q'uit.\007"
- X sleep 2
- X continue ;;
- X*) # Wants another
- X if [ -r $poldir/$i ]
- X then $pager $poldir/$i
- X i=x
- X else echo "\n You must provide a name or 'q'uit.\007"
- X sleep 2
- X i=x
- X fi
- X continue ;;
- Xesac
- Xdone
- END_OF_FILE
- if test 2837 -ne `wc -c <'policy'`; then
- echo shar: \"'policy'\" unpacked with wrong size!
- fi
- chmod +x 'policy'
- # end of 'policy'
- fi
- if test -f 'usenet' -a "${1}" != "-c" ; then
- echo shar: Will not clobber existing file \"'usenet'\"
- else
- echo shar: Extracting \"'usenet'\" \(698 characters\)
- sed "s/^X//" >'usenet' <<'END_OF_FILE'
- Xusenet - requests for connection $Revision: 1.5 $ $Date: 91/03/01 21:51:15 $
- X^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- X
- XUsenet connections to this host may be granted on a case-by-case basis,
- X and shall not be considered unless the requesting system adminis-
- X trator agrees to timely maintain a current usenet map for his/her
- X host. Failure to fulfill this requirement will *certainly* result
- X in termination of uucp connection.
- X
- XIf a new host login is granted, the administrator will bend every effort
- X to assist in getting the connection working properly and, if it
- X is necessary, filing a properly-documented uucp map.
- X
- XAny request for uucp connection should be mailed to postmaster@mtek.com.
- X
- X
- X
- X
- X
- X
- X
- X
- X
- END_OF_FILE
- if test 698 -ne `wc -c <'usenet'`; then
- echo shar: \"'usenet'\" unpacked with wrong size!
- fi
- # end of 'usenet'
- fi
- echo shar: End of archive 1 \(of 1\).
- cp /dev/null ark1isdone
- MISSING=""
- for I in 1 ; do
- if test ! -f ark${I}isdone ; then
- MISSING="${MISSING} ${I}"
- fi
- done
- if test "${MISSING}" = "" ; then
- echo You have the archive.
- rm -f ark[1-9]isdone
- else
- echo You still need to unpack the following archives:
- echo " " ${MISSING}
- fi
- ## End of shell archive.
- exit 0
-
- exit 0 # Just in case...
-