1#! /bin/sh 2 3# This file is part of BOINC. 4# http://boinc.berkeley.edu 5# Copyright (C) 2008 University of California 6# 7# BOINC is free software; you can redistribute it and/or modify it 8# under the terms of the GNU Lesser General Public License 9# as published by the Free Software Foundation, 10# either version 3 of the License, or (at your option) any later version. 11# 12# BOINC is distributed in the hope that it will be useful, 13# but WITHOUT ANY WARRANTY; without even the implied warranty of 14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 15# See the GNU Lesser General Public License for more details. 16# 17# You should have received a copy of the GNU Lesser General Public License 18# along with BOINC. If not, see <http://www.gnu.org/licenses/>. 19 20# Mac_SA_Insecure.sh user group 21# 22# Undo making a Macintosh BOINC installation secure. 23# - Set file/dir ownership to the specified user and group 24# - Remove BOINC groups and users 25# 26# IMPORTANT NOTE: earlier versions of the Mac_SA_Insecure.sh and 27# Mac_SA_Secure.sh scripts had serious problems when run under OS 10.3.x. 28# They sometimes created bad users and groups with IDs that were duplicates 29# of other users and groups. They ran correctly under OS 10.4.x 30# 31# If you ran an older version of either script under OS 10.3.x, you should 32# first run the current version of Mac_SA_Insecure.sh to delete the bad 33# entries and then run Mac_SA_Secure.sh to create new good entries. 34# 35# 36# Execute this as root in the BOINC directory: 37# cd {path_to_boinc_directory} 38# sudo sh {path}/Mac_SA_Insecure.sh user group 39# 40# After running this script, the boinc client must be run with 41# the --insecure option. 42# NOTE: running BOINC with security disabled is not recommended. 43# 44# Last updated 1/27/11 for BOINC versions 6.8.19, 6.10.30 and 6.11.1 45# WARNING: do not use this script with older versions of BOINC older 46# than 6.8.17 and 6.10.3 47 48function remove_boinc_users() { 49 name=$(dscl . search /users RecordName boinc_master | cut -f1 -s) 50 if [ "$name" = "boinc_master" ] ; then 51 sudo dscl . -delete /users/boinc_master 52 fi 53 54 name=$(dscl . search /groups RecordName boinc_master | cut -f1 -s) 55 if [ "$name" = "boinc_master" ] ; then 56 sudo dscl . -delete /groups/boinc_master 57 fi 58 59 name=$(dscl . search /users RecordName boinc_project | cut -f1 -s) 60 if [ "$name" = "boinc_project" ] ; then 61 sudo dscl . -delete /users/boinc_project 62 fi 63 64 name=$(dscl . search /groups RecordName boinc_project | cut -f1 -s) 65 if [ "$name" = "boinc_project" ] ; then 66 sudo dscl . -delete /groups/boinc_project 67 fi 68} 69 70function check_login() { 71 if [ `whoami` != 'root' ] 72 then 73 echo 'This script must be run as root' 74 exit 75 fi 76} 77 78check_login 79 80if [ $# -eq 2 ] 81then 82 user=$1 83 group=$2 84else 85 echo "usage: $0 user group" 86 exit 87fi 88 89echo "Changing directory $(pwd) file ownership to user $user and group $group - OK? (y/n)" 90read line 91if [ "$line" != "y" ] 92then 93 exit 94fi 95 96if [ ! -x "switcher/switcher" ] 97then 98 echo "Can't find switcher application in directory $(pwd); exiting" 99 exit 100fi 101 102chown -R ${user}:${group} . 103chmod -R +Xu+rw-s,g+r-w-s,o+r-w . 104chmod 600 gui_rpc_auth.cfg 105 106if [ -f switcher/AppStats ] ; then 107# AppStats application must run setuid root (used in BOINC 5.7 through 5.8.14 only) 108chown root:${group} switcher/AppStats 109chmod 4550 switcher/AppStats 110fi 111 112if [ -x /Applications/BOINCManager.app/Contents/MacOS/BOINCManager ] ; then 113 chown ${user}:${group} /Applications/BOINCManager.app/Contents/MacOS/BOINCManager 114 chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/MacOS/BOINCManager 115fi 116 117if [ -x /Applications/BOINCManager.app/Contents/Resources/boinc ] ; then 118 chown ${user}:${group} /Applications/BOINCManager.app/Contents/Resources/boinc 119 chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/Resources/boinc 120fi 121 122# Version 6 screensaver has its own embedded switcher application, but older versions don't. 123if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" ] ; then 124 chown ${user}:${group} "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" 125 chmod -R u+r-ws,g+r-ws,o+r-ws "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" 126fi 127 128remove_boinc_users 129