1#! /bin/sh
2
3# This file is part of BOINC.
4# http://boinc.berkeley.edu
5# Copyright (C) 2008 University of California
6#
7# BOINC is free software; you can redistribute it and/or modify it
8# under the terms of the GNU Lesser General Public License
9# as published by the Free Software Foundation,
10# either version 3 of the License, or (at your option) any later version.
11#
12# BOINC is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15# See the GNU Lesser General Public License for more details.
16#
17# You should have received a copy of the GNU Lesser General Public License
18# along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
19
20# Mac_SA_Insecure.sh user group
21#
22# Undo making a Macintosh BOINC installation secure.
23# - Set file/dir ownership to the specified user and group
24# - Remove BOINC groups and users
25#
26# IMPORTANT NOTE: earlier versions of the Mac_SA_Insecure.sh and
27# Mac_SA_Secure.sh scripts had serious problems when run under OS 10.3.x.
28# They sometimes created bad users and groups with IDs that were duplicates
29# of other users and groups.  They ran correctly under OS 10.4.x
30#
31# If you ran an older version of either script under OS 10.3.x, you should
32# first run the current version of Mac_SA_Insecure.sh to delete the bad
33# entries and then run Mac_SA_Secure.sh to create new good entries.
34#
35#
36# Execute this as root in the BOINC directory:
37# cd {path_to_boinc_directory}
38# sudo sh {path}/Mac_SA_Insecure.sh user group
39#
40# After running this script, the boinc client must be run with
41# the --insecure option.
42# NOTE: running BOINC with security disabled is not recommended.
43#
44# Last updated 1/27/11 for BOINC versions 6.8.19, 6.10.30 and 6.11.1
45# WARNING: do not use this script with older versions of BOINC older
46# than 6.8.17 and 6.10.3
47
48function remove_boinc_users() {
49    name=$(dscl . search /users RecordName boinc_master | cut -f1 -s)
50    if [ "$name" = "boinc_master" ] ; then
51        sudo dscl . -delete /users/boinc_master
52    fi
53
54    name=$(dscl . search /groups RecordName boinc_master | cut -f1 -s)
55    if [ "$name" = "boinc_master" ] ; then
56        sudo dscl . -delete /groups/boinc_master
57    fi
58
59    name=$(dscl . search /users RecordName boinc_project | cut -f1 -s)
60    if [ "$name" = "boinc_project" ] ; then
61        sudo dscl . -delete /users/boinc_project
62    fi
63
64    name=$(dscl . search /groups RecordName boinc_project | cut -f1 -s)
65    if [ "$name" = "boinc_project" ] ; then
66        sudo dscl . -delete /groups/boinc_project
67    fi
68}
69
70function check_login() {
71    if [ `whoami` != 'root' ]
72    then
73        echo 'This script must be run as root'
74        exit
75    fi
76}
77
78check_login
79
80if [ $# -eq 2 ]
81then
82    user=$1
83    group=$2
84else
85    echo "usage: $0 user group"
86    exit
87fi
88
89echo "Changing directory $(pwd) file ownership to user $user and group $group - OK? (y/n)"
90read line
91if [ "$line" != "y" ]
92then
93    exit
94fi
95
96if [ ! -x "switcher/switcher" ]
97then
98    echo "Can't find switcher application in directory $(pwd); exiting"
99    exit
100fi
101
102chown -R ${user}:${group} .
103chmod -R +Xu+rw-s,g+r-w-s,o+r-w .
104chmod 600 gui_rpc_auth.cfg
105
106if [ -f switcher/AppStats ] ; then
107# AppStats application must run setuid root (used in BOINC 5.7 through 5.8.14 only)
108chown root:${group} switcher/AppStats
109chmod 4550 switcher/AppStats
110fi
111
112if [ -x /Applications/BOINCManager.app/Contents/MacOS/BOINCManager ] ; then
113    chown ${user}:${group} /Applications/BOINCManager.app/Contents/MacOS/BOINCManager
114    chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/MacOS/BOINCManager
115fi
116
117if [ -x /Applications/BOINCManager.app/Contents/Resources/boinc ] ; then
118    chown ${user}:${group} /Applications/BOINCManager.app/Contents/Resources/boinc
119    chmod -R u+r-ws,g+r-ws,o+r-ws /Applications/BOINCManager.app/Contents/Resources/boinc
120fi
121
122# Version 6 screensaver has its own embedded switcher application, but older versions don't.
123if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" ] ; then
124    chown ${user}:${group} "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
125    chmod -R u+r-ws,g+r-ws,o+r-ws "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
126fi
127
128remove_boinc_users
129