#!/bin/ksh -

# Protects all software on current node specified by first argument
# This first argument (e.g. //c640) must be specified and is checked
# to make sure it is really current node.
# Since this script is used for several releases of Domain/OS (with
# slightly different needs for permissions), a second argument may
# be used to specify the version (e.g. SR10.4); otherwise the most
# restrictive permissions are applied.

if [ $# -eq 0 ]; then
  echo "Please specify name of (disked) node to protect (e.g. //c640)."
  exit
elif [ $# -gt 2 ]; then
  echo "Please use one or two arguments only:"
  echo "  name of node to protect (e.g. //c640)"
  echo "  version of Domain/OS (e.g. SR10.4)."
  exit
fi

case "$1" in
  //[a-z]*) ;;
  *) echo "Wrong node specification $1 (use e.g. //c640)"; exit ;;
esac
if [ ! -d "$1" ]; then
  echo "Disked node $1 does not exist"
  exit
fi
if [ "$1" != "$(cd /; pwd)" ]; then
  echo "DANGER: Node $1 is not current node."
  read ANS?"Proceed just the same (Y/N) ? "
  if [ "$ANS" != y -a "$ANS" != Y ]; then exit; fi
fi

SR_level="$2"
SR_level="${SR_level#SR}"
SR_level="${SR_level#sr}"
SR_level="${SR_level#10}"
SR_level="${SR_level#.}"
case "$SR_level" in
  [0-4] ) SR_level="SR10.$SR_level";;
#  *) echo "Wrong Domain/OS version $2 (use e.g. SR10.4)"; exit ;;
  *)      SR_level=any;;
esac

echo "Protecting node $1, running Domain/OS version $SR_level."

echo " "
echo "This is likely to take about 10 minutes."

cd $1

###############################################################

echo " "
echo "Remove 'dangerous' files:"

function w_danger
{
if [ -f $1 -o -r $1 ]; then ### Some files (e.g. /dev/display) may not respond to -f
  /com/dlf $1 -l
else
  echo "File $1 does not exist"
fi
}

# suid_exec has bugs at SR10.2 (used for setuid ksh scripts?!)
if [ "$SR_level" != SR10.4 ]; then
  # It is a link (pointing to a non-setuid file) at SR10.4
  w_danger etc/suid_exec
fi

if [ "$SR_level" != SR10.4 ]; then
  w_danger sys/mgrs/display
  w_danger sys/node_data/dev/display
  for f in sys/node_data.*/dev/display; do
    if [ "$f" = 'sys/node_data.*/dev/display' ]; then break; fi
    w_danger $f
  done
  w_danger sys/sysdev/display
fi

# Reported to be dangerous?
#w_danger usr/apollo/bin/pax

###############################################################

echo " "
echo "Renaming link master to maestro (so we don't re-ACL across network):"
/com/chn master maestro -l

###############################################################

echo " "
echo "Set standard protections:"

# So that we do not need to quote AEGIS wildcards
set -f

# '/usr/apollo/bin/chacl -B' seems to turn setuid's off
# and erase extended ACLs, without affecting subsystem status.
# Can we trust this to work?

function w_std
# Set ACLs on files/directories matching first argument:
# this is an AEGIS wildcard (relative to $NODE, since we done cd to it).
# ACLs are set as in second argument. This should be as specified to
# /com/edacl, both for group wheel and for world: probably rx or -none.
{
echo "Working on <$1>, giving rights <$2>"
/com/edacl     -p root prwx -g wheel $2 -o none -ignore -w $2 good_acl_template_dir
/com/edacl -if -p root prwx -g wheel $2 -o none -ignore -w $2 good_acl_template_dir
/com/edacl -id -p root prwx -g wheel $2 -o none -ignore -w $2 good_acl_template_dir
/com/acl $1 good_acl_template_dir -all -nq
}

/com/dlt good_acl_template_dir good_acl_subsys >/dev/null 2>&1

/com/crd good_acl_template_dir
/usr/apollo/bin/chacl -B good_acl_template_dir

# Subsystems are such a nuisance.
# /com/acl will remove subsystem manager status, and then there is
# no good way of setting it back on, except saving the ACLs somewhere.
/com/cpt sys/subsys good_acl_subsys -sacl -pdt

w_std ?*                   -none # For safety in case we miss something
w_std ..                   rx
w_std .                    rx
w_std SR?*                 rx
w_std backup               -none
w_std bscom                -none
w_std bsd4.3/...           rx
w_std com/...              rx
w_std d3m/...              rx
w_std diskquota            -none
w_std doc/...              rx
w_std domain_examples/...  rx
w_std etc/...              -none
w_std install              -none
w_std lib/...              rx
w_std lost+found?*         -none
w_std sau?*                -none
w_std sr9.7_compatibility  -none
w_std sys/...              rx
w_std sys5.3/...           rx
w_std sysboot              rx
w_std systest              -none
w_std usr/...              rx
w_std y                    rx
w_std z                    rx

echo "Setting subsystem managers (in sys/subsys) back"
# Turn filename generation back on
set +f
for FILE in sys/subsys/*; do
  NAME="${FILE#sys/subsys/}"
  /com/acl $FILE good_acl_subsys/$NAME
  /usr/apollo/bin/chacl -B $FILE
  /com/edacl -p root prwx -g wheel -none -o none -ignore -w -none $FILE
done

/com/dlt good_acl_template_dir good_acl_subsys

###############################################################

echo " "
echo "Set subsystem files:"

# Set subsystem manager status.

# The recommended way would be as below, using ensubs.
# But this is guaranteed to fail on a 10000.
#
#    #!/com/sh
#
#    args "Setting the following 4 files as subsystem LOGIN managers:"
#    args " ^1/com/login"
#    args " ^1/sys/siologin/siologin"
#    args " ^1/sys/spm/spmlogin"
#    args " ^1/sys/subsys/login"
#
#    ensubs login <<!
#
#    #subs -up
#    subs ^1/com/login               login -mgr -l
#    subs ^1/sys/siologin/siologin   login -mgr -l
#    subs ^1/sys/spm/spmlogin        login -mgr -l
#    subs ^1/sys/subsys/login        login -mgr -l
#    #subs - down
#
#    !

#zzzzz From SR10.4, /sys/dm/dm should also be a subsystem login manager.
#zzzzz For when starting the DM from an X-only environment?

echo "Making four subsystem login managers, with -none rights:"
echo "  com/login"
echo "  sys/dpci/dpci_server"
echo "  sys/siologin/siologin"
echo "  sys/spm/spmlogin"

DUMMY=$(/com/acl sys/subsys/login | /com/fpat ' set ' 'Extended entries')
if [ -n "$DUMMY" ]; then
  echo "ERROR:"
  echo "file sys/subsys/login has extended ACL entries or setuid bits."
  echo "These may be copied as well !!!"
fi

echo "Copying ACLs (including subsystem status) from sys/subsys/login"
/com/acl com/login               sys/subsys/login
/com/acl sys/dpci/dpci_server    sys/subsys/login
/com/acl sys/siologin/siologin   sys/subsys/login
/com/acl sys/spm/spmlogin        sys/subsys/login

echo "Setting -none rights"
/com/edacl -p root prx -g wheel -none -o none -ignore -w -none com/login sys/dpci/dpci_server sys/siologin/siologin sys/spm/spmlogin


# I do not know anything about d3m (no-one is using it).

echo " "

echo "Making three subsystem d3m_subsys managers and data objects, with rx rights:"
echo "  sys/d3m/d3m_server"
echo "  sys/d3m/d3m_u1"
echo "  sys/d3m/d3m_u2"

DUMMY=$(/com/acl sys/subsys/d3m_subsys | /com/fpat ' set ' 'Extended entries')
if [ -n "$DUMMY" ]; then
  echo "ERROR:"
  echo "file sys/subsys/d3m_subsys has extended ACL entries or setuid bits."
  echo "These may be copied as well !!!"
fi

echo "Copying ACLs (including subsystem status) from sys/subsys/d3m_subsys"
/com/acl sys/d3m/d3m_server      sys/subsys/d3m_subsys
/com/acl sys/d3m/d3m_u1          sys/subsys/d3m_subsys
/com/acl sys/d3m/d3m_u2          sys/subsys/d3m_subsys

echo "Setting rx rights"
/com/edacl -p root prx -g wheel rx -o none -ignore -w rx sys/d3m/d3m_server sys/d3m/d3m_u1 sys/d3m/d3m_u2

###############################################################

echo " "
echo "Set special protections:"

# So that we do not need to quote AEGIS wildcards
set -f

function w_spec
# Set ACLs on one or more objects, each of which may be an AEGIS wildcard.
#
# To be used as
#   w_spec object rights
# or
#   w_spec dir file1 file2 ... rights
#
# The object or dir is relative to $NODE, since we done cd to it.
# Wildcards may appear anywhere (in object, dir or fileN).
# ACLs will be set for object or dir/fileN.
#
# Rights are options to /com/edacl (to be passed unchanged). These begin
# with '-'; so we cannot set ACLs on a filename beginning with '-'.
#
# Note that you only need to specify rights you want to change
# (from their current state).
{
  DIR="$1"
  shift
  if [ -z "$DIR" ]; then
    echo "ERROR: No directory specified"
    return
  fi

  FILES=
  while [ $# -gt 0 ]; do
    if [ "${1#-}" != "$1" ]; then break; fi
    FILES="$FILES $DIR/$1"
    shift
  done
  if [ -z "$FILES" ]; then FILES=" $DIR"; fi

  if [ $# -gt 0 ]; then
    RIGHTS="$*"
  else
    echo "ERROR: No rights specified for $FILES"
    return
  fi

  CMD="/com/edacl $RIGHTS $FILES -nq"
  echo "$CMD"
  $CMD
}

# Some really special stuff
w_spec ask          -g wheel rx -o none rx
w_spec ask      -if -g wheel rx -o none rx
w_spec ask      -id -g wheel rx -o none rx
w_spec openday      -g pmtsd rx -w x -af pmdemo.%.% rx
w_spec openday  -if -g pmtsd rx -w x -af pmdemo.%.% rx
w_spec openday  -id -g pmtsd rx -w x -af pmdemo.%.% rx
w_spec pobackup     -p po rwxk -g wheel p
w_spec pobackup -if -p po rwx  -g wheel p
w_spec pobackup -id -p po rwx  -g wheel p
w_spec py           -p jimr -owner -g pmtsd rx -w x
w_spec py       -if -p jimr -inh_all -g pmtsd -inh_rights -w inh_rights
w_spec py       -id -p jimr -inh_all -g pmtsd -inh_rights -w inh_rights


w_spec bsd4.3/bin/nice -g wheel -none -w -none

# What's this? Not necessary?
#w_spec bsd4.3/usr/msgs -dir -w rwx

w_spec bsd4.3/usr/ucb finger ftp netstat rlogin rsh ruptime rwho talk telnet tftp -g wheel x -o none x -w -none

w_spec com calendar dmtvol mtvol ppri -g wheel -none -w -none
w_spec com/login -g wheel rx -o none rx -w -none

# Would not just x rights be enough?
w_spec etc -dir -g wheel rx -w rx

w_spec etc authd -p daemon -owner -g bin -none
w_spec etc catman dmesg edmtdesc environment gettable hostname hostns htable lcnet lcnode mkcon mother nodestat nshost obty rename rtstat strace strclean strerr sys_sh touch_file ulkob -g wheel x -w x
w_spec etc group magic org passwd protocols services -g wheel r  -w r
w_spec etc invoke_script profile profile.ksh show_lc -g wheel rx -w rx
w_spec etc Xdomain ping                              -g wheel x  -o none x

if [ "$SR_level" != SR10.4 ]; then
  w_spec etc/bsd4.3 -dir     -g wheel x -w x
  w_spec etc/bsd4.3 termcap  -g wheel r -w r

  w_spec etc/sys5.3 -dir     -g wheel x -w x
  w_spec etc/sys5.3 termcap  -g wheel r -w r
else
  w_spec etc/termcap         -g wheel r -w r
fi

# Does not seem to be necessary
#w_spec sys/dm/color_map -w rwx

w_spec sys/dpci/dpci_server -g dpcc rx -w -none

# Password file for generic printer driver (now probably in sys/node_data?*/etc/daemons)
w_spec sys/hardcopy/drivers/generic_passwd -g prfd rk -w -none

# To allow prsvr to run as prfd.prfd.none.
# At 10.0 and 10.1, prsvr complained if it could not re-install the driver,
# but then went on using the previously installed one; at 10.3 it got fixed
# by installing a link, e.g. /sys/mgrs/print_generic -> /sys/hardcopy/drivers/generic.
# Could this trick be used at 10.2?
if [ "$SR_level" = SR10.2 ]; then
  w_spec sys/mgrs -dir -g prfd rwx
fi

# Notes:
# It is VERY dangerous to give w rights to `node_data: files
# node_owners and spm_control reside there.
#
# If any process or group has w rights, then they might attempt to
# remove spm_control (which would then allow anybody to crp), and
# then create new files (blocking crp for others through
# spm_control, or giving themselves node owner rights through
# node_owners).
#
# At least, ensure that these files exist and have the k bit on for
# everybody. While it might seem a better idea not to have these
# files (their contents describe how to use them), that would make
# it easier to create new files.

# The following (hopefully) gets DPCE, DPCIring, DPCI1, DPCI going
w_spec sys/node_data?* -dir -g dpcc rwx
w_spec sys/node_data?* -if  -g dpcc iprwx -w rxk

w_spec sys/node_data?*/?* -g wheel rxk -w rxk

if [ "$SR_level" = SR10.4 ]; then
  w_spec sys/node_data?* dpc?* com[12] lpt[12] -g dpcc prwx
else
  w_spec sys/node_data?*/dpc?* -g dpcc prwx
fi
w_spec sys/node_data?*/dpc?*xpombx?* -af user.server.none rw
w_spec sys/node_data?*/dpci_queue -dir             -g wheel rwxk -w rwxk
w_spec sys/node_data?*/dpci_queue -id -p root ik   -g wheel pk   -w k
w_spec sys/node_data?*/dpci_queue -if -p dpcc irwx -g wheel prx

w_spec sys/node_data?*/cron/at -dir -p daemon prwx -g daemon rx

# Needed so root can crp: he will re-ACL crp00
w_spec sys/node_data?*/dev -if -p root prw -g wheel rw -w rw
# Make sure that root never does a 'crp -on //?? -login', but always '-me',
# or the protection on crp* files will be messed up
if [ "$SR_level" = SR10.4 ]; then
  w_spec sys/node_data?*/dev console null pad?* ptyp? sio?* tty?* -p root prw -g wheel rw -w rw
  w_spec sys/node_data?*/dev/crp?* -p root prw -g staff rw -o none rw -w rw
  w_spec sys/node_data?*/dev/display -p root prw -g wheel w -w w
else
  w_spec sys/node_data?*/dev console crp?* display null pad?* ptyp? sio?* tty?* -p root prw -g wheel rw -w rw
fi
w_spec sys/node_data?*/dev/tdi_byp -p root prw -g wheel rw -w rw

# Allow world rwx on node_data?*/etc/.rgyloc (forced anyway at SR10.3)
w_spec sys/node_data?*/etc/.rgyloc -g wheel rwx -w rwx

# It is nobody's business who is allowed on dialup lines
w_spec sys/node_data?*/etc d_users d_passwd -g wheel -none -w -none

# It is nobody's business what we run and what we log (or if we run or log at all)
w_spec sys/node_data?*/etc inetd.conf syslog.conf -g wheel -none -w -none

# Otherwise /bsd4.3/bin/who goes mad.
w_spec sys/node_data?*/etc/utmp -g wheel r -w r -af spm.spm.none rw

# Password file for generic printer driver
w_spec sys/node_data?*/etc/daemons/generic_passwd -g prfd rk -w -none

# For glbd at SR10.4: these seem to be re-ACLed from initial ACLs at each reboot?
w_spec sys/node_data?* glb.d glb.r -g wheel prwx

w_spec sys/node_data?*/locks -dir            -g wheel rwxk -w rwxk
w_spec sys/node_data?*/locks -id -p root ik  -g wheel pk   -w k
w_spec sys/node_data?*/locks -if -p root irw -g wheel pk   -w k

# From SR10.3 only, the os_paging_file (for diskless nodes) must be writable.
if [ "$SR_level" = SR10.3 -o "$SR_level" = SR10.4 ]; then
  w_spec sys/node_data?*/os_paging_file -g wheel prwx -w rwxk
fi

#w_spec sys/node_data?*/paste_buffers/?* -p sys_person rw -g wheel prw -w rw
#w_spec sys/node_data?*/paste_buffers -dir            -g wheel rwxk -w rwxk
#w_spec sys/node_data?*/paste_buffers -id -p root ik  -g wheel pk   -w k
#w_spec sys/node_data?*/paste_buffers -if -p root irw -g wheel prw  -w rw
w_spec sys/node_data?*/paste_buffers/?* -p sys_person rw -g wheel p -w -none
w_spec sys/node_data?*/paste_buffers -dir            -g wheel rwxk -w rwxk
w_spec sys/node_data?*/paste_buffers -id -p root ik  -g wheel pk   -w k
w_spec sys/node_data?*/paste_buffers -if -p root irw -g wheel p    -w -none

# Pointed to by /usr/preserve, used by /$(SYSTYPE)/usr/lib/{*preserve,*recover}.
# For lost vi editing jobs, to recover with 'vi -r'.
w_spec sys/node_data?*/preserve -dir             -g wheel rwxk -w rwxk
w_spec sys/node_data?*/preserve -id -p root ik   -g wheel pk   -w k
w_spec sys/node_data?*/preserve -if -p root irwx -g wheel pk   -w k

# Not really necessary: processes list as
# pad01 instead of UID = ?? (sh). (Big deal!)
w_spec sys/node_data?*/proc_dir -dir           -g wheel rwxk -w rwxk
w_spec sys/node_data?*/proc_dir -id -p root ik -g wheel pk   -w k
w_spec sys/node_data?*/proc_dir -if -p root ik -g wheel pk   -w k

w_spec sys/node_data?*/system_logs/... -p root prwx -g wheel k -w k ## -df root.wheel.none
# proc_dump needed for traceback info (gets written at time of crash)
w_spec sys/node_data?*/system_logs X0msgs                          -p root       rwxk -g staff     rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs ct0_info dde_error_log dm_error_log net_log nfs_data proc_dump -g wheel rwk -w rwk
w_spec sys/node_data?*/system_logs dpci_error_log                  -p dpcc       rwxk -g dpcc      rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs netmain_srvr.err_log            -p netmain    rwxk -g netmain   rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs ns_helper.err_log               -p ns_helper  rwxk -g ns_helper rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs rc.log                          -p root       rwxk -g wheel     rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs prmgr.log  prmgr.log.old.Z      -p root       prwx -g staff     rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs prsvr.log  prsvr.log.old.Z      -p root       rwxk -g staff     rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs prsvr?.log prsvr?.log.old.Z     -p root       rwxk -g staff     rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs sys_error_log                   -p sys_person rwxk -g sys_proj  rwxk -af root.wheel.none p
w_spec sys/node_data?*/system_logs wtmp                            -af spm.spm.none rwk

w_spec sys/node_data?*/system_logs -dir              -g wheel rwxk  -w rwxk
w_spec sys/node_data?*/system_logs -id -p root ik    -g wheel pk    -w k
w_spec sys/node_data?*/system_logs -if -p root irwxk -g wheel irwxk -w k -af root.wheel.none p

# sys/node_data?*/systmp/global_rws must be world rwx, or gpr_$init may fail
# Anybody should be able to remove .passwd, create .cache and then rename it .passwd,
# if we want to be able to 'cat /etc/passwd'. (Compare with sys/registry)
# We also allow world rwx on node_data?*/etc/.rgyloc
w_spec sys/node_data?*/systmp -dir              -g wheel rwxk  -w wxk
w_spec sys/node_data?*/systmp/?*  -p root rwx   -g wheel prwx  -w rwx
w_spec sys/node_data?*/systmp -id -p root ik    -g wheel pk    -w k
w_spec sys/node_data?*/systmp -if -p root irwx  -g wheel prwx  -w rwx
# The following might change as the system runs. Fix them up now (not necessary).
w_spec sys/node_data?*/systmp dm_mbx dm_tril_ms global_readonly pdb stack_guard_file -p sys_person rwx
w_spec sys/node_data?*/systmp global_rws -p user rwx
w_spec sys/node_data?*/systmp mbx_?helper_lock mbx_?sysmbx spm_mbx -p spm rwx

w_spec sys/node_data?*/tmp -dir             -g wheel rwxk -w rwxk
w_spec sys/node_data?*/tmp -id -p root irwx -g wheel p    -w -none
# At some stage crp used to put crp00 files into /tmp. Was this due to overtight
# protection on /dev? Or was this a bug in 10.0 or 10.1? Now (at 10.2) we do not
# get crp files in /tmp, at least not until all the ones in /dev are exhausted.
# But then, we do not want more than 16 simultaneous crp's...
## Must have rw for spm.spm, since crp will put crp00 here.
## For reasons only known to Apollo, also needs rw for user.server.
## Use of crp -login would mess up protection if the person logging in
## had p right on crp00.
## World keep cannot be set: anyone creating crp00 would prevent further crp's.
w_spec sys/node_data?*/tmp -if -p root irwx -g wheel p    -w -none  ## -af spm.spm.none rw -af user.server.none rw

# For X11
w_spec sys/node_data?*/tmp/.X11-unix     -p root prwx -g wheel rxk  -o none rwxk -w rxk
w_spec sys/node_data?*/tmp/.X11-unix -id -p root ik   -g wheel pk   -w k
w_spec sys/node_data?*/tmp/.X11-unix -if -p root irw  -g wheel prwk -w rwk  ## -df spm.spm.none -df user.server.none
w_spec sys/node_data?*/tmp/.X11-unix/?*  -p root rw   -g wheel prwk -w rwk  ## -df spm.spm.none -df user.server.none

# For DPCI
w_spec sys/node_data?*/tmp/dpci_prf_log  -g wheel rwk -w rwk  ## -df spm.spm.none -df user.server.none

# For llbd/rpcd
w_spec sys/node_data?*/tmp llbdbase.dat rpcdep.dat rpcdllb.dat -p root rwx -g wheel p -w -none  ## -df spm.spm.none -df user.server.none

w_spec sys/node_data?*/usrtmp -dir             -g wheel rwxk -w rwxk
w_spec sys/node_data?*/usrtmp -id -p root irwx -g wheel pk   -w k
w_spec sys/node_data?*/usrtmp -if -p root irwx -g wheel pk   -w k

w_spec sys/ns/...      -g ns_helper rwx -w -none
w_spec sys/ns/... -id  -g ns_helper rwx -w -none
w_spec sys/ns/... -if  -g ns_helper rwx -w -none

w_spec sys/print/queue -dir -g wheel rwx -w rwx
w_spec sys/print/queue -id -p root ik -g wheel pk  -w k
w_spec sys/print/queue -if -p root ir -g prfd prwx -w k

w_spec sys/print/spooler -dir -g wheel rwx -w rwx
w_spec sys/print/spooler -id -p root ik -g wheel pk  -w k
w_spec sys/print/spooler -if -p root ir -g prfd prwx -w k

# Why does not the following work? Then you cannot 'cat /etc/passwd'.
# w_spec sys/registry/... -g wheel -none -w -none
# (Compare with sys/node_data?*/systmp)
w_spec sys/registry/rgy_data/?* -file -g wheel -none -w -none

# What's this? Not necessary? sf_helper runs as sf_helper.sf_helper .
#w_spec sys/sf/local_q -dir -w prwx

# What is a correct protection? Does not matter, as everyone uses getty, not siomonit.
w_spec sys/siologin -g wheel -none -w -none

w_spec sys/spm/spmlogin -g spm rx -w -none

# Directory /sys/subsys must be readable for /com/lusr -all to work.
# However files must be protected, or users can do ensubs.
w_spec sys/subsys/... -g wheel -none -w -none
w_spec sys/subsys -dir -g wheel r -w r

# So that the `node_data/dev directory gets proper ACLs when created by netman
w_spec sys/sysdev -if -p root prw -g wheel rw -w rw
w_spec sys/sysdev console display null sio?* tty?* -p root prw -g wheel rw -w rw

w_spec sys5.3/bin/nice -g wheel -none -w -none

w_spec sys5.3/usr/bin finger ftp netstat rlogin rsh ruptime rwho talk telnet tftp -g wheel x -o none x -w -none

# What's this? Not necessary?
#w_spec sys5.3/usr/lib/spell/spellhist -w rw

# Anything related to uucp not done.
#w_spec usr/lib.uucp -dir -p uucp prwx -g daemon rx

#w_spec usr/lib.uucp Permissions Systems     -p uucp prw -g daemon k -w k
#w_spec usr/lib.uucp Poll                    -p uucp prw -g daemon r -w r
#w_spec usr/lib.uucp uucheck uucleanup uucpd -p uucp px  -g daemon x -w k

w_spec usr/spool/lp                                      -dir -p lp prwx -g bin rx
w_spec usr/spool/lp class interface member model request -dir -p lp prwx -g bin rx
w_spec usr/spool/lp pstatus qstatus                           -p lp prw  -g bin r -w r

w_spec usr/spool/lpd                  -dir -p daemon prwx -g daemon rx
w_spec usr/spool/lpd cx dp ge lp spin -dir -p daemon prwx -g daemon rx

# Watch out for files already in usr/spool/mail !!!
# They should be rwx by each person.
# usr/spool/mail should be a link (eventually to /x/mail/usr_spool_mail).
#w_spec usr/spool/mail/... -dir  -p root prwx -g mail rwx
#w_spec usr/spool/mail/... -id   -p root prwx -g mail rwx
#w_spec usr/spool/mail/... -if   -p root rwx -g mail prwx -w k
#w_spec usr/spool/mail/... -file -p root rwx -g mail prwx -w k

w_spec usr/spool/mqueue -dir -p daemon prwx -g mail rwx
w_spec usr/spool/mqueue -if  -p daemon prwx -g mail rwx

w_spec usr/spool/news -dir -p daemon prwx -g daemon rx

#w_spec usr/spool/rwho -dir -p uucp prwx -g daemon rx

# The following /usr/spool/uucp/... should be w % rwx, but not done
#w_spec usr/spool/uucp                                                                                      -dir -p uucp prwx -g daemon rwx
#w_spec usr/spool/uucp .Admin .Corrupt .Log uucico uucp uux uuxqt .Old .Sequence .Status .Workspace .Xqtdir -dir -p uucp prwx -g daemon rwx
#w_spec usr/spool/uucppublic                                                                                -dir -p uucp prwx -g daemon rwx

# Requested by Jim
w_spec usr/apollo/bin/tz -w -none

# For 10.2 nodes, while //big is at SR10.0.p
#w_spec usr/apollo/bin/dspst -w -none

###############################################################

echo " "
echo "Set setuid files:"

# Instead of INPROT to set protections of SETUID files,
# since crazy INPROT will put setuid, setgid and setoid all on!

# Will attempt to re-ACL all files which should be setuid under any version.

# Note that at SR10.2 you should not have things like
# w_suid sys/ns/ns_helper               ns_helper k uon ...
# You need instead
# w_suid sys/ns/ns_helper               ns_helper x uon ...
# otherwise /etc/sys_sh (i.e. /etc/rc) will not be able to start the daemons.

# Due to bug in /com/edacl, -setoid bits are not done. (Luckily edacl turns them off anyway.)

function w_suid
# Usage:
# w_suid  file  pers  prights  {uon | off}  group  grights  {gon | off}  org  orights  {oon | off}  wrights  extras
#       1     2     3        4            5      6        7            8    9        10           11
# Up to nine extra entries are allowed (parameters 12 to 20).
# setoid (i.e. oon or off) is for now ignored due to bug in edacl.
{
  if [ $# -lt 11 -o $# -gt 20 ]; then
    echo "ERROR: Wrong arguments:"
    echo "$0 $1 $2 $3 $4 $5 $6 $7 $8 $9 ${10} ${11} ${12} ${13} ${14} ${15} ${16} ${17} ${18} ${19} ${20} ${21}"
    echo "Must be w_suid file pers prights {uon|off} group grights {gon|off} org orights {oon|off} wrights (extras, up to 9)"
    return
  fi
  if [ -z "$1" ]; then
    echo "File to protect must be specified"
    return
  fi
  if [ ! -f "$1" ]; then
    echo "File $1 does not exist, cannot do."
    return
  fi
  if [ -L "$1" ]; then
    echo "Name $1 is a softlink, cannot do."
    return
  fi

  setuid='off'
  setgid='off'
  setoid='off'
  mess=

  if [ "$4" = 'uon' ]; then
      setuid='on'
      if [ -n "$mess" ]; then mess="$mess, "; fi
      mess="${mess}setuid $2"
  fi
  if [ "$7" = 'gon' ]; then
      setgid='on'
      if [ -n "$mess" ]; then mess="$mess, "; fi
      mess="${mess}setgid $5"
  fi
  if [ "${10}" = 'oon' ]; then
      setoid='on'
      if [ -n "$mess" ]; then mess="$mess, "; fi
      mess="${mess}(setoid $8 not done!!)"
  fi

  if [ -z "$mess" ]; then
      echo "Doing file $1"
  else
      echo "Doing file $1      ($mess)"
  fi

  command="/com/edacl -p $2 $3 -setuid $setuid -g $5 $6 -setgid $setgid -o $8 $9 -w ${11} ${12} ${13} ${14} ${15} ${16} ${17} ${18} ${19} ${20} $1"
  # echo "Command is <$command>"
  $command
}

if [ "$SR_level" = SR10.4 ]; then
#zzzzz Should be setuid root from SR10.4. Why?
  w_suid bsd4.3/bin/chfn                root   prxk off  wheel  -ignore off  none -ignore  off xk
  w_suid bsd4.3/bin/chhd                root   prxk off  wheel  -ignore off  none -ignore  off xk
  w_suid bsd4.3/bin/chsh                root   prxk off  wheel  -ignore off  none -ignore  off xk
  w_suid bsd4.3/bin/passwd              root   prxk off  wheel  -ignore off  none -ignore  off xk
fi

# At SR10.2, a link to ../../usr/apollo/bin/login
w_suid bsd4.3/bin/login               root   prxk uon  wheel  -ignore off  none xk       off k

#zzzzz Needs to be setuid root so mail files can be changed ownership.
# That's crazy: for one thing, /com/edacl could do it even if /etc/chown cannot.
# Besides why doesn't /usr/ucb/mail or /usr/lib/sendmail do the whole job?
# And why don't they use privileges when running /bin/mail, so it would not have to be world accessible?
# Access only to org none.
w_suid bsd4.3/bin/mail                root   prxk uon  wheel  -ignore off  none xk       off k

# From SR10.2 only, should be setuid root. Uses 'raw sockets', so must be root to work at all.
w_suid bsd4.3/bin/rcp                 root   prxk uon  wheel  -ignore off  none xk       off k

w_suid bsd4.3/bin/rmail               root   prxk off  wheel  -ignore off  none xk       off k

# Should be setuid root, w=xk. But bug in DPCI...
w_suid bsd4.3/bin/su                  root   prxk off  wheel  -ignore off  none -ignore  off k

# Should be setuid daemon (from SR10.4, should be setuid root and writable by group daemon ??? instead). We do not use.
w_suid bsd4.3/usr/bin/at              daemon prxk off  wheel  -ignore off  none -ignore  off k
w_suid bsd4.3/usr/bin/atq             daemon prxk off  wheel  -ignore off  none -ignore  off k
w_suid bsd4.3/usr/bin/atrm            daemon prxk off  wheel  -ignore off  none -ignore  off k

# The next six should be setuid uucp.
w_suid bsd4.3/usr/bin/cu              uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid bsd4.3/usr/bin/tip             uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid bsd4.3/usr/bin/uucp            uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid bsd4.3/usr/bin/uuname          uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid bsd4.3/usr/bin/uustat          uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid bsd4.3/usr/bin/uux             uucp   prxk off  daemon -ignore off  none -ignore  off xk

# Preserve don't need setuid (run from /etc/rc). Should be setuid root, w=xk.
# If preserve was executable by a user, then a dying vi would execute it, which then (due
# to some bug) would die with a segmentation violation in sendmail (if /usr/lib/sendmail
# was also made executable). Even if this bug is fixed, we do not want mail sent to
# students, so at best we could make preserve org none executable. But this is not necessary,
# as 'vi -r' works fine using the file in /tmp.
# Recover don't need setuid, but must be world executable (used by 'vi -r').
w_suid bsd4.3/usr/lib/ex3.7preserve   root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid bsd4.3/usr/lib/ex3.7recover    root   prxk off  wheel  -ignore off  none -ignore  off xk

# Don't need setuid (run from /etc/rc). But isn't lpr also able to start one?
w_suid bsd4.3/usr/lib/lpd             root   prxk off  wheel  -ignore off  none -ignore  off k

w_suid bsd4.3/usr/lib/sendmail        root   prxk off  mail   xk      gon  none -ignore  off k  -af %.postman.% xk

echo "Not doing file bsd4.3/usr/ucb/Mail: Must be hard linked to mail."

# Should be setuid daemon pre-SR10.2, setuid root at SR10.2. Why needs setuid at all?
w_suid bsd4.3/usr/ucb/biff            root   prxk off  wheel  -ignore off  none -ignore  off xk

# Next three should be setuid root, w=xk.
w_suid bsd4.3/usr/ucb/lpq             root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid bsd4.3/usr/ucb/lpr             root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid bsd4.3/usr/ucb/lprm            root   prxk off  wheel  -ignore off  none -ignore  off k

#zzzzz (Hard linked to Mail.) Access only to org none.
# At SR10.2 is simply owned by bin.mail.none, but not setuid or setgid.
w_suid bsd4.3/usr/ucb/mail            root   prxk off  postman xk     gon  none xk       off k

# What's this? Should be setuid root, w=xk. (Reported to be a security risk!!)
w_suid bsd4.3/usr/ucb/rdist           root   prxk off  wheel  -ignore off  none -ignore  off k

# From SR10.2 only, the following two should be setuid root. Both use 'raw sockets', so must be root to work at all.
w_suid bsd4.3/usr/ucb/rlogin          root   prxk uon  wheel  -ignore off  none xk       off k
w_suid bsd4.3/usr/ucb/rsh             root   prxk uon  wheel  -ignore off  none xk       off k

# Should be setuid root (so node owners can kill anything).
w_suid com/sigp                       root   prxk off  wheel  -ignore off  none -ignore  off xk

# At DPCE version 3.6, this is a link to sys/dpcc/dpce
w_suid com/dpce                       dpcc   k    off  dpcc   xk      gon  none -ignore  off xk -af root.wheel.none p

# From SR10.2, /com/xsubs should be setuid root. Is not that crazy?
w_suid com/xsubs                      root   prxk off  wheel  -ignore off  none -ignore  off xk

# Next group were setuid root, w=xk. Exceptions:
#   lpc only setuid from SR10.2
#   ping only setuid from SR10.2: uses 'raw sockets', so must be root to work at all
#   server, from SR10.2, is setuid, setgid, setoid to user.server.none.
#   suid_exec was not setuid at SR10.0. At SR10.2 it has bugs: dangerous (used for setuid ksh scripts?!)
#   timedc exists only from SR10.2
w_suid etc/find_orphans               root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/lpc                        root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/lprotect                   root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/netmain_srvr               netmain xk  uon  netmain k      gon  none -ignore  off k  -af root.wheel.none p
w_suid etc/ping                       root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/salacl                     root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/server                     root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid etc/suid_exec                  root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/syncids                    root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/timedc                     root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid etc/writed                     writed xk   uon  writed k       gon  none -ignore  off k  -af root.wheel.none p

# Next group does not matter, since /install is protected; should be setuid root, setgid wheel, w=xk.
# w_suid install/tools/distaa           root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/ed_sp            root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/install          root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/install++        root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/minst            root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/mrgcfg           root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/mrgri            root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/rbak_sr10        root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/rbak_sr9         root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/rgy_create       root   prxk off  wheel  -ignore off  none -ignore  off k
# w_suid install/tools/update           root   prxk off  wheel  -ignore off  none -ignore  off k

if [ -d install/tools_sr9 ]; then
  echo "ERROR: Directory install/tools_sr9 exists. What to do?."
fi

if [ -d sr9.7_compatibility/sr9.7_executables ]; then
  echo "ERROR: Directory sr9.7_compatibility/sr9.7_executables exists. What to do?."
fi

w_suid sys/d3m/d3m_server             d3m    xk   uon  d3m    k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/dial_server                dial   xk   uon  dial   k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/dm/sbp1                    sbp    xk   uon  sbp    k       gon  none -ignore  off k  -af root.wheel.none p

# Only from DPCE version 3.6
w_suid sys/dpcc/dpce                  dpcc   k    off  dpcc   xk      gon  none -ignore  off xk -af root.wheel.none p

w_suid sys/dpci/dpci                  dpcc   xk   uon  dpcc   k       gon  none -ignore  off k  -af root.wheel.none p
# At DPCI version 5.0, the following only run from '/sys/dpci/dpci -netbios ??', so do not really matter
# (dpciring for version 5.0, dpcinet for version 5.1)
w_suid sys/dpci1/session              dpcc   xk   uon  dpcc   k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/dpcinet/session            dpcc   xk   uon  dpcc   k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/dpciring/session           dpcc   xk   uon  dpcc   k       gon  none -ignore  off k  -af root.wheel.none p

w_suid sys/hardcopy/prmgr             prfd   xk   uon  prfd   k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/hardcopy/prsvr             prfd   xk   uon  prfd   k       gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/hardcopy/pre10q            prfd   xk   uon  prfd   k       gon  none -ignore  off k  -af root.wheel.none p

# Should be setuid root (but setuid, setgig, setoid to user.server.none at SR10.2).
# Does not need setuid: will happily run as spm.spm .
#zzzzz There is a bug in mbx_helper at SR10.4: it will not run (segment violates)
#zzzzz unless it can run as user.server.none (either because it was started as such, or was
#zzzzz setuid to it, or it had enough (root) privileges). Use the 10.3 mbx_helper instead.
# The mbx_helper is needed to log out from the DM at SR10.3 or 10.4: we run spm on
# all nodes, so have mbx_helper running. The 10.4 DM tries to start mbx_helper at
# each login, but with our permissions it cannot (we want the mbx_helper to be
# started by spm instead).
w_suid sys/mbx/mbx_helper             root   prxk off  spm    xk      off  none -ignore  off k

# Does not need setuid: started from /etc/rc.
w_suid sys/net/netman                 root   prxk off  wheel  -ignore off  none -ignore  off k

w_suid sys/ns/ns_helper               ns_helper xk uon ns_helper k    gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/sf/sf_helper               sf_helper xk uon sf_helper k    gon  none -ignore  off k  -af root.wheel.none p
w_suid sys/spm/spm                    spm    xk   uon  spm    k       gon  none -ignore  off k  -af root.wheel.none p

# Only exists from SR10.4 (installed with wrong ACLs...)
if [ "$SR_level" = SR10.4 ]; then
  w_suid sys/spm/spmacl                 root   pxk  uon  spm    rxk     off  none -ignore  off k
fi

# sys/vtserver does not need setuid root

# At SR10.2, a link to ../../usr/apollo/bin/login
w_suid sys5.3/bin/login               root   prxk uon  wheel  -ignore off  none xk       off k

#zzzzz Next one should be setgid mail or postman?
w_suid sys5.3/bin/mail                root   prxk off  wheel  -ignore off  none xk       off k

# Should be setuid root, w=xk. But we do not use this.
w_suid sys5.3/bin/newgrp              root   prxk off  wheel  -ignore off  none -ignore  off k

#zzzzz Should be setuid root (same as sys5.3/usr/bin/chfn, chrtbl and chsh). Why?
w_suid sys5.3/bin/passwd              root   prxk off  wheel  -ignore off  none -ignore  off xk

#zzzzz Next one should be setgid mail or postman?
w_suid sys5.3/bin/rmail               root   prxk off  wheel  -ignore off  none xk       off k

# Should be setuid root, w=xk. But bug in DPCI...
w_suid sys5.3/bin/su                  root   prxk off  wheel  -ignore off  none -ignore  off k

# Should be setuid root. We do not use.
w_suid sys5.3/usr/bin/at              root   prxk off  wheel  -ignore off  none -ignore  off k

# Should be setuid lp. We do not use.
w_suid sys5.3/usr/bin/cancel          lp     prxk off  bin    -ignore off  none -ignore  off k

#zzzzz Next four should be setuid root (same as sys5.3/bin/passwd). Why?
w_suid sys5.3/usr/bin/chfn            root   prxk off  wheel  -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/chhd            root   prxk off  wheel  -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/chrtbl          root   prxk off  wheel  -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/chsh            root   prxk off  wheel  -ignore off  none -ignore  off xk

# Should be setuid root
w_suid sys5.3/usr/bin/crontab         root   prxk off  wheel  -ignore off  none -ignore  off xk

# Should be setuid uucp
w_suid sys5.3/usr/bin/cu              uucp   prxk off  daemon -ignore off  none -ignore  off xk

# Should be setuid lp. We do not use.
w_suid sys5.3/usr/bin/disable         lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/bin/enable          lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/bin/lp              lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/bin/lpstat          lp     prxk off  bin    -ignore off  none -ignore  off k

#zzzzz Should be setgid mail or postman?
w_suid sys5.3/usr/bin/mailx           root   prxk off  wheel  -ignore off  none xk       off k

# From SR10.2 only, the following three should be setuid root. All use 'raw sockets', so must be root to work at all.
w_suid sys5.3/usr/bin/rcp             root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid sys5.3/usr/bin/remsh           root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid sys5.3/usr/bin/rlogin          root   prxk off  wheel  -ignore off  none -ignore  off k

# Next four should be setuid uucp.
w_suid sys5.3/usr/bin/uucp            uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/uuname          uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/uustat          uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid sys5.3/usr/bin/uux             uucp   prxk off  daemon -ignore off  none -ignore  off xk

# Should be setuid lp. We do not use.
w_suid sys5.3/usr/lib/accept          lp     prxk off  bin    -ignore off  none -ignore  off k

# See comments for bsd4.3/usr/lib/*{preserve,recover}.
w_suid sys5.3/usr/lib/ex5.3apreserve  root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid sys5.3/usr/lib/ex5.3arecover   root   prxk off  wheel  -ignore off  none -ignore  off xk
w_suid sys5.3/usr/lib/expreserve      root   prxk off  wheel  -ignore off  none -ignore  off k
w_suid sys5.3/usr/lib/exrecover       root   prxk off  wheel  -ignore off  none -ignore  off xk

# Should be setuid lp. We do not use.
w_suid sys5.3/usr/lib/lpadmin         lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/lib/lpmove          lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/lib/lpsched         lp     prxk off  bin    -ignore off  none -ignore  off k
w_suid sys5.3/usr/lib/lpshut          lp     prxk off  bin    -ignore off  none -ignore  off k

#zzzzz Should be setgid mail or postman?
w_suid sys5.3/usr/lib/mailx/rmmail    root   prxk off  wheel  -ignore off  none xk       off k

#zzzzz What's this? Should be setuid root, w=xk.
w_suid sys5.3/usr/lib/mv_dir          root   prxk off  wheel  -ignore off  none -ignore  off xk

# Should be setuid lp. We do not use.
w_suid sys5.3/usr/lib/reject          lp     prxk off  bin    -ignore off  none -ignore  off k

#zzzzz Is this the sendmail that needs to be started from /etc/rc? Then it doesn't need setuid.
#zzzzz Should be setuid root.
w_suid sys5.3/usr/lib/sendmail        root   prxk off  wheel  -ignore off  none xk       off k

if [ "$SR_level" = SR10.4 ]; then
  # The following two should be setuid root after SR10.4
  w_suid usr/X11/bin/dmtox              root   prxk off  wheel  -ignore off  none -ignore  off xk
  w_suid usr/X11/bin/toxdomain          root   prxk off  wheel  -ignore off  none -ignore  off xk
  # The following two should be setgid staff after SR10.4
  w_suid usr/X11/bin/stmkfont           root   prxk off  staff  -ignore off  none -ignore  off xk
  w_suid usr/X11/bin/xload              root   prxk off  staff  -ignore off  none -ignore  off xk
fi

# Why is this setuid root? (So it can change the ownership of the pty.)
#zzzzzzz (xterm was setuid up until 11 Oct 93, then taken off as a test.)
w_suid usr/X11/bin/xterm              root   prxk off  wheel  -ignore off  none -ignore  off xk

w_suid usr/apollo/bin/login           root   prxk uon  wheel  -ignore off  none xk       off k

# Should be setuid root. Why?
w_suid usr/apollo/bin/tb              root   prxk off  wheel  -ignore off  none -ignore  off xk

if [ -d usr/games ]; then
  echo 'Why is usr/games available? There are some setuid files there !!!'
fi

# Next four should be setuid uucp.
# Apparently, uucico (or uucico.real before SR10.2) is a login shell for uucp accounts. Why does it need setuid then?
w_suid usr/lib.uucp/uucico            uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid usr/lib.uucp/uucico.real       uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid usr/lib.uucp/uusched           uucp   prxk off  daemon -ignore off  none -ignore  off xk
w_suid usr/lib.uucp/uuxqt             uucp   prxk off  daemon -ignore off  none -ignore  off xk

if [ "$SR_level" = SR10.4 ]; then
  #zzzzz Should be setgid mail or postman? After SR10.4
  w_suid usr/new/mh/inc               root   prxk off  wheel  -ignore off  none xk       off k
fi


###############################################################

echo " "
echo "Renaming link maestro back to master:"
/com/chn maestro master -l

###############################################################

if [ "$SR_level" != SR10.4 ]; then
  echo " "
  if [ -f usr/apollo/bin/crp -o -f usr/apollo/bin/crp.orig ]; then
    echo "Checking crp:"
  
    if [ ! -f usr/apollo/bin/crp.orig ]; then
      echo "Renaming crp to crp.orig"
      /com/chn usr/apollo/bin/crp crp.orig
    fi
  
    if [ ! -f /x/lib/crplib -a ! -f lib/crplib ]; then
      echo "Creating lib/crplib:"
      /bin/cat > lib/crplib.c <<'EOF'
extern void pad_$dm_cmd(void);
void pad_$dm_cmd() { }
extern void pad_$def_pfk(void);
void pad_$def_pfk() { }

/*
#include <apollo/base.h>
#include <apollo/pad.h>

void pad_$dm_cmd(
    stream_$id_t    &sid,
    char            *cmd,
    short           &cmd_len,
    status_$t       *sts)
{
	long i;
	i = cmd_len;
	if (i <= 0) printf("Ignored empty DM command\n");
	else { if (i > 127) i = 127; printf("Ignored DM command: %.*s\n",i,cmd); }

	sts->all = 0;
}

void pad_$def_pfk(
    stream_$id_t    &sid,
    char            *key_name,
    char            *def,
    short           &def_len,
    status_$t       *sts)
{
	long i;
	i = def_len;
	if (i <= 0) printf("Ignored empty definition for key %.4s\n",key_name);
	else { if (i > 127) i = 127; printf("Ignored definition: %.*s for key %.4s\n",i,def,key_name); }

	sts->all = 0;
}
*/
EOF
      /com/cc lib/crplib.c -bx lib/crplib -pic
    fi
  
    /bin/cat > usr/apollo/bin/crp <<'EOF'
#!/bin/ksh -

if [ -f /x/lib/crplib ]; then
  inlib /x/lib/crplib
elif [ -f /lib/crplib ]; then
  inlib /lib/crplib
else
  print -u2 'No crplib: this crp is UNSAFE !!'
fi

exec /usr/apollo/bin/crp.orig "$@"
EOF
  
  else
    echo "Neither crp nor crp.orig exist: nothing to worry about"
  fi
fi

###############################################################

echo " "
echo "That is ALL DONE."
