forked from clicon/clixon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nacm.sh
executable file
·47 lines (43 loc) · 1.13 KB
/
nacm.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
# Authentication and authorization and IETF NACM
# Library variable and functions
USER=$(whoami)
# Three groups from RFC8341 A.1 (admin extended with $USER)
NGROUPS=$(cat <<EOF
<groups>
<group>
<name>admin</name>
<user-name>admin</user-name>
<user-name>andy</user-name>
<user-name>$USER</user-name>
</group>
<group>
<name>limited</name>
<user-name>wilma</user-name>
<user-name>bam-bam</user-name>
</group>
<group>
<name>guest</name>
<user-name>guest</user-name>
<user-name>[email protected]</user-name>
</group>
</groups>
EOF
)
# Permit all rule for admin group from RFC8341 A.2
NADMIN=$(cat <<EOF
<rule-list>
<name>admin-acl</name>
<group>admin</group>
<rule>
<name>permit-all</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
<comment>
Allow the 'admin' group complete access to all operations and data.
</comment>
</rule>
</rule-list>
EOF
)