diff --git a/.local/root/dwm.desktop b/.local/root/dwm.desktop new file mode 100644 index 00000000..403b9e71 --- /dev/null +++ b/.local/root/dwm.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Encoding=UTF-8 +Name=Dynamic Window Manager +Comment=Runs the window manager defined by xsession script +Exec=~/.config/X11/xinitrc diff --git a/.local/root/issue b/.local/root/issue new file mode 100644 index 00000000..0d4fae73 --- /dev/null +++ b/.local/root/issue @@ -0,0 +1,11 @@ + + | \s \r + /\\ || | | | + / \\ || | _ | \t + / .. \\ //==\\\\ ||/= /==\\ ||/=\\ | | |/ \\ | | \\ / | \d + / . . \\ || || || | || || | | | | | | X | + / . . \\ \\\\==/| || \\==/ || || | | | | \\_/| / \\ | \U + / .. .. \\ A simple, lightweight linux distribution. | + /_' `_\\ | \l on \n +  + diff --git a/.local/root/kdialog b/.local/root/kdialog new file mode 100755 index 00000000..bb197281 --- /dev/null +++ b/.local/root/kdialog @@ -0,0 +1,36 @@ +#!/bin/sh + +for ((i=1;i<=$#;i++)); +do + + if [ ${!i} = "--getsavefilename" ] + then ((i++)) + filename=${!i}; + fi + + if [ ${!i} = "--version" ] + then + echo "someversion" + exit + fi + +done; + +path=$( echo ${filename%/*} ) +file=$( echo ${filename##/*/} ) + +rm /tmp/lf-chrome-choosed +st -c lf -n lf -e $HOME/.local/bin/lf-ueberzug --selection-path=/tmp/lf-chrome-choosed +selected=$(cat /tmp/lf-chrome-choosed 2> /dev/null) +if [ ! $? = 0 ] +then + exit 1 +fi + +if [ -d $selected ] +then + echo "$selected$file" +else + echo $selected +fi + diff --git a/.local/root/makeissue b/.local/root/makeissue new file mode 100644 index 00000000..475dd54b --- /dev/null +++ b/.local/root/makeissue @@ -0,0 +1,11 @@ +echo -e '\e[H\e[2J' > issue +echo -e ' \e[1;30m| \e[34m\\s \\r' >> issue +echo -e ' \e[36;1m/\\\\ \e[37m|| \e[36m| | \e[30m|' >> issue +echo -e ' \e[36m/ \\\\ \e[37m|| \e[36m| _ \e[30m| \e[32m\\t' >> issue +echo -e ' \e[1;36m/ \e[0;36m.. \e[1m\\\\ \e[37m//==\\\\\\\\ ||/= /==\\\\ ||/=\\\\ \e[36m| | |/ \\\\ | | \\\\ / \e[30m| \e[32m\\d' >> issue +echo -e ' \e[0;36m/ . . \\\\ \e[37m|| || || | || || \e[36m| | | | | | X \e[1;30m|' >> issue +echo -e ' \e[0;36m/ . . \\\\ \e[37m\\\\\\\\==/| || \\\\==/ || || \e[36m| | | | \\\\_/| / \\\\ \e[1;30m| \e[31m\\U' >> issue +echo -e ' \e[0;36m/ .. .. \\\\ \e[0;37mA simple, lightweight linux distribution. \e[1;30m|' >> issue +echo -e ' \e[0;36m/_\x27 `_\\\\ \e[1;30m| \e[35m\\l \e[0mon \e[1;33m\\n' >> issue +echo -e ' \e[0m' >> issue +echo -e '' >> issue diff --git a/.local/root/motd b/.local/root/motd new file mode 100644 index 00000000..8ae56650 --- /dev/null +++ b/.local/root/motd @@ -0,0 +1,13 @@ + +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +(@@@@@@@ @@@@@@@@@@@@@@@@ @@@@@@@ + @@@@@@ @@@@@@@@@@@@@ @@@@@ + @@@. @@@ @@@@ @@@@ + %@@, ,@@@ @@@ @@@ + @@@ @@@ @@@ @@@ + @@ @@@ @@@ @@ + @@@ ,@@ @@@ @@/ + @@@ @@. @@@ @@, + @@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@& + + diff --git a/.local/root/nancyj.flf b/.local/root/nancyj.flf new file mode 100644 index 00000000..5f6c9ca0 --- /dev/null +++ b/.local/root/nancyj.flf @@ -0,0 +1,826 @@ +flf2a$ 8 6 15 -1 9 + + nancyj.flf + + named after the login of a woman who asked me to make her a + sig. this is the font that came out of it. this is my first + attempt at a figlet font, so leave me alone. + + vampyr@acs.bu.edu + +$$ @ +$$ @ +$$ @ +$$ @ +$$ @ +$$ @ +$$ @ +$$ @@ +dP @ +88 @ +88 @ +dP @ + @ +oo @ + @ + @@ +dP dP @ +dP dP @ + @ + @ + @ + @ + @ + @@ + @ + dP dP @ +8888888 @ + 88 88 @ +8888888 @ + dP dP @ + @ + @@ + # # @ +.d8888P' @ +Y8#oo#o. @ + # #88 @ +`88888P' @ + # # @ + @ + @@ +d8P dP @ +8 8 d8' @ +Y8P d8' @ + d8' d8P @ + d8' 8 8 @ + 88 Y8P @ + @ + @@ + d88b @ + 8`'8 @ + d8b @ + d8P`8b @ + d8' `8bP @ + `888P'`YP @ + @ + @@ +d8 @ +88 @ +.P @ + @ + @ + @ + @ + @@ + a88P @ +d8' @ +88 @ +88 @ +Y8. @ + Y88b @ + @ + @@ +Y88o @ + `8b @ + 88 @ + 88 @ + .8P @ +d88Y @ + @ + @@ + dP @ +8b. 88 .d8 @ + `8b88d8' @ + .8P88Y8. @ +8P' 88 `Y8 @ + dP @ + @ + @@ + @ + dP @ + 88 @ +88888888 @ + 88 @ + dP @ + @ + @@ + @ + @ + @ + @ +dP @ +88 @ +.P @ + @@ + @ + @ + @ +88888888 @ + @ + @ + @ + @@ + @ + @ + @ + @ +dP @ +88 @ + @ + @@ + d8' @ + d8' @ + d8' @ + d8' @ + d8' @ +88 @ + @ + @@ + a8888a @ +d8' ..8b @ +88 .P 88 @ +88 d' 88 @ +Y8'' .8P @ + Y8888P @ + @ + @@ +d88 @ + 88 @ + 88 @ + 88 @ + 88 @ +d88P @ + @ + @@ +d8888b. @ + `88 @ +.aaadP' @ +88' @ +88. @ +Y88888P @ + @ + @@ +d8888b. @ + `88 @ + aaad8' @ + `88 @ + .88 @ +d88888P @ + @ + @@ +dP dP @ +88 88 @ +88aaa88 @ + 88 @ + 88 @ + dP @ + @ + @@ +888888P @ +88' @ +88baaa. @ + `88 @ + 88 @ +d88888P @ + @ + @@ +.d8888P @ +88' @ +88baaa. @ +88` `88 @ +8b. .d8 @ +`Y888P' @ + @ + @@ +d88888P @ + d8' @ + d8' @ + d8' @ + d8' @ +d8' @ + @ + @@ +.d888b. @ +Y8' `8P @ +d8bad8b @ +88` `88 @ +8b. .88 @ +Y88888P @ + @ + @@ +.d888b. @ +Y8' `88 @ +`8bad88 @ + `88 @ +d. .88 @ +`8888P @ + @ + @@ +dP @ +88 @ + @ + @ +dP @ +88 @ + @ + @@ +dP @ +88 @ + @ + @ +dP @ +88 @ +.P @ + @@ + d8 @ + d8' @ + d8' @ + Y8. @ + Y8. @ + Y8 @ + @ + @@ + @ + @ +aaaaaaaa @ + @ +88888888 @ + @ + @ + @@ +8b @ +`8b @ + `8b @ + .8P @ +.8P @ +8P @ + @ + @@ +.d8888ba @ +`8' `8b @ + .d8' @ + d8P' @ + "" @ + oo @ + @ + @@ + a88888b. @ +d8' `88 @ +88 d8P 88 @ +88 Yo8b88 @ +Y8. @ + Y88888P' @ + @ + @@ + .d888888 @ +d8' 88 @ +88aaaaa88a @ +88 88 @ +88 88 @ +88 88 @ + @ + @@ + 888888ba @ + 88 `8b @ +a88aaaa8P' @ + 88 `8b. @ + 88 .88 @ + 88888888P @ + @ + @@ + a88888b. @ +d8' `88 @ +88 @ +88 @ +Y8. .88 @ + Y88888P' @ + @ + @@ +888888ba @ +88 `8b @ +88 88 @ +88 88 @ +88 .8P @ +8888888P @ + @ + @@ + 88888888b @ + 88 @ +a88aaaa @ + 88 @ + 88 @ + 88888888P @ + @ + @@ + 88888888b @ + 88 @ +a88aaaa @ + 88 @ + 88 @ + dP @ + @ + @@ + .88888. @ +d8' `88 @ +88 @ +88 YP88 @ +Y8. .88 @ + `88888' @ + @ + @@ +dP dP @ +88 88 @ +88aaaaa88a @ +88 88 @ +88 88 @ +dP dP @ + @ + @@ +dP @ +88 @ +88 @ +88 @ +88 @ +dP @ + @ + @@ + dP @ + 88 @ + 88 @ + 88 @ +88. .d8P @ + `Y8888' @ + @ + @@ +dP dP @ +88 .d8' @ +88aaa8P' @ +88 `8b. @ +88 88 @ +dP dP @ + @ + @@ +dP @ +88 @ +88 @ +88 @ +88 @ +88888888P @ + @ + @@ +8888ba.88ba @ +88 `8b `8b @ +88 88 88 @ +88 88 88 @ +88 88 88 @ +dP dP dP @ + @ + @@ +888888ba @ +88 `8b @ +88 88 @ +88 88 @ +88 88 @ +dP dP @ + @ + @@ + .88888. @ +d8' `8b @ +88 88 @ +88 88 @ +Y8. .8P @ + `8888P' @ + @ + @@ + 888888ba @ + 88 `8b @ +a88aaaa8P' @ + 88 @ + 88 @ + dP @ + @ + @@ + .88888. @ +d8' `8b @ +88 88 @ +88 db 88 @ +Y8. Y88P @ + `8888PY8b @ + @ + @@ + 888888ba @ + 88 `8b @ +a88aaaa8P' @ + 88 `8b. @ + 88 88 @ + dP dP @ + @ + @@ +.d88888b @ +88. "' @ +`Y88888b. @ + `8b @ +d8' .8P @ + Y88888P @ + @ + @@ +d888888P @ + 88 @ + 88 @ + 88 @ + 88 @ + dP @ + @ + @@ +dP dP @ +88 88 @ +88 88 @ +88 88 @ +Y8. .8P @ +`Y88888P' @ + @ + @@ +dP dP @ +88 88 @ +88 .8P @ +88 d8' @ +88 .d8P @ +888888' @ + @ + @@ +dP dP dP @ +88 88 88 @ +88 .8P .8P @ +88 d8' d8' @ +88.d8P8.d8P @ +8888' Y88' @ + @ + @@ +dP dP @ +Y8. .8P @ + Y8aa8P @ +d8' `8b @ +88 88 @ +dP dP @ + @ + @@ +dP dP @ +Y8. .8P @ + Y8aa8P @ + 88 @ + 88 @ + dP @ + @ + @@ +d8888888P @ + .d8' @ + .d8' @ + .d8' @ +d8' @ +Y8888888P @ + @ + @@ +8888P @ +88 @ +88 @ +88 @ +88 @ +88888 @ + @ + @@ +Yb @ +`Yb @ + `Yb @ + `Yb @ + `Yb @ + 88 @ + @ + @@ +d8888 @ + 88 @ + 88 @ + 88 @ + 88 @ +88888 @ + @ + @@ + db @ + d8'`8b @ +`" "' @ + @ + @ + @ + @ + @@ + @ + @ + @ + @ + @ + @ +oooooooooooo @ + @@ +dP @ +88 @ +Y. @ + @ + @ + @ + @ + @@ + @ + @ +.d8888b. @ +88' `88 @ +88. .88 @ +`88888P8 @ + @ + @@ +dP @ +88 @ +88d888b. @ +88' `88 @ +88. .88 @ +88Y8888' @ + @ + @@ + @ + @ +.d8888b. @ +88' `"" @ +88. ... @ +`88888P' @ + @ + @@ + dP @ + 88 @ +.d888b88 @ +88' `88 @ +88. .88 @ +`88888P8 @ + @ + @@ + @ + @ +.d8888b. @ +88ooood8 @ +88. ... @ +`88888P' @ + @ + @@ +.8888b @ +88 " @ +88aaa @ +88 @ +88 @ +dP @ + @ + @@ + @ + @ +.d8888b. @ +88' `88 @ +88. .88 @ +`8888P88 @ + .88 @ + d8888P @@ +dP @ +88 @ +88d888b. @ +88' `88 @ +88 88 @ +dP dP @ + @ + @@ +oo @ + @ +dP @ +88 @ +88 @ +dP @ + @ + @@ +oo @ + @ +dP @ +88 @ +88 @ +88 @ +88 @ +dP @@ +dP @ +88 @ +88 .dP @ +88888" @ +88 `8b. @ +dP `YP @ + @ + @@ +dP @ +88 @ +88 @ +88 @ +88 @ +dP @ + @ + @@ + @ + @ +88d8b.d8b. @ +88'`88'`88 @ +88 88 88 @ +dP dP dP @ + @ + @@ + @ + @ +88d888b. @ +88' `88 @ +88 88 @ +dP dP @ + @ + @@ + @ + @ +.d8888b. @ +88' `88 @ +88. .88 @ +`88888P' @ + @ + @@ + @ + @ +88d888b. @ +88' `88 @ +88. .88 @ +88Y888P' @ +88 @ +dP @@ + @ + @ +.d8888b. @ +88' `88 @ +88. .88 @ +`8888P88 @ + 88 @ + dP @@ + @ + @ +88d888b. @ +88' `88 @ +88 @ +dP @ + @ + @@ + @ + @ +.d8888b. @ +Y8ooooo. @ + 88 @ +`88888P' @ + @ + @@ + dP @ + 88 @ +d8888P @ + 88 @ + 88 @ + dP @ + @ + @@ + @ + @ +dP dP @ +88 88 @ +88. .88 @ +`88888P' @ + @ + @@ + @ + @ +dP .dP @ +88 d8' @ +88 .88' @ +8888P' @ + @ + @@ + @ + @ +dP dP dP @ +88 88 88 @ +88.88b.88' @ +8888P Y8P @ + @ + @@ + @ + @ +dP. .dP @ + `8bd8' @ + .d88b. @ +dP' `dP @ + @ + @@ + @ + @ +dP dP @ +88 88 @ +88. .88 @ +`8888P88 @ + .88 @ + d8888P @@ + @ + @ +d888888b @ + .d8P' @ + .Y8P @ +d888888P @ + @ + @@ + .d88P @ + 8: @ +.oY8. @ + d8 @ + 8: @ + `Y88b @ + @ + @@ +dP @ +88 @ +"' @ +dP @ +88 @ +"' @ + @ + @@ +d88b. @ + :8 @ + .8Yo. @ + 8b @ + :8 @ +Y88P' @ + @ + @@ + .oo. .d @ +dP" "d8P @ + @ + @ + @ + @ + @ + @@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ +@ +@ +@ +@ +@ +@ +@ +@@ diff --git a/.local/root/pam_env.conf b/.local/root/pam_env.conf new file mode 100644 index 00000000..806faf7b --- /dev/null +++ b/.local/root/pam_env.conf @@ -0,0 +1,2 @@ +GNUPGHOME DEFAULT=@{HOME}/.local/share/gnupg +XDG_CONFIG_HOME DEFAULT=@{HOME}/.config diff --git a/.local/root/quark b/.local/root/quark new file mode 100755 index 00000000..afa6fc06 --- /dev/null +++ b/.local/root/quark @@ -0,0 +1,19 @@ +#!/usr/bin/openrc-run + + +depend() { +need net +need localmount +} + +start() { +ebegin "Starting quark" +start-stop-daemon --background --start --exec /usr/local/bin/quark -- -p 9999 -d /home/yigit/.dotfiles/browser/startpage/dist -h 127.0.0.1 +eend $? +} + +stop() { +ebegin "Stopping myApp" +eend $? +} + diff --git a/.local/root/quark.service b/.local/root/quark.service new file mode 100644 index 00000000..0311db0c --- /dev/null +++ b/.local/root/quark.service @@ -0,0 +1,9 @@ +[Unit] +Description=Quark instance on 9999 for start page + +[Service] +Type=simple +ExecStart=/usr/local/bin/quark -p 9999 -d /home/yigit/.dotfiles/browser/startpage/dist -h 127.0.0.1 + +[Install] +WantedBy=multi-user.target diff --git a/.local/root/udevil.conf b/.local/root/udevil.conf new file mode 100644 index 00000000..ae118c0b --- /dev/null +++ b/.local/root/udevil.conf @@ -0,0 +1,335 @@ +############################################################################## +# +# udevil configuration file /etc/udevil/udevil.conf +# +# This file controls what devices, networks, and files users may mount and +# unmount via udevil (set suid). +# +# IMPORTANT: IT IS POSSIBLE TO CREATE SERIOUS SECURITY PROBLEMS IF THIS FILE +# IS MISCONFIGURED - EDIT WITH CARE +# +# Note: For greater control for specific users, including root, copy this +# file to /etc/udevil/udevil-user-USERNAME.conf replacing USERNAME with the +# desired username (eg /etc/udevil/udevil-user-jim.conf). +# +# Format: +# OPTION = VALUE[, VALUE, ...] +# +# DO NOT USE QUOTES except literally +# Lines beginning with # are ignored +# +############################################################################## + + +# To log all uses of udevil, set log_file to a file path: +# log_file = /var/log/udevil.log + +# Approximate number of days to retain log entries (0=forever, max=60): +log_keep_days = 10 + + +# allowed_types determines what fstypes can be passed by a user to the u/mount +# program, what device filesystems may be un/mounted implicitly, and what +# network filesystems may be un/mounted. +# It may also include the 'file' keyword, indicating that the user is allowed +# to mount files (eg an ISO file). The $KNOWN_FILESYSTEMS variable may +# be included to include common local filesystems as well as those listed in +# /etc/filesystems and /proc/filesystems. +# allowed_types_USERNAME, if present, is used to override allowed_types for +# the specific user 'USERNAME'. For example, to allow user 'jim' to mount +# only vfat filesystems, add: +# allowed_types_jim = vfat +# Setting allowed_types = * does NOT allow all types, as this is a security +# risk, but does allow all recognized types. +# allowed_types = $KNOWN_FILESYSTEMS, file, cifs, smbfs, nfs, curlftpfs, ftpfs, sshfs, davfs, tmpfs, ramfs +allowed_types = $KNOWN_FILESYSTEMS, file, cifs + + +# allowed_users is a list of users permitted to mount and unmount with udevil. +# Wildcards (* or ?) may be used in the usernames. To allow all users, +# specify "allowed_users=*". UIDs may be included using the form UID=1000. +# For example: allowed_users = carl, UID=1000, pre* +# Also note that permission to execute udevil may be limited to users belonging +# to the group that owns /usr/bin/udevil, such as 'plugdev' or 'storage', +# depending on installation. +# allowed_users_FSTYPE, if present, is used to override allowed_users when +# mounting or unmounting a specific fstype (eg nfs, ext3, file). +# Note that when mounting a file, fstype will always be 'file' regardless of +# the internal fstype of the file. +# For example, to allow only user 'bob' to mount nfs shares, add: +# allowed_users_nfs = bob +# The root user is NOT automatically allowed to use udevil in some cases unless +# listed here (except for unmounting anything or mounting fstab devices). +allowed_users = * + + +# allowed_groups is a list of groups permitted to mount and unmount with +# udevil. The user MUST belong to at least one of these groups. Wildcards +# or GIDs may NOT be used in group names, but a single * may be used to allow +# all groups. +# Also note that permission to execute udevil may be limited to users belonging +# to the group that owns /usr/bin/udevil, such as 'plugdev' or 'storage', +# depending on installation. +# allowed_groups_FSTYPE, if present, is used to override allowed_groups when +# mounting or unmounting a specific fstype (eg nfs, ext3, file). For example, +# to allow only members of the 'network' group to mount smb and nfs shares, +# use both of these lines: +# allowed_groups_smbfs = network +# allowed_groups_nfs = network +# The root user is NOT automatically allowed to use udevil in some cases unless +# listed here (except for unmounting anything or mounting fstab devices). +allowed_groups = * + + +# allowed_media_dirs specifies the media directories in which user mount points +# may be located. The first directory which exists and does not contain a +# wildcard will be used as the default media directory (normally /media or +# /media/$USER). +# The $USER variable, if included, will be replaced with the username of the +# user running udevil. Wildcards may also be used in any directory EXCEPT the +# default. Wildcards will not match a /, except a /** suffix for recursion. +# allowed_media_dirs_FSTYPE, if present, is used to override allowed_media_dirs +# when mounting or unmounting a specific fstype (eg ext2, nfs). For example, +# to cause /media/network to be used as the default media directory for +# nfs and ftpfs mounts, use these two lines: +# allowed_media_dirs_nfs = /media/network, /media, /media/$USER +# allowed_media_dirs_ftpfs = /media/network, /media, /media/$USER +# NOTE: If you want only the user who mounted a device to have access to it +# and be allowed to unmount it, specify /media/$USER as the first +# allowed media directory (only /media/$USER is created on demand). +# IMPORTANT: If an allowed file is mounted to a media directory, the user may +# be permitted to unmount its associated loop device even though internal. +# INCLUDING /MNT HERE IS NOT RECOMMENDED. ALL ALLOWED MEDIA DIRECTORIES +# SHOULD BE OWNED AND WRITABLE ONLY BY ROOT. +allowed_media_dirs = /media/$USER, /run/media/$USER + + +# allowed_devices is the first criteria for what block devices users may mount +# or unmount. If a device is not listed in allowed_devices, it cannot be +# un/mounted (unless in fstab). However, even if a device is listed, other +# factors may prevent its use. For example, access to system internal devices +# will be denied to normal users even if they are included in allowed_devices. +# allowed_devices_FSTYPE, if present, is used to override allowed_devices when +# mounting or unmounting a specific fstype (eg ext3, ntfs). For example, to +# prevent all block devices containing an ext4 filesystem from being +# un/mounted use: +# allowed_devices_ext4 = +# Note: Wildcards may be used, but a wildcard will never match a /, except +# for "allowed_devices=*" which allows any device. The recommended setting is +# allowed_devices = /dev/* +# WARNING: ALLOWING USERS TO MOUNT DEVICES OUTSIDE OF /dev CAN CAUSE SERIOUS +# SECURITY PROBLEMS. DO NOT ALLOW DEVICES IN /dev/shm +allowed_devices = /dev/* + + +# allowed_internal_devices causes udevil to treat any listed block devices as +# removable, thus allowing normal users to un/mount them (providing they are +# also listed in allowed_devices). +# allowed_internal_devices_FSTYPE, if present, is used to override +# allowed_internal_devices when mounting or unmounting a specific fstype +# (eg ext3, ntfs). For example, to allow block devices containing a vfat +# filesystem to be un/mounted even if they are system internal devices, use: +# allowed_internal_devices_vfat = /dev/sdb* +# Some removable esata drives look like internal drives to udevil. To avoid +# this problem, they can be treated as removable with this setting. +# WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. +# allowed_internal_devices = + + +# allowed_internal_uuids and allowed_internal_uuids_FSTYPE work similarly to +# allowed_internal_devices, except that UUIDs are specified instead of devices. +# For example, to allow un/mounting of an internal filesystem based on UUID: +# allowed_internal_uuids = cc0c4489-8def-1e5b-a304-ab87c3cb626c0 +# WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. +# allowed_internal_uuids = + + +# forbidden_devices is used to prevent block devices from being un/mounted +# even if other settings would allow them (except devices in fstab). +# forbidden_devices_FSTYPE, if present, is used to override +# forbidden_devices when mounting or unmounting a specific fstype +# (eg ext3, ntfs). For example, to prevent device /dev/sdd1 from being +# mounted when it contains an ntfs filesystem, use: +# forbidden_devices_ntfs = /dev/sdd1 +# NOTE: device node paths are canonicalized before being tested, so forbidding +# a link to a device will have no effect. +forbidden_devices = + + +# allowed_networks determines what hosts may be un/mounted by udevil users when +# using nfs, cifs, smbfs, curlftpfs, ftpfs, or sshfs. Hosts may be specified +# using a hostname (eg myserver.com) or IP address (192.168.1.100). +# Wildcards may be used in hostnames and IP addresses, but CIDR notation +# (192.168.1.0/16) is NOT supported. IP v6 is supported. For example: +# allowed_networks = 127.0.0.1, 192.168.1.*, 10.0.0.*, localmachine, *.okay.com +# Or, to prevent un/mounting of any network shares, set: +# allowed_networks = +# allowed_networks_FSTYPE, if present, is used to override allowed_networks +# when mounting or unmounting a specific network fstype (eg nfs, cifs, sshfs, +# curlftpfs). For example, to limit nfs and samba shares to only local +# networks, use these two lines: +# allowed_networks_nfs = 192.168.1.*, 10.0.0.* +# allowed_networks_cifs = 192.168.1.*, 10.0.0.* +allowed_networks = * + + +# forbidden_networks and forbidden_networks_FSTYPE are used to specify networks +# that are never allowed, even if other settings allow them (except fstab). +# NO REVERSE LOOKUP IS PERFORMED, so including bad.com will only have an effect +# if the user uses that hostname. IP lookup is always performed, so forbidding +# an IP address will also forbid all corresponding hostnames. +forbidden_networks = + + +# allowed_files is used to determine what files in what directories may be +# un/mounted. A user must also have read permission on a file to mount it. +# Note: Wildcards may be used, but a wildcard will never match a /, except +# for "allowed_files=*" which allows any file, and a /** suffix, which matches +# all files recursively. +# For example, to allow only files in the /share directory to be mounted, use: +# allowed_files = /share/* +# To allow all files in the /share directory AND all subdirectories use: +# allowed_files = /share/** +# NOTE: Specifying allowed_files_FSTYPE will NOT work because the fstype of +# files is always 'file'. +allowed_files = * + + +# forbidden_files is used to specify files that are never allowed, even if +# other settings allow them (except fstab). Specify a full path. +# Note: Wildcards may be used, but a wildcard will never match a /, except +# for "forbidden_files = *", or a /** suffix, which matches all recursively. +# NOTE: file paths are canonicalized before being tested, so forbidding +# a link to a file will have no effect. +forbidden_files = + + +# default_options specifies what options are always included when performing +# a mount, in addition to any options the user may specify. +# Note: When a device is present in /etc/fstab, and the user does not specify +# a mount point, the device is mounted with normal user permissions using +# the fstab entry, without these options. +# default_options_FSTYPE, if present, is used to override default_options +# when mounting a specific fstype (eg ext2, nfs). +# The variables $USER, $UID, and $GID are changed to the user's username, UID, +# and GID. +# FOR GOOD SECURITY, default_options SHOULD ALWAYS INCLUDE: nosuid,noexec,nodev +# WARNING: OPTIONS PRESENT OR MISSING CAN CAUSE SERIOUS SECURITY PROBLEMS. +default_options = nosuid, noexec, nodev, noatime +default_options_file = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID, ro +# mount iso9660 with 'ro' to prevent mount read-only warning +default_options_iso9660 = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID, ro, utf8 +default_options_udf = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID +default_options_vfat = nosuid, noexec, nodev, noatime, fmask=0133, dmask=0022, uid=$UID, gid=$GID, utf8 +default_options_exfat = nosuid, noexec, nodev, noatime, umask=0077, uid=$UID, gid=$GID, iocharset=utf8, namecase=0, nonempty +default_options_msdos = nosuid, noexec, nodev, noatime, fmask=0133, dmask=0022, uid=$UID, gid=$GID +default_options_umsdos = nosuid, noexec, nodev, noatime, fmask=0133, dmask=0022, uid=$UID, gid=$GID +default_options_ntfs = nosuid, noexec, nodev, noatime, fmask=0133, uid=$UID, gid=$GID, utf8 +default_options_cifs = nosuid, noexec, nodev, uid=$UID, gid=$GID +default_options_smbfs = nosuid, noexec, nodev, uid=$UID, gid=$GID +default_options_sshfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID, nonempty, allow_other +default_options_curlftpfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID, nonempty, allow_other +default_options_ftpfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID +default_options_davfs = nosuid, noexec, nodev, uid=$UID, gid=$GID +default_options_tmpfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID +default_options_ramfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID + + +# allowed_options determines all options that a user may specify when mounting. +# All the options used in default_options above must be included here too, or +# they will be rejected. If the user attempts to use an option not included +# here, an error will result. Wildcards may be used. +# allowed_options_FSTYPE, if present, is used to override allowed_options +# when mounting a specific fstype (eg ext2, nfs). +# The variables $USER, $UID, and $GID are changed to the user's username, UID, +# and GID. +# If you want to forbid remounts, remove 'remount' from here. +# WARNING: OPTIONS HERE CAN CAUSE SERIOUS SECURITY PROBLEMS - CHOOSE CAREFULLY +allowed_options = nosuid, noexec, nodev, noatime, fmask=0133, dmask=0022, uid=$UID, gid=$GID, ro, rw, sync, flush, iocharset=*, utf8, remount +allowed_options_nfs = nosuid, noexec, nodev, noatime, ro, rw, sync, remount, port=*, rsize=*, wsize=*, hard, proto=*, timeo=*, retrans=* +allowed_options_cifs = nosuid, noexec, nodev, ro, rw, remount, port=*, user=*, username=*, pass=*, password=*, guest, domain=*, uid=$UID, gid=$GID, credentials=* +allowed_options_smbfs = nosuid, noexec, nodev, ro, rw, remount, port=*, user=*, username=*, pass=*, password=*, guest, domain=*, uid=$UID, gid=$GID, credentials=* +allowed_options_sshfs = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gid=$GID, nonempty, allow_other, idmap=user, BatchMode=yes, port=* +allowed_options_curlftpfs = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gid=$GID, nonempty, allow_other, user=* +allowed_options_ftpfs = nosuid, noexec, nodev, noatime, ro, rw, port=*, user=*, pass=*, root=*, uid=$UID, gid=$GID +allowed_options_exfat = nosuid, noexec, nodev, noatime, fmask=0133, dmask=0022, uid=$UID, gid=$GID, umask=0077, namecase=*, ro, rw, sync, flush, iocharset=*, remount, nonempty + + +# mount_point_mode, if present and set to a non-empty value, will cause udevil +# to set the mode (permissions) on the moint point after mounting If not +# specified or if left empty, the mode is not changed. Mode must be octal +# starting with a zero (0755). +# mount_point_mode_FSTYPE, if present, is used to override mount_point_mode +# when mounting a specific fstype (eg ext2, nfs). +# NOT SETTING A MODE CAN HAVE SECURITY IMPLICATIONS FOR SOME FSTYPES +mount_point_mode = 0755 +# don't set a mode for some types: +mount_point_mode_sshfs = +mount_point_mode_curlftpfs = +mount_point_mode_ftpfs = + + +# Use the settings below to change the default locations of programs used by +# udevil, or (advanced topic) to redirect commands to your scripts. +# When substituting scripts, make sure they are root-owned and accept the +# options used by udevil (for example, the mount_program must accept --fake, +# -o, -v, and other options valid to mount.) +# Be sure to specify the full path and include NO OPTIONS or other arguments. +# These programs may also be specified as configure options when building +# udevil. +# THESE PROGRAMS ARE RUN AS ROOT +# mount_program = /bin/mount +# umount_program = /bin/umount +# losetup_program = /sbin/losetup +# setfacl_program = /usr/bin/setfacl + + +# validate_exec specifies a program or script which provides additional +# validation of a mount or unmount command, beyond the checks performed by +# udevil. The program is run as a normal user (if root runs udevil, +# validate_exec will NOT be run). The program is NOT run if the user is +# mounting a device without root privileges (a device in fstab). +# The program is passed the username, a printable description of what is +# happening, and the entire udevil command line as the first three arguments. +# The program must return an exit status of 0 to allow the mount or unmount +# to proceed. If it returns non-zero, the user will be denied permission. +# For example, validate_exec might specify a script which notifies you +# of the command being run, or performs additional steps to authenticate the +# user. +# Specify a full path to the program, with NO options or arguments. +# validate_exec = + + +# validate_rootexec works similarly to validate_exec, except that the program +# is run as root. validate_rootexec will also be run if the root user runs +# udevil. If both validate_exec and validate_rootexec are specified, +# validate_rootexec will run first, followed by validate_exec. +# The program must return an exit status of 0 to allow the mount or unmount +# to proceed. If it returns non-zero, the user will be denied permission. +# Unless you are familiar with writing root scripts, it is recommended that +# rootexec settings NOT be used, as it is easy to inadvertently open exploits. +# THIS PROGRAM IS ALWAYS RUN AS ROOT, even if the user running udevil is not. +# validate_rootexec = + + +# success_exec is run after a successful mount, remount, or unmount. The +# program is run as a normal user (if root runs udevil, success_exec +# will NOT be run). +# The program is passed the username, a printable description of what action +# was taken, and the entire udevil command line as the first three arguments. +# The program's exit status is ignored. +# For example, success_exec might run a script which informs you of what action +# was taken, and might perform further actions. +# Specify a full path to the program, with NO options or arguments. +# success_exec = + + +# success_rootexec works similarly to success_exec, except that the program is +# run as root. success_rootexec will also be run if the root user runs udevil. +# If both success_exec and success_rootexec are specified, success_rootexec +# will run first, followed by success_exec. +# Unless you are familiar with writing root scripts, it is recommended that +# rootexec settings NOT be used, as it is easy to inadvertently open exploits. +# THIS PROGRAM IS ALWAYS RUN AS ROOT, even if the user running udevil is not. +# success_rootexec = +