#!/bin/sh

#    SAM-QFS_notice_begin
#
#      Solaris 2.x Sun Storage & Archiving Management File System
#
#      Copyright (c) 2004 Sun Microsystems, Inc.
#      All Rights Reserved.
#
#      Government Rights Notice
#      Use, duplication, or disclosure by the U.S. Government is
#      subject to restrictions set forth in the Sun Microsystems,
#      Inc. license agreements and as provided in DFARS 227.7202-1(a)
#      and 227.7202-3(a) (1995), DRAS 252.227-7013(c)(ii) (OCT 1988),
#      FAR 12.212(a)(1995), FAR 52.227-19, or FAR 52.227-14 (ALT III),
#      as applicable.  Sun Microsystems, Inc.
#
#    SAM-QFS_notice_end

#
# $Id: set_admin,v 1.4 2004/04/07 19:28:24 jp148923 Exp $
#
# set_admin sam-admin-group
#
# if no "sam-admin-group" is specified, the user will be prompted for one.
#

#  List of programs in /opt/SUNWsamfs/sbin to be SAM-FS admin group executable.

ADMLIST="archive_audit archiver auditslot build_cat chmed cleandrive \
  dmpshm dump_cat dump_log export import itemize load move odlabel \
  sam-recycler samtrace samcmd samset samu set_state showqueue tplabel \
  unarchive unload"

#  Check for root and exit if not.

UID=`/bin/id | sed -e "s/^[^=]*=//" -e "s/(.*//"`
if [ $UID -ne 0 ] ; then
    echo "This script must be run as 'root'."
	exit
fi

if [ X$1 = X ]; then
	#
	#  Get the group for the administrators
	#
	echo " "
	echo " "
	echo " "
	echo By default, the SAM-FS administrator commands may be executed by
	echo root only.  However, if you wish, you can supply a group name now
	echo which will also be allowed to execute the administrator commands.
	echo This group must currently exist in your system \(either in the
	echo /etc/group file or in YP/NIS/NIS+\)
	 
	ADDGROUP=0
	CONTINUE=1
	while [ $CONTINUE -eq 1 ]; do
		echo " "
		echo Do you wish to change back to the default behavior?
		echo " "
		echo Enter \"y\" if you do, or \"n\" if you wish to define an administrator group.
		read reply
	 
		if [ X$reply = Xn ]; then
			ADDGROUP=1
			CONTINUE=0
		elif [ X$reply = Xy ]; then
			ADDGROUP=0
			CONTINUE=0
		else
			echo Your reply of \"$reply\" was not \"y\" or \"n\".
		fi
	done


	if [ $ADDGROUP = 1 ]; then
		ADMMODE=04550
		CONTINUE=1
		while [ $CONTINUE -eq 1 ]; do
			echo Enter the name of the group which you wish to use as the SAM-FS
			echo administrator group.
			echo " "
			read GROUPADM
	 
			echo " "
			echo You entered \"$GROUPADM\".  Enter y if this is what you wanted.
			read reply
			if [ X$reply = Xy ]; then
				if [ X$GROUPADM = XSAM_FS ]; then
					echo You cannot use SAM_FS as the administrator group.
					echo Choose another group.
					echo " "
				else
					CONTINUE=0
				fi
			fi
		done
		echo The administrator commands will be executable by root and
		echo members of group $GROUPADM.
	else
		ADMMODE=550
		GROUPADM=bin
		echo Very well.  The administrator commands will be executable by root only.
	fi
	echo " "
elif [ $1 = "bin" ]; then
	ADMMODE=550
	GROUPADM=bin
else
	ADMMODE=04550
	GROUPADM=$1
fi

#  change the group on (most of) the adm commands in /opt/SUNWsamfs/sbin
 
	chgrp $GROUPADM /opt/SUNWsamfs/sbin
    for object in $ADMLIST
    do
		if [ ! -f /opt/SUNWsamfs/sbin/$object ]; then
			continue
		fi
        chgrp $GROUPADM /opt/SUNWsamfs/sbin/$object
        if [ $? -ne 0 ]; then
            echo " "
            echo FATAL:  Group $GROUPADM does not exist in your system.
            echo This was the group you named as the SAM-FS administrator group.
            echo " "
            echo Please add the group following your site procedures, and then
            echo retry \"set_admin $GROUPADM\".
            exit 1
        fi
        chmod $ADMMODE /opt/SUNWsamfs/sbin/$object
    done
    if [ $GROUPADM = "bin" ]; then
    echo The administrator commands are now executable by root only.
    else
    echo The administrator commands are now executable by group $GROUPADM.
    fi	

exit 0
