dugout-> operator_id.dugout
Define the ENVIRONMENT operator and the following roles:
1.) SUPER_ADMIN
2.) STANDARD
3.) ADMIN
4.) ADDITIONAL (1->N Support Roles)
5.) OPERATOR (Generic User)
The 'operator' will be pulled in by whatever local instance calls rely on operator_id, and will default to OPERATOR when another specific user is not specified.
Also, some assumptions are made about users that may be wrong. They are:
1.) At the minimum, one special proxy will be in use, in our case, Privoxy (Just an example implementation)
2.) At the minimum, one Windows runtime bundler/launcher will be in use, in our case, Wine (Just an example implementation)
3.) At the minimum, one universal virus sub-system will be in use, in our case, CLAMAV (Just an example implementation)
4.) At the minimum, the user will also want to perform actions according to the following subgroups:
a.) ADULT - Force the segmentation of any adult content away from general use systems and isolate it to meet the compliance standards of various international countries.
b.) AUTHENTICATED - Operators will want to rely on system-components that allow for allowing, rejecting, or elevating permissions to a specific task based on the scenario.
c.) BUGGER - The operator will want one group that is forced into a quarentine by default to allow for handling risky packages, malware, virus confirmations, and forensics.
d.) DATABASE - The Operator will desire one multi-purpose database ready container-mode group. This is provided as a generic wrapper to any needed subsystem, such as SQL, PostgreSQL, and no-sql implementations.
e.) DJ - The Operator will want one group to play both streaming and static music files. This allows users to isolate and detach music and sound related routines away from the rest of the system. This will help avoid copyright related system-contamination and protect against rouge audio files containing injection-atypical malware.
f.) DUGOUT - All systems must have a general purpose dugout group to operator system management properties.
g.) LOGGER - All systems must be able to log outputs of unknown types, even if the types may contain injected-atypical malware routines in the form of hexidecimal routines.
h.) MEDIA - The Operator must be able to interact with media, such as photos, videos, and other non-standard types.
i.) MEDIARESTRICTED - The Operator must have a way of dealing with sensative media, and create an elevated grouping for interacting with this type of content.
j.) OPENPACKAGER - The Operator must be able to use any package manager they choose and still have the packages adhere the general purpose package standard provided by OpenPackager™.
k.) ORE - All system routines must be able to be reduced into an Operations Resource Enclave, and a group must be provided to interact with these reductions.
l.) ROOT - All systems must have one backwards-ready super user account, known as root. This doesn't mean this account is the absolute owner of the system, but it must be provided.
m.) VPN - All systems must have an isolated VPN construct that doesn't rely on adhoc methods.
5.) At a minimum one mock-user and group must be provided, to meet convention, this has been provided as NOBODY.
6.) REALMLEADER - Is an appointed role for managing a system and it has to be able to be revoked by any user with higher permissions than ROOT.
#!/bin/sh
###############################################################################
## COPYRIGHT (C) 2022-2023 NEW ENTITY OPERATIONS INC. ALL RIGHTS RESERVED
## CREATED: 2022/10/16
## INSTANCE: operator_id.dugout
## MODIFIED: 2023/12/17
## OVERVIEW: Define the ENVIRONMENT operator and the following roles:
## SUPER_ADMIN, STANDARD, ADMIN, ADDITIONAL, OPERATOR
## The 'operator' will be pulled in by whatever local instance calls
## operator_id
## HISTORY: VERSION 1.2
## -> 2022/02/13 (VERSION 1.0)
## -> 2023/11/18 (VERSION 1.1)
## -> 2023/12/17 (VERSION 1.2)
###############################################################################
# Operator List: There must be one ROOT_USER, and as many USER_* patterns
# as you need to operate your system. The convention should remain constant
###############################################################################
## Base operator accounts: All defined interactive accounts (does not include
## program specific system accounts handled elsewhere by the ACS/IPDVS)
###############################################################################
## SUPER_ADMIN
ROOT_USER="$CONFIGURATION_ROOT_USER"
## STANDARD
STANDARD_USER="$CONFIGURATION_STANDARD_USER"
## REALMLEADER
REALMLEADER_USER="$CONFIGURATION_USER_2"
## ADMIN
USER_1="$CONFIGURATION_USER_1"
## ADDITIONAL
USER_2="$CONFIGURATION_USER_2"
## default remote access
DEFAULT_ACCESS_USER="$CONFIGURATION_DEFAULT_ACCESS_USER"
## http
HTTP_USER="$CONFIGURATION_HTTP_USER"
## privoxy
PRIVOXY_USER="$CONFIGURATION_PRIVOXY_USER"
## proxy
PROXY_USER="$CONFIGURATION_PROXY_USER"
## wine: optional translation layer user
WINE_USER="$CONFIGURATION_WINE_USER"
###############################################################################
## Dummy-accounts
###############################################################################
## BUGGER
BUGGER_USER="$CONFIGURATION_BUGGER_USER"
## nobody
NOBODY_USER="$CONFIGURATION_NOBODY_USER"
###############################################################################
## Group-Support
###############################################################################
GROUP_ADULT="$CONFIGURATION_GROUP_ADULT"
GROUP_AUTHENTICATED="$CONFIGURATION_GROUP_AUTHENTICATED"
GROUP_BUGGER="$CONFIGURATION_GROUP_BUGGER"
GROUP_CLAMAV="$CONFIGURATION_GROUP_CLAMAV"
GROUP_DATABASE="$CONFIGURATION_GROUP_DATABASE"
GROUP_DJ="$CONFIGURATION_GROUP_DJ"
GROUP_DUGOUT="$CONFIGURATION_GROUP_DUGOUT"
GROUP_LOGGER="$CONFIGURATION_GROUP_LOGGER"
GROUP_MEDIA="$CONFIGURATION_GROUP_MEDIA"
GROUP_MEDIARESTRICTED="$CONFIGURATION_GROUP_MEDIARESTRICTED"
GROUP_OPENPACKAGER="$CONFIGURATION_GROUP_OPENPACKAGER"
GROUP_ORE="$CONFIGURATION_GROUP_ORE"
GROUP_PRIVOXY="$CONFIGURATION_GROUP_PRIVOXY"
GROUP_PROXY="$CONFIGURATION_GROUP_PROXY"
GROUP_ROOT="$CONFIGURATION_GROUP_ROOT"
GROUP_VPN="$CONFIGURATION_GROUP_VPN"
###############################################################################
## Static Content-> Follow the convention and don't add in an adhoc way
###############################################################################
## OPERATOR-> Local instance
###############################################################################
## OPERATOR
OPERATOR="$USER"
###############################################################################
## Exports
###############################################################################
## Base Accounts
export OPERATOR_ROOT="$ROOT_USER"
export OPERATOR_ADMIN="$USER_1"
export OPERATOR_ADDITIONAL_1="$USER_2"
## Special Operators
export OPERATOR_BUGGER="$BUGGER_USER"
export OPERATOR_DEFAULT_ACCESS="$DEFAULT_ACCESS_USER"
export OPERATOR_HTTP="$HTTP_USER"
export OPERATOR_GENERAL="$OPERATOR"
export OPERATOR_NOBODY="$NOBODY_USER"
export OPERATOR_PRIVOXY="$PRIVOXY_USER"
export OPERATOR_PROXY="$PROXY_USER"
export OPERATOR_REALMLEADER="$REALMLEADER_USER"
export OPERATOR_STANDARD="$STANDARD_USER"
export OPERATOR_WINE="$WINE_USER"
###############################################################################
## Group support exports
export SUPPORT_GROUP_ADULT="$GROUP_ADULT"
export SUPPORT_GROUP_AUTHENTICATED="$GROUP_AUTHENTICATED"
export SUPPORT_GROUP_BUGGER="$GROUP_BUGGER"
export SUPPORT_GROUP_CLAMAV="$GROUP_CLAMAV"
export SUPPORT_GROUP_DATABASE="$GROUP_DATABASE"
export SUPPORT_GROUP_DJ="$GROUP_DJ"
export SUPPORT_GROUP_DUGOUT="$GROUP_DUGOUT"
export SUPPORT_GROUP_LOGGER="$GROUP_LOGGER"
export SUPPORT_GROUP_MEDIA="$GROUP_MEDIA"
export SUPPORT_GROUP_MEDIARESTRICTED="$GROUP_MEDIARESTRICTED"
export SUPPORT_GROUP_OPENPACKAGER="$GROUP_OPENPACKAGER"
export SUPPORT_GROUP_ORE="$GROUP_ORE"
export SUPPORT_GROUP_PRIVOXY="$GROUP_PRIVOXY"
export SUPPORT_GROUP_PROXY="$GROUP_PROXY"
export SUPPORT_GROUP_ROOT="$GROUP_ROOT"
export SUPPORT_GROUP_VPN="$GROUP_VPN"
# Additional Group Types here
# ...