(* We can't match the user when listening; SELinux or
similar would let us manage this with better
granularity.*)
- (TextIO.output (users_tcp_in_conf, "proto tcp {\n");
- TextIO.output (users_tcp_in_conf, concat lines);
- TextIO.output (users_tcp_in_conf, "\n}\n\n"))
+ let
+ val _ = SysWord.toInt (Posix.ProcEnv.uidToWord (Posix.SysDB.Passwd.uid (Posix.SysDB.getpwnam uname)))
+ in
+ TextIO.output (users_tcp_in_conf, "proto tcp {\n");
+ TextIO.output (users_tcp_in_conf, concat lines);
+ TextIO.output (users_tcp_in_conf, "\n}\n\n")
+ end handle OS.SysErr _ => print "Invalid user in firewall config, skipping.\n" (* no sense in opening ports for bad users *)
fun writeUserOutRules (uname, lines) =
let