#!/bin/bash
# 
# This script is used for Administration of RSBAC general user attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC PM DAZ FF RC AUTH ACL CAP JAIL RES PAX'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi
if ! TMPFILETWO=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILETWO=$TMPDIR/rsbac_dialog.$$.2
  if test -e $TMPFILETWO
  then rm $TMPFILETWO
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

set_geometry ()
{
        BL=${1:-24}
        BC=${2:-80}
        [ $BL = 0 ] && BL=24
        [ $BC = 0 ] && BC=80
        export LINES=$BL
        export COLUMNS=$BC
        BL=$((BL-4))
        BC=$((BC-5))
        MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

gl ()
{
        if test $1 -gt $MAXLINES
        then echo $MAXLINES
        else echo $1
        fi
}

if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10

if test -z "$BACKTITLE"
then BACKTITLE="RSBAC Administration Tools 1.4.0"
fi
TITLE="`whoami`@`hostname`: RSBAC User Administration"
ERRTITLE="RSBAC User Administration - ERROR"

ALL_USERS=4294967292

show_help () {
  case "$RSBACLANG" in
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    User:)
        echo "Enter the user name or id."
      ;;

    Userlist:)
        echo "Choose user from list."
      ;;

    'MAC Security Level:')
        echo "MAC model maximum security level for this user."
        echo ""
        $RSBACPATH""attr_get_user -A security_level
      ;;

    'MAC Initial Security Level:')
        echo "MAC model initial current security level for this user."
        echo "This must always be between min and max values.
        echo ""
        $RSBACPATH""attr_get_user -A security_level
      ;;

    'MAC Min Security Level:')
        echo "MAC model minimum security level for this user."
        echo ""
        $RSBACPATH""attr_get_user -A min_security_level
      ;;

    'MAC Categories:')
        echo "MAC model maximum categories for this user."
        echo ""
        $RSBACPATH""attr_get_user -A mac_categories
      ;;

    'MAC Initial Categories:')
        echo "MAC model initial current categories for this user."
        echo "This must always be between min and max values.
        echo ""
        $RSBACPATH""attr_get_user -A mac_categories
      ;;

    'MAC Min Categories:')
        echo "MAC model minimum categories for this user."
        echo ""
        $RSBACPATH""attr_get_user -A mac_min_categories
      ;;

    'MAC Role:')
        echo "MAC model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A mac_role
      ;;

    'MAC User Flags:')
        echo "The MAC User flags allow to give a user some special MAC rights,"
        echo "e.g. allow_auto:"
        echo "Allow to inherit the MAC model mac_auto flag from executables for this"
        echo "user's processes. The mac_auto flag makes the current security level"
        echo "and current category set adjust themselves as necessary, but within"
        echo "the valid ranges."
        echo "Please MAC documentation for details."
        echo ""
        $RSBACPATH""attr_get_user -A mac_user_flags
      ;;

    'DAZ Role:')
        echo "DAZuko model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A daz_role
      ;;

    'FF Role:')
        echo "FF model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A ff_role
      ;;

    'AUTH Role:')
        echo "AUTH model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A auth_role
      ;;

    'PM Role:')
        echo "PM model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A pm_role
      ;;

    'PM Task Set:')
        echo "PM model set ID of allowed tasks for this user. This value is only an"
        echo "index into the PM task_set data structures and thus read-only."
        echo ""
        $RSBACPATH""attr_get_user -A pm_task_set
      ;;

    'Pseudo:')
        echo "Logging pseudonym for this user. If this value is not 0, it will be used"
        echo "as pseudonym instead of the user id for all request and set_attr logging"
        echo "messages."
        echo ""
        $RSBACPATH""attr_get_user -A pseudo
      ;;

    'RC Default Role:')
        echo "RC model default role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A rc_def_role
      ;;

    'RC Type:')
        echo "RC model type for this user as an object."
        echo ""
        $RSBACPATH""attr_get_user -A rc_type
      ;;

    'CAP Min Caps:')
        echo "Specify a set of Linux capabilities, which will always be set, when a"
        echo "process changes to this user, or when this user executes a program."
        echo "The Max Caps set for the user is ignored, but the Max Caps set of the"
        echo "executed program will be applied."
        echo "Useful to start privileged (root) programs as normal user."
        echo ""
        $RSBACPATH""attr_get_user -A min_caps
      ;;

    'CAP Max Caps:')
        echo "Specify the maximum set of Linux capabilities, which can be set, when a"
        echo "process changes to this user, or when this user executes a program."
        echo "Useful to limit the privileges of a user running setuid root programs,"
        echo "e.g. the passwd command."
        echo ""
        $RSBACPATH""attr_get_user -A max_caps
      ;;

    'CAP Role:')
        echo "CAP model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A cap_role
      ;;

    'CAP ld_env:')
        echo "Unset to disallow this user executing program files"
	echo "with LD_ flags set"
	echo ""
	$RSBACPATH""attr_get_user -A cap_ld_env
      ;;

    'JAIL Role:')
        echo "JAIL model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A jail_role
      ;;

    'RES Role:')
        echo "RES model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A res_role
      ;;

    'RES Min Resources:')
        echo "Set the minimum resource limits for this program when executed."
        echo "Zero values are ignored."
        echo ""
        $RSBACPATH""attr_get_user -A res_min
      ;;

    'RES Max Resources:')
        echo "Set the maximum resource limits for this program when executed."
        echo "Zero values are ignored."
        echo ""
        $RSBACPATH""attr_get_user -A res_max
      ;;

    'PAX Role:')
        echo "PAX model system role for this user."
        echo ""
        $RSBACPATH""attr_get_user -A pax_role
      ;;

    'cpu')
        echo "CPU time limit in milliseconds."
      ;;

    'fsize')
        echo "Size limit for each file."
      ;;

    'data')
        echo "Process data segment size limit in bytes."
      ;;

    'stack')
        echo "Process stack size limit in bytes."
      ;;

    'core')
        echo "Core dump size limit in bytes."
      ;;

    'rss')
        echo "Max resident set size in bytes."
      ;;

    'nproc')
        echo "Maximum number of processes for process owner (global value!)."
      ;;

    'nofile')
        echo "Limit on the number of open files."
      ;;

    'memlock')
        echo "Limit on locked-in-memory address space."
      ;;

    'as')
        echo "Address space (virtual memory) limit."
      ;;

    'locks')
        echo "Limit on number of file locks held (ignored in 2.2 kernels)."
      ;;

    'Log User Based:')
        echo "Specify the request types, which should always be logged, when"
        echo "this user runs a program."
        echo ""
        $RSBACPATH""attr_get_user -A log_user_based
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    'Reset Attributes:')
        echo "Call attr_rm_user to get the attribute object for this user object"
        echo "removed. As result, all attribute values will be reset to their"
        echo "default values. Use with care!"
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$1" != "" 
    then
      if test "$SHOW_MAC" = "yes"
      then
        SECLEVEL=`$RSBACPATH""attr_get_user $1 security_level`
        ISECLEVEL=`$RSBACPATH""attr_get_user $1 initial_security_level`
        MSECLEVEL=`$RSBACPATH""attr_get_user $1 min_security_level`
        MACCAT=`$RSBACPATH""attr_get_user $1 mac_categories`
        MACICAT=`$RSBACPATH""attr_get_user $1 mac_initial_categories`
        MACMCAT=`$RSBACPATH""attr_get_user $1 mac_min_categories`
        MACROLE=`$RSBACPATH""attr_get_user $1 mac_role`
        MACFLAGS=`$RSBACPATH""attr_get_user $1 mac_user_flags`
      fi
      if test "$SHOW_PM" = "yes"
      then
        PMROLE=`$RSBACPATH""attr_get_user $1 pm_role`
        PMTASKSET=`$RSBACPATH""attr_get_user $1 pm_task_set`
      fi
      if test "$SHOW_DAZ" = "yes"
      then
        DAZROLE=`$RSBACPATH""attr_get_user $1 daz_role`
      fi
      if test "$SHOW_FF" = "yes"
      then
        FFROLE=`$RSBACPATH""attr_get_user $1 ff_role`
      fi
      if test "$SHOW_RC" = "yes"
      then
        RCDEFROLE=`$RSBACPATH""attr_get_user $1 rc_def_role`
        RCTYPE=`$RSBACPATH""attr_get_user $1 rc_type`
      fi
      if test "$SHOW_AUTH" = "yes"
      then
        AUTHROLE=`$RSBACPATH""attr_get_user $1 auth_role`
      fi
      if test "$SHOW_CAP" = "yes"
      then
        MINCAPS=`$RSBACPATH""attr_get_user $1 min_caps`
        MAXCAPS=`$RSBACPATH""attr_get_user $1 max_caps`
        CAPROLE=`$RSBACPATH""attr_get_user $1 cap_role`
	CAPLDENV=`$RSBACPATH""attr_get_user $1 cap_ld_env`
      fi
      if test "$SHOW_JAIL" = "yes"
      then
        JAILROLE=`$RSBACPATH""attr_get_user $1 jail_role`
      fi
      if test "$SHOW_RES" = "yes"
      then
        RESMIN=`$RSBACPATH""attr_get_user -s $1 res_min`
        RESMAX=`$RSBACPATH""attr_get_user -s $1 res_max`
        RESROLE=`$RSBACPATH""attr_get_user $1 res_role`
      fi
      if test "$SHOW_PAX" = "yes"
      then
        PAXROLE=`$RSBACPATH""attr_get_user $1 pax_role`
      fi
      if test "$SHOW_GEN" = "yes"
      then
        PSEUDO=`$RSBACPATH""attr_get_user $1 pseudo`
        LOGUSER=`$RSBACPATH""attr_get_user $1 log_user_based`
      fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

get_value_name () {
  case $1 in
    onoff)
      case $2 in
        1) echo On
          ;;
        *) echo Off
          ;;
      esac 
      ;;
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
      esac 
      ;;
    sysrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Administrator
          ;;
        3) echo Auditor
          ;;
      esac 
      ;;
    pmrole)
      case $2 in
        0) echo General User
          ;;
        1) echo Security Officer
          ;;
        2) echo Data Protection Officer
          ;;
        3) echo TP-Manager
          ;;
        4) echo System-Administrator
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$USERID" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

role_name () {
  if test -z "$USERID" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item ROLE $1 name
       then echo "(unknown)"
       fi
  fi
}

type_name () {
  if test -z "$USERID" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_user_name
       then echo "(unknown)"
       fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_initial_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_initial_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_user $USERID mac_min_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_user -p $USERID log_user_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_min_caps_list () {
    if test -z "$CAPS"
      then CAPS=`$RSBACPATH""attr_get_file_dir -c`
    fi
    SETCAPS=`$RSBACPATH""attr_get_user -p $USERID min_caps`
    for i in $CAPS
    do
      if echo $SETCAPS | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_max_caps_list () {
    if test -z "$CAPS"
      then CAPS=`$RSBACPATH""attr_get_file_dir -c`
    fi
    SETCAPS=`$RSBACPATH""attr_get_user -p $USERID max_caps`
    for i in $CAPS
    do
      if echo $SETCAPS | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_flags_menu_items() {
    if (($MACFLAGS & 1)) ; then echo 1 override on
    else echo 1 override off
    fi
    if (($MACFLAGS & 4)) ; then echo 4 trusted on
    else echo 4 trusted off
    fi
    if (($MACFLAGS & 8)) ; then echo 8 write_up on
    else echo 8 write_up off
    fi
    if (($MACFLAGS & 16)) ; then echo 16 read_up on
    else echo 16 read_up off
    fi
    if (($MACFLAGS & 32)) ; then echo 32 write_down on
    else echo 32 write_down off
    fi
    if (($MACFLAGS & 64)) ; then echo 64 allow_auto on
    else echo 64 allow_auto off
    fi
}

flags_menu () {
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --separate-output \
         --checklist "$USERID: MAC User Flags" $BL $BC `gl 9` \
              `gen_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    VAL=$VAL+$i
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_user $USERID mac_user_flags $VAL &>$TMPFILE
    then MACFLAGS=$VAL
      if test -n "$RSBACLOGFILE"
      then
        echo $RSBACPATH""attr_set_user $USERID mac_user_flags $VAL >>"$RSBACLOGFILE"
      fi
    else \
      $DIALOG --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
    fi
  return
}


if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi

if test "$1" != ""
then USERID=$(attr_get_user $1 user_name)
     get_attributes $USERID
fi

  {
    echo 'user_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main User Menu" $BL $BC `gl 32` \'
    echo '              "Userlist:" "Choose user from list" \'
    echo '               "-------------------" " " \'
    echo '              "User:" "$USERID | `get_uid $USERID` | `full_name $USERID`" \'
    if test "$SHOW_MAC" = "yes"
    then
      echo '              "MAC Security Level:" "$SECLEVEL / `get_value_name seclevel $SECLEVEL`" \'
      echo '              "MAC Initial Security Level:" "$ISECLEVEL / `get_value_name seclevel $ISECLEVEL`" \'
      echo '              "MAC Min Security Level:" "$MSECLEVEL / `get_value_name seclevel $MSECLEVEL`" \'
      echo '              "MAC Categories:" "`cat_print $MACCAT`" \'
      echo '              "MAC Initial Categories:" "`cat_print $MACICAT`" \'
      echo '              "MAC Min Categories:" "`cat_print $MACMCAT`" \'
      echo '              "MAC Role:" "$MACROLE / `get_value_name sysrole $MACROLE`" \'
      echo '              "MAC User Flags:" "$MACFLAGS" \'
    fi
    if test "$SHOW_PM" = "yes"
    then
      echo '              "PM Role:" "$PMROLE / `get_value_name pmrole $PMROLE`" \'
      echo '              "PM Task Set:" "$PMTASKSET (read-only)" \'
    fi
    if test "$SHOW_DAZ" = "yes"
    then
      echo '              "DAZ Role:" "$DAZROLE / `get_value_name sysrole $DAZROLE`" \'
    fi
    if test "$SHOW_FF" = "yes"
    then
      echo '              "FF Role:" "$FFROLE / `get_value_name sysrole $FFROLE`" \'
    fi
    if test "$SHOW_RC" = "yes"
    then
      echo '              "RC Default Role:" "$RCDEFROLE / `role_name $RCDEFROLE`" \'
      echo '              "RC Type:" "$RCTYPE / `type_name $RCTYPE`" \'
    fi
    if test "$SHOW_AUTH" = "yes"
    then
      echo '              "AUTH Role:" "$AUTHROLE / `get_value_name sysrole $AUTHROLE`" \'
    fi
    if test "$SHOW_CAP" = "yes"
    then
      echo '              "CAP Min Caps:" "$MINCAPS" \'
      echo '              "CAP Max Caps:" "$MAXCAPS" \'
      echo '              "CAP Role:" "$CAPROLE / `get_value_name sysrole $CAPROLE`" \'
      echo '              "CAP ld_env:" "$CAPLDENV" \'
    fi
    if test "$SHOW_JAIL" = "yes"
    then
      echo '              "JAIL Role:" "$JAILROLE / `get_value_name sysrole $JAILROLE`" \'
    fi
    if test "$SHOW_RES" = "yes"
    then
      echo '              "RES Min Resources:" "$RESMIN" \'
      echo '              "RES Max Resources:" "$RESMAX" \'
      echo '              "RES Role:" "$RESROLE / `get_value_name sysrole $RESROLE`" \'
    fi
    if test "$SHOW_PAX" = "yes"
    then
      echo '              "PAX Role:" "$PAXROLE / `get_value_name sysrole $PAXROLE`" \'
    fi
    if test "$SHOW_GEN" = "yes"
    then
      echo '              "Pseudo:" "$PSEUDO" \'
      echo '              "Log User Based:" "$LOGUSER" \'
    fi
    if test "$SHOW_ACL" = "yes"
    then
      echo '              "----------------" " " \'
      echo '              "ACL Menu:" "Go to ACL menu" \'
    fi
    echo '              "----------------" " " \'
    echo '              "Reset Attributes:" "Reset all values to default values" \'
    echo '              "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! user_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE="`cat $TMPFILE`"
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    User:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Username/ID" $BL $BC $USERID \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    Userlist:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$USERID" \
                  --menu "Username/ID" $BL $BC $MAXLINES \
                         "$ALL_USERS" "RES default user" \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_name >$TMPFILE
             then USERID=`cat $TMPFILE`
                  get_attributes $USERID
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "User: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;
    'MAC Security Level:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Security Level for $USERID" $BL $BC 5 \
                                0 unclassified `onoff 0 $SECLEVEL` \
                                1 confidential `onoff 1 $SECLEVEL` \
                                2 secret `onoff 2 $SECLEVEL` \
                                3 "top secret" `onoff 3 $SECLEVEL` \
                                252 "max. level" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID security_level $TMP &>$TMPFILE
               then
                 SECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Security Level: No user specified!" 5 $BC
        fi
      ;;

    'MAC Initial Security Level:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Initial Current Security Level for $USERID" $BL $BC 5 \
                                0 unclassified `onoff 0 $ISECLEVEL` \
                                1 confidential `onoff 1 $ISECLEVEL` \
                                2 secret `onoff 2 $ISECLEVEL` \
                                3 "top secret" `onoff 3 $ISECLEVEL` \
                                252 "max. level" `onoff 252 $ISECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID initial_security_level $TMP &>$TMPFILE
               then
                 ISECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID initial_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Initial Security Level: No user specified!" 5 $BC
        fi
      ;;

    'MAC Min Security Level:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Minimum Security Level for $USERID" $BL $BC 5 \
                                0 unclassified `onoff 0 $MSECLEVEL` \
                                1 confidential `onoff 1 $MSECLEVEL` \
                                2 secret `onoff 2 $MSECLEVEL` \
                                3 "top secret" `onoff 3 $MSECLEVEL` \
                                252 "max. level" `onoff 252 $MSECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID min_security_level $TMP &>$TMPFILE
               then
                 MSECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID min_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Min Security Level: No user specified!" 5 $BC
        fi
      ;;

    'MAC Categories:')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "MAC Categories for user $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_user $USERID mac_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_user $USERID mac_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_user $USERID mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Categories: No user specified!" 5 $BC
        fi
      ;;

    'MAC Initial Categories:')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "MAC Initial Current Categories for user $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACICAT" $BL $BC $MAXLINES \
                    `gen_initial_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_user $USERID mac_initial_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_initial_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_user $USERID mac_initial_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_initial_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACICAT=`$RSBACPATH""attr_get_user $USERID mac_initial_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Initial Categories: No user specified!" 5 $BC
        fi
      ;;

    'MAC Min Categories:')
        if test "$USERID" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "MAC Min Categories for user $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACMCAT" $BL $BC $MAXLINES \
                    `gen_min_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_user $USERID mac_min_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_min_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_user $USERID mac_min_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID mac_min_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACMCAT=`$RSBACPATH""attr_get_user $USERID mac_min_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Min Categories: No user specified!" 5 $BC
        fi
      ;;

    'MAC Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MAC Role for $USERID" $BL $BC 4 \
                                0 "General User" `onoff 0 $MACROLE` \
                                1 "Security Officer" `onoff 1 $MACROLE` \
                                2 "Administrator" `onoff 2 $MACROLE` \
                                3 "Auditor" `onoff 3 $MACROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID mac_role $TMP &>$TMPFILE
               then
                 MACROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID mac_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Role: No user specified!" 5 $BC
        fi
      ;;

    'MAC User Flags:')
        if test "$USERID" != ""
        then
          flags_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC User Flags: No user specified!" 5 $BC
        fi
      ;;

    'DAZ Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose DAZ Role for $USERID" $BL $BC 4 \
                                0 "General User" `onoff 0 $DAZROLE` \
                                1 "Security Officer" `onoff 1 $DAZROLE` \
                                2 "Administrator" `onoff 2 $DAZROLE` \
                                3 "Auditor" `onoff 3 $DAZROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID daz_role $TMP &>$TMPFILE
               then
                 DAZROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID daz_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "DAZ Role: No user specified!" 5 $BC
        fi
      ;;

    'FF Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose FF Role for $USERID" $BL $BC 4 \
                                0 "General User" `onoff 0 $FFROLE` \
                                1 "Security Officer" `onoff 1 $FFROLE` \
                                2 "Administrator" `onoff 2 $FFROLE` \
                                3 "Auditor" `onoff 3 $FFROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID ff_role $TMP &>$TMPFILE
               then
                 FFROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID ff_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "FF Role: No user specified!" 5 $BC
        fi
      ;;

    'AUTH Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose AUTH Role for $USERID" $BL $BC 4 \
                                0 "General User" `onoff 0 $AUTHROLE` \
                                1 "Security Officer" `onoff 1 $AUTHROLE` \
                                2 "Administrator" `onoff 2 $AUTHROLE` \
                                3 "Auditor" `onoff 3 $AUTHROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID auth_role $TMP &>$TMPFILE
               then
                 AUTHROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID auth_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH Role: No user specified!" 5 $BC
        fi
      ;;

    'PM Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM-Role for $USERID" $BL $BC 5 \
                                0 "General User" `onoff 0 $PMROLE` \
                                1 "Security Officer" `onoff 1 $PMROLE` \
                                2 "Data Protection Officer" `onoff 2 $PMROLE` \
                                3 "TP-Manager" `onoff 3 $PMROLE` \
                                4 "System Administrator" `onoff 4 $PMROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pm_role $TMP &>$TMPFILE
               then
                 PMROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID pm_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM-Role: No user specified!" 5 $BC
        fi
      ;;
    'Pseudo:')
        if test "$USERID" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Pseudonym (long integer) for $USERID" $BL $BC "$PSEUDO" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pseudo $TMP &>$TMPFILE
               then
                 PSEUDO=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID pseudo $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Pseudo: No user specified!" 5 $BC
        fi
      ;;

    'RC Default Role:')
        if test "$USERID" != ""
        then \
          if $RSBACPATH""rc_get_item list_roles >$TMPFILETWO
          then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --default-item "$RCDEFROLE" \
                      --menu "Choose RC Default Role for $USERID" $BL $BC $MAXLINES \
                      `cat $TMPFILETWO` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then
                   RCDEFROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID rc_def_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
            rm $TMPFILETWO
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Default Role for user $USERID" $BL $BC "$RCDEFROLE" \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_def_role $TMP &>$TMPFILE
                 then
                   RCDEFROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID rc_def_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "RC Default Role: No user specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$USERID" != ""
        then \
          if $RSBACPATH""rc_get_item list_user_types >$TMPFILETWO
          then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --default-item "$RCTYPE" \
                      --menu "Choose RC Type for user $USERID" $BL $BC $MAXLINES \
                      `cat $TMPFILETWO` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_type $TMP &>$TMPFILE
                 then
                   RCTYPE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID rc_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
            rm $TMPFILETWO
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type for $USERID" $BL $BC "$RCTYPE" \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_user $USERID rc_type $TMP &>$TMPFILE
                 then
                   RCTYPE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_user $USERID rc_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
            $DIALOG --title "$ERRTITLE" \
                   --backtitle "$BACKTITLE" \
                   --msgbox "RC Type: No user specified!" 5 $BC
        fi
      ;;

    'CAP Min Caps:')
        if test -n "$USER"
        then \
          if $DIALOG --title "CAP min_caps for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINCAPS" $BL $BC $MAXLINES \
              `gen_min_caps_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              FS_MASK  'Set Filesystem Caps' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID min_caps $TMP &>$TMPFILE
            then
              MINCAPS=`$RSBACPATH""attr_get_user $USERID min_caps`
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""attr_set_user $USERID min_caps $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Min Caps: No user specified!" 5 $BC
        fi
      ;;

    'CAP Max Caps:')
        if test -n "$USER"
        then \
          if $DIALOG --title "CAP max_caps for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXCAPS" $BL $BC $MAXLINES \
              `gen_max_caps_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              FS_MASK  'Set Filesystem Caps' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID max_caps $TMP &>$TMPFILE
            then
              MAXCAPS=`$RSBACPATH""attr_get_user $USERID max_caps`
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""attr_set_user $USERID max_caps $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Max Caps: No user specified!" 5 $BC
        fi
      ;;

    'CAP Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose CAP Role for $USERID" $BL $BC 4 \
                                0 "General User" `onoff 0 $CAPROLE` \
                                1 "Security Officer" `onoff 1 $CAPROLE` \
                                2 "Administrator" `onoff 2 $CAPROLE` \
                                3 "Auditor" `onoff 3 $CAPROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID cap_role $TMP &>$TMPFILE
               then
                 CAPROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID cap_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Role: No user specified!" 5 $BC
        fi
      ;;

    'CAP ld_env:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose CAP LD Env for $USERID" $BL $BC 3 \
                                0 "deny" `onoff 0 $CAPLDENV` \
                                1 "allow" `onoff 1 $CAPLDENV` \
                                2 "keep" `onoff 2 $CAPLDENV` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID cap_ld_env $TMP &>$TMPFILE
               then
                 CAPLDENV=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID cap_ld_env $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP ld_env: No user specified!" 5 $BC
        fi
      ;;

    'JAIL Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose JAIL Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $JAILROLE` \
                                1 "Security Officer" `onoff 1 $JAILROLE` \
                                2 "Administrator" `onoff 2 $JAILROLE` \
                                3 "Auditor" `onoff 3 $JAILROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID jail_role $TMP &>$TMPFILE
               then
                 JAILROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID jail_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL Role: No user specified!" 5 $BC
        fi
      ;;

    'RES Min Resources:')
        if test -n "$USERID"
        then
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --help-button --default-item "$RESSEL" \
                    --menu "RES Minimum Resources for User $USERID" $BL $BC $MAXLINES \
              `$RSBACPATH""attr_get_user "$USERID" res_min` \
             2>$TMPFILE
          do
            RESSEL=`cat $TMPFILE`
            case "$RESSEL" in
              HELP*)
                  show_help "${RESSEL:5}"
                  RESSEL="${RESSEL:5}"
                ;;
              *)
                  if $DIALOG --title "$TITLE" \
                             --backtitle "$BACKTITLE" \
                             --inputbox "Minimum $RESSEL resource limit for $USERID (0 = unset)" \
                               $BL $BC "`$RSBACPATH""attr_get_user "$USERID" res_min $RESSEL`" \
                    2>$TMPFILE
                  then TMP=`cat $TMPFILE`
                     if $RSBACPATH""attr_set_user $USERID res_min $RESSEL $TMP &>$TMPFILE
                     then RESMIN=`$RSBACPATH""attr_get_user -s $USERID res_min`
                       if test -n "$RSBACLOGFILE"
                       then
                         echo $RSBACPATH""attr_set_user $USERID res_min $RESSEL $TMP >>"$RSBACLOGFILE"
                       fi
                     else
                       $DIALOG --title "$ERRTITLE" \
                               --backtitle "$BACKTITLE" \
                               --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                     fi
                  fi
                ;;
            esac
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RES Min Resources: No user specified!" 5 $BC
        fi
      ;;

    'RES Max Resources:')
        if test -n "$USERID"
        then
          while $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --help-button --default-item "$RESSEL" \
                    --menu "RES Maximum Resources for User $USERID" $BL $BC $MAXLINES \
              `$RSBACPATH""attr_get_user "$USERID" res_max` \
             2>$TMPFILE
          do
            RESSEL=`cat $TMPFILE`
            case "$RESSEL" in
              HELP*)
                  show_help "${RESSEL:5}"
                  RESSEL="${RESSEL:5}"
                ;;
              *)
                  if $DIALOG --title "$TITLE" \
                             --backtitle "$BACKTITLE" \
                             --inputbox "Maximum $RESSEL resource limit for $USERID (0 = unset)" \
                               $BL $BC "`$RSBACPATH""attr_get_user "$USERID" res_max $RESSEL`" \
                    2>$TMPFILE
                  then TMP=`cat $TMPFILE`
                     if $RSBACPATH""attr_set_user $USERID res_max $RESSEL $TMP &>$TMPFILE
                     then RESMAX=`$RSBACPATH""attr_get_user -s $USERID res_max`
                       if test -n "$RSBACLOGFILE"
                       then
                         echo $RSBACPATH""attr_set_user $USERID res_max $RESSEL $TMP >>"$RSBACLOGFILE"
                       fi
                     else
                       $DIALOG --title "$ERRTITLE" \
                               --backtitle "$BACKTITLE" \
                               --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                     fi
                  fi
                ;;
            esac
          done
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RES Max Resources: No user specified!" 5 $BC
        fi
      ;;

    'RES Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose RES Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $RESROLE` \
                                1 "Security Officer" `onoff 1 $RESROLE` \
                                2 "Administrator" `onoff 2 $RESROLE` \
                                3 "Auditor" `onoff 3 $RESROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID res_role $TMP &>$TMPFILE
               then
                 RESROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID res_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RES Role: No user specified!" 5 $BC
        fi
      ;;

    'PAX Role:')
        if test "$USERID" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PAX Role for $USERID" $BL $BC 3 \
                                0 "General User" `onoff 0 $PAXROLE` \
                                1 "Security Officer" `onoff 1 $PAXROLE` \
                                2 "Administrator" `onoff 2 $PAXROLE` \
                                3 "Auditor" `onoff 3 $PAXROLE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_user $USERID pax_role $TMP &>$TMPFILE
               then
                 PAXROLE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_user $USERID pax_role $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PAX Role: No user specified!" 5 $BC
        fi
      ;;

    'Log User Based:')
        if test -n "$USER"
        then \
          if $DIALOG --title "log_user_based for $USERID" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGUSER" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_user $USERID log_user_based $TMP &>$TMPFILE
            then
              LOGUSER=`$RSBACPATH""attr_get_user $USERID log_user_based`
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""attr_set_user $USERID log_user_based $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log User Based: No user specified!" 5 $BC
        fi
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu USER
      ;;

    'Reset Attributes:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --yesno "Reset all attributes to default values?" 5 $BC \
             2>/dev/null
          then
            if $RSBACPATH""attr_rm_user $USERID &>$TMPFILE
            then get_attributes $USERID
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Reset Attributes: No user specified!" 5 $BC
        fi
      ;;

    Quit)
        rm $TMPFILE ; rm $TMPFILETWO ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
