A new release of gpupdate, a tool for applying group policies in Viola distributions, has been published. The gpupdate mechanisms enforce group policies on client machines, both at the system level and on a per-user basis. The gpupdate tool is part of an alternative solution from the Basalt SPO company for implementing Active Directory domain infrastructure under Linux. The application supports work in the MS AD or Samba DC domain infrastructure. The gpupdate code is written in Python and is licensed under the GPLv3+ license. You can install gpupdate from the stable p10 branch of the ALT repositories.
The principle of gpupdate is based on the implementation of group policies in Linux, in which policies are stored in the SysVol directory on domain controllers. GPOA, a submodule of gpupdate, accesses the domain controller's SysVol and loads from it all GPT group policy templates for the system and users (Machine and User directories) and all information from the directories. The gpupdate tool parses files with the .pol extension and creates a database. From this registry, GPOA takes its data, sorts it, processes it, and begins to launch βappliersβ modules one by one.
Each of these modules is responsible for its part of applying the settings. For example, there are modules related to system kernel settings, desktop settings, peripherals, browser settings, and printer settings. And each of the modules takes that part of the base that relates to it. For example, applier firefox will search the database for a line with firefox and process only this part of the database - namely, create a json file from this information in the /etc/firefox/policies directory (as it is formed in Linux). Then, when the web browser starts, it accesses this directory and launches all the settings.
Changes in version 0.9.11.2:
- All policies of the Firefox and Chromium web browsers are supported for the computer.
- Added mechanisms for applying script policies - logon/logoff/startup/shutdown.
- Mechanisms for applying system settings parameters (preferences): operations with files (Files), directories (Folders), configuration files (Ini-files).
- Added a new action for updating the status of services in gpupdate-setup - the update key starts all necessary services when updating the involved gpupdate.
- The application of user policies has been improved in terms of correct operation and security. Systemd now has a system timer, gpupdate.timer, and a user timer, gpupdate-user.timer, to monitor and control the execution time of the gpupdate.service service. The frequency of running gpupdate can be configured using a timer.
- The loopback policy processing mode has been optimized - βConfiguring the user group policy loopback processing mode.β This policy allows the settings of one GPO to override the settings of another GPO for users of that second GPO.
Features of version 0.9.12:
- Added a mechanism for applying Yandex browser group policies to a computer.
- Mechanisms for applying system settings parameters (preferences): settings of shared network resources for the user (network shares).
- Added enumeration of domain controllers (DCs) with a configured SysVol directory if the automatically selected domain controller happens to have a SysVol that does not have group policies. By default, domain controller enumeration is disabled.
- Added the ability to generate rules for all polkit actions via group policies; For each polkit-action, you can prepare an admx configuration template, which will be displayed in the console tree of the graphical tool for editing system and user GPUI configurations.
- Fixed display of disk mounting policy for the user and added support for mounting for the computer:
- Added support for disk label options;
- Fixed a conflict in drive letter names; drive letters are assigned as in Windows.
- Replaced mount points to display shared resources:
- /media/gpupdate/drives.system - for system resources;
- /media/gpupdate/.drives.system - for hidden system resources;
- /run/media/USERNAME/drives - for user shared resources;
- /run/media/USERNAME/.drives - for hidden user shares.
Source: opennet.ru