diff options
author | Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br> | 2015-10-09 16:18:27 -0300 |
---|---|---|
committer | Laércio de Sousa <laerciosousa@sme-mogidascruzes.sp.gov.br> | 2015-10-09 16:18:27 -0300 |
commit | 2db1d6c59f4d261ae4a81443d8de1dcd3d787e67 (patch) | |
tree | 4c3c47c2ad96c2127ce014868a8c18d30a38fddf | |
parent | 581f13979ca4d77e9d214bd8b7e87c69cac15f60 (diff) | |
download | lightdm-2db1d6c59f4d261ae4a81443d8de1dcd3d787e67.tar.gz |
Revert some changes and make a per-user bindfs mount, rather than a shared bindfs mount for all guest accounts. Multi-seat guest logins break if we have a single shared bindfs mount.
-rw-r--r-- | debian/guest-account.sh | 83 |
1 files changed, 49 insertions, 34 deletions
diff --git a/debian/guest-account.sh b/debian/guest-account.sh index c11199f0..fbc9d2a6 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -22,15 +22,7 @@ add_account () { HOME=`mktemp -td guest-XXXXXX` USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` - # Suppose that we have a "guest-template" user/group, - # with home directory /home/guest-template. - # If GROUP below could be set to "guest-template", we can - # mount /home/guest-template on /etc/guest-session/skel - # using bindfs with option "mirror-only=@guest-template", so - # that all guest accounts would see files in /etc/guest-session/skel - # as their own ones. - GROUP="$USER" - PRE_HOME="/tmp/.rw-${USER}" + PRE_HOME="/tmp/.pre-${USER}" # if $USER already exists, it must be a locked system account with no existing # home directory @@ -55,7 +47,7 @@ add_account () fi else # does not exist, so create it - adduser --system --no-create-home --home / --gecos $(gettext "Guest") --ingroup $GROUP --shell /bin/bash $USER || { + adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || { umount "$HOME" rm -rf "$HOME" umount "$PRE_HOME" @@ -67,39 +59,61 @@ add_account () gs_skel=/etc/guest-session/skel/ if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then - # create temporary home directory - mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } - chown $USER:$GROUP "$PRE_HOME" - - # Try OverlayFS first - if modinfo -n overlay >/dev/null 2>&1; then - mkdir ${PRE_HOME}/.upper ${PRE_HOME}/.work - chown -R $USER:$GROUP $PRE_HOME/.* - mount -t overlay -o lowerdir=$gs_skel,upperdir=${PRE_HOME}/.upper,workdir=${PRE_HOME}/.work overlay $HOME || { - rm -rf "$HOME" - umount "$PRE_HOME" + # Only perform union-mounting if BindFS is available + if [ -x /usr/bin/bindfs ]; then + # create temporary home directory + mkdir "$PRE_HOME" + mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } + mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper + chown -R $USER:$USER "$PRE_HOME" + + # Wrap ${gs_skel} in a BindFS mount, so that + # guest account will see itself as the owner of ${gs_skel}'s contents. + bindfs -M $USER $gs_skel ${PRE_HOME}/lower || { rm -rf "$PRE_HOME" + rm -rf "$HOME" exit 1 } - # If OverlayFS is not available, try AuFS - elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${PRE_HOME}:$gs_skel none $HOME || { - rm -rf "$HOME" + + # Try OverlayFS first + if modinfo -n overlay >/dev/null 2>&1; then + mkdir ${PRE_HOME}/work + chown $USER:$USER ${PRE_HOME}/work + mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || { + umount ${PRE_HOME}/lower + umount "$PRE_HOME" + rm -rf "$PRE_HOME" + rm -rf "$HOME" + exit 1 + } + # If OverlayFS is not available, try AuFS + elif [ -x /sbin/mount.aufs ]; then + mount -t aufs -o br=${PRE_HOME}/upper:${PRE_HOME}/lower none $HOME || { + umount ${PRE_HOME}/lower + umount "$PRE_HOME" + rm -rf "$PRE_HOME" + rm -rf "$HOME" + exit 1 + } + # If none of them is available, fall back to copy over + else + umount ${PRE_HOME}/lower umount "$PRE_HOME" rm -rf "$PRE_HOME" - exit 1 - } - # If none of them is available, fall back to copy over + mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } + cp -rT $gs_skel "$HOME" + chown -R $USER:$USER "$HOME" + fi + # If BindFS is not available, just fall back to copy over else - umount "$PRE_HOME" - rm -rf "$PRE_HOME" + mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } cp -rT $gs_skel "$HOME" - chown -R $USER:$GROUP "$HOME" + chown -R $USER:$USER "$HOME" fi else + mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } cp -rT /etc/skel/ "$HOME" - chown -R $USER:$GROUP "$HOME" + chown -R $USER:$USER "$HOME" fi usermod -d "$HOME" "$USER" @@ -151,7 +165,7 @@ add_account () . /etc/guest-session/prefs.sh fi - chown -R $USER:$GROUP "$HOME" + chown -R $USER:$USER "$HOME" echo $USER } @@ -186,6 +200,7 @@ remove_account () umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true rm -rf "$GUEST_HOME" + umount ${GUEST_PRE_HOME}/lower || umount -l ${GUEST_PRE_HOME}/lower || true umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true rm -rf "$GUEST_PRE_HOME" |