diff options
-rw-r--r-- | debian/guest-account.sh | 64 |
1 files changed, 23 insertions, 41 deletions
diff --git a/debian/guest-account.sh b/debian/guest-account.sh index b822f863..e49d5374 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -22,7 +22,6 @@ add_account () { HOME=`mktemp -td guest-XXXXXX` USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` - PRE_HOME="/tmp/.pre-${USER}" # if $USER already exists, it must be a locked system account with no existing # home directory @@ -48,49 +47,41 @@ add_account () else # does not exist, so create it adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || { - umount "$HOME" - rm -rf "$HOME" - umount "$PRE_HOME" - rm -rf "$PRE_HOME" + umount ${HOME} + rm -rf ${HOME} exit 1 } fi gs_skel=/etc/guest-session/skel/ + # create temporary home directory + mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { rm -rf ${HOME}; exit 1; } + if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then - local bindfs_mount=true - - # create temporary home directory - sudo -u $USER mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700,uid=${USER} none ${PRE_HOME} || { rm -rf ${PRE_HOME} ${HOME}; exit 1; } + bindfs_mount=true # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - sudo -u $USER mkdir ${PRE_HOME}/upper ${PRE_HOME}/work - mount -t overlay -o lowerdir=${gs_skel},upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay ${HOME} || { - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + sudo -u $USER mkdir ${HOME}/upper ${HOME}/work + mount -t overlay -o lowerdir=${gs_skel},upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { + umount ${HOME} rm -rf ${HOME} exit 1 } # If OverlayFS is not available, try AuFS elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${PRE_HOME}:${gs_skel} none ${HOME} || { - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + mount -t aufs -o br=${HOME}:${gs_skel} none ${HOME} || { + umount ${HOME} rm -rf ${HOME} exit 1 } # If none of them is available, fall back to copy over else - umount ${PRE_HOME} - rm -rf ${PRE_HOME} - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${gs_skel} ${HOME} + chown -R ${USER}:${USER} ${HOME} bindfs_mount=false fi @@ -98,23 +89,20 @@ add_account () # Wrap ${HOME} in a BindFS mount, so that # ${USER} will be seen as the owner of ${HOME}'s contents. bindfs -u ${USER} -g ${USER} ${HOME} ${HOME} || { - umount ${HOME} - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + umount ${HOME} # union mount + umount ${HOME} # tmpfs mount rm -rf ${HOME} exit 1 } fi # If BindFS is not available, just fall back to copy over else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${gs_skel} ${HOME} + chown -R ${USER}:${USER} ${HOME} fi else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT /etc/skel/ "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT /etc/skel/ ${HOME} + chown -R ${USER}:${USER} ${HOME} fi usermod -d "$HOME" "$USER" @@ -181,7 +169,6 @@ remove_account () } GUEST_UID=`echo "$PWENT" | cut -f3 -d:` GUEST_HOME=`echo "$PWENT" | cut -f6 -d:` - GUEST_PRE_HOME=/tmp/.pre-$GUEST_USER if [ "$GUEST_UID" -ge 500 ]; then echo "Error: user $GUEST_USER is not a system user." @@ -199,15 +186,10 @@ remove_account () sleep 0.2; done - # Unmount BindFS - umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - - # Unmount union - umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - - umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true - rm -rf "$GUEST_PRE_HOME" - rm -rf "$GUEST_HOME" + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # BindFS mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # union mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # tmpfs mount + rm -rf ${GUEST_HOME} # remove leftovers in /tmp find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true |