diff options
-rw-r--r-- | debian/guest-account.sh | 224 | ||||
-rw-r--r-- | debian/guest-session-setup.sh | 34 | ||||
-rw-r--r-- | debian/guest-session-startup.desktop | 5 | ||||
-rw-r--r-- | debian/guest-session.profile | 1 | ||||
-rw-r--r-- | debian/lightdm.install | 1 | ||||
-rwxr-xr-x | debian/rules | 2 |
6 files changed, 130 insertions, 137 deletions
diff --git a/debian/guest-account.sh b/debian/guest-account.sh index c09d886b..ffc44eb5 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -20,216 +20,166 @@ fi add_account () { - HOME=`mktemp -td guest-XXXXXX` - USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` - PRE_HOME="/tmp/.pre-${USER}" + HOME=$(mktemp -td guest-XXXXXX) + USER=$(echo ${HOME} | sed 's/\(.*\)guest/guest/') - # if $USER already exists, it must be a locked system account with no existing + # if ${USER} already exists, it must be a locked system account with no existing # home directory - if PWSTAT=`passwd -S "$USER"` 2>/dev/null; then - if [ "`echo \"$PWSTAT\" | cut -f2 -d\ `" != "L" ]; then - echo "User account $USER already exists and is not locked" + if PWSTAT=$(passwd -S ${USER}) 2>/dev/null; then + if [ $(echo ${PWSTAT} | cut -f2 -d' ') != L ]; then + echo "User account ${USER} already exists and is not locked" exit 1 fi - PWENT=`getent passwd "$USER"` || { - echo "getent passwd $USER failed" + PWENT=$(getent passwd ${USER}) || { + echo "getent passwd ${USER} failed" exit 1 } - GUEST_UID=`echo "$PWENT" | cut -f3 -d:` - if [ "$GUEST_UID" -ge 500 ]; then - echo "Account $USER is not a system user" + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + if [ ${GUEST_UID} -ge 500 ]; then + echo "Account ${USER} is not a system user" exit 1 fi - HOME=`echo "$PWENT" | cut -f6 -d:` - if [ "$HOME" != / ] && [ "${HOME#/tmp}" = "$HOME" ] && [ -d "$HOME" ]; then - echo "Home directory of $USER already exists" + HOME=$(echo ${PWENT} | cut -f6 -d:) + if [ ${HOME} != / ] && [ ${HOME#/tmp} = ${HOME} ] && [ -d ${HOME} ]; then + echo "Home directory of ${USER} already exists" exit 1 fi else # does not exist, so create it - adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || { - umount "$HOME" - rm -rf "$HOME" - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - exit 1 + adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash ${USER} || { + umount ${HOME} + rm -rf ${HOME} + exit 1 } fi - gs_skel=/etc/guest-session/skel/ + dist_gs=/usr/share/lightdm/guest-session + site_gs=/etc/guest-session - if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then + # create temporary home directory + mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { + rm -rf ${HOME} + exit 1 + } + + if [ -d ${site_gs}/skel ] && [ -n $(find ${site_gs}/skel -type f) ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then - # create temporary home directory - mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } - mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper - chown -R $USER:$USER "$PRE_HOME" - - # Wrap ${gs_skel} in a BindFS mount, so that - # guest account will see itself as the owner of ${gs_skel}'s contents. - bindfs -r -M $USER $gs_skel ${PRE_HOME}/lower || { - rm -rf "$PRE_HOME" - rm -rf "$HOME" - exit 1 - } + bindfs_mount=true # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - mkdir ${PRE_HOME}/work - chown $USER:$USER ${PRE_HOME}/work - mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || { - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - rm -rf "$HOME" + mkdir ${HOME}/upper ${HOME}/work + chown ${USER}:${USER} ${HOME}/upper ${HOME}/work + mount -t overlay -o lowerdir=${dist_gs}/skel:${site_gs}/skel,upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { + umount ${HOME} + rm -rf ${HOME} exit 1 } # If OverlayFS is not available, try AuFS elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${PRE_HOME}/upper:${PRE_HOME}/lower none $HOME || { - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - rm -rf "$HOME" + mount -t aufs -o br=${HOME}:${dist_gs}/skel:${site_gs}/skel none ${HOME} || { + umount ${HOME} + rm -rf ${HOME} exit 1 } # If none of them is available, fall back to copy over else - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${site_gs}/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} + chown -R ${USER}:${USER} ${HOME} + bindfs_mount=false + fi + + if ${bindfs_mount}; then + # Wrap ${HOME} in a BindFS mount, so that + # ${USER} will be seen as the owner of ${HOME}'s contents. + bindfs -u ${USER} -g ${USER} ${HOME} ${HOME} || { + umount ${HOME} # union mount + umount ${HOME} # tmpfs mount + rm -rf ${HOME} + exit 1 + } fi # If BindFS is not available, just fall back to copy over else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${site_gs}/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} + chown -R ${USER}:${USER} ${HOME} fi else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT /etc/skel/ "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT /etc/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} + chown -R ${USER}:${USER} ${HOME} fi - usermod -d "$HOME" "$USER" + usermod -d ${HOME} ${USER} - # # setup session - # - - # disable some services that are unnecessary for the guest session - mkdir --parents "$HOME"/.config/autostart - cd /etc/xdg/autostart/ - services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" - for service in $services - do - if [ -e /etc/xdg/autostart/"$service" ] ; then - cp "$service" "$HOME"/.config/autostart - echo "X-GNOME-Autostart-enabled=false" >> "$HOME"/.config/autostart/"$service" - fi - done + su ${USER} -c "env HOME=${HOME} site_gs=${site_gs} ${dist_gs}/setup.sh" - # disable Unity shortcut hint - mkdir -p "$HOME"/.cache/unity - touch "$HOME"/.cache/unity/first_run.stamp - - STARTUP="$HOME"/.config/autostart/startup-commands.desktop - echo "[Desktop Entry]" > $STARTUP - echo "Name=Startup commands" >> $STARTUP - echo "Type=Application" >> $STARTUP - echo "NoDisplay=true" >> $STARTUP - echo "Exec=/usr/lib/lightdm/guest-session-auto.sh" >> $STARTUP - - echo "export DIALOG_SLEEP=4" >> "$HOME"/.profile - - mkdir -p "$HOME"/.kde/share/config - echo "[Basic Settings]" >> "$HOME"/.kde/share/config/nepomukserverrc - echo "Start Nepomuk=false" >> "$HOME"/.kde/share/config/nepomukserverrc - - echo "[Event]" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideHookNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideInstallNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideRestartNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper - - # Load restricted session - #dmrc='[Desktop]\nSession=guest-restricted' - #/bin/echo -e "$dmrc" > "$HOME"/.dmrc - - # set possible local guest session preferences - if [ -f /etc/guest-session/prefs.sh ]; then - . /etc/guest-session/prefs.sh - fi - - chown -R $USER:$USER "$HOME" - - echo $USER + echo ${USER} } remove_account () { - GUEST_USER=$1 + GUEST_USER=${1} - PWENT=`getent passwd "$GUEST_USER"` || { - echo "Error: invalid user $GUEST_USER" + PWENT=$(getent passwd ${GUEST_USER}) || { + echo "Error: invalid user ${GUEST_USER}" exit 1 } - GUEST_UID=`echo "$PWENT" | cut -f3 -d:` - GUEST_HOME=`echo "$PWENT" | cut -f6 -d:` - GUEST_PRE_HOME=/tmp/.pre-$GUEST_USER + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + GUEST_HOME=$(echo ${PWENT} | cut -f6 -d:) - if [ "$GUEST_UID" -ge 500 ]; then - echo "Error: user $GUEST_USER is not a system user." + if [ ${GUEST_UID} -ge 500 ]; then + echo "Error: user ${GUEST_USER} is not a system user." exit 1 fi - if [ "${GUEST_HOME}" = "${GUEST_HOME#/tmp/}" ]; then - echo "Error: home directory $GUEST_HOME is not in /tmp/." + if [ ${GUEST_HOME} = ${GUEST_HOME#/tmp/} ]; then + echo "Error: home directory ${GUEST_HOME} is not in /tmp/." exit 1 fi # kill all remaining processes - while ps h -u "$GUEST_USER" >/dev/null; do - killall -9 -u "$GUEST_USER" || true + while ps h -u ${GUEST_USER} >/dev/null; do + killall -9 -u ${GUEST_USER} || true sleep 0.2; done - umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - rm -rf "$GUEST_HOME" - umount ${GUEST_PRE_HOME}/lower || umount -l ${GUEST_PRE_HOME}/lower || true - umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true - rm -rf "$GUEST_PRE_HOME" + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # BindFS mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # union mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # tmpfs mount + rm -rf ${GUEST_HOME} # remove leftovers in /tmp - find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true + find /tmp -mindepth 1 -maxdepth 1 -uid ${GUEST_UID} -print0 | xargs -0 rm -rf || true # remove possible /media/guest-XXXXXX folder - if [ -d /media/"$GUEST_USER" ]; then - for dir in $( find /media/"$GUEST_USER" -mindepth 1 -maxdepth 1 ); do - umount "$dir" || true + if [ -d /media/${GUEST_USER} ]; then + for dir in $(find /media/${GUEST_USER} -mindepth 1 -maxdepth 1); do + umount ${dir} || true done - rmdir /media/"$GUEST_USER" || true + + rmdir /media/${GUEST_USER} || true fi - deluser --system "$GUEST_USER" + deluser --system ${GUEST_USER} } -case "$1" in +case ${1} in add) add_account ;; remove) - if [ -z $2 ] ; then - echo "Usage: $0 remove [account]" + if [ -z ${2} ] ; then + echo "Usage: ${0} remove [account]" exit 1 fi - remove_account $2 + remove_account ${2} ;; *) - echo "Usage: $0 add|remove" + echo "Usage: ${0} add|remove" exit 1 esac diff --git a/debian/guest-session-setup.sh b/debian/guest-session-setup.sh new file mode 100644 index 00000000..9e1300db --- /dev/null +++ b/debian/guest-session-setup.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +HOME=${HOME:-$(getent passwd $(whoami) | cut -f6 -d:)} +site_gs=${site_gs:-/etc/guest-session} + +# disable some services that are unnecessary for the guest session +services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" + +for service in ${services}; do + if [ -e /etc/xdg/autostart/${service} ]; then + [ -f ${HOME}/.config/autostart/${service} ] || cp /etc/xdg/autostart/${service} ${HOME}/.config/autostart + echo "X-GNOME-Autostart-enabled=false" >> ${HOME}/.config/autostart/${service} + fi +done + +# disable Unity shortcut hint +[ -d ${HOME}/.cache/unity ] || mkdir -p ${HOME}/.cache/unity +touch ${HOME}/.cache/unity/first_run.stamp + +[ -d ${HOME}/.kde/share/config ] || mkdir -p ${HOME}/.kde/share/config +echo "[Basic Settings]" >> ${HOME}/.kde/share/config/nepomukserverrc +echo "Start Nepomuk=false" >> ${HOME}/.kde/share/config/nepomukserverrc + +echo "[Event]" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideHookNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideInstallNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideRestartNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper + +# Load restricted session +#dmrc='[Desktop]\nSession=guest-restricted' +#/bin/echo -e ${dmrc} > ${HOME}/.dmrc + +# set possible local guest session preferences +[ -f ${site_gs}/prefs.sh ] && . ${site_gs}/prefs.sh diff --git a/debian/guest-session-startup.desktop b/debian/guest-session-startup.desktop new file mode 100644 index 00000000..676d72e6 --- /dev/null +++ b/debian/guest-session-startup.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Name=Custom startup commands for LightDM guest session +Type=Application +NoDisplay=true +Exec=/usr/lib/lightdm/guest-session-auto.sh diff --git a/debian/guest-session.profile b/debian/guest-session.profile new file mode 100644 index 00000000..38d441c9 --- /dev/null +++ b/debian/guest-session.profile @@ -0,0 +1 @@ +DIALOG_SLEEP=4 diff --git a/debian/lightdm.install b/debian/lightdm.install index 53becd25..01ce61ac 100644 --- a/debian/lightdm.install +++ b/debian/lightdm.install @@ -12,6 +12,7 @@ etc/apparmor.d debian/lightdm-session usr/sbin debian/config-error-dialog.sh usr/lib/lightdm debian/guest-session-auto.sh usr/lib/lightdm +debian/guest-session-startup.desktop usr/share/lightdm/guest-session/skel/.config/autostart debian/lightdm-greeter-session usr/lib/lightdm debian/source_lightdm.py usr/share/apport/package-hooks debian/50-xserver-command.conf usr/share/lightdm/lightdm.conf.d diff --git a/debian/rules b/debian/rules index d4ee0c17..921ca716 100755 --- a/debian/rules +++ b/debian/rules @@ -27,6 +27,8 @@ override_dh_install: # we do install pam through installpam and init through installinit dh_install -X.a -X.la -Xpam.d -X'etc/init/lightdm.conf' --fail-missing install -D debian/guest-account.sh debian/lightdm/usr/sbin/guest-account + install -D -m 755 debian/guest-session-setup.sh debian/lightdm/usr/share/lightdm/guest-session/setup.sh + install -D debian/guest-session.profile debian/lightdm/usr/share/lightdm/guest-session/skel/.profile chmod +x debian/lightdm/usr/lib/lightdm/lightdm-greeter-session chmod +x debian/lightdm/usr/lib/lightdm/guest-session-auto.sh |