From 83a50108e8f0bb3c9d41b6da2de6007c6dc90842 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Wed, 14 Oct 2015 09:16:54 -0300 Subject: Replace BindFS option --mirror-only with --force-user/--force-group. They are more suitable now that we have a dedicated BindFS mount for each guest user. --- debian/guest-account.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/guest-account.sh b/debian/guest-account.sh index c09d886b..97b3b9e7 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -69,7 +69,7 @@ add_account () # Wrap ${gs_skel} in a BindFS mount, so that # guest account will see itself as the owner of ${gs_skel}'s contents. - bindfs -r -M $USER $gs_skel ${PRE_HOME}/lower || { + bindfs -r -u $USER -g $USER $gs_skel ${PRE_HOME}/lower || { rm -rf "$PRE_HOME" rm -rf "$HOME" exit 1 -- cgit v1.2.1 From 41ea622e04f324922234cdb050636c581866edec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Wed, 14 Oct 2015 09:38:32 -0300 Subject: Create on-the-fly directories and files directly as guest user, eliminating need for later "chown -R" calls. --- debian/guest-account.sh | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/debian/guest-account.sh b/debian/guest-account.sh index 97b3b9e7..ef35892e 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -62,14 +62,14 @@ add_account () # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then # create temporary home directory - mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700 none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } - mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper - chown -R $USER:$USER "$PRE_HOME" + sudo -u $USER mkdir "$PRE_HOME" + mount -t tmpfs -o mode=700,uid=$USER none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } + sudo -u $USER mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper # Wrap ${gs_skel} in a BindFS mount, so that # guest account will see itself as the owner of ${gs_skel}'s contents. bindfs -r -u $USER -g $USER $gs_skel ${PRE_HOME}/lower || { + umount "$PRE_HOME" rm -rf "$PRE_HOME" rm -rf "$HOME" exit 1 @@ -77,8 +77,7 @@ add_account () # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - mkdir ${PRE_HOME}/work - chown $USER:$USER ${PRE_HOME}/work + sudo -u $USER mkdir ${PRE_HOME}/work mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || { umount ${PRE_HOME}/lower umount "$PRE_HOME" @@ -123,34 +122,38 @@ add_account () # # disable some services that are unnecessary for the guest session - mkdir --parents "$HOME"/.config/autostart + [ -d "$HOME"/.config/autostart ] || sudo -u $USER mkdir -p "$HOME"/.config/autostart cd /etc/xdg/autostart/ services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" for service in $services do if [ -e /etc/xdg/autostart/"$service" ] ; then - cp "$service" "$HOME"/.config/autostart + [ -f "$HOME"/.config/autostart/$service ] || sudo -u $USER cp "$service" "$HOME"/.config/autostart echo "X-GNOME-Autostart-enabled=false" >> "$HOME"/.config/autostart/"$service" fi done # disable Unity shortcut hint - mkdir -p "$HOME"/.cache/unity - touch "$HOME"/.cache/unity/first_run.stamp + [ -d "$HOME"/.cache/unity ] || sudo -u $USER mkdir -p "$HOME"/.cache/unity + sudo -u $USER touch "$HOME"/.cache/unity/first_run.stamp STARTUP="$HOME"/.config/autostart/startup-commands.desktop + sudo -u $USER touch $STARTUP echo "[Desktop Entry]" > $STARTUP echo "Name=Startup commands" >> $STARTUP echo "Type=Application" >> $STARTUP echo "NoDisplay=true" >> $STARTUP echo "Exec=/usr/lib/lightdm/guest-session-auto.sh" >> $STARTUP + sudo -u $USER touch "$HOME"/.profile echo "export DIALOG_SLEEP=4" >> "$HOME"/.profile - mkdir -p "$HOME"/.kde/share/config + [ -d "$HOME"/.kde/share/config ] || sudo -u $USER mkdir -p "$HOME"/.kde/share/config + [ -f "$HOME"/.kde/share/config/nepomukserverrc ] || sudo -u $USER touch "$HOME"/.kde/share/config/nepomukserverrc echo "[Basic Settings]" >> "$HOME"/.kde/share/config/nepomukserverrc echo "Start Nepomuk=false" >> "$HOME"/.kde/share/config/nepomukserverrc + [ -f "$HOME"/.kde/share/config/notificationhelper ] || sudo -u $USER touch "$HOME"/.kde/share/config/notificationhelper echo "[Event]" >> "$HOME"/.kde/share/config/notificationhelper echo "hideHookNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper echo "hideInstallNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper @@ -161,13 +164,9 @@ add_account () #/bin/echo -e "$dmrc" > "$HOME"/.dmrc # set possible local guest session preferences - if [ -f /etc/guest-session/prefs.sh ]; then - . /etc/guest-session/prefs.sh - fi - - chown -R $USER:$USER "$HOME" + [ -f /etc/guest-session/prefs.sh ] && sudo -u $USER sh -c '. /etc/guest-session/prefs.sh' - echo $USER + echo $USER } remove_account () -- cgit v1.2.1 From 3923fced1a85794357f56333d2cc97bb73ae39cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Wed, 14 Oct 2015 11:12:06 -0300 Subject: Move the BindFS mount to the last step, leaving room for multi-layer union-mounting when populating guest home. --- debian/guest-account.sh | 60 +++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/debian/guest-account.sh b/debian/guest-account.sh index ef35892e..b822f863 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -61,47 +61,49 @@ add_account () if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then + local bindfs_mount=true + # create temporary home directory sudo -u $USER mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700,uid=$USER none "$PRE_HOME" || { rm -rf "$PRE_HOME" "$HOME"; exit 1; } - sudo -u $USER mkdir ${PRE_HOME}/lower ${PRE_HOME}/upper - - # Wrap ${gs_skel} in a BindFS mount, so that - # guest account will see itself as the owner of ${gs_skel}'s contents. - bindfs -r -u $USER -g $USER $gs_skel ${PRE_HOME}/lower || { - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - rm -rf "$HOME" - exit 1 - } + mount -t tmpfs -o mode=700,uid=${USER} none ${PRE_HOME} || { rm -rf ${PRE_HOME} ${HOME}; exit 1; } # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - sudo -u $USER mkdir ${PRE_HOME}/work - mount -t overlay -o lowerdir=${PRE_HOME}/lower,upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay $HOME || { - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - rm -rf "$HOME" + sudo -u $USER mkdir ${PRE_HOME}/upper ${PRE_HOME}/work + mount -t overlay -o lowerdir=${gs_skel},upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay ${HOME} || { + umount ${PRE_HOME} + rm -rf ${PRE_HOME} + rm -rf ${HOME} exit 1 } # If OverlayFS is not available, try AuFS elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${PRE_HOME}/upper:${PRE_HOME}/lower none $HOME || { - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" - rm -rf "$HOME" + mount -t aufs -o br=${PRE_HOME}:${gs_skel} none ${HOME} || { + umount ${PRE_HOME} + rm -rf ${PRE_HOME} + rm -rf ${HOME} exit 1 } # If none of them is available, fall back to copy over else - umount ${PRE_HOME}/lower - umount "$PRE_HOME" - rm -rf "$PRE_HOME" + umount ${PRE_HOME} + rm -rf ${PRE_HOME} mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } cp -rT $gs_skel "$HOME" chown -R $USER:$USER "$HOME" + bindfs_mount=false + fi + + if ${bindfs_mount}; then + # Wrap ${HOME} in a BindFS mount, so that + # ${USER} will be seen as the owner of ${HOME}'s contents. + bindfs -u ${USER} -g ${USER} ${HOME} ${HOME} || { + umount ${HOME} + umount ${PRE_HOME} + rm -rf ${PRE_HOME} + rm -rf ${HOME} + exit 1 + } fi # If BindFS is not available, just fall back to copy over else @@ -197,11 +199,15 @@ remove_account () sleep 0.2; done + # Unmount BindFS umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - rm -rf "$GUEST_HOME" - umount ${GUEST_PRE_HOME}/lower || umount -l ${GUEST_PRE_HOME}/lower || true + + # Unmount union + umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true + umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true rm -rf "$GUEST_PRE_HOME" + rm -rf "$GUEST_HOME" # remove leftovers in /tmp find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true -- cgit v1.2.1 From 5e251fde1f184d2e46713d4f8a2dfdc4f416459f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Wed, 14 Oct 2015 12:00:31 -0300 Subject: Drop PRE_HOME directory in guest-account script. --- debian/guest-account.sh | 64 ++++++++++++++++++------------------------------- 1 file changed, 23 insertions(+), 41 deletions(-) diff --git a/debian/guest-account.sh b/debian/guest-account.sh index b822f863..e49d5374 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -22,7 +22,6 @@ add_account () { HOME=`mktemp -td guest-XXXXXX` USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` - PRE_HOME="/tmp/.pre-${USER}" # if $USER already exists, it must be a locked system account with no existing # home directory @@ -48,49 +47,41 @@ add_account () else # does not exist, so create it adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || { - umount "$HOME" - rm -rf "$HOME" - umount "$PRE_HOME" - rm -rf "$PRE_HOME" + umount ${HOME} + rm -rf ${HOME} exit 1 } fi gs_skel=/etc/guest-session/skel/ + # create temporary home directory + mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { rm -rf ${HOME}; exit 1; } + if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then - local bindfs_mount=true - - # create temporary home directory - sudo -u $USER mkdir "$PRE_HOME" - mount -t tmpfs -o mode=700,uid=${USER} none ${PRE_HOME} || { rm -rf ${PRE_HOME} ${HOME}; exit 1; } + bindfs_mount=true # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - sudo -u $USER mkdir ${PRE_HOME}/upper ${PRE_HOME}/work - mount -t overlay -o lowerdir=${gs_skel},upperdir=${PRE_HOME}/upper,workdir=${PRE_HOME}/work overlay ${HOME} || { - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + sudo -u $USER mkdir ${HOME}/upper ${HOME}/work + mount -t overlay -o lowerdir=${gs_skel},upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { + umount ${HOME} rm -rf ${HOME} exit 1 } # If OverlayFS is not available, try AuFS elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${PRE_HOME}:${gs_skel} none ${HOME} || { - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + mount -t aufs -o br=${HOME}:${gs_skel} none ${HOME} || { + umount ${HOME} rm -rf ${HOME} exit 1 } # If none of them is available, fall back to copy over else - umount ${PRE_HOME} - rm -rf ${PRE_HOME} - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${gs_skel} ${HOME} + chown -R ${USER}:${USER} ${HOME} bindfs_mount=false fi @@ -98,23 +89,20 @@ add_account () # Wrap ${HOME} in a BindFS mount, so that # ${USER} will be seen as the owner of ${HOME}'s contents. bindfs -u ${USER} -g ${USER} ${HOME} ${HOME} || { - umount ${HOME} - umount ${PRE_HOME} - rm -rf ${PRE_HOME} + umount ${HOME} # union mount + umount ${HOME} # tmpfs mount rm -rf ${HOME} exit 1 } fi # If BindFS is not available, just fall back to copy over else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT $gs_skel "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT ${gs_skel} ${HOME} + chown -R ${USER}:${USER} ${HOME} fi else - mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } - cp -rT /etc/skel/ "$HOME" - chown -R $USER:$USER "$HOME" + cp -rT /etc/skel/ ${HOME} + chown -R ${USER}:${USER} ${HOME} fi usermod -d "$HOME" "$USER" @@ -181,7 +169,6 @@ remove_account () } GUEST_UID=`echo "$PWENT" | cut -f3 -d:` GUEST_HOME=`echo "$PWENT" | cut -f6 -d:` - GUEST_PRE_HOME=/tmp/.pre-$GUEST_USER if [ "$GUEST_UID" -ge 500 ]; then echo "Error: user $GUEST_USER is not a system user." @@ -199,15 +186,10 @@ remove_account () sleep 0.2; done - # Unmount BindFS - umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - - # Unmount union - umount "$GUEST_HOME" || umount -l "$GUEST_HOME" || true - - umount "$GUEST_PRE_HOME" || umount -l "$GUEST_PRE_HOME" || true - rm -rf "$GUEST_PRE_HOME" - rm -rf "$GUEST_HOME" + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # BindFS mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # union mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # tmpfs mount + rm -rf ${GUEST_HOME} # remove leftovers in /tmp find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true -- cgit v1.2.1 From 43670730b60fa7c49133ca46487740370ef9c3e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Wed, 14 Oct 2015 17:02:35 -0300 Subject: Tidy up guest-account script code. --- debian/guest-account.sh | 156 +++++++++++++++++++++++++----------------------- 1 file changed, 80 insertions(+), 76 deletions(-) diff --git a/debian/guest-account.sh b/debian/guest-account.sh index e49d5374..748a7511 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -20,52 +20,55 @@ fi add_account () { - HOME=`mktemp -td guest-XXXXXX` - USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` + HOME=$(mktemp -td guest-XXXXXX) + USER=$(echo ${HOME} | sed 's/\(.*\)guest/guest/') - # if $USER already exists, it must be a locked system account with no existing + # if ${USER} already exists, it must be a locked system account with no existing # home directory - if PWSTAT=`passwd -S "$USER"` 2>/dev/null; then - if [ "`echo \"$PWSTAT\" | cut -f2 -d\ `" != "L" ]; then - echo "User account $USER already exists and is not locked" + if PWSTAT=$(passwd -S ${USER}) 2>/dev/null; then + if [ $(echo ${PWSTAT} | cut -f2 -d' ') != L ]; then + echo "User account ${USER} already exists and is not locked" exit 1 fi - PWENT=`getent passwd "$USER"` || { - echo "getent passwd $USER failed" + PWENT=$(getent passwd ${USER}) || { + echo "getent passwd ${USER} failed" exit 1 } - GUEST_UID=`echo "$PWENT" | cut -f3 -d:` - if [ "$GUEST_UID" -ge 500 ]; then - echo "Account $USER is not a system user" + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + if [ ${GUEST_UID} -ge 500 ]; then + echo "Account ${USER} is not a system user" exit 1 fi - HOME=`echo "$PWENT" | cut -f6 -d:` - if [ "$HOME" != / ] && [ "${HOME#/tmp}" = "$HOME" ] && [ -d "$HOME" ]; then - echo "Home directory of $USER already exists" + HOME=$(echo ${PWENT} | cut -f6 -d:) + if [ ${HOME} != / ] && [ ${HOME#/tmp} = ${HOME} ] && [ -d ${HOME} ]; then + echo "Home directory of ${USER} already exists" exit 1 fi else # does not exist, so create it - adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER || { - umount ${HOME} - rm -rf ${HOME} - exit 1 + adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash ${USER} || { + umount ${HOME} + rm -rf ${HOME} + exit 1 } fi gs_skel=/etc/guest-session/skel/ # create temporary home directory - mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { rm -rf ${HOME}; exit 1; } + mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { + rm -rf ${HOME} + exit 1 + } - if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then + if [ -d ${gs_skel} ] && [ -n $(find ${gs_skel} -type f) ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then bindfs_mount=true # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - sudo -u $USER mkdir ${HOME}/upper ${HOME}/work + sudo -u ${USER} mkdir ${HOME}/upper ${HOME}/work mount -t overlay -o lowerdir=${gs_skel},upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { umount ${HOME} rm -rf ${HOME} @@ -105,84 +108,84 @@ add_account () chown -R ${USER}:${USER} ${HOME} fi - usermod -d "$HOME" "$USER" + usermod -d ${HOME} ${USER} # # setup session # # disable some services that are unnecessary for the guest session - [ -d "$HOME"/.config/autostart ] || sudo -u $USER mkdir -p "$HOME"/.config/autostart + [ -d ${HOME}/.config/autostart ] || sudo -u ${USER} mkdir -p ${HOME}/.config/autostart cd /etc/xdg/autostart/ services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" - for service in $services + for service in ${services} do - if [ -e /etc/xdg/autostart/"$service" ] ; then - [ -f "$HOME"/.config/autostart/$service ] || sudo -u $USER cp "$service" "$HOME"/.config/autostart - echo "X-GNOME-Autostart-enabled=false" >> "$HOME"/.config/autostart/"$service" + if [ -e /etc/xdg/autostart/${service} ] ; then + [ -f ${HOME}/.config/autostart/${service} ] || sudo -u ${USER} cp ${service} ${HOME}/.config/autostart + echo "X-GNOME-Autostart-enabled=false" >> ${HOME}/.config/autostart/${service} fi done # disable Unity shortcut hint - [ -d "$HOME"/.cache/unity ] || sudo -u $USER mkdir -p "$HOME"/.cache/unity - sudo -u $USER touch "$HOME"/.cache/unity/first_run.stamp - - STARTUP="$HOME"/.config/autostart/startup-commands.desktop - sudo -u $USER touch $STARTUP - echo "[Desktop Entry]" > $STARTUP - echo "Name=Startup commands" >> $STARTUP - echo "Type=Application" >> $STARTUP - echo "NoDisplay=true" >> $STARTUP - echo "Exec=/usr/lib/lightdm/guest-session-auto.sh" >> $STARTUP - - sudo -u $USER touch "$HOME"/.profile - echo "export DIALOG_SLEEP=4" >> "$HOME"/.profile - - [ -d "$HOME"/.kde/share/config ] || sudo -u $USER mkdir -p "$HOME"/.kde/share/config - [ -f "$HOME"/.kde/share/config/nepomukserverrc ] || sudo -u $USER touch "$HOME"/.kde/share/config/nepomukserverrc - echo "[Basic Settings]" >> "$HOME"/.kde/share/config/nepomukserverrc - echo "Start Nepomuk=false" >> "$HOME"/.kde/share/config/nepomukserverrc - - [ -f "$HOME"/.kde/share/config/notificationhelper ] || sudo -u $USER touch "$HOME"/.kde/share/config/notificationhelper - echo "[Event]" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideHookNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideInstallNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper - echo "hideRestartNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper + [ -d ${HOME}/.cache/unity ] || sudo -u ${USER} mkdir -p ${HOME}/.cache/unity + sudo -u ${USER} touch ${HOME}/.cache/unity/first_run.stamp + + STARTUP=${HOME}/.config/autostart/startup-commands.desktop + sudo -u ${USER} touch ${STARTUP} + echo "[Desktop Entry]" > ${STARTUP} + echo "Name=Startup commands" >> ${STARTUP} + echo "Type=Application" >> ${STARTUP} + echo "NoDisplay=true" >> ${STARTUP} + echo "Exec=/usr/lib/lightdm/guest-session-auto.sh" >> ${STARTUP} + + sudo -u ${USER} touch ${HOME}/.profile + echo "export DIALOG_SLEEP=4" >> ${HOME}/.profile + + [ -d ${HOME}/.kde/share/config ] || sudo -u ${USER} mkdir -p ${HOME}/.kde/share/config + [ -f ${HOME}/.kde/share/config/nepomukserverrc ] || sudo -u ${USER} touch ${HOME}/.kde/share/config/nepomukserverrc + echo "[Basic Settings]" >> ${HOME}/.kde/share/config/nepomukserverrc + echo "Start Nepomuk=false" >> ${HOME}/.kde/share/config/nepomukserverrc + + [ -f ${HOME}/.kde/share/config/notificationhelper ] || sudo -u ${USER} touch ${HOME}/.kde/share/config/notificationhelper + echo "[Event]" >> ${HOME}/.kde/share/config/notificationhelper + echo "hideHookNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper + echo "hideInstallNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper + echo "hideRestartNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper # Load restricted session #dmrc='[Desktop]\nSession=guest-restricted' - #/bin/echo -e "$dmrc" > "$HOME"/.dmrc + #/bin/echo -e ${dmrc} > ${HOME}/.dmrc # set possible local guest session preferences - [ -f /etc/guest-session/prefs.sh ] && sudo -u $USER sh -c '. /etc/guest-session/prefs.sh' + [ -f /etc/guest-session/prefs.sh ] && sudo -u ${USER} sh -c '. /etc/guest-session/prefs.sh' - echo $USER + echo ${USER} } remove_account () { - GUEST_USER=$1 + GUEST_USER=${1} - PWENT=`getent passwd "$GUEST_USER"` || { - echo "Error: invalid user $GUEST_USER" + PWENT=$(getent passwd ${GUEST_USER}) || { + echo "Error: invalid user ${GUEST_USER}" exit 1 } - GUEST_UID=`echo "$PWENT" | cut -f3 -d:` - GUEST_HOME=`echo "$PWENT" | cut -f6 -d:` + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + GUEST_HOME=$(echo ${PWENT} | cut -f6 -d:) - if [ "$GUEST_UID" -ge 500 ]; then - echo "Error: user $GUEST_USER is not a system user." + if [ ${GUEST_UID} -ge 500 ]; then + echo "Error: user ${GUEST_USER} is not a system user." exit 1 fi - if [ "${GUEST_HOME}" = "${GUEST_HOME#/tmp/}" ]; then - echo "Error: home directory $GUEST_HOME is not in /tmp/." + if [ ${GUEST_HOME} = ${GUEST_HOME#/tmp/} ]; then + echo "Error: home directory ${GUEST_HOME} is not in /tmp/." exit 1 fi # kill all remaining processes - while ps h -u "$GUEST_USER" >/dev/null; do - killall -9 -u "$GUEST_USER" || true + while ps h -u ${GUEST_USER} >/dev/null; do + killall -9 -u ${GUEST_USER} || true sleep 0.2; done @@ -192,31 +195,32 @@ remove_account () rm -rf ${GUEST_HOME} # remove leftovers in /tmp - find /tmp -mindepth 1 -maxdepth 1 -uid "$GUEST_UID" -print0 | xargs -0 rm -rf || true + find /tmp -mindepth 1 -maxdepth 1 -uid ${GUEST_UID} -print0 | xargs -0 rm -rf || true # remove possible /media/guest-XXXXXX folder - if [ -d /media/"$GUEST_USER" ]; then - for dir in $( find /media/"$GUEST_USER" -mindepth 1 -maxdepth 1 ); do - umount "$dir" || true + if [ -d /media/${GUEST_USER} ]; then + for dir in $(find /media/${GUEST_USER} -mindepth 1 -maxdepth 1); do + umount ${dir} || true done - rmdir /media/"$GUEST_USER" || true + + rmdir /media/${GUEST_USER} || true fi - deluser --system "$GUEST_USER" + deluser --system ${GUEST_USER} } -case "$1" in +case ${1} in add) add_account ;; remove) - if [ -z $2 ] ; then - echo "Usage: $0 remove [account]" + if [ -z ${2} ] ; then + echo "Usage: ${0} remove [account]" exit 1 fi - remove_account $2 + remove_account ${2} ;; *) - echo "Usage: $0 add|remove" + echo "Usage: ${0} add|remove" exit 1 esac -- cgit v1.2.1 From 91cd1188ffbf2c10df265431bb6e03e42f255e91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Thu, 15 Oct 2015 09:23:40 -0300 Subject: Move parts of guest-account script to separate files, and revert remaining sudo calls. --- debian/guest-account.sh | 67 +++++++----------------------------- debian/guest-session-setup.sh | 34 ++++++++++++++++++ debian/guest-session-startup.desktop | 5 +++ debian/guest-session.profile | 1 + debian/lightdm.install | 1 + debian/rules | 2 ++ 6 files changed, 56 insertions(+), 54 deletions(-) create mode 100644 debian/guest-session-setup.sh create mode 100644 debian/guest-session-startup.desktop create mode 100644 debian/guest-session.profile diff --git a/debian/guest-account.sh b/debian/guest-account.sh index 748a7511..ffc44eb5 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -53,7 +53,8 @@ add_account () } fi - gs_skel=/etc/guest-session/skel/ + dist_gs=/usr/share/lightdm/guest-session + site_gs=/etc/guest-session # create temporary home directory mount -t tmpfs -o mode=700,uid=${USER} none ${HOME} || { @@ -61,29 +62,31 @@ add_account () exit 1 } - if [ -d ${gs_skel} ] && [ -n $(find ${gs_skel} -type f) ]; then + if [ -d ${site_gs}/skel ] && [ -n $(find ${site_gs}/skel -type f) ]; then # Only perform union-mounting if BindFS is available if [ -x /usr/bin/bindfs ]; then bindfs_mount=true # Try OverlayFS first if modinfo -n overlay >/dev/null 2>&1; then - sudo -u ${USER} mkdir ${HOME}/upper ${HOME}/work - mount -t overlay -o lowerdir=${gs_skel},upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { + mkdir ${HOME}/upper ${HOME}/work + chown ${USER}:${USER} ${HOME}/upper ${HOME}/work + mount -t overlay -o lowerdir=${dist_gs}/skel:${site_gs}/skel,upperdir=${HOME}/upper,workdir=${HOME}/work overlay ${HOME} || { umount ${HOME} rm -rf ${HOME} exit 1 } # If OverlayFS is not available, try AuFS elif [ -x /sbin/mount.aufs ]; then - mount -t aufs -o br=${HOME}:${gs_skel} none ${HOME} || { + mount -t aufs -o br=${HOME}:${dist_gs}/skel:${site_gs}/skel none ${HOME} || { umount ${HOME} rm -rf ${HOME} exit 1 } # If none of them is available, fall back to copy over else - cp -rT ${gs_skel} ${HOME} + cp -rT ${site_gs}/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} chown -R ${USER}:${USER} ${HOME} bindfs_mount=false fi @@ -100,64 +103,20 @@ add_account () fi # If BindFS is not available, just fall back to copy over else - cp -rT ${gs_skel} ${HOME} + cp -rT ${site_gs}/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} chown -R ${USER}:${USER} ${HOME} fi else cp -rT /etc/skel/ ${HOME} + cp -rT ${dist_gs}/skel/ ${HOME} chown -R ${USER}:${USER} ${HOME} fi usermod -d ${HOME} ${USER} - # # setup session - # - - # disable some services that are unnecessary for the guest session - [ -d ${HOME}/.config/autostart ] || sudo -u ${USER} mkdir -p ${HOME}/.config/autostart - cd /etc/xdg/autostart/ - services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" - for service in ${services} - do - if [ -e /etc/xdg/autostart/${service} ] ; then - [ -f ${HOME}/.config/autostart/${service} ] || sudo -u ${USER} cp ${service} ${HOME}/.config/autostart - echo "X-GNOME-Autostart-enabled=false" >> ${HOME}/.config/autostart/${service} - fi - done - - # disable Unity shortcut hint - [ -d ${HOME}/.cache/unity ] || sudo -u ${USER} mkdir -p ${HOME}/.cache/unity - sudo -u ${USER} touch ${HOME}/.cache/unity/first_run.stamp - - STARTUP=${HOME}/.config/autostart/startup-commands.desktop - sudo -u ${USER} touch ${STARTUP} - echo "[Desktop Entry]" > ${STARTUP} - echo "Name=Startup commands" >> ${STARTUP} - echo "Type=Application" >> ${STARTUP} - echo "NoDisplay=true" >> ${STARTUP} - echo "Exec=/usr/lib/lightdm/guest-session-auto.sh" >> ${STARTUP} - - sudo -u ${USER} touch ${HOME}/.profile - echo "export DIALOG_SLEEP=4" >> ${HOME}/.profile - - [ -d ${HOME}/.kde/share/config ] || sudo -u ${USER} mkdir -p ${HOME}/.kde/share/config - [ -f ${HOME}/.kde/share/config/nepomukserverrc ] || sudo -u ${USER} touch ${HOME}/.kde/share/config/nepomukserverrc - echo "[Basic Settings]" >> ${HOME}/.kde/share/config/nepomukserverrc - echo "Start Nepomuk=false" >> ${HOME}/.kde/share/config/nepomukserverrc - - [ -f ${HOME}/.kde/share/config/notificationhelper ] || sudo -u ${USER} touch ${HOME}/.kde/share/config/notificationhelper - echo "[Event]" >> ${HOME}/.kde/share/config/notificationhelper - echo "hideHookNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper - echo "hideInstallNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper - echo "hideRestartNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper - - # Load restricted session - #dmrc='[Desktop]\nSession=guest-restricted' - #/bin/echo -e ${dmrc} > ${HOME}/.dmrc - - # set possible local guest session preferences - [ -f /etc/guest-session/prefs.sh ] && sudo -u ${USER} sh -c '. /etc/guest-session/prefs.sh' + su ${USER} -c "env HOME=${HOME} site_gs=${site_gs} ${dist_gs}/setup.sh" echo ${USER} } diff --git a/debian/guest-session-setup.sh b/debian/guest-session-setup.sh new file mode 100644 index 00000000..9e1300db --- /dev/null +++ b/debian/guest-session-setup.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +HOME=${HOME:-$(getent passwd $(whoami) | cut -f6 -d:)} +site_gs=${site_gs:-/etc/guest-session} + +# disable some services that are unnecessary for the guest session +services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" + +for service in ${services}; do + if [ -e /etc/xdg/autostart/${service} ]; then + [ -f ${HOME}/.config/autostart/${service} ] || cp /etc/xdg/autostart/${service} ${HOME}/.config/autostart + echo "X-GNOME-Autostart-enabled=false" >> ${HOME}/.config/autostart/${service} + fi +done + +# disable Unity shortcut hint +[ -d ${HOME}/.cache/unity ] || mkdir -p ${HOME}/.cache/unity +touch ${HOME}/.cache/unity/first_run.stamp + +[ -d ${HOME}/.kde/share/config ] || mkdir -p ${HOME}/.kde/share/config +echo "[Basic Settings]" >> ${HOME}/.kde/share/config/nepomukserverrc +echo "Start Nepomuk=false" >> ${HOME}/.kde/share/config/nepomukserverrc + +echo "[Event]" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideHookNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideInstallNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideRestartNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper + +# Load restricted session +#dmrc='[Desktop]\nSession=guest-restricted' +#/bin/echo -e ${dmrc} > ${HOME}/.dmrc + +# set possible local guest session preferences +[ -f ${site_gs}/prefs.sh ] && . ${site_gs}/prefs.sh diff --git a/debian/guest-session-startup.desktop b/debian/guest-session-startup.desktop new file mode 100644 index 00000000..676d72e6 --- /dev/null +++ b/debian/guest-session-startup.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Name=Custom startup commands for LightDM guest session +Type=Application +NoDisplay=true +Exec=/usr/lib/lightdm/guest-session-auto.sh diff --git a/debian/guest-session.profile b/debian/guest-session.profile new file mode 100644 index 00000000..38d441c9 --- /dev/null +++ b/debian/guest-session.profile @@ -0,0 +1 @@ +DIALOG_SLEEP=4 diff --git a/debian/lightdm.install b/debian/lightdm.install index 53becd25..01ce61ac 100644 --- a/debian/lightdm.install +++ b/debian/lightdm.install @@ -12,6 +12,7 @@ etc/apparmor.d debian/lightdm-session usr/sbin debian/config-error-dialog.sh usr/lib/lightdm debian/guest-session-auto.sh usr/lib/lightdm +debian/guest-session-startup.desktop usr/share/lightdm/guest-session/skel/.config/autostart debian/lightdm-greeter-session usr/lib/lightdm debian/source_lightdm.py usr/share/apport/package-hooks debian/50-xserver-command.conf usr/share/lightdm/lightdm.conf.d diff --git a/debian/rules b/debian/rules index d4ee0c17..8eee47a9 100755 --- a/debian/rules +++ b/debian/rules @@ -27,6 +27,8 @@ override_dh_install: # we do install pam through installpam and init through installinit dh_install -X.a -X.la -Xpam.d -X'etc/init/lightdm.conf' --fail-missing install -D debian/guest-account.sh debian/lightdm/usr/sbin/guest-account + install -D debian/guest-session-setup.sh debian/lightdm/usr/share/lightdm/guest-session/setup.sh + install -D debian/guest-session.profile debian/lightdm/usr/share/lightdm/guest-session/skel/.profile chmod +x debian/lightdm/usr/lib/lightdm/lightdm-greeter-session chmod +x debian/lightdm/usr/lib/lightdm/guest-session-auto.sh -- cgit v1.2.1 From c05000d1681b7aa83f6a1a573243cd037b1c6923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?La=C3=A9rcio=20de=20Sousa?= Date: Thu, 15 Oct 2015 09:59:58 -0300 Subject: Make /usr/share/lightdm/guest-session/setup.sh executable on install. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 8eee47a9..921ca716 100755 --- a/debian/rules +++ b/debian/rules @@ -27,7 +27,7 @@ override_dh_install: # we do install pam through installpam and init through installinit dh_install -X.a -X.la -Xpam.d -X'etc/init/lightdm.conf' --fail-missing install -D debian/guest-account.sh debian/lightdm/usr/sbin/guest-account - install -D debian/guest-session-setup.sh debian/lightdm/usr/share/lightdm/guest-session/setup.sh + install -D -m 755 debian/guest-session-setup.sh debian/lightdm/usr/share/lightdm/guest-session/setup.sh install -D debian/guest-session.profile debian/lightdm/usr/share/lightdm/guest-session/skel/.profile chmod +x debian/lightdm/usr/lib/lightdm/lightdm-greeter-session chmod +x debian/lightdm/usr/lib/lightdm/guest-session-auto.sh -- cgit v1.2.1