diff options
author | Jonathan Bauer | 2013-11-26 15:07:34 +0100 |
---|---|---|
committer | Jonathan Bauer | 2013-11-26 15:07:34 +0100 |
commit | 73d1c2daa6065bef6549b2fa65ddf85b24b73fcd (patch) | |
tree | 81f66b6ea2864b41d1b42f9bdd8d44439ed9d3e8 /server/modules | |
parent | [vmware] added Xreset script to properly unmount tmp directories created by v... (diff) | |
download | tm-scripts-73d1c2daa6065bef6549b2fa65ddf85b24b73fcd.tar.gz tm-scripts-73d1c2daa6065bef6549b2fa65ddf85b24b73fcd.tar.xz tm-scripts-73d1c2daa6065bef6549b2fa65ddf85b24b73fcd.zip |
[pam-freiburg] improved the pam-script scripts: each user now gets a
tmpfs home directory and the script then tries to mount the persistent
home as scripted in pam_script_mount_persistent
Diffstat (limited to 'server/modules')
-rw-r--r-- | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent | 58 | ||||
-rwxr-xr-x | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open | 90 |
2 files changed, 83 insertions, 65 deletions
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent new file mode 100644 index 00000000..b5b23327 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent @@ -0,0 +1,58 @@ +################################################################### +# +# This script is a part of the pam_script_ses_open script +# and is not stand-alone! +# +# It will try to mount the home directories of students +# under /home/<user>/PERSISTENT using kerberos. +# + +PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" + +# Only run this if the user is a student +# These have a gid > 1000 +if [ $(id -g ${PAM_USER}) -ge 1000 ]; then + + # create the PERSISTENT directory + mkdir -p "${PERSISTENT_HOME_DIR}" || \ + { echo "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } + chown -R "${PAM_USER}" "${PERSISTENT_HOME_DIR}" || \ + { echo "Could not chown '${PERSISTENT_HOME_DIR}' to '${PAM_USER}'."; exit 1; } + + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ + { echo "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; } + + chmod 600 /etc/krb5.keytab || \ + { echo "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; } + + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ + { echo "Could not search LDAP server for 'homeDirectory' and 'rufFileserver' parameters."; exit 1; } + + FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) + + [ -z "${FILESERVER}" ] && echo "[${PAM_TYPE}] Could not determine fileserver for home directories. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${VOLUME}" ] && echo "[${PAM_TYPE}] Could not determine volume to mount. Aborting mount for ${PAM_USER}." && exit 1 + + # now we can mount the home directory! + + SIGNAL=$(mktemp) + rm -f -- "$SIGNAL" + (mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER:$VOLUME" "${PERSISTENT_HOME_DIR}" || touch "$SIGNAL") & + MOUNT_PID=$! + for COUNTER in 1 2 4 4; do + kill -0 "$MOUNT_PID" 2>/dev/null || break + sleep "$COUNTER" + done + + if [ -e "$SIGNAL" ] || kill -9 "$MOUNT_PID" 2>/dev/null; then + echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > "${PERSISTENT_HOME_DIR}/WARNING.txt" + rm -f -- "$SIGNAL" + else + echo "Mounting of $FILESERVER:$VOLUME on ${PERSISTENT_HOME_DIR} succeeded." + exit 0 + fi +fi + diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open index 6c8784a7..6f0e0f9b 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -4,77 +4,37 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o echo "[${PAM_TYPE}] Opening session for ${PAM_USER}" -if [ ! -z "$(mount|grep ${PAM_USER}|grep home)" ]; then +PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent" +TEMP_HOME_DIR="/home/${PAM_USER}" + +# check if we already mounted the home directory +if [ ! -z "$(mount|grep ${TEMP_HOME_DIR})" ]; then echo "[${PAM_TYPE}] Home directory of '${PAM_USER}' is already mounted." exit 0 fi -# simple directory for demo user -[ "x${PAM_USER}" == "xdemo" ] && mkdir -p /home/demo && chown demo:demo /home/demo && exit 0 - -TEMP_HOME_DIR="/home/${PAM_USER}" -PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" - -# -# All users with gid >= 1000 are students, so try to get their home directory. -# -if [ $(id -g ${PAM_USER}) -ge 1000 ]; then - - # create the home directory - mkdir -p "${TEMP_HOME_DIR}" || \ - { echo "Could not create '${TEMP_HOME_DIR}'."; exit 1; } - chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \ - { echo "Could not chown '${TEMP_HOME_DIR}' to ${PAM_USER}."; exit 1; } - - # now make it a tmpfs - mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \ - { echo "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; } +# no home, lets create it +mkdir -p "${TEMP_HOME_DIR}" || \ + { echo "Could not create '${TEMP_HOME_DIR}'."; exit 1; } +chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \ + { echo "Could not chown '${TEMP_HOME_DIR}' to ${PAM_USER}."; exit 1; } - echo "ATTENTION: This is the non-persistant home directory! Files saved here will be lost on shutdown. Your real home is under /home/<user>/PERSISTENT. Please save your files there." > "${TEMP_HOME_DIR}/README.txt" +# now make it a tmpfs +mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \ + { echo "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; } - mkdir -p "${PERSISTENT_HOME_DIR}" || \ - { echo "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } - chown -R "${PAM_USER}" "${PERSISTENT_HOME_DIR}" || \ - { echo "Could not chown '${PERSISTENT_HOME_DIR}' to '${PAM_USER}'."; exit 1; } - - - ############################## - # - # KERBEROS MOUNT - # - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ - { echo "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; } - - chmod 600 /etc/krb5.keytab || \ - { echo "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; } - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ - { echo "Could not search LDAP server for 'homeDirectory' and 'rufFileserver' parameters."; exit 1; } - - FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) - - [ -z "${FILESERVER}" ] && echo "[${PAM_TYPE}] Could not determine fileserver for home directories. Aborting mount for ${PAM_USER}." && exit 1 - [ -z "${VOLUME}" ] && echo "[${PAM_TYPE}] Could not determine volume to mount. Aborting mount for ${PAM_USER}." && exit 1 - - # now we can mount the home directory! - - SIGNAL=$(mktemp) - rm -f -- "$SIGNAL" - (mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER:$VOLUME" "${PERSISTENT_HOME_DIR}" || touch "$SIGNAL") & - MOUNT_PID=$! - for COUNTER in 1 2 4 4; do - kill -0 "$MOUNT_PID" 2>/dev/null || break - sleep "$COUNTER" - done - if [ -e "$SIGNAL" ] || kill -9 "$MOUNT_PID" 2>/dev/null; then - echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > "${PERSISTENT_HOME_DIR}/WARNING.txt" - rm -f -- "$SIGNAL" - fi -fi +# create a WARNING.txt for the user +cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF +ATTENTION: This is the non-persistant home directory! +Files saved here will be lost on shutdown. +Your real home is under /home/<user>/PERSISTENT. +Please save your files there. +EOF +# now lets see if we have a persistent directory +[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0 -exit 0 +. "${PERSISTENT_MOUNT_SCRIPT}" || \ + { echo "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; } + # PERSISTENT_MOUNT_SCRIPT must decide on the return code. |