diff options
author | Jonathan Bauer | 2013-11-25 17:19:59 +0100 |
---|---|---|
committer | Jonathan Bauer | 2013-11-25 17:19:59 +0100 |
commit | a23cb4056bf8db117fdc1180f683b8a3db804875 (patch) | |
tree | 5f20ee117960c6e1ca949fcfcae8658111ddba51 /server/modules | |
parent | Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts (diff) | |
download | tm-scripts-a23cb4056bf8db117fdc1180f683b8a3db804875.tar.gz tm-scripts-a23cb4056bf8db117fdc1180f683b8a3db804875.tar.xz tm-scripts-a23cb4056bf8db117fdc1180f683b8a3db804875.zip |
[pam-freiburg] update to home directory structure: /home/user is now a
tmpfs and the home directory will be mounted on /home/user/PERSISTENT.
Added functionality to kill all remaining processes of a user, when he
closes his last session.
Diffstat (limited to 'server/modules')
-rwxr-xr-x | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close | 23 | ||||
-rwxr-xr-x | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open | 74 |
2 files changed, 77 insertions, 20 deletions
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close index 44dcd418..a6d65afa 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close @@ -1,5 +1,26 @@ #!/bin/bash -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" +echo "[${PAM_TYPE}] Closing session for ${PAM_USER}" +OPENSESSIONS=$(loginctl|grep "${PAM_USER}" |wc -l) +if [ "x${OPENSESSIONS}" == "x1" ]; then + # last sessions, close all ghost user processes + pkill -u "${PAM_USER}" + + # check if it worker + while ps aux | grep -v grep | grep -q "${PAM_USER}"; do + sleep 1 + done + # all done, kill it again to be sure + pkill -9 -u "${PAM_USER}" + + # unmount the home directory structure + umount "/home/${PAM_USER}/PERSISTENT" || \ + echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'." + + umount "/home/${PAM_USER}" || \ + echo "Could not unmount '/home/${PAM_USER}'." +fi + +exit 0 diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open index c06f1bbb..d3387fe6 100755 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open @@ -1,41 +1,77 @@ #!/bin/bash -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin" -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" +echo "[${PAM_TYPE}] Opening session for ${PAM_USER}" -if [ ! -z "$(mount|grep $PAM_USER)" ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." +if [ ! -z "$(mount|grep ${PAM_USER})" ]; then + echo "[${PAM_TYPE}] Home directory of '${PAM_USER}' is already mounted." exit 0 fi -if [ $(id -g $PAM_USER) -ge 1000 ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" +TEMP_HOME_DIR="/home/${PAM_USER}" +PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" +# +# All users with gid >= 1000 are students, so try to get their home directory. +# +if [ $(id -g ${PAM_USER}) -ge 1000 ]; then + + # create the home directory + mkdir -p "${TEMP_HOME_DIR}" || \ + { echo "Could not create '${TEMP_HOME_DIR}'."; exit 1; } + chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \ + { echo "Could not chown '${TEMP_HOME_DIR}' to ${PAM_USER}."; exit 1; } + + # now make it a tmpfs + mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \ + { echo "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; } + + echo "ATTENTION: This is the non-persistant home directory! Files saved here will be lost on shutdown. Your real home is under /home/<user>/PERSISTENT. Please save your files there." > "${TEMP_HOME_DIR}/README.txt" + + mkdir -p "${PERSISTENT_HOME_DIR}" || \ + { echo "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } + chown -R "${PAM_USER}" "${PERSISTENT_HOME_DIR}" || \ + { echo "Could not chown '${PERSISTENT_HOME_DIR}' to '${PAM_USER}'."; exit 1; } + + + ################# + # + # KERBEROS MOUNT + # # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ + { echo "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; } + + chmod 600 /etc/krb5.keytab || \ + { echo "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; } # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ + { echo "Could not search LDAP server for 'homeDirectory' and 'rufFileserver' parameters."; exit 1; } - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) - [ -z "$FILESERVER" ] && [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Could not determine fileserver for home directories. Aborting mount for $PAM_USER." && exit 1 - [ -z "$VOLUME" ] && [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Could not determine volume to mount. Aborting mount for $PAM_USER." && exit 1 + [ -z "${FILESERVER}" ] && echo "[${PAM_TYPE}] Could not determine fileserver for home directories. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${VOLUME}" ] && echo "[${PAM_TYPE}] Could not determine volume to mount. Aborting mount for ${PAM_USER}." && exit 1 # now we can mount the home directory! - mkdir -p /home/$PAM_USER - chown "$PAM_USER" "/home/$PAM_USER" - mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" & + + SIGNAL=$(mktemp) + rm -f -- "$SIGNAL" + (mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER:$VOLUME" "${PERSISTENT_HOME_DIR}" || touch "$SIGNAL") & MOUNT_PID=$! for COUNTER in 1 2 4 4; do - kill -0 "$MOUNT_PID" || break + kill -0 "$MOUNT_PID" 2>/dev/null || break sleep "$COUNTER" done - if kill -9 "$MOUNT_PID"; then - echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > /home/"$PAM_USER"/WARNING.txt + if [ -e "$SIGNAL" ] || kill -9 "$MOUNT_PID" 2>/dev/null; then + echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > "${PERSISTENT_HOME_DIR}/WARNING.txt" + rm -f -- "$SIGNAL" fi fi + +exit 0 + |