From 2f11f01424c8766a5d1ab6aecdaf3943ca9257c0 Mon Sep 17 00:00:00 2001 From: Lucas Affonso Xavier de Morais Date: Mon, 10 Nov 2014 10:41:57 -0200 Subject: Issue #1870: [local_accounts] local_accounts config module created. --- .../opt/openslx/scripts/systemd-shutdown_prescript | 13 + remote/rootfs/rootfs-stage32/module.conf | 10 + server/configs/curitiba/local_accounts | 1 + .../etc/cron.d/openslx-local_accounts | 6 + server/modules/local_accounts/etc/login.defs | 335 +++++++++++++++++++++ .../etc/systemd/system/local_accounts.service | 9 + .../multi-user.target.wants/local_accounts.service | 1 + .../opt/openslx/scripts/local_accounts-cron_script | 9 + .../opt/openslx/scripts/systemd-create_users | 57 ++++ 9 files changed, 441 insertions(+) create mode 120000 server/configs/curitiba/local_accounts create mode 100644 server/modules/local_accounts/etc/cron.d/openslx-local_accounts create mode 100644 server/modules/local_accounts/etc/login.defs create mode 100644 server/modules/local_accounts/etc/systemd/system/local_accounts.service create mode 120000 server/modules/local_accounts/etc/systemd/system/multi-user.target.wants/local_accounts.service create mode 100755 server/modules/local_accounts/opt/openslx/scripts/local_accounts-cron_script create mode 100755 server/modules/local_accounts/opt/openslx/scripts/systemd-create_users diff --git a/remote/modules/systemd/data/opt/openslx/scripts/systemd-shutdown_prescript b/remote/modules/systemd/data/opt/openslx/scripts/systemd-shutdown_prescript index 3b5d7f92..e3a45ecf 100755 --- a/remote/modules/systemd/data/opt/openslx/scripts/systemd-shutdown_prescript +++ b/remote/modules/systemd/data/opt/openslx/scripts/systemd-shutdown_prescript @@ -38,6 +38,14 @@ umount_samba_shares() { done } +backup_users(){ + # create patch files to backup the users created by the openslx, so we can restore then in the next session. + for file in passwd shadow group; do + diff -u /home/openslx/.$file.backup /etc/$file > /home/openslx/.$file.patch + done + echo "Patch of /etc/{passwd,shadow,group} generated at /home/openslx/.{passwd,shadow,group}.patch" +} + # Searching for nfs-shares in mtab: if [ $(echo /etc/mtab | cut -d " " -f 3 | grep -q nfs) ]; then umount_nfs_shares @@ -47,4 +55,9 @@ fi if [ $(echo /etc/mtab|cut -d " " -f 3 | grep -q cifs) ]; then umount_samba_shares fi + +if [ -d /home/openslx ]; then + backup_users +fi + exit $ERRORLEVEL diff --git a/remote/rootfs/rootfs-stage32/module.conf b/remote/rootfs/rootfs-stage32/module.conf index 3a160a36..eb17dfe8 100644 --- a/remote/rootfs/rootfs-stage32/module.conf +++ b/remote/rootfs/rootfs-stage32/module.conf @@ -18,6 +18,11 @@ REQUIRED_BINARIES=" mkfs.xfs mkfs.ext3 mkfs.ext4 + fsck.ext3 + fsck.ext4 + fsck.jfs + fsck.xfs + fsck blkid modprobe ps @@ -38,6 +43,11 @@ REQUIRED_BINARIES=" getent ldconfig grep + sfdisk + sgdisk + dialog + useradd + patch " REQUIRED_LIBRARIES=" libcap diff --git a/server/configs/curitiba/local_accounts b/server/configs/curitiba/local_accounts new file mode 120000 index 00000000..c28e06ff --- /dev/null +++ b/server/configs/curitiba/local_accounts @@ -0,0 +1 @@ +../../modules/local_accounts \ No newline at end of file diff --git a/server/modules/local_accounts/etc/cron.d/openslx-local_accounts b/server/modules/local_accounts/etc/cron.d/openslx-local_accounts new file mode 100644 index 00000000..948ee329 --- /dev/null +++ b/server/modules/local_accounts/etc/cron.d/openslx-local_accounts @@ -0,0 +1,6 @@ +# Trigger scripts that checks idle status of machine and triggers actions + +SHELL=/bin/ash +PATH=/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin + +*/5 * * * * root /opt/openslx/scripts/local_accounts-cron_script diff --git a/server/modules/local_accounts/etc/login.defs b/server/modules/local_accounts/etc/login.defs new file mode 100644 index 00000000..9bca35e0 --- /dev/null +++ b/server/modules/local_accounts/etc/login.defs @@ -0,0 +1,335 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK is the default umask value for pam_umask and is used by +# useradd and newusers to set the mode of the new home directories. +# 022 is the "historical" value in Debian for UMASK +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 2000 +UID_MAX 60000 +# System accounts +#SYS_UID_MIN 100 +#SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 2000 +GID_MAX 60000 +# System accounts +#SYS_GID_MIN 100 +#SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# If set to yes, userdel will remove the userĀ“s group if it contains no +# more members, and useradd will create by default a group with the name +# of the user. +# +# Other former uses of this variable such as setting the umask when +# user==primary group are not used in PAM environments, such as Debian +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is deprecated. You should use ENCRYPT_METHOD. +# +#MD5_CRYPT_ENAB no + +# +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +# Note: It is recommended to use a value consistent with +# the PAM modules configuration. +# +ENCRYPT_METHOD SHA512 + +# +# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + diff --git a/server/modules/local_accounts/etc/systemd/system/local_accounts.service b/server/modules/local_accounts/etc/systemd/system/local_accounts.service new file mode 100644 index 00000000..37488705 --- /dev/null +++ b/server/modules/local_accounts/etc/systemd/system/local_accounts.service @@ -0,0 +1,9 @@ +[Unit] +Description=Runs the OpenSLX Create Users Tool +Wants=display-manager.service getty@tty1.service getty@ttyUSB0.service +Before=display-manager.service getty@tty1.service getty@ttyUSB0.service + +[Service] +Type=oneshot +ExecStart=/opt/openslx/scripts/systemd-local_accounts +RemainAfterExit=yes diff --git a/server/modules/local_accounts/etc/systemd/system/multi-user.target.wants/local_accounts.service b/server/modules/local_accounts/etc/systemd/system/multi-user.target.wants/local_accounts.service new file mode 120000 index 00000000..578ecc01 --- /dev/null +++ b/server/modules/local_accounts/etc/systemd/system/multi-user.target.wants/local_accounts.service @@ -0,0 +1 @@ +../../../../etc/systemd/system/local_accounts.service \ No newline at end of file diff --git a/server/modules/local_accounts/opt/openslx/scripts/local_accounts-cron_script b/server/modules/local_accounts/opt/openslx/scripts/local_accounts-cron_script new file mode 100755 index 00000000..8d38401a --- /dev/null +++ b/server/modules/local_accounts/opt/openslx/scripts/local_accounts-cron_script @@ -0,0 +1,9 @@ +#!/bin/ash + +# create .patches for next session + +if [ -d /home/openslx ]; then + for file in passwd shadow group; do + diff -u /home/openslx/.$file.backup /etc/$file > /home/openslx/.$file.patch + done +fi diff --git a/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users b/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users new file mode 100755 index 00000000..3ac554b5 --- /dev/null +++ b/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users @@ -0,0 +1,57 @@ +#!/bin/ash + +. /opt/openslx/config || { echo "Could not source config!"; exit 23; } + +create_user(){ +# generate the new lines that will be merged into the /etc/{passwd,shadow,group} files + unset IFS + if useradd -s /bin/bash -m $1 -K UID_MIN=1000 -K GID_MIN=1000; then # if the users doesn't exists, create him without the password + if [ -n "$2" ]; then + sed -i "s#^$1:[^:]*:#$1:$2:#" "/etc/shadow" # set the password in the /etc/shadow file + fi + else + echo 'user $1 already exists' + if [ -n "$2" ] && [ $(grep ^$1: /etc/shadow | cut -d ':' -f2) != $2 ]; then # if the user already exists, check if the password has changed + echo "changing password to the new one" + sed -i "s#^$1:[^:]*:#$1:$2:#" "/etc/shadow" # set the password in the /etc/shadow file + fi + fi +} + +mount | grep "/home" > /dev/null +if [ $? -eq 0 ]; then + # check if the /home partition exists + echo "/home partition found" + if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then # try to create the 'openslx' user, will fail if it already exists + echo "user openslx created" + sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" # set the password in the /etc/shadow file + fi + + for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. + IFS=, + set $line + create_user $1 $2 + done + + for file in passwd shadow group; do + #backup files before patching to save slxbox state + echo "Backing up /etc/$file at /home/openslx/.$file.backup" + cp /etc/$file /home/openslx/.$file.backup + + # apply patch of users created by the admin in the last session. + if [ -e /home/openslx/.$file.patch ]; then + patch /etc/$file < /home/openslx/.$file.patch + fi + done +else # if no /home partition was found, will create the user but won't do the patch and backup. + echo "No /home partition found on hdd. Creating non permanent users from slxbox." + if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then # try to create the 'openslx' user, will fail if it already exists + echo "user openslx created" + sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" # set the password in the /etc/shadow file + fi + for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. + IFS=, + set $line + create_user $1 $2 + done +fi \ No newline at end of file -- cgit v1.2.3-55-g7522 From 368d5b62c33d14ed619b22bae7e09e2973fdf627 Mon Sep 17 00:00:00 2001 From: Michael Pereira Neves Date: Mon, 10 Nov 2014 11:25:53 -0200 Subject: [local-account] code review --- .../opt/openslx/scripts/systemd-create_users | 73 ++++++++++++---------- 1 file changed, 41 insertions(+), 32 deletions(-) diff --git a/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users b/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users index 3ac554b5..5cabd4fd 100755 --- a/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users +++ b/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users @@ -2,56 +2,65 @@ . /opt/openslx/config || { echo "Could not source config!"; exit 23; } +#generate new user with useradd and insert password in /etc/shadow if exists create_user(){ -# generate the new lines that will be merged into the /etc/{passwd,shadow,group} files - unset IFS - if useradd -s /bin/bash -m $1 -K UID_MIN=1000 -K GID_MIN=1000; then # if the users doesn't exists, create him without the password - if [ -n "$2" ]; then - sed -i "s#^$1:[^:]*:#$1:$2:#" "/etc/shadow" # set the password in the /etc/shadow file - fi + local username="$1" + local password="$2" + uset IFS + + #if the users doesn't exists, create him without the password + if useradd -s /bin/bash -m "$username" -K UID_MIN=1000 -K GID_MIN=1000; then + if [ -n "$password" ]; then + #set the password in the /etc/shadow file + sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" + fi else - echo 'user $1 already exists' - if [ -n "$2" ] && [ $(grep ^$1: /etc/shadow | cut -d ':' -f2) != $2 ]; then # if the user already exists, check if the password has changed - echo "changing password to the new one" - sed -i "s#^$1:[^:]*:#$1:$2:#" "/etc/shadow" # set the password in the /etc/shadow file + echo 'user ${username} already exists' + #if the user already exists, check if the password has changed + if [ -n "$password" ] && [ $(grep ^${username}: /etc/shadow | cut -d ':' -f2) != "$password" ]; then + echo "User password changed, updating /etc/shadow to new one" + #set the password in the /etc/shadow file + sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" fi fi } -mount | grep "/home" > /dev/null -if [ $? -eq 0 ]; then - # check if the /home partition exists +# check if the /home partition exists +if mount | grep "/home" > /dev/null; then echo "/home partition found" - if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then # try to create the 'openslx' user, will fail if it already exists + + #try to create the 'openslx' user in whose home dir backups and patch files will be stored + if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then echo "user openslx created" - sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" # set the password in the /etc/shadow file + #set the password in the /etc/shadow file + sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" fi - for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. - IFS=, - set $line + #create the accounts specified in the SLX_USERS config. + for line in $SLX_USERS; do + IFS=, + set $line create_user $1 $2 done - + + #patch passwd, shadow and group with changes the local admin made in that machine for file in passwd shadow group; do #backup files before patching to save slxbox state - echo "Backing up /etc/$file at /home/openslx/.$file.backup" - cp /etc/$file /home/openslx/.$file.backup + echo "Backing up /etc/${file} at /home/openslx/.${file}.backup" + cp /etc/${file} /home/openslx/.${file}.backup - # apply patch of users created by the admin in the last session. - if [ -e /home/openslx/.$file.patch ]; then - patch /etc/$file < /home/openslx/.$file.patch + #apply patch of users created by the admin in the last session. + if [ -e /home/openslx/.${file}.patch ]; then + patch /etc/${file} < /home/openslx/.${file}.patch fi done -else # if no /home partition was found, will create the user but won't do the patch and backup. + +else + #if no /home partition was found, will create the user but won't do the patch and backup. echo "No /home partition found on hdd. Creating non permanent users from slxbox." - if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then # try to create the 'openslx' user, will fail if it already exists - echo "user openslx created" - sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" # set the password in the /etc/shadow file - fi for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. - IFS=, - set $line + IFS=, + set $line create_user $1 $2 done -fi \ No newline at end of file +fi -- cgit v1.2.3-55-g7522 From 0c9ae7ba033687de2e1eea5e2a12c190a561c01a Mon Sep 17 00:00:00 2001 From: Michael Pereira Neves Date: Tue, 11 Nov 2014 18:34:21 -0200 Subject: [local-account] rename systemd script for local accounts --- .../opt/openslx/scripts/systemd-create_users | 66 ---------------------- .../opt/openslx/scripts/systemd-local_accounts | 66 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 66 deletions(-) delete mode 100755 server/modules/local_accounts/opt/openslx/scripts/systemd-create_users create mode 100755 server/modules/local_accounts/opt/openslx/scripts/systemd-local_accounts diff --git a/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users b/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users deleted file mode 100755 index 5cabd4fd..00000000 --- a/server/modules/local_accounts/opt/openslx/scripts/systemd-create_users +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/ash - -. /opt/openslx/config || { echo "Could not source config!"; exit 23; } - -#generate new user with useradd and insert password in /etc/shadow if exists -create_user(){ - local username="$1" - local password="$2" - uset IFS - - #if the users doesn't exists, create him without the password - if useradd -s /bin/bash -m "$username" -K UID_MIN=1000 -K GID_MIN=1000; then - if [ -n "$password" ]; then - #set the password in the /etc/shadow file - sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" - fi - else - echo 'user ${username} already exists' - #if the user already exists, check if the password has changed - if [ -n "$password" ] && [ $(grep ^${username}: /etc/shadow | cut -d ':' -f2) != "$password" ]; then - echo "User password changed, updating /etc/shadow to new one" - #set the password in the /etc/shadow file - sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" - fi - fi -} - -# check if the /home partition exists -if mount | grep "/home" > /dev/null; then - echo "/home partition found" - - #try to create the 'openslx' user in whose home dir backups and patch files will be stored - if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then - echo "user openslx created" - #set the password in the /etc/shadow file - sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" - fi - - #create the accounts specified in the SLX_USERS config. - for line in $SLX_USERS; do - IFS=, - set $line - create_user $1 $2 - done - - #patch passwd, shadow and group with changes the local admin made in that machine - for file in passwd shadow group; do - #backup files before patching to save slxbox state - echo "Backing up /etc/${file} at /home/openslx/.${file}.backup" - cp /etc/${file} /home/openslx/.${file}.backup - - #apply patch of users created by the admin in the last session. - if [ -e /home/openslx/.${file}.patch ]; then - patch /etc/${file} < /home/openslx/.${file}.patch - fi - done - -else - #if no /home partition was found, will create the user but won't do the patch and backup. - echo "No /home partition found on hdd. Creating non permanent users from slxbox." - for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. - IFS=, - set $line - create_user $1 $2 - done -fi diff --git a/server/modules/local_accounts/opt/openslx/scripts/systemd-local_accounts b/server/modules/local_accounts/opt/openslx/scripts/systemd-local_accounts new file mode 100755 index 00000000..5cabd4fd --- /dev/null +++ b/server/modules/local_accounts/opt/openslx/scripts/systemd-local_accounts @@ -0,0 +1,66 @@ +#!/bin/ash + +. /opt/openslx/config || { echo "Could not source config!"; exit 23; } + +#generate new user with useradd and insert password in /etc/shadow if exists +create_user(){ + local username="$1" + local password="$2" + uset IFS + + #if the users doesn't exists, create him without the password + if useradd -s /bin/bash -m "$username" -K UID_MIN=1000 -K GID_MIN=1000; then + if [ -n "$password" ]; then + #set the password in the /etc/shadow file + sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" + fi + else + echo 'user ${username} already exists' + #if the user already exists, check if the password has changed + if [ -n "$password" ] && [ $(grep ^${username}: /etc/shadow | cut -d ':' -f2) != "$password" ]; then + echo "User password changed, updating /etc/shadow to new one" + #set the password in the /etc/shadow file + sed -i "s#^${username}:[^:]*:#${username}:${password}:#" "/etc/shadow" + fi + fi +} + +# check if the /home partition exists +if mount | grep "/home" > /dev/null; then + echo "/home partition found" + + #try to create the 'openslx' user in whose home dir backups and patch files will be stored + if useradd -s /bin/bash -m openslx -K UID_MIN=1000 -K GID_MIN=1000; then + echo "user openslx created" + #set the password in the /etc/shadow file + sed -i "s#^openslx:[^:]*:#openslx:$OPENSLX_PASS:#" "/etc/shadow" + fi + + #create the accounts specified in the SLX_USERS config. + for line in $SLX_USERS; do + IFS=, + set $line + create_user $1 $2 + done + + #patch passwd, shadow and group with changes the local admin made in that machine + for file in passwd shadow group; do + #backup files before patching to save slxbox state + echo "Backing up /etc/${file} at /home/openslx/.${file}.backup" + cp /etc/${file} /home/openslx/.${file}.backup + + #apply patch of users created by the admin in the last session. + if [ -e /home/openslx/.${file}.patch ]; then + patch /etc/${file} < /home/openslx/.${file}.patch + fi + done + +else + #if no /home partition was found, will create the user but won't do the patch and backup. + echo "No /home partition found on hdd. Creating non permanent users from slxbox." + for line in $SLX_USERS; do # create the accounts specified in the SLX_USERS config. + IFS=, + set $line + create_user $1 $2 + done +fi -- cgit v1.2.3-55-g7522