From 3827237266bf9dd5cabb98c00ce0424e64255139 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Thu, 20 Jun 2013 14:56:37 +0200 Subject: [pam] only try to mount for users whose guid is > 1000 --- .../pam/data/etc/pam-script/pam_script_ses_open | 28 ++++++++++++---------- 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'remote/modules') diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open index 86386267..9cbca8f5 100755 --- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open +++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open @@ -3,19 +3,23 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" echo "[$PAM_TYPE] Opening session for $PAM_USER" -echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" -# generate keytab -sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab -chmod 600 /etc/krb5.keytab +if [ $(id -g $PAM_USER) -ge 1001 ]; then + echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" -# determine fileserver and share for home directories -ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab + chmod 600 /etc/krb5.keytab -FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) -VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" + + FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) + + # now we can mount the home directory + mkdir -p /home/$PAM_USER + mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" \ + || echo "[$PAM_TYPE] Failed to mount home directory for $PAM_USER" +fi -# now we can mount the home directory -mkdir -p /home/$PAM_USER -mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" \ - || echo "[$PAM_TYPE] Failed to mount home directory for $PAM_USER" -- cgit v1.2.3-55-g7522 From 5123659165b273ba778623c5c9489adbfd70c7dc Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Thu, 20 Jun 2013 15:14:15 +0200 Subject: [pam] only umount if guid = 1001 (student) --- remote/modules/pam/data/etc/pam-script/pam_script_ses_close | 2 +- remote/modules/pam/data/etc/pam-script/pam_script_ses_open | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'remote/modules') diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close index 48e778e2..b5fa5ba7 100755 --- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close +++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close @@ -2,4 +2,4 @@ echo "[$PAM_TYPE] Closing session for $PAM_USER" -umount /home/$PAM_USER +[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open index 9cbca8f5..4acc74cc 100755 --- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open +++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open @@ -4,7 +4,7 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o echo "[$PAM_TYPE] Opening session for $PAM_USER" -if [ $(id -g $PAM_USER) -ge 1001 ]; then +if [ $(id -g $PAM_USER) -eq 1001 ]; then echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" # generate keytab -- cgit v1.2.3-55-g7522