deflogin: refactoring and fixup
There have been several problems with this feature: - a typo; - non-existant GROUPS (even a single one) would block setting all of the supplementary groups but separately-set 'wheel'; - this feature isn't used much actually so sees no battle testing. The typo has been just fixed; GROUPS are now applied by iteration which is less effective but more reliable; an additional script hook to write down login invitation for the first passwordless account (if any) has been implemented; and several more group managing targets have been added (based on live feature's script).
This commit is contained in:
parent
0650f6d42d
commit
54609e4785
@ -11,19 +11,31 @@ use/deflogin:
|
||||
# USERS variable chunk format is "login:passwd:admin:sudo"
|
||||
# GROUPS are just stashed there to include USERS logins created
|
||||
|
||||
# livecd: root and altlinux users with no password at all
|
||||
use/deflogin/empty: use/deflogin use/deflogin/altlinux
|
||||
# basic livecd: root and altlinux users with no password at all
|
||||
use/deflogin/empty: use/deflogin
|
||||
@$(call set,ROOTPW_EMPTY,1)
|
||||
@$(call add,USERS,altlinux::1:1)
|
||||
|
||||
# mostly used to allow access to videocard and desktop related hardware
|
||||
use/deflogin/xgrp: use/deflogin
|
||||
@$(call add,GROUPS,xgrp)
|
||||
|
||||
# appliances: "root:altlinux"; "altlinux:root" in "xgrp" group
|
||||
use/deflogin/altlinuxroot: use/deflogin/xgrp
|
||||
@$(call try,ROOTPW,altlinux)
|
||||
@$(call add,USERS,altlinux:root:1:1)
|
||||
# real thing: some control added
|
||||
use/deflogin/desktop: use/deflogin/empty \
|
||||
use/deflogin/hardware use/deflogin/xgrp use/deflogin/privileges; @:
|
||||
|
||||
# could also be passed on the commandline
|
||||
use/deflogin/root: use/deflogin
|
||||
@$(call try,ROOTPW,altlinux)
|
||||
|
||||
# appliances: "root:altlinux"; "altlinux:root" in "xgrp" group
|
||||
use/deflogin/altlinuxroot: use/deflogin/root use/deflogin/xgrp
|
||||
@$(call add,USERS,altlinux:root:1:1)
|
||||
|
||||
# peripherals
|
||||
use/deflogin/hardware: use/deflogin
|
||||
@$(call add,GROUPS,cdwriter radio scanner)
|
||||
|
||||
# videocard and desktop related hardware
|
||||
use/deflogin/xgrp: use/deflogin
|
||||
@$(call add,GROUPS,xgrp audio)
|
||||
|
||||
# potentially elevated privileges (NB: _not_ wheel)
|
||||
use/deflogin/privileges: use/deflogin
|
||||
@$(call add,GROUPS,fuse netadmin proc users)
|
||||
|
20
features.in/deflogin/rootfs/image-scripts.d/50-issue
Executable file
20
features.in/deflogin/rootfs/image-scripts.d/50-issue
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
# issue welcome message if there's a guest user
|
||||
# (the first one configured with empty password)
|
||||
|
||||
[ -n "$GLOBAL_USERS" ] || exit 1
|
||||
|
||||
guest=
|
||||
for u in $GLOBAL_USERS; do
|
||||
login="${u%%:*}"
|
||||
[ -n "$login" ] || continue
|
||||
rest="${u#*:}"
|
||||
pass="${rest%%:*}"
|
||||
[ -z "$pass" ] || continue
|
||||
guest="$login"
|
||||
break
|
||||
done
|
||||
|
||||
[ -n "$guest" ] || exit 0
|
||||
|
||||
echo "Hello friend, say \`$guest' to log in at \\l" >> /etc/issue
|
@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
# add regular user(s) assigning passwords and attributes of power
|
||||
|
||||
# NB: care that the utilities exist; shadow-utils is warranted
|
||||
@ -6,8 +6,10 @@
|
||||
add_user() {
|
||||
useradd -m "$1" &&
|
||||
usermod -p "" "$1" &&
|
||||
if [ -n "$GLOBAL_GROUPS" ]; then
|
||||
usermod -a --groups "${GLOBAL_GROUPS// /,}" "$1" # bashism
|
||||
if [ -n "$GLOBAL_GROUPS" ]; then # some of them might be missing
|
||||
for group in $GLOBAL_GROUPS; do
|
||||
usermod -a --groups "$group" "$1" ||:
|
||||
done
|
||||
fi ||
|
||||
echo "*** failed to add user '$1'"
|
||||
}
|
||||
@ -21,7 +23,7 @@ set_sudo() {
|
||||
echo "$1 ALL=(ALL) ALL" >> "/etc/sudoers"
|
||||
}
|
||||
|
||||
# chpasswd is inteded for batch use but that would be less comprehensible
|
||||
# chpasswd is intended for batch use but that would be less comprehensible
|
||||
[ -z "$GLOBAL_USERS" ] ||
|
||||
echo "$GLOBAL_USERS" \
|
||||
| tr ' ' '\n' \
|
||||
|
Loading…
Reference in New Issue
Block a user