deflogin: refactoring and fixup

There have been several problems with this feature:
- a typo;
- non-existant GROUPS (even a single one) would block setting
  all of the supplementary groups but separately-set 'wheel';
- this feature isn't used much actually so sees no battle testing.

The typo has been just fixed; GROUPS are now applied by iteration
which is less effective but more reliable; an additional script
hook to write down login invitation for the first passwordless
account (if any) has been implemented; and several more group
managing targets have been added (based on live feature's script).
This commit is contained in:
Michael Shigorin 2014-04-12 18:32:40 +04:00
parent 0650f6d42d
commit 54609e4785
3 changed files with 48 additions and 14 deletions

View File

@ -11,19 +11,31 @@ use/deflogin:
# USERS variable chunk format is "login:passwd:admin:sudo"
# GROUPS are just stashed there to include USERS logins created
# livecd: root and altlinux users with no password at all
use/deflogin/empty: use/deflogin use/deflogin/altlinux
# basic livecd: root and altlinux users with no password at all
use/deflogin/empty: use/deflogin
@$(call set,ROOTPW_EMPTY,1)
@$(call add,USERS,altlinux::1:1)
# mostly used to allow access to videocard and desktop related hardware
use/deflogin/xgrp: use/deflogin
@$(call add,GROUPS,xgrp)
# appliances: "root:altlinux"; "altlinux:root" in "xgrp" group
use/deflogin/altlinuxroot: use/deflogin/xgrp
@$(call try,ROOTPW,altlinux)
@$(call add,USERS,altlinux:root:1:1)
# real thing: some control added
use/deflogin/desktop: use/deflogin/empty \
use/deflogin/hardware use/deflogin/xgrp use/deflogin/privileges; @:
# could also be passed on the commandline
use/deflogin/root: use/deflogin
@$(call try,ROOTPW,altlinux)
# appliances: "root:altlinux"; "altlinux:root" in "xgrp" group
use/deflogin/altlinuxroot: use/deflogin/root use/deflogin/xgrp
@$(call add,USERS,altlinux:root:1:1)
# peripherals
use/deflogin/hardware: use/deflogin
@$(call add,GROUPS,cdwriter radio scanner)
# videocard and desktop related hardware
use/deflogin/xgrp: use/deflogin
@$(call add,GROUPS,xgrp audio)
# potentially elevated privileges (NB: _not_ wheel)
use/deflogin/privileges: use/deflogin
@$(call add,GROUPS,fuse netadmin proc users)

View File

@ -0,0 +1,20 @@
#!/bin/sh
# issue welcome message if there's a guest user
# (the first one configured with empty password)
[ -n "$GLOBAL_USERS" ] || exit 1
guest=
for u in $GLOBAL_USERS; do
login="${u%%:*}"
[ -n "$login" ] || continue
rest="${u#*:}"
pass="${rest%%:*}"
[ -z "$pass" ] || continue
guest="$login"
break
done
[ -n "$guest" ] || exit 0
echo "Hello friend, say \`$guest' to log in at \\l" >> /etc/issue

View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
# add regular user(s) assigning passwords and attributes of power
# NB: care that the utilities exist; shadow-utils is warranted
@ -6,8 +6,10 @@
add_user() {
useradd -m "$1" &&
usermod -p "" "$1" &&
if [ -n "$GLOBAL_GROUPS" ]; then
usermod -a --groups "${GLOBAL_GROUPS// /,}" "$1" # bashism
if [ -n "$GLOBAL_GROUPS" ]; then # some of them might be missing
for group in $GLOBAL_GROUPS; do
usermod -a --groups "$group" "$1" ||:
done
fi ||
echo "*** failed to add user '$1'"
}
@ -21,7 +23,7 @@ set_sudo() {
echo "$1 ALL=(ALL) ALL" >> "/etc/sudoers"
}
# chpasswd is inteded for batch use but that would be less comprehensible
# chpasswd is intended for batch use but that would be less comprehensible
[ -z "$GLOBAL_USERS" ] ||
echo "$GLOBAL_USERS" \
| tr ' ' '\n' \