New script localuserconfig to contain user-editable parts of adduser.local and user-init. Currently contains only new code to set .winpassword for access to remote SMB share.

1 files changed, 492 insertions, 0 deletions

diff --git a/localuserconfig b/localuserconfig
new file mode 100755
index 0000000..3a3f969
--- /dev/null
+++ b/localuserconfig
@@ -0,0 +1,492 @@
+#!/bin/sh
+#
+# /usr/local/bin/localuserconfig
+# Copyright 2004 Jonas Smedegaard <dr@jones.dk>
+#
+# $Id: localuserconfig,v 1.1 2004-04-15 22:30:04 jonas Exp $
+#
+# Set/change local account settings
+#
+# TODO: Use the following syntax to add info to .smbpasswd
+#   grep -q SomeOption ~/file || echo "line with SomeOption and such" >> ~/file
+#
+# TODO: Move relevant stuff from user-init and make it use this instead
+# TODO: Use getopt, and implement --help
+# TODO: Implement runmodes noninteractive and force (in addition to the default: interactive)
+# TODO: Runmode noninteractive by default if no tty attached
+# TODO: Implement verbosity levels (0=quiet 1=oneliner 2=default 3=chatty 4=debug)
+
+set -e
+
+# config (edit /etc/local/users.conf to override)
+
+# which are user accounts (adduser values are used if empty)
+first_uid=""
+last_uid=""
+
+do_quota="no"    # Manage disk quota
+do_distrib="no"  # Distributed shares (software archive)
+do_personal="no" # Personal shares (mac, pc, public_html)
+do_xchange="no"  # Group-readable shares
+do_public="no"   # Public share (web homepage)
+do_mac="no"      # AppleShare-optimized share (netatalk)
+do_pc="no"       # SMB-ptimized share (Samba)
+do_server="no"   # Personal share on remote SMB server
+
+quota_roots="" # space-delimited list of disk devices
+quota_soft="100000"
+quota_hard="1000000"
+quota_newstyle="yes" # Woody used a different syntax...
+
+xchange_root="xchange"
+xchange_sharedroot="/home/XCHANGE"
+
+mac_root="mac"
+
+pc_root="pc"
+
+server_name="SERVER" # SMB name of remote server 
+server_desc="remote server" 
+server_root="server"
+server_conf="/etc/security/pam_mount.conf"
+server_userconf=".winpassword"
+
+### No servicable parts below this line! ###
+
+if [ -e /etc/adduser.conf ]; then
+	. /etc/adduser.conf
+else
+	echo "/etc/adduser.conf missing. Exiting..."
+	exit 1
+fi
+
+[ -r /etc/local/users.conf ] && . /etc/local/users.conf
+
+# Flags used internally
+root_required="no"
+runmode="interactive"
+
+user="`id -u -n`"
+uid="`id -u`"
+HOME="`getent passwd \"$user\" | awk -F: '{print $6}' | head -1`"
+#TODO: Allow root to pass the above as options
+
+# Safety checks (disable silently - the user can't correct it anyway)
+
+[ "$do_mac" = "yes" -a -n "$mac_root" ] || do_mac="no"
+[ "$do_pc" = "yes" -a -n "$pc_root" ] || do_pc="no"
+[ "$do_xchange" = "yes" -a -n "$xchange_root" ] || do_xchange="no"
+[ "$do_server" = "yes" -a -n "$server_root" ] || do_server="no"
+#TODO: do a loop instead for the above
+
+# only do user accounts (checked against /etc/adduser.conf values)
+[ -n "$first_uid" ] || first_uid="$FIRST_UID"
+[ -n "$last_uid" ] || last_uid="$LAST_UID"
+[ "$uid" -ge "$FIRST_UID" -a "$uid" -le "$LAST_UID" ] || exit 0
+#TODO: check if above is numeric
+#TODO: Always use adduser values as strict outer limits
+
+if [ -z "$HOME" ]; then
+	echo "Error: Unable to resolve home of user $user!"
+	exit 1
+fi
+if [ ! -d "$HOME" ]; then
+	echo "Error: Home of user $user doesn't exist: \"$HOME\"!"
+	exit 1
+fi
+
+if [ "$do_server" = "yes" ]; then
+	server_edit="1"
+	server_username=$user
+	if [ -r "$HOME/$server_userconf" ]; then
+		server_username="$(grep '^username' $HOME/$server_userconf | awk -F= '{print $2}' | head -1 | awk '{print $1}')"
+		server_password="$(grep '^password' $HOME/$server_userconf | awk -F= '{print $2}' | head -1 | awk '{print $1}')"
+	fi
+	if [ -n "$server_username" -o -n "$server_password" ]; then
+		server_edit=""
+		echo -n "Account info for $server_desc already exists. Edit (Y/n)? "
+		read server_overwrite
+		case $server_overwrite in
+		    y|Y|"")
+			server_edit="1"
+			;;
+		esac
+	fi
+	if [ "$server_edit" = "1" ]; then
+		if [ -n "$server_username" ]; then
+			echo -n "Username on $server_desc ($server_username): "
+		else
+			echo -n "Username on $server_desc: "
+		fi
+		read server_username_new
+		if [ -n "$server_username_new" ]; then
+			server_username="$server_username_new"
+		fi
+		echo -n "Password on $server_desc: "
+		read -s server_password
+		echo
+		echo -n "Password once more: "
+		read -s server_password_again
+		echo
+		if [ -n "$server_username" -a "$server_password" = "$server_password_again" ]; then
+			echo "username = $server_username" > $HOME/$server_userconf
+			echo "password = $server_password" >> $HOME/$server_userconf
+		else
+			echo "Setting server login info failed: problem getting either username or password"
+		fi
+	fi
+	if grep -v -q "^volume $user " "$server_conf"; then
+		root_required="yes"
+	fi
+fi
+
+if [ "$root_required" = "yes" ]; then
+	echo "Note: Some of the current setup requires action by systems administrator"
+#TODO: send email to root, unless invoked by root
+#TODO: Collect actual items needing attention, to print and include in email
+fi
+
+exit 0
+#FIXME: The remaining is to be implemented (lifted from user-init)
+
+#if [ -x /etc/local/quota.sh ]; then
+#	/etc/local/quota.sh $user
+#	fi
+[ $quota_soft ] || quota_soft="0"
+[ $quota_hard ] || quota_hard="0"
+for quota_root in $quota_roots; do
+	if [ $quota_newstyle ]; then
+		setquota $user $quota_soft $quota_hard 0 0 $quota_root
+	else
+		setquota $user $quota_root $quota_soft $quota_hard 0 0
+	fi
+done
+
+mkdir -p $HOME/mail
+if [ "$USE_MBOX" ]; then
+	touch $HOME/mail/mbox
+elif [ -f $HOME/mail/mbox -a ! -s $HOME/mail/mbox ]; then
+	rm -f $HOME/mail/mbox
+fi
+
+if [ $NETATALK ]; then
+	mkdir -p $HOME/$mac_root
+fi
+if [ $SAMBA ]; then
+	mkdir -p $HOME/$pc_root
+fi
+
+if [ $XCHANGE ]; then
+	mkdir -p $xchange_sharedroot/users/root/$user
+fi
+
+if [ $PUBLIC ]; then
+	mkdir -p $HOME/public_html
+fi
+
+chown $user: $HOME
+chmod u=rwX,go=rX $HOME
+
+# Mail handling
+chown -R $user: $HOME/mail
+chmod -R u=rw,go=,u+X $HOME/mail
+if [ -f $HOME/.mailboxlist ]; then
+	chown $user: $HOME/.mailboxlist
+	chmod 0640 $HOME/.mailboxlist
+fi
+if [ -f $HOME/.forward ]; then
+	chown $user: $HOME/.forward
+	chmod 0640 $HOME/.forward
+fi
+if [ -f /var/mail/$user ]; then
+	chown $user:mail /var/mail/$user
+	chmod ug=rw,o= /var/mail/$user
+elif [ -f /var/spool/mail/$user ]; then
+	chown $user:mail /var/spool/mail/$user
+	chmod ug=rw,o= /var/spool/mail/$user
+fi
+
+# MySQL handling
+if [ -f $HOME/.my.cnf ]; then
+	chown $user: $HOME/.my.cnf
+	chmod 0600 $HOME/.my.cnf
+fi
+
+# Mac dir permissions
+if [ -d $HOME/$mac_root ]; then
+	chown -R $user: $HOME/$mac_root
+	chmod -R u=rw,g=r,o=,ug+X $HOME/$mac_root
+	rm -rf $HOME/$mac_root/Network\ Trash\ Folder
+	mkdir $HOME/$mac_root/Network\ Trash\ Folder
+	chown nobody: $HOME/$mac_root/Network\ Trash\ Folder
+	chmod a= $HOME/$mac_root/Network\ Trash\ Folder
+fi
+
+# PC dir permissions
+if [ -d $HOME/$pc_root ]; then
+	chown -R $user: $HOME/$pc_root
+	chmod -R u=rw,g=r,o=,ug+X $HOME/$pc_root
+fi
+	
+# Exchange dir permissions
+if [ -d $xchange_sharedroot/users/root/$user ]; then
+	chown -R $user:users $xchange_sharedroot/users/root/$user
+	chmod -R g=r,g+X $xchange_sharedroot/users/root/$user
+	if [ -e "x$HOME/$xchange_root" ]; then
+		if [ -L "x$HOME/$xchange_root" ]; then
+			ln -sf $xchange_sharedroot/users/root/$user $HOME/$xchange_root
+		else
+			echo "ERROR: $HOME/$xchange_root exists already. Leaving it as is..."
+		fi
+	else
+		ln -s $xchange_sharedroot/users/root/$user $HOME/$xchange_root
+	fi
+fi
+
+# Public dir permissions
+if [ -d $HOME/public_html ]; then
+	chown -R $user: $HOME/public_html
+	chmod -R u+rX,go=r,go+X $HOME/public_html
+	if [ $NETATALK ]; then
+		rm -rf $HOME/public_html/Network\ Trash\ Folder
+		mkdir $HOME/public_html/Network\ Trash\ Folder
+		chown nobody: $HOME/public_html/Network\ Trash\ Folder
+		chmod a= $HOME/public_html/Network\ Trash\ Folder
+	fi
+fi
+
+# Fileshares: <home>/shares.<sharetype>/<rogroup>/<rwgroup>/<sharename>
+#   <sharetype>: Either mac or win depending on which of netatalk and samba provides r/w access to the shares
+#   <rwgroup>:   Group with write access to the share (usually the default group of the owner)
+#   <rogroup>:   Either rwgroup or secondary group with read-only access to the share
+#   owner must be member of both groups, and rwgroup members must also be members of rogroup
+find "$HOME" -mindepth 1 -maxdepth 1 -type d -print | egrep "^$HOME/shares\." | (while read thisdir; do
+	sharetype="`basename \"$thisdir\" | awk -F. '{print $2}'`"
+	# Define dir and file exceptions
+	case "$sharetype" in
+	    mac)
+		dirs_world_rw_create='.AppleDB'
+		dirs_group_rw_create='.AppleDesktop/Temporary Items/TheFindByContentFolder'
+		dirs_group_ro_create='TheVolumeSettingsFolder'
+		dirs_group_ro_update='.AppleDouble'
+		files_group_ro_update=':2eDS_Store'
+		dirs_no_access_purge='Network Trash Folder'
+		;;
+	    win)
+		;;
+	    *)
+		continue
+		;;
+	esac
+	exceptions="$dirs_world_rw_create/$dirs_group_rw_create/$dirs_group_ro_create/$dirs_group_ro_update/$files_group_ro_update/$dirs_no_access_purge"
+	exception_dirs_create="$dirs_world_rw_create/$dirs_group_rw_create/$dirs_group_ro_create"
+	chown "$user": "$thisdir"
+	chmod a=rX "$thisdir"
+	find "$thisdir" -mindepth 1 -maxdepth 1 -type d -print | (while read thisdir; do
+		rogroup="`basename \"$thisdir\"`"
+		chown "$user":"$rogroup" "$thisdir"
+		chmod ug=rX,o= "$thisdir"
+		find "$thisdir" -mindepth 1 -maxdepth 1 -type d -print | (while read thisdir; do
+			rwgroup="`basename \"$thisdir\"`"
+			chown "$user":"$rwgroup" "$thisdir"
+			chmod a=rX,g+s "$thisdir"
+			find "$thisdir" -mindepth 1 -maxdepth 1 -type d -print | (while read thisdir; do
+				sharename="`basename \"$thisdir\"`"
+				chown "$user":"$rwgroup" "$thisdir"
+				chmod u=rw,go=r,a+X,g+s "$thisdir"
+				ifs="$IFS"
+				# Set default permissions
+				find "$thisdir" -mindepth 1 -maxdepth 1 -print | (while read thisdir; do
+					item="`basename \"$thisdir\"`"
+					IFS="/"; for exception in $exceptions; do IFS="$ifs";
+						if [ "$item" = "$exception" ]; then
+							continue 2
+						fi
+					done
+					chgrp -R "$rwgroup" "$thisdir"
+					chmod -R ug=rw,o=r,a+X,g+s "$thisdir"
+				done)
+				# Handle exception dirs to be created if not existing
+				IFS="/"; for dir in $exception_dirs_create; do IFS="$ifs";
+					if [ ! -d "$thisdir/$dir" ]; then
+						rm -f "$thisdir/$dir"
+					fi
+					if [ ! -e "$thisdir/$dir" ]; then
+						mkdir "$thisdir/$dir"
+					fi
+					chown "$user":"$rwgroup" "$thisdir/$dir"
+				done
+				IFS="/"; for dir in $dirs_world_rw_create; do IFS="$ifs";
+					if [ "$rogroup" = "$rwgroup" ]; then
+						chmod -R ug=rw,o=r,a+X,g+s "$thisdir/$dir"
+					else
+						chmod -R a=rw,a+X,g+s "$thisdir/$dir"
+					fi
+				done
+				IFS="/"; for dir in $dirs_group_rw_create; do IFS="$ifs";
+					chmod -R ug=rw,o=r,a+X,g+s "$thisdir/$dir"
+				done
+				IFS="/"; for dir in $dirs_group_ro_create; do IFS="$ifs";
+					chmod -R u=rw,go=r,a+X,g+s "$thisdir/$dir"
+				done
+				# Handle exception dirs to be updated if already there
+				IFS="/"; for dir in $dirs_group_ro_update; do IFS="$ifs";
+					if [ -e "$thisdir/$dir" ]; then
+						chmod u=rw,go=r,a+X,g+s "$thisdir/$dir"
+					fi
+				done
+				# Handle exception files to be updated if already there
+				IFS="/"; for file in $files_group_ro_update; do IFS="$ifs";
+					if [ -e "$thisdir/$file" ]; then
+						chmod u=rw,go=r,g+s "$thisdir/$file"
+					fi
+				done
+				# Handle exception dirs to be purged and recreated
+				IFS="/"; for dir in $dirs_no_access_purge; do IFS="$ifs";
+					rm -rf "$thisdir/$dir"
+					mkdir -m a= "$thisdir/$dir"
+					chown nobody: "$thisdir/$dir"
+				done
+				IFS="$ifs"
+			done)
+		done)
+	done)
+done)
+
+# Deprecated share permissions
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_win"`; do
+	chgrp -R $user $dir
+	chmod -R u=rw,g=rw,o=,ug+X,g+s $dir
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/shares_mac"`; do
+	chgrp -R $user $dir
+	chmod -R u=rw,g=rw,o=,ug+X,g+s $dir
+	rm -rf $dir/Network\ Trash\ Folder
+	mkdir $dir/Network\ Trash\ Folder
+	chown nobody: $dir/Network\ Trash\ Folder
+	chmod a= $dir/Network\ Trash\ Folder
+done
+
+# Ftp shares permissions
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_$USER$"`; do
+	chgrp -R $user $dir
+	chmod -R ug=rw,o=r,a+X,g+s $dir
+	rm -rf $dir/Network\ Trash\ Folder
+	mkdir $dir/Network\ Trash\ Folder
+	chown nobody: $dir/Network\ Trash\ Folder
+	chmod a= $dir/Network\ Trash\ Folder
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_${USER}_ro$"`; do
+	chown -R $user: $dir
+	chmod -R u=rw,go=r,a+X $dir
+	rm -rf $dir/Network\ Trash\ Folder
+	mkdir $dir/Network\ Trash\ Folder
+	chown nobody: $dir/Network\ Trash\ Folder
+	chmod a= $dir/Network\ Trash\ Folder
+done
+
+# Web shares permissions
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/web_"`; do
+	chown -R $user: $dir
+#	chmod -R u=rw,go=r,a+X $webdir
+#TODO: Only cgi scripts (.cgi and .pl) should be executable
+	chmod -R u+rw,go+r,a+X $dir
+	# leftover from ancient times with another policy
+	if [ $NETATALK ]; then
+		rm -rf $dir/Network\ Trash\ Folder
+	fi
+done
+	
+# Web shares permissions
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/websites"`; do
+	chown root: $dir
+	chmod a=r,u+w,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/websites/"`; do
+	chown -R $user: $dir
+#	chmod -R u=rw,go=r,a+X $webdir
+#TODO: Only cgi scripts (.cgi and .pl) should be executable
+	chmod -R u+rw,go+r,a+X $dir
+	# leftover from ancient times with another policy
+	if [ $NETATALK ]; then
+		rm -rf $dir/Network\ Trash\ Folder
+	fi
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webscripts"`; do
+	chown root: $dir
+	chmod a=r,u+w,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webscripts/"`; do
+	chown -R $user: $dir
+#	chmod -R u=rw,go=r,a+X $webdir
+#TODO: Only cgi scripts (.cgi and .pl) should be executable
+	chmod -R u+rw,go+r,a+X $dir
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webdata"`; do
+	chown $user: $dir
+	chmod a=r,u+w,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webdata/"`; do
+	chown -R $user: $dir
+	chmod -R u=rw,go=,u+X $dir
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webshareddata"`; do
+	chown $user: $dir
+	chmod a=r,u+w,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webshareddata/"`; do
+	chown -R $user: $dir
+	chmod -R u=rw,go=r,a+X $dir
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpsites"`; do
+	chown root: $dir
+	chmod u=rw,go=r,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpsites/"`; do
+	chown -R $user:www-data $dir
+#	chmod -R ug=rw,o=r,a+X $dir
+	chmod -R ug=rw,o=,ug+X $dir
+done
+for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/webphpdata"`; do
+	chown root: $dir
+	chmod a=r,u+w,a+X $dir
+done
+for dir in `find $HOME -mindepth 2 -maxdepth 2 -type d | egrep "^$HOME/webphpdata/"`; do
+	chown -R $user:www-data $dir
+	chmod -R ug=rw,o=,ug+X $dir
+done
+	
+# Dummy user restrictions
+if [ -n "$REALUSERS_GROUPNAME" -a -n "$DUMMYSHAREDIR" -a -n "$DUMMYSHAREOWNER" -a -n "$DUMMYSHARENAME" ]; then
+	[ -e $DUMMYSHAREDIR/$user ] \
+		|| mkdir $DUMMYSHAREDIR/$user
+	chown $DUMMYSHAREOWNER: $DUMMYSHAREDIR/$user
+	chmod u=rw,go=r,a+X $DUMMYSHAREDIR/$user
+	if [ -e $HOME/$DUMMYSHARENAME ]; then
+		if [ -L $HOME/$DUMMYSHARENAME ]; then
+			ln -sf $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME
+			chown $user: $HOME/$DUMMYSHARENAME
+		else
+			echo "WARNING: $HOME/$DUMMYSHAREDIR exists already. Leaving it as is..."
+		fi
+	else
+		ln -s $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME
+		chown $user: $HOME/$DUMMYSHARENAME
+	fi
+	if [ -n "$DUMMYAPACHECFG" -a -n "$DUMMYAPACHESHAREDIR" ]; then
+		if [ -f /etc/apache/include.d/$DUMMYAPACHECFG -a -x /etc/init.d/apache ]; then
+			if [ -e /etc/apache/include.d/$DUMMYAPACHECFG-$user ]; then
+				echo "/etc/apache/include.d/$DUMMYAPACHECFG-$user exists already. Ignoring..."
+			else
+				echo "# Created automatically by adduser.local
+<Location /$DUMMYAPACHESHAREDIR/$user>
+	<Limit GET POST>
+		require user $user
+	</Limit>
+</Location>" \
+					> /etc/apache/include.d/$DUMMYAPACHECFG-$user
+				root_required="yes"
+			fi
+		fi
+	fi
+fi