A few more tweaks and corrections to adduser.local, deluser.local and user-init.

author: Jonas Smedegaard <dr@jones.dk> 2002-02-25 04:29:11 +0000
committer: Jonas Smedegaard <dr@jones.dk> 2002-02-25 04:29:11 +0000
commit: d1b62e048b3a390a5565bdd2ecaaf15d8e46d660 (patch)
tree: 95576537a364d30e3f6ed8fd2be4f6d878501e44
parent: d9343ef8fa935e8e10f6b275219343bdf793e3df (diff)
3 files changed, 219 insertions, 151 deletions
diff --git a/adduser.local b/adduser.local
index e946bf5..129ae5b 100755
--- a/adduser.local
+++ b/adduser.local
@@ -7,15 +7,12 @@ NEWUID=$2
 NEWGID=$3
 NEWHOMEDIR=$4
 
-[ "x$NEWHOMEDIR" = "x/home/$NEWUSERNAME" ] || exit 0
+. /etc/adduser.conf
 
-#su $1 -c 'echo "$realuser\@$host">~/.forward'
+# Ignore non-human accounts silently
+[ "$NEWUID" -ge "$FIRST_UID" -a "$NEWUID" -le "$LAST_UID" ] || exit 0
 
-addgroup $NEWUSERNAME users
-
-if [ -x /usr/local/sbin/user-init ]; then
-	/usr/local/sbin/user-init $NEWUSERNAME
-fi
+[ -f /etc/local/users.conf ] && . /etc/local/users.conf
 
 # Samba password
 #FIXME: Check if enabled in samba.conf (or included files!)
@@ -33,7 +30,7 @@ if [ -x /usr/local/sbin/userforward ]; then
 		read mail_address
 		case $mail_address in
 		    ?*@?*.*)
-			/usr/local/sbin/userforward $1 $mailforward
+			/usr/local/sbin/userforward $NEWUSERNAME $mailforward
 			;;
 		    ?*)
 			echo "That wasn't a proper email address - skipping..."
@@ -44,6 +41,7 @@ if [ -x /usr/local/sbin/userforward ]; then
 fi
 
 # Mailing lists
+#FIXME: Be more generic - support other mailinglists than mailman!
 listdir="/var/lib/mailman/lists"
 lists=""
 [ -d $listdir ] && \
@@ -61,33 +59,29 @@ for list in $lists; do
 	fi
 done
 
-#FIXME: Make this ALOT more generic (or move it to /etc/local/adduser.d)!
-if [ -d /home/christof/ftp_christof_ro ]; then
-	echo "This seems to be a dummy/real user environment:"
-	echo "    Real users have read/write access to personal files."
-	echo "    Dummy users have read access to published files."
-	echo -n "Is this a *real* user (y/N)? "
-	read realuser
-	case $realuser in
-	    y|Y)
-		addgroup $NEWUSERNAME realusers
-		;;
-	    *)
-		[ -e /home/christof/ftp_christof_ro/$1 ] \
-			|| mkdir /home/christof/ftp_christof_ro/$1
-		chown christof: /home/christof/ftp_christof_ro/$1
-		chmod u=rw,go=r,a+X /home/christof/ftp_christof_ro/$1
-		if [ -e $4/images ]; then
-			if [ -L $4/images ]; then
-				rm -rf $4/images
-				ln -s /home/christof/ftp_christof_ro/$1 $4/images
-			else
-				echo "Something is wrong - $4/images exists already."
-				echo "This maybe isn't a dummy/real environment after all. Bailing out..."
-			fi
-		else
-			ln -s /home/christof/ftp_christof_ro/$1 $4/images
-		fi
-		;;
-	esac
+if [ -f /etc/local/users.conf ]; then
+	. /etc/local/users.conf
+
+	if [ -n "$USERS_GROUPNAME" ]; then
+		addgroup $NEWUSERNAME $USERS_GROUPNAME
+	fi
+
+	if [ -n "$REALUSERS_GROUPNAME" ]; then
+		echo "This system has both dummy and real users:"
+		echo "    Dummy users have read access to specific files."
+		echo "    Real users have read/write access to personal files."
+		echo -n "Is this a dummy user (Y/n)? "
+		read realuser
+		case $realuser in
+		    y|Y|"")
+			;;
+		    *)
+			addgroup $NEWUSERNAME $REALUSERS_GROUPNAME
+			;;
+		esac
+	fi
+fi
+
+if [ -x /usr/local/sbin/user-init ]; then
+	/usr/local/sbin/user-init $NEWUSERNAME
 fi
diff --git a/deluser.local b/deluser.local
index e037fd1..77c68ec 100755
--- a/deluser.local
+++ b/deluser.local
@@ -5,10 +5,25 @@ OLDUID=$2
 OLDGID=$3
 OLDHOMEDIR=$4
 
+. /etc/adduser.conf
+
+#. /etc/deluser.conf
+# Workaround: default deluser.conf is not sh-compatible (like adduser.conf)
+REMOVE_HOME=`grep REMOVE_HOME /etc/deluser.conf | awk -F= '{print $2}' | head -1 | sed 's/^ //g'`
+
+# Ignore non-human accounts silently
+[ "$OLDUID" -ge "$FIRST_UID" -a "$OLDUID" -le "$LAST_UID" ] || exit 0
+
+[ -f /etc/local/users.conf ] && . /etc/local/users.conf
+
+# Samba password
 if [ -e /etc/samba/smbpasswd -a -x /usr/bin/smbpasswd ]; then
 	/usr/bin/smbpasswd -x $OLDUSERNAME || true
 fi
 
+#TODO: Netatalk password
+
+# Mailinglists
 if [ -x /usr/sbin/remove_members ]; then
 	if [ -d /var/lib/mailman/lists/users ]; then
 		/bin/echo $OLDUSERNAME@`/bin/dnsdomainname` \
@@ -20,25 +35,21 @@ if [ -x /usr/sbin/remove_members ]; then
 	fi
 fi
 
-#FIXME: Make this ALOT more generic!
-if [ -d /home/christof/ftp_christof_ro/$1 -a -n "$1" ]; then
-	echo -n "It seems this was a dummy user. Remove shared files (y/N)? "
-	read remove_files
-	case $remove_files in
-	    y|Y)
-		rm -rf /home/christof/ftp_christof_ro/$1
-		;;
-	esac
+# Check for dummy shared files if enabled in /etc/local/users.conf
+if [ -n "$DUMMYSHAREDDIR" ]; then
+	if [ -d $DUMMYSHAREDDIR/$OLDUSERNAME -a -n "$OLDUSERNAME" ]; then
+		echo -n "It seems this was a dummy user. Remove shared files (y/N)? "
+		read remove_files
+		case $remove_files in
+		    y|Y)
+			rm -rf $DUMMYSHAREDDIR/$OLDUSERNAME
+			;;
+		esac
+	fi
 fi
 
-# It seems deluser doesn't always remove home even if told to do so
-#FIXME: Only ask (or default to yes, or both) if removing is enabling in /etc/deluser.conf
-if [ -d $4 -a -n "$4" ]; then
-	echo -n "Remove old home (y/N)? "
-	read remove_home
-	case $remove_home in
-	    y|Y)
-		rm -rf $4
-		;;
-	esac
+# Workaround: It seems deluser avoids symlinks when told to remove homedir
+if [ "$REMOVE_HOME" -a -d $OLDHOMEDIR ]; then
+	echo "Removing $OLDHOMEDIR..."
+	rm -rf $OLDHOMEDIR
 fi
diff --git a/user-init b/user-init
index 6afb10d..214cbaf 100755
--- a/user-init
+++ b/user-init
@@ -2,6 +2,17 @@
 
 set -e
 
+# reset flags
+apache_reload_needed=""
+runmode="normal"
+mac=".mac"
+pc=".pc"
+xchange=".xchange"
+
+. /etc/adduser.conf || exit 1
+
+[ -f /etc/local/users.conf ] && . /etc/local/users.conf
+
 . /etc/local/volumes || exit 0
 XDIRREAL="$XDIR/users/root"
 
@@ -15,99 +26,90 @@ fi
 if [ $# -gt 0 ]; then
 	USERS=$*
 else
-# TODO: scan /etc/passwd and use `getent passwd postgres | awk -F: '{print $6}' | head -1` or similar
-	USERS=$(ls /home)
+	USERS=`getent passwd | awk -F: '{print $1}'`
 fi
 
-mac=".mac"
-pc=".pc"
-xchange=".xchange"
 [ $NETATALK_HOME ] && mac=$NETATALK_HOME
 [ $SAMBA_HOME ] && pc=$SAMBA_HOME
 [ $XCHANGE_HOME ] && xchange=$XCHANGE_HOME
 
-echo "Creating default folders and setting permissions:"
-for USER in $USERS; do
-	HOME="/home/$USER"
+echo "Setting up additional folders and permissions..."
+for user in $USERS; do
+	if [ -z "`getent passwd $user | awk -F: '{print $6}'`" ]; then
+		echo "User $user doesn't exist. Ignoring..."
+		continue
+	fi
+	uid=`getent passwd $user | awk -F: '{print $3}' | head -1`
+	HOME=`getent passwd $user | awk -F: '{print $6}' | head -1`
+
+	# Ignore non-human accounts silently
+	[ "$uid" -ge "$FIRST_UID" -a "$uid" -le "$LAST_UID" ] || continue
 
-	test -d $HOME || continue
-	test -L $HOME && continue
-#	[ $USER != "lost+found" ] || continue
-	id -u $USER >/dev/null 2>&1 || continue
-#	echo $UID
-#	[ $UID gt 1000 ] || continue
+	[ -d $HOME ] || continue
+#	[ -L $HOME ] && continue
 
-	echo -n $USER
+	echo -n $user
 
 #	if [ -x /etc/local/quota.sh ]; then
-#		/etc/local/quota.sh $USER
+#		/etc/local/quota.sh $user
 #		fi
 	[ $QUOTASOFT ] || QUOTASOFT="0"
 	[ $QUOTAHARD ] || QUOTAHARD="0"
 	for QUOTAHOME in $QUOTAHOMES; do
 		if [ $NEW_QUOTA ]; then
-			setquota $USER $QUOTASOFT $QUOTAHARD 0 0 $QUOTAHOME
+			setquota $user $QUOTASOFT $QUOTAHARD 0 0 $QUOTAHOME
 		else
-			setquota $USER $QUOTAHOME $QUOTASOFT $QUOTAHARD 0 0
+			setquota $user $QUOTAHOME $QUOTASOFT $QUOTAHARD 0 0
 		fi
 	done
 
-#    	groupadd $USER
-#	usermod -g $USER $USER
-#	rm -f $HOME/.profile $HOME/.bashrc $HOME/.bash_history
-#	cp /etc/skel/.bash_profile /etc/skel/.bashrc $HOME/
-	
+	mkdir -p $HOME/mail
+	if [ "$USE_MBOX" ]; then
+		touch $HOME/mail/mbox
+	elif [ -f $HOME/mail/mbox -a ! -s $HOME/mail/mbox ]; then
+		rm -f $HOME/mail/mbox
+	fi
+
 	if [ $NETATALK ]; then
 		mkdir -p $HOME/$mac
 	fi
 	if [ $SAMBA ]; then
 		mkdir -p $HOME/$pc
 	fi
-#	if [ $XCHANGE ]; then
-#		mkdir -p $HOME/$xchange
-#		chown -R $USER: $HOME/$xchange
-#		chmod -R u=rw,go=,g+r,ug+X $HOME/$xchange
-#	fi
+
 	if [ $XCHANGE ]; then
-		[ -d $XDIRREAL/$USER ] || mkdir -p $XDIRREAL/$USER
-		chown -R $USER:users $XDIRREAL/$USER
-		chmod -R g=r,g+X $XDIRREAL/$USER
-		if [ -e "x$HOME/$xchange" ]; then
-			rm -rf $HOME/$xchange
-			ln -dfs $XDIRREAL/$USER $HOME/$xchange
-		fi
+		mkdir -p $XDIRREAL/$user
 	fi
+
 	if [ $PUBLIC ]; then
 		mkdir -p $HOME/public_html
 	fi
 
-	chown $USER: $HOME
+	chown $user: $HOME
 	chmod u=rwX,go=rX $HOME
 
-#	chown -R $USER: $HOME
-#	chmod -R u=rw,g=r,o=,ug+X $HOME
-#	chmod o+rX $HOME
-
-	if [ -f $HOME/.forward ]; then
-		chown $USER: $HOME/.forward
-		chmod 0640 $HOME/.forward
-	fi
-
-	mkdir -p $HOME/mail
-	touch $HOME/mail/mbox
-	chown -R $USER: $HOME/mail
+	# Mail handling
+	chown -R $user: $HOME/mail
 	chmod -R u=rw,go=,u+X $HOME/mail
 	if [ -f $HOME/.mailboxlist ]; then
-		chown $USER: $HOME/.mailboxlist
+		chown $user: $HOME/.mailboxlist
 		chmod 0640 $HOME/.mailboxlist
 	fi
-	if [ -f /var/spool/mail/$USER ]; then
-		chown $USER:mail /var/spool/mail/$USER
-		chmod ug=rw,o= /var/spool/mail/$USER
+	if [ -f $HOME/.forward ]; then
+		chown $user: $HOME/.forward
+		chmod 0640 $HOME/.forward
+	fi
+	if [ -f /var/mail/$user ]; then
+		chown $user:mail /var/mail/$user
+		chmod ug=rw,o= /var/mail/$user
+	elif [ -f /var/spool/mail/$user ]; then
+		chown $user:mail /var/spool/mail/$user
+		chmod ug=rw,o= /var/spool/mail/$user
 	fi
 
+	# Mac dir permissions
 	if [ -d $HOME/$mac ]; then
-		chown -R $USER: $HOME/$mac
+		chown -R $user: $HOME/$mac
 		chmod -R u=rw,g=r,o=,ug+X $HOME/$mac
 		rm -rf $HOME/$mac/Network\ Trash\ Folder
 		mkdir $HOME/$mac/Network\ Trash\ Folder
@@ -115,9 +117,42 @@ for USER in $USERS; do
 		chmod a= $HOME/$mac/Network\ Trash\ Folder
 	fi
 
-	# Access to Mac folders
+	# PC dir permissions
+	if [ -d $HOME/$pc ]; then
+		chown -R $user: $HOME/$pc
+		chmod -R u=rw,g=r,o=,ug+X $HOME/$pc
+	fi
+	
+	# Exchange dir permissions
+	if [ -d $XDIRREAL/$user ]; then
+		chown -R $user:users $XDIRREAL/$user
+		chmod -R g=r,g+X $XDIRREAL/$user
+		if [ -e "x$HOME/$xchange" ]; then
+			if [ -L "x$HOME/$xchange" ]; then
+				ln -sf $XDIRREAL/$user $HOME/$xchange
+			else
+				echo "ERROR: $HOME/$xchange exists already. Leaving it as is..."
+			fi
+		else
+			ln -s $XDIRREAL/$user $HOME/$xchange
+		fi
+	fi
+
+	# Public dir permissions
+	if [ -d $HOME/public_html ]; then
+		chown -R $user: $HOME/public_html
+		chmod -R u+rX,go=r,go+X $HOME/public_html
+		if [ $NETATALK ]; then
+			rm -rf $HOME/public_html/Network\ Trash\ Folder
+			mkdir $HOME/public_html/Network\ Trash\ Folder
+			chown nobody: $HOME/public_html/Network\ Trash\ Folder
+			chmod a= $HOME/public_html/Network\ Trash\ Folder
+		fi
+	fi
+
+	# Mac shares permissions
 	for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/mac_$USER$"`; do
-		chgrp -R $USER $dir
+		chgrp -R $user $dir
 		chmod -R u=rw,g=rw,o=,ug+X,g+s $dir
 		rm -rf $dir/Network\ Trash\ Folder
 		mkdir $dir/Network\ Trash\ Folder
@@ -125,7 +160,7 @@ for USER in $USERS; do
 		chmod a= $dir/Network\ Trash\ Folder
 	done
 	for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/mac_${USER}_ro$"`; do
-		chown -R $USER: $dir
+		chown -R $user: $dir
 		chmod -R u=rw,g=r,o=,ug+X $dir
 		rm -rf $dir/Network\ Trash\ Folder
 		mkdir $dir/Network\ Trash\ Folder
@@ -133,9 +168,9 @@ for USER in $USERS; do
 		chmod a= $dir/Network\ Trash\ Folder
 	done
 
-	# Access to ftp folders
+	# Ftp shares permissions
 	for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_$USER$"`; do
-		chgrp -R $USER $dir
+		chgrp -R $user $dir
 		chmod -R ug=rw,o=r,a+X,g+s $dir
 		rm -rf $dir/Network\ Trash\ Folder
 		mkdir $dir/Network\ Trash\ Folder
@@ -143,7 +178,7 @@ for USER in $USERS; do
 		chmod a= $dir/Network\ Trash\ Folder
 	done
 	for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_${USER}_ro$"`; do
-		chown -R $USER: $dir
+		chown -R $user: $dir
 		chmod -R u=rw,go=r,a+X $dir
 		rm -rf $dir/Network\ Trash\ Folder
 		mkdir $dir/Network\ Trash\ Folder
@@ -151,56 +186,84 @@ for USER in $USERS; do
 		chmod a= $dir/Network\ Trash\ Folder
 	done
 
-	# Access to web folders
+	# Web shares permissions
 	for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/web_"`; do
-		chown -R $USER: $dir
+		chown -R $user: $dir
 #		chmod -R u=rw,go=r,a+X $webdir
 #TODO: Only cgi scripts (.cgi and .pl) should be executable
 		chmod -R u+rw,go+r,a+X $dir
-		rm -rf $dir/Network\ Trash\ Folder
-		mkdir $dir/Network\ Trash\ Folder
-		chown nobody: $dir/Network\ Trash\ Folder
-		chmod a= $dir/Network\ Trash\ Folder
+		if [ $NETATALK ]; then
+			rm -rf $dir/Network\ Trash\ Folder
+			mkdir $dir/Network\ Trash\ Folder
+			chown nobody: $dir/Network\ Trash\ Folder
+			chmod a= $dir/Network\ Trash\ Folder
+		fi
 	done
 	
-	if [ -d $HOME/$pc ]; then
-		chown -R $USER: $HOME/$pc
-		chmod -R u=rw,g=r,o=,ug+X $HOME/$pc
-	fi
-	
-#	if test -d $HOME/$xchange; then
-#		chown -R $USER:users $HOME/$xchange
-#		chmod -R g=r,g+X $HOME/$xchange
-#		if test "x$XCHANGEDIR" != "x"; then
-#			rm -rf $XCHANGEDIR/$USER
-#			ln -dfs $HOME/$xchange $XCHANGEDIR/$USER
-#		fi
-#	fi
-
-	if [ -d $HOME/public_html ]; then
-		chown -R $USER: $HOME/public_html
-		chmod -R u+rX,go=r,go+X $HOME/public_html
-		if [ $NETATALK ]; then
-			if [ -d "$HOME/public_html/Network\ Trash\ Folder" ]; then
-				rm -rf $HOME/public_html/Network\ Trash\ Folder
-				mkdir $HOME/public_html/Network\ Trash\ Folder
-				chown nobody: $HOME/public_html/Network\ Trash\ Folder
-				chmod a= $HOME/public_html/Network\ Trash\ Folder
+	# Dummy user restrictions
+	if [ -n "$DUMMYSHAREDIR" -a -n "$DUMMYSHAREOWNER" -a -n "$DUMMYSHARENAME" ]; then
+		[ -e $DUMMYSHAREDIR/$user ] \
+			|| mkdir $DUMMYSHAREDIR/$user
+		chown $DUMMYSHAREOWNER: $DUMMYSHAREDIR/$user
+		chmod u=rw,go=r,a+X $DUMMYSHAREDIR/$user
+		if [ -e $HOME/$DUMMYSHARENAME ]; then
+			if [ -L $HOME/$DUMMYSHARENAME ]; then
+				ln -sf $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME
+				chown $user: $HOME/$DUMMYSHARENAME
+			else
+				echo "ERROR: $HOME/$DUMMYSHAREDIR exists already. Leaving it as is..."
+			fi
+		else
+			ln -s $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME
+			chown $user: $HOME/$DUMMYSHARENAME
+		fi
+		if [ -n "$DUMMYAPACHECFG" -a -n "$DUMMYAPACHESHAREDIR" ]; then
+			if [ -f /etc/apache/include.d/$DUMMYAPACHECFG -a -x /etc/init.d/apache ]; then
+				if [ -e /etc/apache/include.d/$DUMMYAPACHECFG-$user ]; then
+					echo "/etc/apache/include.d/$DUMMYAPACHECFG-$user exists already. Ignoring..."
+				else
+					echo "# Created automatically by adduser.local
+<Location /$DUMMYAPACHESHAREDIR/$user>
+	<Limit GET POST>
+		require user $user
+	</Limit>
+</Location>" \
+						> /etc/apache/include.d/$DUMMYAPACHECFG-$user
+					apache_reload_needed="1"
+				fi
 			fi
 		fi
 	fi
 
-## Needs more work (not all websites are equally handled)	
-#	for dir in $(cd $HOME && find -maxdepth 1 -type d -name 'web_*' -exec sh -c 'cd {} && basename `pwd`' \;); do
-#		chown -R $USER: $HOME/$dir
-#		chmod -R u+rX,go=r,go+X $HOME/$dir
-#	done
-
 	echo "."
 done
 
 if [ $XCHANGE ]; then
 	for USER in $(ls $XDIRREAL); do
-		id $USER >/dev/null 2>&1 || rm -rf $XDIRREAL/$USER
+		id $user >/dev/null 2>&1 || rm -rf $XDIRREAL/$user
 	done
 fi
+
+if [ "$apache_reload_needed" ]; then
+	apache_do_reload=""
+	case runmode in
+	    interactive)
+		echo -n "Apache config changed. Reload Apache now (Y/n)? "
+		read apache_reload
+		case $apache_reload in
+		    y|Y|"")
+			apache_do_reload="1"
+			;;
+		esac
+		;;
+	    force)
+		apache_do_reload="1"
+		;;
+	    *)
+		echo "Apache config has changed. Remember to reload Apache...!"
+		;;
+	esac
+	if "$apache_do_reload" ]; then
+		/etc/init.d/apache force-reload
+	fi
+fi
author	Jonas Smedegaard <dr@jones.dk>	2002-02-25 04:29:11 +0000
committer	Jonas Smedegaard <dr@jones.dk>	2002-02-25 04:29:11 +0000
commit	d1b62e048b3a390a5565bdd2ecaaf15d8e46d660 (patch)
tree	95576537a364d30e3f6ed8fd2be4f6d878501e44
parent	d9343ef8fa935e8e10f6b275219343bdf793e3df (diff)