From d1b62e048b3a390a5565bdd2ecaaf15d8e46d660 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Mon, 25 Feb 2002 04:29:11 +0000 Subject: A few more tweaks and corrections to adduser.local, deluser.local and user-init. --- user-init | 253 +++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 158 insertions(+), 95 deletions(-) (limited to 'user-init') diff --git a/user-init b/user-init index 6afb10d..214cbaf 100755 --- a/user-init +++ b/user-init @@ -2,6 +2,17 @@ set -e +# reset flags +apache_reload_needed="" +runmode="normal" +mac=".mac" +pc=".pc" +xchange=".xchange" + +. /etc/adduser.conf || exit 1 + +[ -f /etc/local/users.conf ] && . /etc/local/users.conf + . /etc/local/volumes || exit 0 XDIRREAL="$XDIR/users/root" @@ -15,99 +26,90 @@ fi if [ $# -gt 0 ]; then USERS=$* else -# TODO: scan /etc/passwd and use `getent passwd postgres | awk -F: '{print $6}' | head -1` or similar - USERS=$(ls /home) + USERS=`getent passwd | awk -F: '{print $1}'` fi -mac=".mac" -pc=".pc" -xchange=".xchange" [ $NETATALK_HOME ] && mac=$NETATALK_HOME [ $SAMBA_HOME ] && pc=$SAMBA_HOME [ $XCHANGE_HOME ] && xchange=$XCHANGE_HOME -echo "Creating default folders and setting permissions:" -for USER in $USERS; do - HOME="/home/$USER" +echo "Setting up additional folders and permissions..." +for user in $USERS; do + if [ -z "`getent passwd $user | awk -F: '{print $6}'`" ]; then + echo "User $user doesn't exist. Ignoring..." + continue + fi + uid=`getent passwd $user | awk -F: '{print $3}' | head -1` + HOME=`getent passwd $user | awk -F: '{print $6}' | head -1` + + # Ignore non-human accounts silently + [ "$uid" -ge "$FIRST_UID" -a "$uid" -le "$LAST_UID" ] || continue - test -d $HOME || continue - test -L $HOME && continue -# [ $USER != "lost+found" ] || continue - id -u $USER >/dev/null 2>&1 || continue -# echo $UID -# [ $UID gt 1000 ] || continue + [ -d $HOME ] || continue +# [ -L $HOME ] && continue - echo -n $USER + echo -n $user # if [ -x /etc/local/quota.sh ]; then -# /etc/local/quota.sh $USER +# /etc/local/quota.sh $user # fi [ $QUOTASOFT ] || QUOTASOFT="0" [ $QUOTAHARD ] || QUOTAHARD="0" for QUOTAHOME in $QUOTAHOMES; do if [ $NEW_QUOTA ]; then - setquota $USER $QUOTASOFT $QUOTAHARD 0 0 $QUOTAHOME + setquota $user $QUOTASOFT $QUOTAHARD 0 0 $QUOTAHOME else - setquota $USER $QUOTAHOME $QUOTASOFT $QUOTAHARD 0 0 + setquota $user $QUOTAHOME $QUOTASOFT $QUOTAHARD 0 0 fi done -# groupadd $USER -# usermod -g $USER $USER -# rm -f $HOME/.profile $HOME/.bashrc $HOME/.bash_history -# cp /etc/skel/.bash_profile /etc/skel/.bashrc $HOME/ - + mkdir -p $HOME/mail + if [ "$USE_MBOX" ]; then + touch $HOME/mail/mbox + elif [ -f $HOME/mail/mbox -a ! -s $HOME/mail/mbox ]; then + rm -f $HOME/mail/mbox + fi + if [ $NETATALK ]; then mkdir -p $HOME/$mac fi if [ $SAMBA ]; then mkdir -p $HOME/$pc fi -# if [ $XCHANGE ]; then -# mkdir -p $HOME/$xchange -# chown -R $USER: $HOME/$xchange -# chmod -R u=rw,go=,g+r,ug+X $HOME/$xchange -# fi + if [ $XCHANGE ]; then - [ -d $XDIRREAL/$USER ] || mkdir -p $XDIRREAL/$USER - chown -R $USER:users $XDIRREAL/$USER - chmod -R g=r,g+X $XDIRREAL/$USER - if [ -e "x$HOME/$xchange" ]; then - rm -rf $HOME/$xchange - ln -dfs $XDIRREAL/$USER $HOME/$xchange - fi + mkdir -p $XDIRREAL/$user fi + if [ $PUBLIC ]; then mkdir -p $HOME/public_html fi - chown $USER: $HOME + chown $user: $HOME chmod u=rwX,go=rX $HOME -# chown -R $USER: $HOME -# chmod -R u=rw,g=r,o=,ug+X $HOME -# chmod o+rX $HOME - - if [ -f $HOME/.forward ]; then - chown $USER: $HOME/.forward - chmod 0640 $HOME/.forward - fi - - mkdir -p $HOME/mail - touch $HOME/mail/mbox - chown -R $USER: $HOME/mail + # Mail handling + chown -R $user: $HOME/mail chmod -R u=rw,go=,u+X $HOME/mail if [ -f $HOME/.mailboxlist ]; then - chown $USER: $HOME/.mailboxlist + chown $user: $HOME/.mailboxlist chmod 0640 $HOME/.mailboxlist fi - if [ -f /var/spool/mail/$USER ]; then - chown $USER:mail /var/spool/mail/$USER - chmod ug=rw,o= /var/spool/mail/$USER + if [ -f $HOME/.forward ]; then + chown $user: $HOME/.forward + chmod 0640 $HOME/.forward + fi + if [ -f /var/mail/$user ]; then + chown $user:mail /var/mail/$user + chmod ug=rw,o= /var/mail/$user + elif [ -f /var/spool/mail/$user ]; then + chown $user:mail /var/spool/mail/$user + chmod ug=rw,o= /var/spool/mail/$user fi + # Mac dir permissions if [ -d $HOME/$mac ]; then - chown -R $USER: $HOME/$mac + chown -R $user: $HOME/$mac chmod -R u=rw,g=r,o=,ug+X $HOME/$mac rm -rf $HOME/$mac/Network\ Trash\ Folder mkdir $HOME/$mac/Network\ Trash\ Folder @@ -115,9 +117,42 @@ for USER in $USERS; do chmod a= $HOME/$mac/Network\ Trash\ Folder fi - # Access to Mac folders + # PC dir permissions + if [ -d $HOME/$pc ]; then + chown -R $user: $HOME/$pc + chmod -R u=rw,g=r,o=,ug+X $HOME/$pc + fi + + # Exchange dir permissions + if [ -d $XDIRREAL/$user ]; then + chown -R $user:users $XDIRREAL/$user + chmod -R g=r,g+X $XDIRREAL/$user + if [ -e "x$HOME/$xchange" ]; then + if [ -L "x$HOME/$xchange" ]; then + ln -sf $XDIRREAL/$user $HOME/$xchange + else + echo "ERROR: $HOME/$xchange exists already. Leaving it as is..." + fi + else + ln -s $XDIRREAL/$user $HOME/$xchange + fi + fi + + # Public dir permissions + if [ -d $HOME/public_html ]; then + chown -R $user: $HOME/public_html + chmod -R u+rX,go=r,go+X $HOME/public_html + if [ $NETATALK ]; then + rm -rf $HOME/public_html/Network\ Trash\ Folder + mkdir $HOME/public_html/Network\ Trash\ Folder + chown nobody: $HOME/public_html/Network\ Trash\ Folder + chmod a= $HOME/public_html/Network\ Trash\ Folder + fi + fi + + # Mac shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/mac_$USER$"`; do - chgrp -R $USER $dir + chgrp -R $user $dir chmod -R u=rw,g=rw,o=,ug+X,g+s $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder @@ -125,7 +160,7 @@ for USER in $USERS; do chmod a= $dir/Network\ Trash\ Folder done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/mac_${USER}_ro$"`; do - chown -R $USER: $dir + chown -R $user: $dir chmod -R u=rw,g=r,o=,ug+X $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder @@ -133,9 +168,9 @@ for USER in $USERS; do chmod a= $dir/Network\ Trash\ Folder done - # Access to ftp folders + # Ftp shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_$USER$"`; do - chgrp -R $USER $dir + chgrp -R $user $dir chmod -R ug=rw,o=r,a+X,g+s $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder @@ -143,7 +178,7 @@ for USER in $USERS; do chmod a= $dir/Network\ Trash\ Folder done for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/ftp_${USER}_ro$"`; do - chown -R $USER: $dir + chown -R $user: $dir chmod -R u=rw,go=r,a+X $dir rm -rf $dir/Network\ Trash\ Folder mkdir $dir/Network\ Trash\ Folder @@ -151,56 +186,84 @@ for USER in $USERS; do chmod a= $dir/Network\ Trash\ Folder done - # Access to web folders + # Web shares permissions for dir in `find $HOME -mindepth 1 -maxdepth 1 -type d | egrep "^$HOME/web_"`; do - chown -R $USER: $dir + chown -R $user: $dir # chmod -R u=rw,go=r,a+X $webdir #TODO: Only cgi scripts (.cgi and .pl) should be executable chmod -R u+rw,go+r,a+X $dir - rm -rf $dir/Network\ Trash\ Folder - mkdir $dir/Network\ Trash\ Folder - chown nobody: $dir/Network\ Trash\ Folder - chmod a= $dir/Network\ Trash\ Folder + if [ $NETATALK ]; then + rm -rf $dir/Network\ Trash\ Folder + mkdir $dir/Network\ Trash\ Folder + chown nobody: $dir/Network\ Trash\ Folder + chmod a= $dir/Network\ Trash\ Folder + fi done - if [ -d $HOME/$pc ]; then - chown -R $USER: $HOME/$pc - chmod -R u=rw,g=r,o=,ug+X $HOME/$pc - fi - -# if test -d $HOME/$xchange; then -# chown -R $USER:users $HOME/$xchange -# chmod -R g=r,g+X $HOME/$xchange -# if test "x$XCHANGEDIR" != "x"; then -# rm -rf $XCHANGEDIR/$USER -# ln -dfs $HOME/$xchange $XCHANGEDIR/$USER -# fi -# fi - - if [ -d $HOME/public_html ]; then - chown -R $USER: $HOME/public_html - chmod -R u+rX,go=r,go+X $HOME/public_html - if [ $NETATALK ]; then - if [ -d "$HOME/public_html/Network\ Trash\ Folder" ]; then - rm -rf $HOME/public_html/Network\ Trash\ Folder - mkdir $HOME/public_html/Network\ Trash\ Folder - chown nobody: $HOME/public_html/Network\ Trash\ Folder - chmod a= $HOME/public_html/Network\ Trash\ Folder + # Dummy user restrictions + if [ -n "$DUMMYSHAREDIR" -a -n "$DUMMYSHAREOWNER" -a -n "$DUMMYSHARENAME" ]; then + [ -e $DUMMYSHAREDIR/$user ] \ + || mkdir $DUMMYSHAREDIR/$user + chown $DUMMYSHAREOWNER: $DUMMYSHAREDIR/$user + chmod u=rw,go=r,a+X $DUMMYSHAREDIR/$user + if [ -e $HOME/$DUMMYSHARENAME ]; then + if [ -L $HOME/$DUMMYSHARENAME ]; then + ln -sf $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME + chown $user: $HOME/$DUMMYSHARENAME + else + echo "ERROR: $HOME/$DUMMYSHAREDIR exists already. Leaving it as is..." + fi + else + ln -s $DUMMYSHAREDIR/$user $HOME/$DUMMYSHARENAME + chown $user: $HOME/$DUMMYSHARENAME + fi + if [ -n "$DUMMYAPACHECFG" -a -n "$DUMMYAPACHESHAREDIR" ]; then + if [ -f /etc/apache/include.d/$DUMMYAPACHECFG -a -x /etc/init.d/apache ]; then + if [ -e /etc/apache/include.d/$DUMMYAPACHECFG-$user ]; then + echo "/etc/apache/include.d/$DUMMYAPACHECFG-$user exists already. Ignoring..." + else + echo "# Created automatically by adduser.local + + + require user $user + +" \ + > /etc/apache/include.d/$DUMMYAPACHECFG-$user + apache_reload_needed="1" + fi fi fi fi -## Needs more work (not all websites are equally handled) -# for dir in $(cd $HOME && find -maxdepth 1 -type d -name 'web_*' -exec sh -c 'cd {} && basename `pwd`' \;); do -# chown -R $USER: $HOME/$dir -# chmod -R u+rX,go=r,go+X $HOME/$dir -# done - echo "." done if [ $XCHANGE ]; then for USER in $(ls $XDIRREAL); do - id $USER >/dev/null 2>&1 || rm -rf $XDIRREAL/$USER + id $user >/dev/null 2>&1 || rm -rf $XDIRREAL/$user done fi + +if [ "$apache_reload_needed" ]; then + apache_do_reload="" + case runmode in + interactive) + echo -n "Apache config changed. Reload Apache now (Y/n)? " + read apache_reload + case $apache_reload in + y|Y|"") + apache_do_reload="1" + ;; + esac + ;; + force) + apache_do_reload="1" + ;; + *) + echo "Apache config has changed. Remember to reload Apache...!" + ;; + esac + if "$apache_do_reload" ]; then + /etc/init.d/apache force-reload + fi +fi -- cgit v1.2.3