r985 - trunk

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Tue Aug 30 12:56:00 PDT 2005


Author: tushar
Date: 2005-08-30 13:56:00 -0600 (Tue, 30 Aug 2005)
New Revision: 985

Modified:
   trunk/restoresettingsatlogin.txt
Log:
Updated Hint: restoresettingsatlogin

Modified: trunk/restoresettingsatlogin.txt
===================================================================
--- trunk/restoresettingsatlogin.txt	2005-08-22 04:13:12 UTC (rev 984)
+++ trunk/restoresettingsatlogin.txt	2005-08-30 19:56:00 UTC (rev 985)
@@ -17,7 +17,7 @@
 PREREQUISITES:
 This hint requires that you have sufficient knowledge of LINUX in general, and 
 PAM in particular.
-shadow-4.0.3 or shadow-4.0.11.1 (at this moment the latest). 
+shadow-4.0.3 or shadow-4.0.11.1 or 4.0.12 (at this moment the latest). 
 For the option runas=root to work, you'll need these. 
 Other versions of shadow (4.0.4.1 and 4.0.7) are causing problems. In the 
 code of login of these versions, root privileges are dropped too early 
@@ -55,7 +55,7 @@
 
 
 Get the module pam_script from http://freshmeat.net/projects/pam_script. 
-I'm using version 0.1.2.
+I'm using version 0.1.3.
 
 unpack:
 
@@ -131,11 +131,11 @@
 This option is there already in the shadow package since 2002-10-14, according to the ChangeLog,
 but does not appear in the login.defs, but is important for closing a session when the service is 
 login.
+In the newest shadow package (4.0.12) this option is removed completely: the session is always 
+closed.
 
 
 
-
-
 2.3 Creating the session scripts
 --------------------------------
 
@@ -157,11 +157,11 @@
 
     # There are no other pending sessions for this user
 
-    if [ -d $homedir/.sync4settings ]; then
+    if [ -d /var/lib/sync4settings/login ]; then
 
-	for script in $homedir/.sync4settings/login/*.sh ; do
+	for script in /var/lib/sync4settings/login/*.sh ; do
 	    if [ -x $script ] ; then
-		. $script
+		. $script $userid
 	    fi;
 	done;
 	
@@ -182,16 +182,32 @@
 
 nrusers=$(w -h $userid | wc -l );
 
+syncsettings=0;
 
-if [ $nrusers -eq 1 ]; then
+case "$service" in
+	login)
+		if [ $nrusers -eq 1 ]; then
 
+			syncsettings=1;
+
+		fi;
+	kde)
+		if [ $nrusers -eq 0 ]; then
+
+			syncsettings=1;
+		fi;
+esac;
+
+
+if [ $syncsettings -eq 1 ]; then
+
     # This is the last session for this user
 
-    if [ -d $homedir/.sync4settings ]; then
+    if [ -d /var/lib/sync4settings/logout ]; then
 
-	for script in $homedir/.sync4settings/logout/*.sh ; do
+	for script in /var/lib/sync4settings/logout/*.sh ; do
 	    if [ -x $script ] ; then
-		. $script
+		. $script $userid
 	    fi;
 	done;
 	
@@ -214,9 +230,10 @@
 usable. Anyone knowing a better way to determine how many times a user is logged 
 in, please let me know.
 - the command "w" is used to determine the user is already logged is at login or
-the this is the last session at logout. Note that the number of sessions is zero 
-when logging in: the user is still not logged in. It's one when logging out: 
-until pam hasn't completed everything the current user is still logged in.
+this is the last session at logout. Note that the number of sessions is zero 
+when logging in: the user is still not logged in. 
+It's one when logging out when the service is 'login', zero when service is "kde".
+I can't explain this difference. I'm trying to find this out.
 
 
 
@@ -224,34 +241,81 @@
 ----------------------------------------------------------------------
 
 
-Now as user sbon, in the homedirectory, create the correct directories:
+Create the following directories:
 
-cd ~
-mkdir -p .sync4profile/login
-mkdir -p .sync4profile/logout
+mkdir -p /var/lib/sync4settings/login
+mkdir -p /var/lib/sync4settings/logout
 
-cd .sync4profile/login
+cd /var/lib/sync4settings/login
 
 cat >> kde.sh << "EOF"
 #!/bin/bash
 
-connectionpossible=$(rsync 192.168.0.3::sbon | grep "error" );
+retcode=0;
 
-if [ -z "$connectionpossible" ]; then
+userid=$1
+userproperties=$(getent passwd | grep -E "^$userid")
+homedir=$(echo $userproperties | cut -d ":" -f 6);
+gidnr=$(echo $userproperties | cut -d ":" -f 4);
+uidnr=$(echo $userproperties | cut -d ":" -f 3);
 
-    thereisarchive=$(rsync 192.168.0.3::sbon/.kde | grep -w ".kde");
 
-    if [ -n "$thereisarchive" ]; then
-	
-	#
-	# no error found
-	#
+if [ -d $homedir ]; then
 
-	rsync -rptgozu 192.168.0.3::sbon/.kde/ /home/sbon/.kde
+	usershareavailable=$(rsync 192.168.0.3::4users | grep -w $userid );
 
-    fi;
+	retcode=$?
+
+	if [ $retcode -eq 0 ]; then
+
+		#
+		# no error
+		#
+
+		if [ -z "$usershareavailable" ]; then
+
+			#
+			# directory for this user does not exist
+			#
+			# maybe a default?
+			#
+
+			echo "No directory on rsyncserver available for this user."
+
+		else
+
+			thereisarchive=$(rsync 192.168.0.3::4users/$userid/.kde | grep -w ".kde");
+
+			retcode=$?
+
+			if [ $retcode -eq 0 ]; then
+
+				if [ -n "$thereisarchive" ]; then
+
+					#
+					# no error & archive found
+					#
+
+					rsync -rptgozu 192.168.0.3::4users/$userid/.kde/ $homedir/.kde
+
+					chown -R $uidnr:$gidnr $homedir/.kde
+
+				else
+
+					echo "No kde-settings for this user available on rsyncserver."
+				fi;
+
+			fi;
+		fi;
+	fi;
 fi;
 
+if [ $retcode -ne 0 ]; then
+	echo "An error with the rsynccommando for kde ($retcode)."
+fi;
+
+exit $retcode
+
 EOF
 
 And the logout script:
@@ -259,20 +323,65 @@
 cat >> kde.sh << "EOF"
 #!/bin/bash
 
-if [ -d /home/sbon/.kde ]; then
+retcode=0;
 
-    connectionpossible=$(rsync 192.168.0.3::sbon | grep "error" );
+userid=$1
+userproperties=$(getent passwd | grep -E "^$userid")
+homedir=$(echo $userproperties | cut -d ":" -f 6);
+gidnr=$(echo $userproperties | cut -d ":" -f 4);
+uidnr=$(echo $userproperties | cut -d ":" -f 3);
 
-    if [ -z "$connectionpossible" ]; then
+if [ -d $homedir/.kde ]; then
+	
 	#
-	# no error found
+	# there is something to sync
 	#
 
-	rsync -rptgoz --delete /home/sbon/.kde 192.168.0.3::sbon
-    fi;	
+	usershareavailable=$(rsync 192.168.0.3::4users | grep -w $userid );
 
+	retcode=$?
+
+	if [ $retcode -eq 0 ]; then
+
+		#
+		# no error
+		#
+
+		if [ -z "$usershareavailable" ]; then
+
+			#
+			# directory for this user does not exist yet
+			#
+			# a trick to create a directory on the rsyncserver
+
+			mkdir /tmp/$userid
+
+			rsync -dptgoz /tmp/$userid 192.168.0.3::4users
+
+			rmdir /tmp/$userid
+
+		fi;
+
+		if [ $retcode -eq 0 ]; then
+
+			#
+			# no error found
+			#
+
+			rsync -rptgoz --delete $homedir/.kde 192.168.0.3::4users/$userid
+
+			retcode=$?
+
+		fi;
+	fi;
 fi;
 
+if [ $retcode -ne 0 ]; then
+	echo "An error with the rsynccommando for kde ($retcode)."
+fi
+
+exit $retcode
+
 EOF
 
 Note:
@@ -296,7 +405,7 @@
 in this directory. The bookmarks of Firefox for example. Other things like creating 
 files or mounting shares are also possible.
 
-The rsyncserver is hosted at 192.168.0.3, with a share [sbon]. This share
+The rsyncserver is hosted at 192.168.0.3, with a share [4users]. This share
 can be accessed without credentials: public access. Making it work with 
 user-based access is not so simple. The rsyncdaemon does not support pam yet. 
 This could work when shell for transport is ssh. Work to be done.
@@ -335,7 +444,17 @@
     problems.
   * corrected some typos.
   * added some comment about the option runas=root which can be very insecure     
+[2005-08-23]
+  * moved the scriptdirectory to a central place (/var/lib/sync4settings) in stead of
+    the homedirectory. This was very insecure.
+    The scripts have to handle a general $userid.
+    Created a central map on the resyncserver [4users] where the settings are stored
+    Added a check what the service is at logout: kdm or login. The command 'w' gives 
+    different output. 
+    Added comment about the removal of the option "CLOSE_SESSIONS" in version 4.0.12 
+    of the shadow package.
 
+
 TODO:
 
   * authentication of users




More information about the hints mailing list