r1019 - trunk

archaic at linuxfromscratch.org archaic at linuxfromscratch.org
Tue Jan 24 12:23:45 PST 2006


Author: archaic
Date: 2006-01-24 13:23:45 -0700 (Tue, 24 Jan 2006)
New Revision: 1019

Added:
   trunk/starting-and-stopping-fusesmb-with-kdm.txt
Log:
Added: starting-and-stopping-fusesmb-with-kdm.txt

Added: trunk/starting-and-stopping-fusesmb-with-kdm.txt
===================================================================
--- trunk/starting-and-stopping-fusesmb-with-kdm.txt	                        (rev 0)
+++ trunk/starting-and-stopping-fusesmb-with-kdm.txt	2006-01-24 20:23:45 UTC (rev 1019)
@@ -0,0 +1,284 @@
+AUTHOR: Stef Bon <stef at bononline dot nl>
+
+DATE: 2006-01-24
+
+LICENSE: GNU Free Documentation License Version 1.2
+
+SYNOPSIS: Starting and stopping Fusesmb at a KDE-session using KDM.
+
+DESCRIPTION: 
+This hint is about starting the sessionpart of the fusesmb. 
+
+This is based on my hint 
+"Execute scripts at begin and end of a KDE-session using KDM and PAM".
+
+In this hint is described in general how scripts and commands are 
+started at the begin and end of a KDE session using KDM, and for password 
+sensitive commands support from PAM.
+
+
+ATTACHMENT:
+
+PREREQUISITES:
+This hint requires sufficient knowledge of LINUX in general, and scripts in particular.
+Futher sudo should be installed, and you should start KDE via KDM.
+
+
+HINT:
+
+Content:
+
+1. Browsing the network using FUSE, fusesmb and PAM
+1.1 Installation of FUSE and FuseSMB.
+1.2 Starting the sessionbus part of fusesmb.
+1.3 Stopping the sessionbus part of fusesmb.
+1.4 Storing credentials in personal configurationfile.
+
+
+---------------------------------------------------
+1. Browsing the network using FUSE, fusesmb and PAM
+---------------------------------------------------
+
+Very new is FUSE. At this moment the FUSE package contains a kernelmodule, a library and utilities.
+Soon the module will be standard in the kernel. For more information see the website of course.
+
+Pam_script has the ability (from version 0.1.5) to get the password provided at login, and provide this via an evironmentvariable PAM_AUTHTOK to scripts. A script for fusesmb can write this value to the configurationfile of fusesmb (~/.smb/fusesmb.conf) to browse the network with the credentials provided at login. 
+
+warning:
+
+This looks a little bit like Single Sign On, but it isn't!! The credentials are stored in 
+a subdirectory of the homedir (~/.smb/fusesmb.conf), with enough security at runtime.
+But somebody can still find them being root, or with a LiveCD. The credentials are stored
+plaintext, no encryption!!
+
+So, this should never be used in an environment where you can't trust your users!
+
+
+-------------------------------------
+1.1 Installation of FUSE and FuseSMB.
+-------------------------------------
+
+Get FUSE from the projectsite:
+
+http://fuse.sourceforge.net
+
+Installing FUSE:
+
+cd fuse-2.3.0
+./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-kernel-module --enable-lib --enable-util
+make
+make install
+
+A module is installed, fuse.
+
+To load it:
+
+modprobe fuse
+
+and add it to /etc/sysconfig/modules.
+
+Note:
+
+In the newest kernels (>=2.6.14) the kernelmodule is included in the kernel. You still
+need the package above, because of the library and the utilities.
+
+Configuration of fuse goes via the fuse.conf file in the /etc directory:
+
+cat >> /etc/fuse.conf << "EOF"
+
+mount_max = 999
+
+user_allow_other
+EOF
+
+Get fusesmb:
+
+Look for a link at :
+
+http://freshmeat.net/projects/fusesmb/
+
+Installing fusesmb:
+
+cd fusesmb-0.8.3
+./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+make
+make install
+
+It requires samba-3.0.*.
+
+Now with fusesmb running you can access your SMB(Windows)
+network environment via a filesystem in userspace, with
+**any** (not only KDE apps with kio's or GNOME with vfs) 
+application, like MC or vi.
+
+
+--------------------------------------------
+1.2 Starting the sessionbus part of fusesmb.
+--------------------------------------------
+
+
+Now the actual scripts:
+
+cd /etc/session.d/kdm/startup
+
+cat >> fusesmb.sh << "EOF"
+#!/bin/bash
+
+retcode=0;
+
+userid=$1
+userproperties=$(getent passwd | grep -E "^$userid")
+homedir=$(echo $userproperties | cut -d ":" -f 6);
+gidnr=$(echo $userproperties | cut -d ":" -f 4);
+uidnr=$(echo $userproperties | cut -d ":" -f 3);
+
+if [ -d $homedir ]; then
+
+    if [ ! -d $homedir/network ]; then
+	mkdir -p $homedir/network
+	chown $uidnr:$gidnr $homedir/network
+    fi
+
+    if [ $(id -u) -eq 0 ]; then
+ 	sudo -H -u $userid /bin/sh -c "fusesmb $homedir/network -o fsname=fusesmb,default_permissions,allow_other"
+	retcode=$?
+    elif [ $(id -u) -eq $uidnr ]; then 
+    	fusesmb $homedir/network -o fsname=fusesmb,default_permissions,allow_other
+	retcode=$?
+    fi	
+
+fi;
+
+if [ $retcode -ne 0 ]; then
+    echo "An error with fusesmb ($retcode)."
+fi;
+
+exit $retcode
+EOF
+
+
+
+--------------------------------------------
+1.3 Stopping the sessionbus part of fusesmb.
+--------------------------------------------
+
+And the logout script:
+
+cd /etc/session.d/kdm/reset
+
+cat >> fusesmb.sh << "EOF"
+#!/bin/bash
+
+retcode=0;
+
+userid=$1
+userproperties=$(getent passwd | grep -E "^$userid")
+homedir=$(echo $userproperties | cut -d ":" -f 6);
+gidnr=$(echo $userproperties | cut -d ":" -f 4);
+uidnr=$(echo $userproperties | cut -d ":" -f 3);
+
+if [ -d $homedir ]; then
+
+    if [ -n "$(mount | grep $homedir/network)" ]; then
+
+	fusermount -u $homedir/network
+
+    fi;
+
+    if [ -e $homedir/.smb/fusesmb.conf ]; then
+
+	rm -f $homedir/.smb/fusesmb.conf
+
+    fi;
+
+fi;
+
+
+if [ $retcode -ne 0 ]; then
+    echo "An error with fusesmb ($retcode)."
+fi;
+
+exit $retcode
+EOF
+
+
+------------------------------------------------------
+1.4 Storing credentials in personal configurationfile.
+------------------------------------------------------
+
+With files above you could already get a working sollution.
+To access the SMB servers where a username and a password are
+required, FuseSMB allows you to give credentials in the 
+~/.smb/fusesmb.conf file. Look for these and more options
+in the manpage of fusesmb.conf.
+
+With PAM and the module pam_script it is possible to use the
+credentials provided at login. In my network the sambaservers
+use the same credentials as my normal login  (via OPENLDAP).
+
+cat >> /etc/session.d/pam/onauth/fusesmb.sh << "EOF"
+#!/bin/bash
+
+retcode=0;
+
+userid=$1
+service=$2
+authtok=$3
+
+userproperties=$(getent passwd | grep -E "^$userid")
+homedir=$(echo $userproperties | cut -d ":" -f 6);
+gidnr=$(echo $userproperties | cut -d ":" -f 4);
+uidnr=$(echo $userproperties | cut -d ":" -f 3);
+
+if [ -d $homedir ]; then
+
+
+	if [ ! -d $homedir/.smb ]; then
+
+	    mkdir -p $homedir/.smb
+	    chown $uidnr:$gidnr $homedir/.smb
+	    chmod 755 $homedir/.smb
+
+	fi
+
+	if [ -n "$authtok" ]; then
+
+	    rm -f $homedir/.smb/fusesmb.conf
+
+	    touch $homedir/.smb/fusesmb.conf
+	    chown $uidnr:$gidnr $homedir/.smb/fusesmb.conf
+	    chmod 600 $homedir/.smb/fusesmb.conf
+
+	    echo "[global]" > $homedir/.smb/fusesmb.conf
+	    echo "username = $userid" >> $homedir/.smb/fusesmb.conf
+	    echo "password = $authtok" >> $homedir/.smb/fusesmb.conf
+
+	fi;
+
+fi;
+
+
+if [ $retcode -ne 0 ]; then
+    echo "An error with fusesmb ($retcode)."
+fi;
+
+exit $retcode
+EOF
+
+
+Notes:
+
+- The fusesmb script in the onauth directory overwrites any existing fusesmb.conf in the ~/.smb 
+directory. I do not have any simple sollution to do otherwise. One way to do that is the use of 
+a template. In this template the variables username and password get inserted with 'sed'.
+- this script is executed before(!) any script started by KDM. So when fusesmb starts, it reads 
+this new configuration file.
+
+
+ACKNOWLEDGEMENTS:
+
+
+CHANGELOG:
+[2006-01-24]
+  * Initial hint.
+




More information about the hints mailing list