userrc/userrc.in

#!@BASH@
# vim: ft=sh

msg() { printf '%s\n' "$*"; }
err() { printf '%s\n' "$*" >&2; }

usage() {
	msg "Usage: userrc [-c config] [-l logdir]"
}

rc_run_wait() {
	su - "$username" -s "$SHELL" -c "$homedir/.config/rc.local" &>"$logdir/${username}.log" &
	wait "$!"

	if (( $? )); then
		msg "$homedir/.config/rc.local has returned a non-zero exit code."
	fi
}

is_blacklisted() {
	declare u target=$1

	for u in "${users_deny[@]}"; do
		if [[ "$u" == "$target" ]]; then
			return 0
		fi
	done

	return 1
}

is_whitelisted() {
	declare u target=$1

	for u in "${users_allow[@]}"; do
		if [[ "$u" == "$target" ]]; then
			return 0
		fi
	done

	return 1
}

get_allowed_users() {
	if ! [[ "$access_mode" ]]; then
		access_mode='blacklist'
	fi

	msg "Running in $access_mode access mode."

	case "${access_mode:-blacklist}" in
		explicit)
			while IFS=':' read -r username pass uid gid description homedir shell; do
				if is_whitelisted "$username"; then
					users+=( "$username:$homedir" )
				fi
			done < /etc/passwd
		;;

		blacklist)
			while IFS=':' read -r username pass uid gid description homedir shell; do
				if ! is_blacklisted "$username"; then
					users+=( "$username:$homedir" )
				fi
			done < /etc/passwd
		;;
	esac
}

runtime_config() {
	config='@CONFIG@'
	cfg_logdir='@LOGDIR@'

	while (( $# )); do
		case "$1" in
			(-c) config="$2"; shift;;
			(-l) logdir="$2"; shift;;
			(-h) usage; exit;;
			(*) usage; exit 1;;
		esac
		shift
	done

	if [[ -f "$config" ]]; then
		source "$config" || { return $?; }
	else
		msg "Config not found at $config. Using defaults."
	fi

	if ! [[ "$logdir" ]]; then
		logdir="$cfg_logdir"
	fi

	if [[ ! -d "$logdir" ]]; then
		mkdir -p "$logdir" || {
			return 1
		}
	fi

	chmod 700 "$logdir"
}

main() {
	runtime_config "$@"
	get_allowed_users

	for u in "${users[@]}"; do
		IFS=':' read -r username homedir <<< "$u"

		if [[ "$homedir" && "$homedir" != '/' ]]; then
			if [[ -f "$homedir/.config/rc.local" ]]; then
				if [[ -x "$homedir/.config/rc.local" ]]; then
					msg "Executing $homedir/.config/rc.local"
					rc_run_wait
				else
					msg "$homedir/.config/rc.local exists, but is not executable"
				fi
			fi
		fi
	done
}

main "$@"
shebang 2016-01-12 13:15:56 +00:00			`#!@BASH@`
vim modeline 2016-01-15 09:30:29 +00:00			`# vim: ft=sh`
init 2015-08-17 10:33:34 +00:00
			`msg() { printf '%s\n' "$*"; }`
			`err() { printf '%s\n' "$*" >&2; }`

			`usage() {`
			`msg "Usage: userrc [-c config] [-l logdir]"`
			`}`

			`rc_run_wait() {`
use a login shell 2016-01-12 13:16:35 +00:00			`su - "$username" -s "$SHELL" -c "$homedir/.config/rc.local" &>"$logdir/${username}.log" &`
init 2015-08-17 10:33:34 +00:00			`wait "$!"`

			`if (( $? )); then`
			`msg "$homedir/.config/rc.local has returned a non-zero exit code."`
			`fi`
			`}`

			`is_blacklisted() {`
			`declare u target=$1`

			`for u in "${users_deny[@]}"; do`
			`if [[ "$u" == "$target" ]]; then`
			`return 0`
			`fi`
			`done`

			`return 1`
			`}`

			`is_whitelisted() {`
			`declare u target=$1`

			`for u in "${users_allow[@]}"; do`
			`if [[ "$u" == "$target" ]]; then`
			`return 0`
			`fi`
			`done`

			`return 1`
			`}`

			`get_allowed_users() {`
			`if ! [[ "$access_mode" ]]; then`
			`access_mode='blacklist'`
			`fi`

			`msg "Running in $access_mode access mode."`

access_mode should be blacklist by default 2015-09-05 11:33:43 +00:00			`case "${access_mode:-blacklist}" in`
init 2015-08-17 10:33:34 +00:00			`explicit)`
			`while IFS=':' read -r username pass uid gid description homedir shell; do`
			`if is_whitelisted "$username"; then`
			`users+=( "$username:$homedir" )`
			`fi`
			`done < /etc/passwd`
			`;;`

			`blacklist)`
			`while IFS=':' read -r username pass uid gid description homedir shell; do`
			`if ! is_blacklisted "$username"; then`
			`users+=( "$username:$homedir" )`
			`fi`
			`done < /etc/passwd`
			`;;`
			`esac`
			`}`

			`runtime_config() {`
actually set the vars ok 2015-08-17 10:36:49 +00:00			`config='@CONFIG@'`
			`cfg_logdir='@LOGDIR@'`
init 2015-08-17 10:33:34 +00:00
			`while (( $# )); do`
			`case "$1" in`
			`(-c) config="$2"; shift;;`
			`(-l) logdir="$2"; shift;;`
README 2015-08-17 10:46:09 +00:00			`(-h) usage; exit;;`
			`(*) usage; exit 1;;`
init 2015-08-17 10:33:34 +00:00			`esac`
			`shift`
			`done`

			`if [[ -f "$config" ]]; then`
			`source "$config" \|\| { return $?; }`
			`else`
			`msg "Config not found at $config. Using defaults."`
			`fi`

			`if ! [[ "$logdir" ]]; then`
			`logdir="$cfg_logdir"`
			`fi`

			`if [[ ! -d "$logdir" ]]; then`
			`mkdir -p "$logdir" \|\| {`
			`return 1`
			`}`
			`fi`

			`chmod 700 "$logdir"`
			`}`

			`main() {`
README 2015-08-17 10:46:09 +00:00			`runtime_config "$@"`
init 2015-08-17 10:33:34 +00:00			`get_allowed_users`

			`for u in "${users[@]}"; do`
			`IFS=':' read -r username homedir <<< "$u"`

			`if [[ "$homedir" && "$homedir" != '/' ]]; then`
			`if [[ -f "$homedir/.config/rc.local" ]]; then`
			`if [[ -x "$homedir/.config/rc.local" ]]; then`
			`msg "Executing $homedir/.config/rc.local"`
			`rc_run_wait`
			`else`
			`msg "$homedir/.config/rc.local exists, but is not executable"`
			`fi`
			`fi`
			`fi`
			`done`
			`}`

			`main "$@"`