2016-01-12 13:15:56 +00:00
|
|
|
#!@BASH@
|
2016-01-15 09:30:29 +00:00
|
|
|
# vim: ft=sh
|
2015-08-17 10:33:34 +00:00
|
|
|
|
|
|
|
msg() { printf '%s\n' "$*"; }
|
|
|
|
err() { printf '%s\n' "$*" >&2; }
|
|
|
|
|
|
|
|
usage() {
|
|
|
|
msg "Usage: userrc [-c config] [-l logdir]"
|
|
|
|
}
|
|
|
|
|
|
|
|
rc_run_wait() {
|
2016-01-12 13:16:35 +00:00
|
|
|
su - "$username" -s "$SHELL" -c "$homedir/.config/rc.local" &>"$logdir/${username}.log" &
|
2015-08-17 10:33:34 +00:00
|
|
|
wait "$!"
|
|
|
|
|
|
|
|
if (( $? )); then
|
|
|
|
msg "$homedir/.config/rc.local has returned a non-zero exit code."
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
is_blacklisted() {
|
|
|
|
declare u target=$1
|
|
|
|
|
|
|
|
for u in "${users_deny[@]}"; do
|
|
|
|
if [[ "$u" == "$target" ]]; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
is_whitelisted() {
|
|
|
|
declare u target=$1
|
|
|
|
|
|
|
|
for u in "${users_allow[@]}"; do
|
|
|
|
if [[ "$u" == "$target" ]]; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
get_allowed_users() {
|
|
|
|
if ! [[ "$access_mode" ]]; then
|
|
|
|
access_mode='blacklist'
|
|
|
|
fi
|
|
|
|
|
|
|
|
msg "Running in $access_mode access mode."
|
|
|
|
|
2015-09-05 11:33:43 +00:00
|
|
|
case "${access_mode:-blacklist}" in
|
2015-08-17 10:33:34 +00:00
|
|
|
explicit)
|
|
|
|
while IFS=':' read -r username pass uid gid description homedir shell; do
|
|
|
|
if is_whitelisted "$username"; then
|
|
|
|
users+=( "$username:$homedir" )
|
|
|
|
fi
|
|
|
|
done < /etc/passwd
|
|
|
|
;;
|
|
|
|
|
|
|
|
blacklist)
|
|
|
|
while IFS=':' read -r username pass uid gid description homedir shell; do
|
|
|
|
if ! is_blacklisted "$username"; then
|
|
|
|
users+=( "$username:$homedir" )
|
|
|
|
fi
|
|
|
|
done < /etc/passwd
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
|
|
runtime_config() {
|
2015-08-17 10:36:49 +00:00
|
|
|
config='@CONFIG@'
|
|
|
|
cfg_logdir='@LOGDIR@'
|
2015-08-17 10:33:34 +00:00
|
|
|
|
|
|
|
while (( $# )); do
|
|
|
|
case "$1" in
|
|
|
|
(-c) config="$2"; shift;;
|
|
|
|
(-l) logdir="$2"; shift;;
|
2015-08-17 10:46:09 +00:00
|
|
|
(-h) usage; exit;;
|
|
|
|
(*) usage; exit 1;;
|
2015-08-17 10:33:34 +00:00
|
|
|
esac
|
|
|
|
shift
|
|
|
|
done
|
|
|
|
|
|
|
|
if [[ -f "$config" ]]; then
|
|
|
|
source "$config" || { return $?; }
|
|
|
|
else
|
|
|
|
msg "Config not found at $config. Using defaults."
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! [[ "$logdir" ]]; then
|
|
|
|
logdir="$cfg_logdir"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -d "$logdir" ]]; then
|
|
|
|
mkdir -p "$logdir" || {
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
fi
|
|
|
|
|
|
|
|
chmod 700 "$logdir"
|
|
|
|
}
|
|
|
|
|
|
|
|
main() {
|
2015-08-17 10:46:09 +00:00
|
|
|
runtime_config "$@"
|
2015-08-17 10:33:34 +00:00
|
|
|
get_allowed_users
|
|
|
|
|
|
|
|
for u in "${users[@]}"; do
|
|
|
|
IFS=':' read -r username homedir <<< "$u"
|
|
|
|
|
|
|
|
if [[ "$homedir" && "$homedir" != '/' ]]; then
|
|
|
|
if [[ -f "$homedir/.config/rc.local" ]]; then
|
|
|
|
if [[ -x "$homedir/.config/rc.local" ]]; then
|
|
|
|
msg "Executing $homedir/.config/rc.local"
|
|
|
|
rc_run_wait
|
|
|
|
else
|
|
|
|
msg "$homedir/.config/rc.local exists, but is not executable"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
main "$@"
|