#!@BASH@ # vim: ft=sh msg() { printf '%s\n' "$*"; } err() { printf '%s\n' "$*" >&2; } usage() { msg "Usage: userrc [-c config] [-l logdir]" } rc_run_wait() { su - "$username" -s "$SHELL" -c "$homedir/.config/rc.local" &>"$logdir/${username}.log" & wait "$!" if (( $? )); then msg "$homedir/.config/rc.local has returned a non-zero exit code." fi } is_blacklisted() { declare u target=$1 for u in "${users_deny[@]}"; do if [[ "$u" == "$target" ]]; then return 0 fi done return 1 } is_whitelisted() { declare u target=$1 for u in "${users_allow[@]}"; do if [[ "$u" == "$target" ]]; then return 0 fi done return 1 } get_allowed_users() { if ! [[ "$access_mode" ]]; then access_mode='blacklist' fi msg "Running in $access_mode access mode." case "${access_mode:-blacklist}" in explicit) while IFS=':' read -r username pass uid gid description homedir shell; do if is_whitelisted "$username"; then users+=( "$username:$homedir" ) fi done < /etc/passwd ;; blacklist) while IFS=':' read -r username pass uid gid description homedir shell; do if ! is_blacklisted "$username"; then users+=( "$username:$homedir" ) fi done < /etc/passwd ;; esac } runtime_config() { config='@CONFIG@' cfg_logdir='@LOGDIR@' while (( $# )); do case "$1" in (-c) config="$2"; shift;; (-l) logdir="$2"; shift;; (-h) usage; exit;; (*) usage; exit 1;; esac shift done if [[ -f "$config" ]]; then source "$config" || { return $?; } else msg "Config not found at $config. Using defaults." fi if ! [[ "$logdir" ]]; then logdir="$cfg_logdir" fi if [[ ! -d "$logdir" ]]; then mkdir -p "$logdir" || { return 1 } fi chmod 700 "$logdir" } main() { runtime_config "$@" get_allowed_users for u in "${users[@]}"; do IFS=':' read -r username homedir <<< "$u" if [[ "$homedir" && "$homedir" != '/' ]]; then if [[ -f "$homedir/.config/rc.local" ]]; then if [[ -x "$homedir/.config/rc.local" ]]; then msg "Executing $homedir/.config/rc.local" rc_run_wait else msg "$homedir/.config/rc.local exists, but is not executable" fi fi fi done } main "$@"