rssh
This commit is contained in:
@@ -72,7 +72,7 @@ my $company = $acct->prop('Company') || '';
|
||||
my $dept = $acct->prop('Dept') || '';
|
||||
my $city = $acct->prop('City') || '';
|
||||
my $street = $acct->prop('Street') || '';
|
||||
my $shell = $acct->prop('Shell') || '/usr/bin/rssh';
|
||||
my $shell = $acct->prop('Shell') || '/usr/bin/false';
|
||||
my $groups = "shared";
|
||||
|
||||
if ($ldapauth ne 'enabled')
|
||||
|
||||
@@ -39,7 +39,7 @@ my ($user, $colon, @old_groups) = split(' ', `/usr/bin/groups $userName`);
|
||||
# actions for all these groups
|
||||
my %modified_groups = map { $_, 1 } @old_groups, $acctdb->user_group_list($userName);
|
||||
# but omit "shared" and user private group
|
||||
foreach ('shared', $userName, 'rsshusers')
|
||||
foreach ('shared', $userName)
|
||||
{
|
||||
delete $modified_groups{$_} if exists $modified_groups{$_};
|
||||
}
|
||||
|
||||
@@ -79,9 +79,9 @@ foreach my $u (@users)
|
||||
my ($comment, $shell) = (getpwnam($userName))[6,8];
|
||||
endpwent;
|
||||
my $new_shell = $u->prop('Shell')
|
||||
|| (($shell eq "/bin/sshell") ? "/usr/bin/rssh" : $shell);
|
||||
|| (($shell eq "/bin/sshell") ? "/usr/bin/false" : $shell);
|
||||
|
||||
$u->set_prop('Shell', $new_shell) unless (not defined $u->prop('Shell') && $new_shell eq "/usr/bin/rssh" ) ;
|
||||
$u->set_prop('Shell', $new_shell) unless (not defined $u->prop('Shell') && $new_shell eq "/usr/bin/false" ) ;
|
||||
|
||||
my $result;
|
||||
#------------------------------------------------------------
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
package esmith;
|
||||
|
||||
use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
|
||||
sub trim { my $s = shift; $s =~ s/^\s+|\s+$//g; return $s };
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro;
|
||||
my $accounts = esmith::AccountsDB->open;
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
my $groupName = 'rsshusers';
|
||||
my $gid = getgrnam($groupName);
|
||||
my $tmpattr = File::Temp->new();
|
||||
|
||||
my $event = $ARGV[0];
|
||||
my $userName = $ARGV[1];
|
||||
# finallement get all user
|
||||
my @users = (not defined $ARGV[1])? $accounts->get_all_by_prop(type => "user" ) : map { $accounts->get($_); } $userName;
|
||||
my @currents=split /\n/, `/usr/sbin/lid -ng rsshusers`;
|
||||
@currents=map { trim($_) } @currents;
|
||||
|
||||
# here we could be emptying group, but we might want to let system user on this list.
|
||||
#if ( $event ~~ ['user-modify','user-create'] ) {
|
||||
# system("/usr/bin/gpasswd","-M ''", "rsshusers");
|
||||
# print "deleting rsshusers group content ...";
|
||||
#}
|
||||
|
||||
foreach my $user (@users) {
|
||||
my $cuser=$user->key;
|
||||
# we remove users that should not be there
|
||||
if ( defined $user->prop('Shell') && $user->prop('Shell') ne '/usr/bin/rssh') {
|
||||
next unless ( "$cuser" ~~ @currents ) ;
|
||||
system("/usr/bin/gpasswd", "-d", $cuser, "rsshusers");
|
||||
next;
|
||||
}
|
||||
# next if the user is already there
|
||||
print $tmpattr "memberUid: $cuser\n";
|
||||
next if ( "$cuser" ~~ @currents ) ;
|
||||
print "Adding user $cuser to group rsshusers";
|
||||
system("/usr/sbin/usermod", "-a", "-G", "rsshusers", $cuser);
|
||||
|
||||
}
|
||||
|
||||
# add all users to rsshusers
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod", "-a", "$tmpattr", "$groupName") == 0
|
||||
or
|
||||
system( "/usr/sbin/cpu", "groupadd", "-g", $gid, "-a", "$tmpattr", $groupName ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255 , warn "Failed to create (ldap) group $groupName.\n" );
|
||||
|
||||
exit ($x);
|
||||
@@ -1 +1 @@
|
||||
DEFAULT_SHELL = /usr/bin/rssh
|
||||
DEFAULT_SHELL = /usr/bin/false
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
/usr/bin/rssh
|
||||
Reference in New Issue
Block a user