source: trunk/debathena/config/cluster-login-config/debian/debathena-cluster-login-config.postinst @ 24080

Revision 24080, 3.6 KB checked in by broder, 15 years ago (diff)
In cluster-login-config: * Deny everybody sudo privileges by default, then override that for the admin group. This makes sure that everybody is somewhere in the sudoers file, which also ensures that they get lectured. In reactivate: * Specify both of the lecture files in /etc/sudoers: error for everybody, and warning for the admin group. The latter overrides the former.
Line 
1#!/bin/sh
2# postinst script for debathena-cluster-login-config
3#
4# see: dh_installdeb(1)
5
6set -e
7
8# summary of how this script can be called:
9#        * <postinst> `configure' <most-recently-configured-version>
10#        * <old-postinst> `abort-upgrade' <new version>
11#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
12#          <new-version>
13#        * <postinst> `abort-remove'
14#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
15#          <failed-install-package> <version> `removing'
16#          <conflicting-package> <version>
17# for details, see http://www.debian.org/doc/debian-policy/ or
18# the debian-policy package
19
20
21#DEBHELPER#
22
23case "$1" in
24    configure)
25        # Shut down sshd and reload gdm.
26        if hash invoke-rc.d; then
27            invoke-rc.d ssh stop
28            invoke-rc.d gdm reload || true
29        else
30            /etc/init.d/ssh stop
31            /etc/init.d/gdm reload || true
32        fi
33
34        # Shut down the gettys
35        for i in $(seq 1 6); do
36            initctl stop "tty$i" >/dev/null 2>&1 || true
37        done
38        initctl start ttymsg >/dev/null 2>&1 || true
39
40        # Configure dns-nameservers if they're not there
41        if ! egrep -q '^[[:space:]]+dns-nameservers' /etc/network/interfaces; then
42            echo '  dns-nameservers 18.70.0.160 18.71.0.151 18.72.0.3' >>/etc/network/interfaces
43            /usr/share/update-notifier/notify-reboot-required
44        fi
45
46        # Attempt to initially set the root password.
47        /usr/sbin/athena-root-password
48
49        # Set mandatory gconf key values.
50        gcsrc=xml:readwrite:/etc/gconf/gconf.xml.mandatory
51        gc="gconftool-2 --direct --config-source=$gcsrc --set"
52        gcunset="gconftool-2 --direct --config-source=$gcsrc --unset"
53
54        # gnome-screensaver
55        $gc -t bool /apps/gnome-screensaver/logout_enabled true
56        $gc -t int /apps/gnome-screensaver/logout_delay 20
57        $gc -t string /apps/gnome-screensaver/logout_command \
58            "/usr/bin/gnome-session-save --kill --silent"
59        # KLUDGE: gnome-screensaver can overwrite its internal
60        # logout_command setting with the embedded_keyboard_command
61        # value (http://bugzilla.gnome.org/show_bug.cgi?id=573495).
62        # So work around the problem by setting the latter to the same
63        # value as the former.  This should be removed after the bug
64        # has been fixed.  Also disable the embedded_keyboard to ensure
65        # that this value is not used otherwise.
66        $gc -t string /apps/gnome-screensaver/embedded_keyboard_command \
67            "/usr/bin/gnome-session-save --kill --silent"
68        $gc -t bool /apps/gnome-screensaver/embedded_keyboard_enabled false
69        $gc -t bool /apps/gnome-screensaver/user_switch_enabled false
70        $gc -t bool /apps/gnome-screensaver/lock_enabled true
71        $gc -t int /apps/gnome-screensaver/lock_delay 1
72
73        # fast-user-switch-applet
74        $gc -t bool /apps/fast-user-switch-applet/show_active_users_only true
75        $gc -t bool /apps/fast-user-switch-applet/show_guest_login false
76
77        # gnome-power-manager
78        $gc -t bool /apps/gnome-power-manager/general/can_hibernate false
79        $gc -t bool /apps/gnome-power-manager/general/can_suspend false
80
81        # We set this true in earlier versions, before settings were
82        # undone in the prerm script, but we want it unset now.
83        $gcunset /desktop/gnome/lockdown/disable_user_switching
84
85        # Set up gconf defaults.
86        gcsrc=xml:readwrite:/etc/gconf/gconf.xml.defaults
87        gc="gconftool-2 --direct --config-source=$gcsrc --set"
88        $gc -t string \
89            /desktop/gnome/session/required_components/windowmanager \
90            "metacity"
91
92        cat >>/etc/sudoers <<EOF
93### BEGIN debathena-cluster-login-config
94ALL !ALL=!ALL
95%admin ALL=(ALL) ALL
96### END debathena-cluster-login-config
97EOF
98
99        exit 0
100    ;;
101
102    abort-upgrade|abort-remove|abort-deconfigure)
103    ;;
104
105    *)
106        echo "postinst called with unknown argument \`$1'" >&2
107        exit 1
108    ;;
109esac
Note: See TracBrowser for help on using the repository browser.