[23155] | 1 | #!/bin/sh |
---|
[24149] | 2 | # |
---|
| 3 | # snapshot-run PROGRAM [ARGS] |
---|
| 4 | # Create an Athena login snapshot, run PROGRAM within it, and clean up |
---|
| 5 | # the snapshot. |
---|
| 6 | # |
---|
| 7 | # This script is run as the user who is logging in, usually as a wrapper |
---|
| 8 | # around their Xsession or shell. You probably want to run reactivate |
---|
| 9 | # immediately afterwards, as root. |
---|
[23155] | 10 | |
---|
[24125] | 11 | set -e |
---|
[24165] | 12 | cd / |
---|
[24125] | 13 | |
---|
[25536] | 14 | addgroups="sudo admin lpadmin adm fuse cdrom floppy audio video plugdev scanner dialout lp" |
---|
[24125] | 15 | daemons="$(/usr/sbin/policy-rc.d --daemons)" |
---|
| 16 | |
---|
| 17 | # Setup |
---|
| 18 | |
---|
| 19 | session=$(schroot -c login -b) |
---|
[24230] | 20 | sch() { schroot -r -c "$session" -- "$@"; } # Run in the chroot |
---|
| 21 | schq() { schroot -q -r -c "$session" -- "$@"; } # Run in the chroot quietly |
---|
[24232] | 22 | schr() { schroot -r -c "$session" -u root -- "$@"; } # Run in the chroot as root |
---|
[24228] | 23 | |
---|
[24125] | 24 | for group in $addgroups; do |
---|
[25536] | 25 | schr env NSS_NONLOCAL_IGNORE=ignore getent group "$group" >/dev/null 2>&1 && schr adduser "$USER" "$group" |
---|
[24125] | 26 | done |
---|
| 27 | |
---|
[24228] | 28 | schr sed -i "/su-error/d" "/etc/pam.d/su.debathena" |
---|
[24125] | 29 | |
---|
[24228] | 30 | schr touch /ClusterLogin |
---|
[24199] | 31 | |
---|
[24125] | 32 | for daemon in $daemons; do |
---|
[24228] | 33 | schr invoke-rc.d "$daemon" start || [ $? = 100 ] |
---|
[24125] | 34 | done |
---|
| 35 | |
---|
[24228] | 36 | schr rm /etc/debian_chroot |
---|
[24125] | 37 | |
---|
[24278] | 38 | # Deter people from thinking they can use /home as persistant storage |
---|
| 39 | # by punting it |
---|
| 40 | schr rm -rf /home |
---|
| 41 | |
---|
[25187] | 42 | # Fix up mtab so that df and friends work correctly |
---|
[25275] | 43 | schr sed -i "s| /var/lib/schroot/mount/${session}/| /|" /etc/mtab |
---|
[25187] | 44 | |
---|
[24125] | 45 | # Run the session |
---|
| 46 | # |
---|
[24149] | 47 | # We wrap the target command in sudo because it runs initgroups(3) |
---|
[24125] | 48 | # /after/ being chrooted, which puts users back in the groups we |
---|
| 49 | # added them to |
---|
| 50 | |
---|
[25225] | 51 | # Workaround for stupidity, see #928 for details |
---|
| 52 | # Remove this once we're running pam-afs-session 2.4 |
---|
| 53 | # Run this inside the "set -e" block so it'll fail if necessary |
---|
[25224] | 54 | echo "KRB5CCNAME=$KRB5CCNAME" >| /tmp/ticketenv |
---|
| 55 | |
---|
[24149] | 56 | set +e |
---|
| 57 | |
---|
[25256] | 58 | echo "$USER ALL=(ALL) ALL" | schr sh -c "cat >> /etc/sudoers" |
---|
| 59 | |
---|
[24165] | 60 | cd |
---|
[24149] | 61 | schroot -c "$session" -r -p -- sudo -E -u "$USER" -- "$@" |
---|
[24165] | 62 | cd / |
---|
[24149] | 63 | |
---|
[24125] | 64 | # Teardown |
---|
| 65 | |
---|
[25225] | 66 | # Remove file from above. |
---|
| 67 | # (This also gets nuked in reactivate, but be paranoid) |
---|
| 68 | rm -f /tmp/ticketenv |
---|
| 69 | |
---|
[24125] | 70 | for daemon in $daemons; do |
---|
[24228] | 71 | schr invoke-rc.d "$daemon" stop || [ $? = 100 ] |
---|
[24125] | 72 | done |
---|
| 73 | |
---|
| 74 | schroot -c "$session" -e |
---|