source: trunk/debathena/config/reactivate/debian/snapshot-run @ 25536

Revision 25536, 2.0 KB checked in by jdreed, 12 years ago (diff)
In reactivate: * Set NSS_NONLOCAL_IGNORE when running getent, because we care about local gruops, not Hesiod ones * Add the user to "sudo" as well, since "admin" is gone in Precise (LP: 893842) * Use SESSION_ID, not CHROOT_NAME in schroot setup script. SESSION_ID was always right, and CHROOT_NAME simply happened to match it due to a bug (Debian: 623828) * Also divert lightdm-session (lightdm's session wrapper) and wrap it in snapshot-run
  • Property svn:executable set to *
RevLine 
[23155]1#!/bin/sh
[24149]2#
3# snapshot-run PROGRAM [ARGS]
4# Create an Athena login snapshot, run PROGRAM within it, and clean up
5# the snapshot.
6#
7# This script is run as the user who is logging in, usually as a wrapper
8# around their Xsession or shell. You probably want to run reactivate
9# immediately afterwards, as root.
[23155]10
[24125]11set -e
[24165]12cd /
[24125]13
[25536]14addgroups="sudo admin lpadmin adm fuse cdrom floppy audio video plugdev scanner dialout lp"
[24125]15daemons="$(/usr/sbin/policy-rc.d --daemons)"
16
17# Setup
18
19session=$(schroot -c login -b)
[24230]20sch() { schroot -r -c "$session" -- "$@"; }          # Run in the chroot
21schq() { schroot -q -r -c "$session" -- "$@"; }      # Run in the chroot quietly
[24232]22schr() { schroot -r -c "$session" -u root -- "$@"; } # Run in the chroot as root
[24228]23
[24125]24for group in $addgroups; do
[25536]25    schr env NSS_NONLOCAL_IGNORE=ignore getent group "$group" >/dev/null 2>&1 && schr adduser "$USER" "$group"
[24125]26done
27
[24228]28schr sed -i "/su-error/d" "/etc/pam.d/su.debathena"
[24125]29
[24228]30schr touch /ClusterLogin
[24199]31
[24125]32for daemon in $daemons; do
[24228]33    schr invoke-rc.d "$daemon" start || [ $? = 100 ]
[24125]34done
35
[24228]36schr rm /etc/debian_chroot
[24125]37
[24278]38# Deter people from thinking they can use /home as persistant storage
39# by punting it
40schr rm -rf /home
41
[25187]42# Fix up mtab so that df and friends work correctly
[25275]43schr sed -i "s| /var/lib/schroot/mount/${session}/| /|" /etc/mtab
[25187]44
[24125]45# Run the session
46#
[24149]47# We wrap the target command in sudo because it runs initgroups(3)
[24125]48# /after/ being chrooted, which puts users back in the groups we
49# added them to
50
[25225]51# Workaround for stupidity, see #928 for details
52# Remove this once we're running pam-afs-session 2.4
53# Run this inside the "set -e" block so it'll fail if necessary
[25224]54echo "KRB5CCNAME=$KRB5CCNAME" >| /tmp/ticketenv
55
[24149]56set +e
57
[25256]58echo "$USER ALL=(ALL) ALL" | schr sh -c "cat >> /etc/sudoers"
59
[24165]60cd
[24149]61schroot -c "$session" -r -p -- sudo -E -u "$USER" -- "$@"
[24165]62cd /
[24149]63
[24125]64# Teardown
65
[25225]66# Remove file from above.
67# (This also gets nuked in reactivate, but be paranoid)
68rm -f /tmp/ticketenv
69
[24125]70for daemon in $daemons; do
[24228]71    schr invoke-rc.d "$daemon" stop || [ $? = 100 ]
[24125]72done
73
74schroot -c "$session" -e
Note: See TracBrowser for help on using the repository browser.