#!/bin/sh -e # (C) 2008 Canonical Ltd. # Author: Martin Pitt # License: GPL v2 or later # modified by David D Lowe and Thomas Detoux # # Setup user and temporary home directory for guest session. # If this succeeds, this script needs to print the username as the last line to # stdout. add_account () { HOME=`mktemp -td guest-XXXXXX` USER=`echo $HOME | sed 's/\(.*\)guest/guest/'` # if $USER already exists, it must be a locked system account with no existing # home directory if PWSTAT=`passwd -S "$USER"` 2>/dev/null; then if [ "`echo \"$PWSTAT\" | cut -f2 -d\ `" != "L" ]; then echo "User account $USER already exists and is not locked" exit 1 fi PWENT=`getent passwd "$USER"` || { echo "getent passwd $USER failed" exit 1 } GUEST_UID=`echo "$PWENT" | cut -f3 -d:` if [ "$GUEST_UID" -ge 500 ]; then echo "Account $USER is not a system user" exit 1 fi HOME=`echo "$PWENT" | cut -f6 -d:` if [ "$HOME" != / ] && [ "${HOME#/tmp}" = "$HOME" ] && [ -d "$HOME" ]; then echo "Home directory of $USER already exists" exit 1 fi else # does not exist, so create it adduser --system --no-create-home --home / --gecos "Guest" --group --shell /bin/bash $USER || { umount "$HOME" rm -rf "$HOME" exit 1 } fi # create temporary home directory mount -t tmpfs -o mode=700 none "$HOME" || { rm -rf "$HOME"; exit 1; } chown $USER:$USER "$HOME" gs_skel=/etc/guest-session/skel/ if [ -d "$gs_skel" ] && [ -n "`find $gs_skel -type f`" ]; then cp -rT $gs_skel "$HOME" else cp -rT /etc/skel/ "$HOME" fi chown -R $USER:$USER "$HOME" usermod -d "$HOME" "$USER" # # setup session # # disable screensaver, to avoid locking guest out of itself (no password) if [ -e /usr/bin/gconftool-2 ]; then su $USER <> "$HOME"/.config/autostart/"$service" fi done mkdir -p "$HOME"/.kde/share/config echo "[Basic Settings]" >> "$HOME"/.kde/share/config/nepomukserverrc echo "Start Nepomuk=false" >> "$HOME"/.kde/share/config/nepomukserverrc echo "[Event]" >> "$HOME"/.kde/share/config/notificationhelper echo "hideHookNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper echo "hideInstallNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper echo "hideRestartNotifier=true" >> "$HOME"/.kde/share/config/notificationhelper # Load restricted session #dmrc='[Desktop]\nSession=guest-restricted' #/bin/echo -e "$dmrc" > "$HOME"/.dmrc chown -R $USER:$USER "$HOME" # set possible local guest session preferences if [ -f /etc/guest-session/prefs.sh ]; then . /etc/guest-session/prefs.sh fi echo $USER } remove_account () { USER=$1 PWENT=`getent passwd "$USER"` || { echo "Error: invalid user $USER" exit 1 } UID=`echo "$PWENT" | cut -f3 -d:` HOME=`echo "$PWENT" | cut -f6 -d:` if [ "$UID" -ge 500 ]; then echo "Error: user $USER is not a system user." exit 1 fi if [ "${HOME}" = "${HOME#/tmp/}" ]; then echo "Error: home directory $HOME is not in /tmp/." exit 1 fi # kill all remaining processes while ps h -u "$USER" >/dev/null; do killall -9 -u "$USER" || true sleep 0.2; done umount "$HOME" || umount -l "$HOME" || true rm -rf "$HOME" # remove leftovers in /tmp find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" -print0 | xargs -0 rm -rf || true deluser --system "$USER" } case "$1" in add) add_account ;; remove) if [ -z $2 ] ; then echo "Usage: $0 remove [account]" exit 1 fi remove_account $2 ;; *) echo "Usage: $0 add|remove" exit 1 esac