[24466] in Source-Commits
/svn/athena r24057 - in trunk/debathena/config: cluster-login-config/debian reactivate/debian
daemon@ATHENA.MIT.EDU (Evan Broder)
Wed Oct 7 11:46:28 2009
Date: Wed, 7 Oct 2009 11:45:54 -0400
From: Evan Broder <broder@MIT.EDU>
Message-Id: <200910071545.n97FjskK004382@drugstore.mit.edu>
To: source-commits@mit.edu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: broder
Date: 2009-10-07 11:45:54 -0400 (Wed, 07 Oct 2009)
New Revision: 24057
Added:
trunk/debathena/config/reactivate/debian/su-warning.chroot
trunk/debathena/config/reactivate/debian/sudo-warning.chroot
Removed:
trunk/debathena/config/reactivate/debian/su-warning
trunk/debathena/config/reactivate/debian/sudo-warning
Modified:
trunk/debathena/config/cluster-login-config/debian/athena-root-password
trunk/debathena/config/cluster-login-config/debian/changelog
trunk/debathena/config/cluster-login-config/debian/control.in
trunk/debathena/config/reactivate/debian/01debathena-reactivate-cleanup
trunk/debathena/config/reactivate/debian/99debathena-reactivate-setup
trunk/debathena/config/reactivate/debian/Xsession.debathena
trunk/debathena/config/reactivate/debian/athena-login-snapshot
trunk/debathena/config/reactivate/debian/changelog
trunk/debathena/config/reactivate/debian/debathena-reactivate.install
Log:
In cluster-login-config:
* Unset the root password if the machine is a quickstation.
In reactivate:
* Don't put the user in a login snapshot on a quickstation.
Modified: trunk/debathena/config/cluster-login-config/debian/athena-root-password
===================================================================
--- trunk/debathena/config/cluster-login-config/debian/athena-root-password 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/cluster-login-config/debian/athena-root-password 2009-10-07 15:45:54 UTC (rev 24057)
@@ -2,10 +2,14 @@
# Sets the Athena root password based on a hashed value stored in AFS.
-pfile=/afs/athena.mit.edu/system/config/passwd/athena10/rootpw
-if [ -r $pfile ]; then
- pw=$(cat $pfile)
- if [ -n "$pw" ]; then
- usermod -p "$pw" root
- fi
+if [ "$(machtype -q)" != "quickstation" ]; then
+ pfile=/afs/athena.mit.edu/system/config/passwd/athena10/rootpw
+ if [ -r $pfile ]; then
+ pw=$(cat $pfile)
+ if [ -n "$pw" ]; then
+ usermod -p "$pw" root
+ fi
+ fi
+else
+ passwd -l root
fi
Modified: trunk/debathena/config/cluster-login-config/debian/changelog
===================================================================
--- trunk/debathena/config/cluster-login-config/debian/changelog 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/cluster-login-config/debian/changelog 2009-10-07 15:45:54 UTC (rev 24057)
@@ -1,3 +1,9 @@
+debathena-cluster-login-config (1.16) unstable; urgency=low
+
+ * Unset the root password if the machine is a quickstation.
+
+ -- Evan Broder <broder@mit.edu> Wed, 07 Oct 2009 00:58:39 -0400
+
debathena-cluster-login-config (1.15) unstable; urgency=low
* Make sure DNS servers are listed in /etc/network/interfaces to fix a
Modified: trunk/debathena/config/cluster-login-config/debian/control.in
===================================================================
--- trunk/debathena/config/cluster-login-config/debian/control.in 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/cluster-login-config/debian/control.in 2009-10-07 15:45:54 UTC (rev 24057)
@@ -7,7 +7,7 @@
Package: debathena-cluster-login-config
Architecture: all
-Depends: debathena-machtype, debathena-afs-config, debathena-gdm-config, debathena-kiosk, gconf2, gnome-screensaver, kexec-tools, update-notifier-common
+Depends: debathena-machtype, debathena-afs-config, debathena-gdm-config, debathena-kiosk, gconf2, gnome-screensaver, kexec-tools, update-notifier-common, debathena-machtype (>= 10.0.2-0debathena1~)
Provides: ${diverted-files}
Conflicts: ${diverted-files}
Description: Login configuration for Athena cluster machines
Modified: trunk/debathena/config/reactivate/debian/01debathena-reactivate-cleanup
===================================================================
--- trunk/debathena/config/reactivate/debian/01debathena-reactivate-cleanup 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/01debathena-reactivate-cleanup 2009-10-07 15:45:54 UTC (rev 24057)
@@ -5,5 +5,7 @@
# Set the volume to zero for all sound cards, and save that state.
invoke-rc.d debathena-reactivate start
-# Clean up the login snapshot.
-athena-login-snapshot login-end
+if [ "$(machtype -q)" != "quickstation" ]; then
+ # Clean up the login snapshot.
+ athena-login-snapshot login-end
+fi
Modified: trunk/debathena/config/reactivate/debian/99debathena-reactivate-setup
===================================================================
--- trunk/debathena/config/reactivate/debian/99debathena-reactivate-setup 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/99debathena-reactivate-setup 2009-10-07 15:45:54 UTC (rev 24057)
@@ -1,5 +1,7 @@
# This script is sourced (not executed) as root at the beginning of a
# gdm login session. gdm blocks until it finishes.
-# Create a login chroot for this login session.
-athena-login-snapshot login-start || exit
+if [ "$(machtype -q)" != "quickstation" ]; then
+ # Create a login chroot for this login session.
+ athena-login-snapshot login-start || exit
+fi
Modified: trunk/debathena/config/reactivate/debian/Xsession.debathena
===================================================================
--- trunk/debathena/config/reactivate/debian/Xsession.debathena 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/Xsession.debathena 2009-10-07 15:45:54 UTC (rev 24057)
@@ -1,7 +1,10 @@
#!/bin/sh
-# We wrap the Xsession in sudo because it runs initgroups(3) /after/
-# being chrooted, which puts users back in the groups we added them to
-# in athena-login-snapshot
-
-exec schroot -c login -p -- sudo -E -u "$USER" -- /etc/gdm/Xsession.debathena-orig "$@"
+if [ "$(machtype -q)" != "quickstation" ]; then
+ # We wrap the Xsession in sudo because it runs initgroups(3)
+ # /after/ being chrooted, which puts users back in the groups we
+ # added them to in athena-login-snapshot
+ exec schroot -c login -p -- sudo -E -u "$USER" -- /etc/gdm/Xsession.debathena-orig "$@"
+else
+ exec /etc/gdm/Xsession.debathena-orig "$@"
+fi
Modified: trunk/debathena/config/reactivate/debian/athena-login-snapshot
===================================================================
--- trunk/debathena/config/reactivate/debian/athena-login-snapshot 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/athena-login-snapshot 2009-10-07 15:45:54 UTC (rev 24057)
@@ -103,6 +103,11 @@
v chroot /login gpasswd -a "$USER" "$group"
done
+ # Update the su and sudo warnings within the chroot (outside the
+ # chroot, you tell you that you can't become root)
+ mv /login/etc/athena/su-warning.chroot /login/etc/athena/su-warning
+ mv /login/etc/athena/sudo-warning.chroot /login/etc/athena/sudo-warning
+
# There are some daemons that should be running inside the
# chroot. For example, changes to CUPS config shouldn't persist
# between sessions.
Modified: trunk/debathena/config/reactivate/debian/changelog
===================================================================
--- trunk/debathena/config/reactivate/debian/changelog 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/changelog 2009-10-07 15:45:54 UTC (rev 24057)
@@ -1,3 +1,9 @@
+debathena-reactivate (1.25) unstable; urgency=low
+
+ * Don't put the user in a login snapshot on a quickstation.
+
+ -- Evan Broder <broder@mit.edu> Wed, 07 Oct 2009 11:45:09 -0400
+
debathena-reactivate (1.24) unstable; urgency=low
* Change back to mounting the login snapshot as ext3, since that was
Modified: trunk/debathena/config/reactivate/debian/debathena-reactivate.install
===================================================================
--- trunk/debathena/config/reactivate/debian/debathena-reactivate.install 2009-10-07 04:45:24 UTC (rev 24056)
+++ trunk/debathena/config/reactivate/debian/debathena-reactivate.install 2009-10-07 15:45:54 UTC (rev 24057)
@@ -6,3 +6,5 @@
debian/policy-rc.d usr/sbin
debian/sudo-warning etc/athena
debian/su-warning etc/athena
+debian/sudo-warning.chroot etc/athena
+debian/su-warning.chroot etc/athena
Deleted: trunk/debathena/config/reactivate/debian/su-warning
Copied: trunk/debathena/config/reactivate/debian/su-warning.chroot (from rev 24053, trunk/debathena/config/reactivate/debian/su-warning)
Property changes on: trunk/debathena/config/reactivate/debian/su-warning.chroot
___________________________________________________________________
Name: svn:mergeinfo
+
Deleted: trunk/debathena/config/reactivate/debian/sudo-warning
Copied: trunk/debathena/config/reactivate/debian/sudo-warning.chroot (from rev 24053, trunk/debathena/config/reactivate/debian/sudo-warning)
Property changes on: trunk/debathena/config/reactivate/debian/sudo-warning.chroot
___________________________________________________________________
Name: svn:mergeinfo
+
