Attachment 1659 Details for Bug 3921 – Proposed work around to ensure we always end up with xguest in denyusers file when installed

[patch] Proposed work around to ensure we always end up with xguest in denyusers file when installed

xguest.diff (text/plain), 2.59 KB, created by Remco Rijnders on 2012-02-29 17:32:51 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Remco Rijnders

Created: 2012-02-29 17:32:51 CET

Size: 2.59 KB

patch

obsolete

>Index: SOURCES/xguest.script
>===================================================================
>--- SOURCES/xguest.script	(revision 0)
>+++ SOURCES/xguest.script	(revision 0)
>@@ -0,0 +1,7 @@
>+#!/bin/sh
>+if [ -e /etc/ssh/denyusers ]; then
>+        if ! grep -q xguest /etc/ssh/denyusers; then
>+                echo xguest >> /etc/ssh/denyusers
>+        fi
>+fi
>+
>Index: SOURCES/xguest.filter
>===================================================================
>--- SOURCES/xguest.filter	(revision 0)
>+++ SOURCES/xguest.filter	(revision 0)
>@@ -0,0 +1 @@
>+^\+/etc/ssh/denyusers
>Index: SPECS/xguest.spec
>===================================================================
>--- SPECS/xguest.spec	(revision 216002)
>+++ SPECS/xguest.spec	(working copy)
>@@ -1,12 +1,14 @@
> Summary:	Creates xguest user as a locked down user 
> Name:		xguest
> Version: 	1.0.10
>-Release: 	%mkrel 5
>+Release: 	%mkrel 6
> License: 	GPLv2+
> Group:   	System/Base
> BuildArch: 	noarch
> Source:  	http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
> Source10: 	mkxguesthome
>+Source11:	xguest.filter
>+Source12:	xguest.script
> patch:   	xguest-namespace.patch
> # (tv) prevent accessing other people accounts:
> patch1: 	xguest-namespace2.patch
>@@ -16,6 +18,7 @@
> Requires(post):	python-sabayon
> 
> %define grp_option -U
>+#%_filetriggers_dir /var/lib/rpm/filetriggers
> 
> # TODO:
> # - check if /usr/sbin/gdm-safe-restart is needed in /etc/X11.gdm/PostSession/Default
>@@ -41,10 +44,13 @@
> %install
> %{__mkdir} -p %{buildroot}/%{_sysconfdir}/desktop-profiles
> %{__mkdir} -p %{buildroot}/%{_sysconfdir}/security/namespace.d/ls
>+%{__mkdir} -p %{buildroot}%{_filetriggers_dir}
> install -m0644 xguest.zip %{buildroot}/%{_sysconfdir}/desktop-profiles/
> install -m0644 xguest.conf %{buildroot}/%{_sysconfdir}/security/namespace.d/
> 
> install -m0755 %SOURCE10 %{buildroot}%{_sysconfdir}/security/namespace.d/
>+install -m0644 %SOURCE11 %{buildroot}%_filetriggers_dir/
>+install -m0755 %SOURCE12 %{buildroot}%_filetriggers_dir/
> 
> # (tv) Using UID higher than UID_MAX=60000 from /etc/login.defs:
> mkdir -p %{buildroot}%{_bindir}
>@@ -77,8 +83,10 @@
> __eof
> 
> # prevent remote login:
>-if ! grep -q xguest /etc/ssh/denyusers; then
>-	echo xguest >> /etc/ssh/denyusers
>+if [ -e /etc/ssh/denyusers ]; then
>+	if ! grep -q xguest /etc/ssh/denyusers; then
>+		echo xguest >> /etc/ssh/denyusers
>+	fi
> fi
> 
> # prevent accessing most configuration tools (mcc still available with root password)
>@@ -99,6 +107,7 @@
> %config(noreplace) %{_sysconfdir}/desktop-profiles/xguest.zip
> %{_sysconfdir}/security/namespace.d/
> %doc README LICENSE
>+%{_filetriggers_dir}/xguest.*
> 
> %preun
> if [ $1 -eq 0 ]; then

Index: SOURCES/xguest.script
===================================================================
--- SOURCES/xguest.script	(revision 0)
+++ SOURCES/xguest.script	(revision 0)
@@ -0,0 +1,7 @@
+#!/bin/sh
+if [ -e /etc/ssh/denyusers ]; then
+        if ! grep -q xguest /etc/ssh/denyusers; then
+                echo xguest >> /etc/ssh/denyusers
+        fi
+fi
+
Index: SOURCES/xguest.filter
===================================================================
--- SOURCES/xguest.filter	(revision 0)
+++ SOURCES/xguest.filter	(revision 0)
@@ -0,0 +1 @@
+^\+/etc/ssh/denyusers
Index: SPECS/xguest.spec
===================================================================
--- SPECS/xguest.spec	(revision 216002)
+++ SPECS/xguest.spec	(working copy)
@@ -1,12 +1,14 @@
 Summary:	Creates xguest user as a locked down user 
 Name:		xguest
 Version: 	1.0.10
-Release: 	%mkrel 5
+Release: 	%mkrel 6
 License: 	GPLv2+
 Group:   	System/Base
 BuildArch: 	noarch
 Source:  	http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
 Source10: 	mkxguesthome
+Source11:	xguest.filter
+Source12:	xguest.script
 patch:   	xguest-namespace.patch
 # (tv) prevent accessing other people accounts:
 patch1: 	xguest-namespace2.patch
@@ -16,6 +18,7 @@
 Requires(post):	python-sabayon
 
 %define grp_option -U
+#%_filetriggers_dir /var/lib/rpm/filetriggers
 
 # TODO:
 # - check if /usr/sbin/gdm-safe-restart is needed in /etc/X11.gdm/PostSession/Default
@@ -41,10 +44,13 @@
 %install
 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/desktop-profiles
 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/security/namespace.d/ls
+%{__mkdir} -p %{buildroot}%{_filetriggers_dir}
 install -m0644 xguest.zip %{buildroot}/%{_sysconfdir}/desktop-profiles/
 install -m0644 xguest.conf %{buildroot}/%{_sysconfdir}/security/namespace.d/
 
 install -m0755 %SOURCE10 %{buildroot}%{_sysconfdir}/security/namespace.d/
+install -m0644 %SOURCE11 %{buildroot}%_filetriggers_dir/
+install -m0755 %SOURCE12 %{buildroot}%_filetriggers_dir/
 
 # (tv) Using UID higher than UID_MAX=60000 from /etc/login.defs:
 mkdir -p %{buildroot}%{_bindir}
@@ -77,8 +83,10 @@
 __eof
 
 # prevent remote login:
-if ! grep -q xguest /etc/ssh/denyusers; then
-	echo xguest >> /etc/ssh/denyusers
+if [ -e /etc/ssh/denyusers ]; then
+	if ! grep -q xguest /etc/ssh/denyusers; then
+		echo xguest >> /etc/ssh/denyusers
+	fi
 fi
 
 # prevent accessing most configuration tools (mcc still available with root password)
@@ -99,6 +107,7 @@
 %config(noreplace) %{_sysconfdir}/desktop-profiles/xguest.zip
 %{_sysconfdir}/security/namespace.d/
 %doc README LICENSE
+%{_filetriggers_dir}/xguest.*
 
 %preun
 if [ $1 -eq 0 ]; then

Actions: View | Diff

Attachments on bug 3921: 1659