diff --git a/fas/TODO b/fas/TODO index ce80c2d..d4d26b1 100644 --- a/fas/TODO +++ b/fas/TODO @@ -1,4 +1,6 @@ Things to Fix in FAS2 before declaring it done: + * fasClient.py: Proper logging + Nice-to-have things: - * Easy searching within groups (and sponsor/admin interface) + * fas/group.py: Easy searching within groups (and sponsor/admin interface) diff --git a/fas/client/fas.conf b/fas/client/fas.conf index a03478e..b54001e 100644 --- a/fas/client/fas.conf +++ b/fas/client/fas.conf @@ -1,7 +1,14 @@ [global] +; url - Location to fas server url = http://localhost:8088/accounts/ + +; temp - Location to generate files while user creation process is happening temp = /var/db + +; login - username to contact fas login = admin + +; password - password for login name password = admin [host] @@ -22,8 +29,15 @@ restricted_groups = sysadmin ssh_restricted_groups = [users] -# default user info +; default shell given to people in [host] groups shell = /bin/bash + +; home - the location for fas user home dirs home = /home/fedora + +; home_backup_dir - Location home dirs should get moved to when a user is +; deleted this location should be tmpwatched +home_backup_dir = /tmp/fedora + ssh_restricted_app = restricted_shell = /sbin/nologin diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index f3cbe2d..ddf7215 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -65,6 +65,11 @@ parser.add_option('--nohome', default = False, action = 'store_true', help = _('Do not create home dirs')) +parser.add_option('--nossh', + dest = 'no_ssh_keys', + default = False, + action = 'store_true', + help = _('Do not create ssh keys')) parser.add_option('-s', '--server', dest = 'FAS_URL', @@ -271,6 +276,37 @@ class MakeShellAccounts(BaseClient): copytree('/etc/skel/', home_dir) os.path.walk(home_dir, _chown, [person['id'], person['id']]) + def remove_stale_homedirs(self): + ''' Remove homedirs of users that no longer have access ''' + home_base = config.get('users', 'home') + try: + home_backup_dir = config.get('users', 'home_backup_dir') + except ConfigParser.NoOptionError: + home_backup_dir = '/var/tmp/' + users = os.listdir(home_base) + for user in users: + if not self.valid_user(user): + if not os.path.exists(home_backup_dir): + os.makedirs(home_backup_dir) + syslog.syslog('Backed up %s to %s' % (user, home_backup_dir)) + move(os.path.join(home_base, user), os.path.join(home_backup_dir, user)) + + def create_ssh_keys(self): + ''' Create ssh keys ''' + home_base = config.get('users', 'home') + for person in self.people: + username = person['username'] + if self.valid_user(username): + ssh_dir = os.path.join(home_base, username, '.ssh') + if person['ssh_key']: + if not os.path.exists(ssh_dir): + os.makedirs(ssh_dir, mode=0700) + f = open(os.path.join(ssh_dir, 'authorized_keys'), 'w') + f.write(person['ssh_key']) + f.close() + os.chmod(os.path.join(ssh_dir, 'authorized_keys'), 0600) + os.path.walk(ssh_dir, _chown, [person['id'], person['id']]) + def enable(): temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) @@ -334,6 +370,9 @@ if __name__ == '__main__': fas.install_shadow_db() if not opts.no_home_dirs: fas.create_homedirs() + fas.remove_stale_homedirs() + if not opts.no_ssh_keys: + fas.create_ssh_keys() fas.rm_tempdir() if not (opts.install or opts.enable or opts.disable): parser.print_help() diff --git a/fas/fas/user.py b/fas/fas/user.py index 560f23b..5ca4b01 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -355,7 +355,7 @@ forward to working with you! turbomail.enqueue(message) person.password = newpass['hash'] turbogears.flash(_('Your password has been emailed to you. Please log in with it and change your password')) - turbogears.redirect('/login') + turbogears.redirect('/user/changepass') except KeyError: turbogears.flash(_("The username '%s' already Exists. Please choose a different username.") % username) turbogears.redirect('/user/new')