From e2f2cbe5ab9c0acb78dcc24074baa517a57ac406 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Thu, 6 Mar 2008 21:45:33 -0600 Subject: [PATCH 1/4] The most likely thing they'd do after a user creation is change the password. Might as well make it easy on them --- fas/fas/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fas/fas/user.py b/fas/fas/user.py index a86173b..8df5ae8 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -352,7 +352,7 @@ forward to working with you! turbomail.enqueue(message) person.password = newpass['hash'] turbogears.flash(_('Your password has been emailed to you. Please log in with it and change your password')) - turbogears.redirect('/login') + turbogears.redirect('/user/changepass') except KeyError: turbogears.flash(_("The username '%s' already Exists. Please choose a different username.") % username) turbogears.redirect('/user/new') From 245e267ac4aa8dc1ea3022fd6e56157058601910 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Thu, 6 Mar 2008 22:16:33 -0600 Subject: [PATCH 2/4] added something to the todo --- fas/TODO | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fas/TODO b/fas/TODO index 5413554..90e889d 100644 --- a/fas/TODO +++ b/fas/TODO @@ -8,3 +8,7 @@ validate_password(): (like md5). The one thing about that is we have to figure out how system passwords use salt, etc. That way we'll be able to use this with make_shell_accounts. + +fasClient.py +--------------- +Proper logging From 88bc55e60a83ac2d69d5a73f68c78689125ed56f Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Thu, 6 Mar 2008 22:34:36 -0600 Subject: [PATCH 3/4] dirs now removed when users get removed from valid groups --- fas/client/fas.conf | 16 +++++++++++++++- fas/client/fasClient.py | 16 ++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/fas/client/fas.conf b/fas/client/fas.conf index a03478e..b54001e 100644 --- a/fas/client/fas.conf +++ b/fas/client/fas.conf @@ -1,7 +1,14 @@ [global] +; url - Location to fas server url = http://localhost:8088/accounts/ + +; temp - Location to generate files while user creation process is happening temp = /var/db + +; login - username to contact fas login = admin + +; password - password for login name password = admin [host] @@ -22,8 +29,15 @@ restricted_groups = sysadmin ssh_restricted_groups = [users] -# default user info +; default shell given to people in [host] groups shell = /bin/bash + +; home - the location for fas user home dirs home = /home/fedora + +; home_backup_dir - Location home dirs should get moved to when a user is +; deleted this location should be tmpwatched +home_backup_dir = /tmp/fedora + ssh_restricted_app = restricted_shell = /sbin/nologin diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index f3cbe2d..e11c392 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -271,6 +271,21 @@ class MakeShellAccounts(BaseClient): copytree('/etc/skel/', home_dir) os.path.walk(home_dir, _chown, [person['id'], person['id']]) + def remove_stale_homedirs(self): + ''' Remove homedirs of users that no longer have access ''' + home_base = config.get('users', 'home') + try: + home_backup_dir = config.get('users', 'home_backup_dir') + except ConfigParser.NoOptionError: + home_backup_dir = '/var/tmp/' + users = os.listdir(home_base) + for user in users: + if not self.valid_user(user): + if not os.path.exists(home_backup_dir): + os.makedirs(home_backup_dir) + syslog.syslog('Backed up %s to %s' % (user, home_backup_dir)) + move(os.path.join(home_base, user), os.path.join(home_backup_dir, user)) + def enable(): temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) @@ -334,6 +349,7 @@ if __name__ == '__main__': fas.install_shadow_db() if not opts.no_home_dirs: fas.create_homedirs() + fas.remove_stale_homedirs() fas.rm_tempdir() if not (opts.install or opts.enable or opts.disable): parser.print_help() From ea265147b35aa983b96df545f51a2eae3834bf89 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Thu, 6 Mar 2008 22:59:24 -0600 Subject: [PATCH 4/4] ssh keys work now --- fas/client/fasClient.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index e11c392..ddf7215 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -65,6 +65,11 @@ parser.add_option('--nohome', default = False, action = 'store_true', help = _('Do not create home dirs')) +parser.add_option('--nossh', + dest = 'no_ssh_keys', + default = False, + action = 'store_true', + help = _('Do not create ssh keys')) parser.add_option('-s', '--server', dest = 'FAS_URL', @@ -286,6 +291,22 @@ class MakeShellAccounts(BaseClient): syslog.syslog('Backed up %s to %s' % (user, home_backup_dir)) move(os.path.join(home_base, user), os.path.join(home_backup_dir, user)) + def create_ssh_keys(self): + ''' Create ssh keys ''' + home_base = config.get('users', 'home') + for person in self.people: + username = person['username'] + if self.valid_user(username): + ssh_dir = os.path.join(home_base, username, '.ssh') + if person['ssh_key']: + if not os.path.exists(ssh_dir): + os.makedirs(ssh_dir, mode=0700) + f = open(os.path.join(ssh_dir, 'authorized_keys'), 'w') + f.write(person['ssh_key']) + f.close() + os.chmod(os.path.join(ssh_dir, 'authorized_keys'), 0600) + os.path.walk(ssh_dir, _chown, [person['id'], person['id']]) + def enable(): temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) @@ -350,6 +371,8 @@ if __name__ == '__main__': if not opts.no_home_dirs: fas.create_homedirs() fas.remove_stale_homedirs() + if not opts.no_ssh_keys: + fas.create_ssh_keys() fas.rm_tempdir() if not (opts.install or opts.enable or opts.disable): parser.print_help()