Commit 9f0487d1 authored by Leigh B. Stoller's avatar Leigh B. Stoller

More fixes to last revision; need to reorder operations a bit.

parent 0c267b15
...@@ -41,6 +41,8 @@ post-install: ...@@ -41,6 +41,8 @@ post-install:
chmod u+s $(INSTALL_SBINDIR)/genelists chmod u+s $(INSTALL_SBINDIR)/genelists
chown root $(INSTALL_SBINDIR)/dhcpd_makeconf chown root $(INSTALL_SBINDIR)/dhcpd_makeconf
chmod u+s $(INSTALL_SBINDIR)/dhcpd_makeconf chmod u+s $(INSTALL_SBINDIR)/dhcpd_makeconf
chown root $(INSTALL_SBINDIR)/elabinelab_bossinit
chmod u+s $(INSTALL_SBINDIR)/elabinelab_bossinit
# #
# Control node installation (okay, plastic) # Control node installation (okay, plastic)
......
#!/usr/bin/perl -w #!/usr/bin/perl -wT
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2004 University of Utah and the Flux Group.
...@@ -25,6 +25,7 @@ my $debug = 0; ...@@ -25,6 +25,7 @@ my $debug = 0;
my $TB = "@prefix@"; my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@"; my $TBOPS = "@TBOPSEMAIL@";
my $ELABINELAB = @ELABINELAB@; my $ELABINELAB = @ELABINELAB@;
my $SAVEUID = $UID;
# un-taint path # un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin'; $ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
...@@ -46,6 +47,13 @@ if (!TBAdmin($UID)) { ...@@ -46,6 +47,13 @@ if (!TBAdmin($UID)) {
die("*** $0:\n". die("*** $0:\n".
" Only TB administrators can run this script!\n"); " Only TB administrators can run this script!\n");
} }
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be root! Maybe its a development version?\n");
}
# #
# Parse command arguments. Once we return from getopts, all that should # Parse command arguments. Once we return from getopts, all that should
...@@ -64,40 +72,72 @@ usage() ...@@ -64,40 +72,72 @@ usage()
my $pid = shift(); my $pid = shift();
# #
# Build the project. # Untaint the arguments.
# #
mysystem("$TB/sbin/mkproj $pid"); if ($pid =~ /^([-\w]+)$/) {
$pid = $1;
}
else {
die("Tainted argument $pid!\n");
}
# #
# Get the list of subgroups in the project and create those groups. # Shift to real user for these scripts.
# #
my $query_result = $EUID = $UID;
DBQueryFatal("select gid from groups where pid='$pid' and pid!=gid");
while (my ($gid) = $query_result->fetchrow_array()) { #
mysystem("$TB/sbin/mkgroup $pid $gid"); # Build the project.
} #
#mysystem("$TB/sbin/mkproj $pid");
# #
# Get the list of users and admin status. Admin users get a real shell # Get the list of users and admin status. Admin users get a real shell
# on boss. Create the users, and then set their groups. # on boss. Create the users, and not that we have to do this before the
# groups are created (tbacct add does not do a setgroups).
# #
$query_result = my $users_result =
DBQueryFatal("select distinct u.uid,u.admin from group_membership as m ". DBQueryFatal("select distinct u.uid,u.admin from group_membership as m ".
"left join users as u on u.uid=m.uid ". "left join users as u on u.uid=m.uid ".
"where u.status='" . USERSTATUS_ACTIVE() . "'"); "where u.status='" . USERSTATUS_ACTIVE() . "'");
while (my ($uid,$admin) = $query_result->fetchrow_array()) { while (my ($uid,$admin) = $users_result->fetchrow_array()) {
next
if ($uid eq "elabman");
mysystem("$TB/sbin/tbacct add $uid"); mysystem("$TB/sbin/tbacct add $uid");
if ($admin) { if ($admin) {
# Add admin users to group wheel for convenience. # Add admin users to group wheel for convenience.
DBQueryFatal("insert into unixgroup_membership ". DBQueryFatal("replace into unixgroup_membership ".
"values ('$uid','wheel')"); "values ('$uid','wheel')");
} }
mysystem("$TB/sbin/setgroups $uid");
if ($admin) { if ($admin) {
# Flip back to root for pw command.
$EUID = 0;
mysystem("pw usermod -n $uid -s /bin/tcsh"); mysystem("pw usermod -n $uid -s /bin/tcsh");
$EUID = $UID;
} }
} }
#
# Get the list of subgroups in the project and create those groups.
#
my $query_result =
DBQueryFatal("select gid from groups where pid='$pid' and pid!=gid");
while (my ($gid) = $query_result->fetchrow_array()) {
mysystem("$TB/sbin/mkgroup $pid $gid");
}
#
# Now do a setgroups.
#
$users_result->dataseek(0);
while (my ($uid,$admin) = $users_result->fetchrow_array()) {
next
if ($uid eq "elabman");
mysystem("$TB/sbin/setgroups $uid");
}
# #
# Run a command string. # Run a command string.
# #
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment