diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index c2cf63c..5c650f4 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -18,7 +18,7 @@
fstype="davfs"
path="{{ web_dav }}"
mountpoint="/lmn/media/%(USER)/nextcloud"
- options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
+ options="username=%(USER),nosuid,nodev,uid=%(USER),gid=%(USERGID),grpid,file_mode=0700,dir_mode=0700,forceuid,forcegid"
>rootansibleDebian-gdmsddm{{ localuser }}
insertafter: ""
@@ -34,7 +34,7 @@
server="{{ smb_server }}"
path="{{ smb_share }}"
mountpoint="/srv/samba/schools/default-school"
- options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
+ options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
>rootansibleDebian-gdmsddm{{ localuser }}
insertafter: ""
diff --git a/roles/lmn_teacherlaptop/files/10-lmn-mount.sh b/roles/lmn_teacherlaptop/files/10-lmn-mount.sh
index 331e4e3..b7a1dfa 100755
--- a/roles/lmn_teacherlaptop/files/10-lmn-mount.sh
+++ b/roles/lmn_teacherlaptop/files/10-lmn-mount.sh
@@ -5,6 +5,7 @@ set -eu
if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p')
USERID=$(id -u "${USERNAME}")
+ GROUPID=$(id -g "${USERNAME}")
KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
export KRB5CCNAME
printenv >&2
@@ -26,13 +27,13 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
mkdir -p "/lmn/media/${USERNAME}/share"
mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
- -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+ -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
echo "after mount" >&2
mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
# FIXME: Only umount server when Wireguard-Connection was the only connection to server.
# Dirty fix (works only in fvs-IP-Range)
- if !(ip r s | grep "10.190." | grep -v wg0); then
+ if ! (ip r s | grep "10.190." | grep -v wg0); then
echo "Try to umount server shares"
umount "/lmn/media/${USERNAME}/share"
umount /srv/samba/schools/default-school
diff --git a/roles/lmn_teacherlaptop/files/mountserver b/roles/lmn_teacherlaptop/files/mountserver
index 6c7c9a2..71c61cc 100644
--- a/roles/lmn_teacherlaptop/files/mountserver
+++ b/roles/lmn_teacherlaptop/files/mountserver
@@ -17,7 +17,7 @@ chmod 777 /srv/samba/schools/default-school
mkdir -p "/lmn/media/${SUDO_USER}/share"
mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
- -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+ -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
echo "Einbindung erfolgreich!"
diff --git a/roles/lmn_vm/files/mounthome.sh b/roles/lmn_vm/files/mounthome.sh
index 5cb0405..ce63536 100755
--- a/roles/lmn_vm/files/mounthome.sh
+++ b/roles/lmn_vm/files/mounthome.sh
@@ -36,12 +36,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
echo
mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
mkdir -p "/lmn/media/${SUDO_USER}/oldprojects"
- #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
+ #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid" \
# "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
#if [[ ! "${errcode}" ]]; then
- mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
"//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
- mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
"//192.168.1.2/DATA/fvs/projekte" "/lmn/media/${SUDO_USER}/oldprojects"
#echo "Mounting successfull!"
echo "Einbindung erfolgreich!"
@@ -55,7 +55,7 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
echo "Bitte auch Groß- und Kleinschreibung achten."
read -rp "Username: " username
mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
- mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \
+ mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=${SUDO_GID},reconnect" \
"sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
#echo "Mounting successfull!"
echo "Einbindung erfolgreich!"
diff --git a/roles/lmn_vm/files/virtiofsd b/roles/lmn_vm/files/virtiofsd
index 471c24d..78b2a2d 100755
Binary files a/roles/lmn_vm/files/virtiofsd and b/roles/lmn_vm/files/virtiofsd differ
diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run
index 2fb0909..abb51fe 100755
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@@ -19,6 +19,8 @@ options:
--os OS operating system (win10|linux|..)
--data-disk size additional data-disk
--bridge virbrX additional network interface on bridge virbrX
+ --uid uid set uid on guest
+ --gid gid set gid on guest
--macvtap additional network interface on device macvtap
--options options additional options for virt-install command
EOF
@@ -109,12 +111,25 @@ create_clone() {
create_printerlist() {
## Prepare .printerlist.csv
mkdir -p "${VM_MEDIADIR}"
+ chgrp "$(id -g)" "${VM_MEDIADIR}"
echo "Name;IppURL" > "${VM_MEDIADIR}/.printerlist.csv"
for p in $(lpstat -v | cut -f 3 -d" " | sed 's/:$//'); do
echo "$p;ipp://192.168.122.1/printers/$p" >> "${VM_MEDIADIR}/.printerlist.csv"
done
}
+start_virtiofsd() {
+ # BEGIN temporary fix, while linux-starter are not migrated to --uid and --gid
+ if [[ "$LIBVIRTOSINFO" =~ debian.* ]]; then
+ [[ "$GUEST_UID" == 0 ]] && GUEST_UID=1010
+ [[ "$GUEST_GID" == 0 ]] && GUEST_GID=1010
+ fi
+ # END temporary fix
+ socket="/run/user/$(id -u $USER)/virtiofs-${VM_NAME}.sock"
+ /usr/local/bin/virtiofsd --uid-map=:${GUEST_UID}:${UID}:1: --gid-map=:${GUEST_GID}:$(id -g):1: \
+ --socket-path "$socket" --shared-dir "/lmn/media/${USER}" --syslog &
+}
+
QEMU='qemu:///session'
NEWCLONE=0
@@ -122,10 +137,12 @@ PERSISTENT=0
LIBVIRTOSINFO="win10"
LIBVIRTOPTS=""
NO_VIEWER=0
+GUEST_UID=0
+GUEST_GID=0
source /etc/lmn/vm.conf
-TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,help -n $0 -- "$@")
+TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,uid:,gid:,help -n $0 -- "$@")
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
eval set -- "$TEMP"
@@ -203,6 +220,14 @@ while true; do
LIBVIRTOSINFO=$2
shift 2
;;
+ --uid )
+ GUEST_UID=$2
+ shift 2
+ ;;
+ --gid )
+ GUEST_GID=$2
+ shift 2
+ ;;
--help )
show_help
exit 1
@@ -245,7 +270,7 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
create_printerlist
# start virtiofsd-service
- [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/vm-virtiofsd "${VM_NAME}"
+ [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd
# finally, create the new vm