it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

umount all user mounts on logout

Browse source
This commit is contained in:
Raphael Dannecker 2023-08-16 10:01:37 +02:00
parent 67a9d1e6ef
commit cc4010b1bb
6 changed files with 52 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/lmn_kde/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.debconf: ansible.builtin.debconf:
name: wireshark-common name: wireshark-common
question: wireshark-common/install-setuid question: wireshark-common/install-setuid
value: true value: 'true'
vtype: boolean vtype: boolean
- name: Preseed ttf-mscorefonts-installer - name: Preseed ttf-mscorefonts-installer

3
roles/lmn_mount/files/lmn-mounthome.sh Normal file
View file

@ -0,0 +1,3 @@
if [[ "${UID}" -gt 60000 ]]; then
sudo /usr/local/bin/mounthome.sh &
fi

18
roles/lmn_mount/tasks/main.yml
View file

@ -25,8 +25,8 @@
<volume <volume
fstype="cifs" fstype="cifs"
server="{{ smb_server }}" server="{{ smb_server }}"
path="{{ smb_share }}" path="{{ smb_share }}share"
mountpoint="/lmn/media/%(USER)/.default-school" mountpoint="/lmn/media/%(USER)/share"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl" options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not> ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
</volume> </volume>
@ -78,17 +78,25 @@
line: KillUserProcesses=yes line: KillUserProcesses=yes
insertafter: '#KillUserProcesses=no' insertafter: '#KillUserProcesses=no'
- name: Umount all user-mounts on logout
blockinfile:
dest: /usr/share/sddm/scripts/Xstop
block: |
for i in $(mount | /usr/bin/grep "/lmn/media/" | /usr/bin/cut -f 3 -d ' '); do
umount $i
done
umount /srv/samba/schools/default-school
- name: Deploy script to generate links in /lmn/media/$USER/ - name: Deploy script to generate links in /lmn/media/$USER/
copy: copy:
src: lmn-linkhome.sh src: lmn-mounthome.sh
dest: /etc/profile.d/ dest: /etc/profile.d/
mode: '0644' mode: '0644'
when: false
- name: Bind mount lmn/media with nosuid directory - name: Bind mount lmn/media with nosuid directory
ansible.posix.mount: ansible.posix.mount:
src: /lmn/media src: /lmn/media
path: /lmn/nosuidmedia path: /lmn/media
opts: nosuid,bind opts: nosuid,bind
state: present state: present
fstype: none fstype: none

52
roles/lmn_vm/files/mounthome.sh
View file

@ -5,17 +5,24 @@ home="$(getent passwd "$SUDO_UID" | cut -d : -f 6 | sed 's|/srv/samba/schools/de
exit_script() { exit_script() {
echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log" echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome" findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome" findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
trap - SIGHUP SIGINT SIGTERM # clear the trap
kill -- -$$ # Sends SIGTERM to child/sub processes
}
exit_script_home() {
echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
umount "/lmn/media/${SUDO_USER}/home"
trap - SIGHUP SIGINT SIGTERM # clear the trap trap - SIGHUP SIGINT SIGTERM # clear the trap
kill -- -$$ # Sends SIGTERM to child/sub processes kill -- -$$ # Sends SIGTERM to child/sub processes
} }
if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then
findmnt "/media/${SUDO_USER}/home" && umount "/media/${SUDO_USER}/home" && rmdir "/media/${SUDO_USER}/home" findmnt "/lmn/media/${SUDO_USER}/home" && umount "/lmn/media/${SUDO_USER}/home" && rmdir "/lmn/media/${SUDO_USER}/home"
#findmnt "/media/${SUDO_USER}/share" && umount "/media/${SUDO_USER}/share" && rmdir "/media/${SUDO_USER}/share" #findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share" && rmdir "/lmn/media/${SUDO_USER}/share"
findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome" findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome" findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
echo "Einbinden der Daten des alten/bisherigen Systems (PaedML Novell)." echo "Einbinden der Daten des alten/bisherigen Systems (PaedML Novell)."
echo "Bitte den Username und Passwort aus dem ALTEN System eingeben." echo "Bitte den Username und Passwort aus dem ALTEN System eingeben."
@ -23,12 +30,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
read -srp "Passwort: " PASSWD read -srp "Passwort: " PASSWD
export PASSWD export PASSWD
echo echo
mkdir -p "/media/${SUDO_USER}/oldhome" mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
#errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \ #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
# "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome") # "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
#if [[ ! "${errcode}" ]]; then #if [[ ! "${errcode}" ]]; then
mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
"//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome" "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
#echo "Mounting successfull!" #echo "Mounting successfull!"
echo "Einbindung erfolgreich!" echo "Einbindung erfolgreich!"
echo "Dieses Fenster bitte nicht schließen!" echo "Dieses Fenster bitte nicht schließen!"
@ -40,9 +47,9 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
echo "Bitte den Username und Passwort aus dem ALTEN System (PaedML Novell) eingeben." echo "Bitte den Username und Passwort aus dem ALTEN System (PaedML Novell) eingeben."
echo "Bitte auch Groß- und Kleinschreibung achten." echo "Bitte auch Groß- und Kleinschreibung achten."
read -rp "Username: " username read -rp "Username: " username
mkdir -p "/media/${SUDO_USER}/linuxhome" mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \ mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \
"sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/media/${SUDO_USER}/linuxhome" "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
#echo "Mounting successfull!" #echo "Mounting successfull!"
echo "Einbindung erfolgreich!" echo "Einbindung erfolgreich!"
echo "Dieses Fenster bitte nicht schließen!" echo "Dieses Fenster bitte nicht schließen!"
@ -54,19 +61,22 @@ else
#chown "${SUDO_USER}:1010" "/media/${SUDO_USER}" #chown "${SUDO_USER}:1010" "/media/${SUDO_USER}"
chgrp 1010 "/lmn/media/${SUDO_USER}" chgrp 1010 "/lmn/media/${SUDO_USER}"
chmod 0770 "/lmn/media/${SUDO_USER}" chmod 0770 "/lmn/media/${SUDO_USER}"
if ! findmnt "/lmn/media/${SUDO_USER}/share"; then #if ! findmnt "/lmn/media/${SUDO_USER}/share"; then
[[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share" # [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share"
mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share" # mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share"
fi #fi
if ! findmnt "/lmn/media/${SUDO_USER}/home"; then if ! findmnt "/lmn/media/${SUDO_USER}/home"; then
[[ -d "/lmn/media/${SUDO_USER}/home" ]] || mkdir "/lmn/media/${SUDO_USER}/home" [[ -d "/lmn/media/${SUDO_USER}/home" ]] || mkdir "/lmn/media/${SUDO_USER}/home"
home="$(getent passwd $SUDO_USER | cut -d: -f6)" home="$(getent passwd $SUDO_USER | cut -d: -f6)"
mount --bind "/lmn/media/${SUDO_USER}/.default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home" mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,nobrl,mfsymlinks" \
"//server/default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home"
trap exit_script_home SIGHUP SIGINT SIGTERM
sleep infinity
fi fi
#mkdir -p "/media/${SUDO_USER}/home" #mkdir -p "/lmn/media/${SUDO_USER}/home"
#mkdir -p "/media/${SUDO_USER}/share" #mkdir -p "/lmn/media/${SUDO_USER}/share"
#mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \ #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
# "//server/default-school/${home}" "/media/${SUDO_USER}/home" # "//server/default-school/${home}" "/lmn/media/${SUDO_USER}/home"
#mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \ #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
# "//server/default-school/share" "/media/${SUDO_USER}/share" # "//server/default-school/share" "/lmn/media/${SUDO_USER}/share"
fi fi

5
roles/lmn_vm/files/run-vm.sh
View file

@ -108,7 +108,7 @@ fi
## check, if we have to mount home ## check, if we have to mount home
#if ! findmnt "/media/${USER}/home"; then #if ! findmnt "/media/${USER}/home"; then
# echo "mounting home." # echo "mounting home."
sudo mounthome.sh sudo mounthome.sh &
#fi #fi
# because virsh has problems with long pathnames, using diffent configdir # because virsh has problems with long pathnames, using diffent configdir
@ -124,9 +124,10 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist" virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
# finally, create the new vm # finally, create the new vm
virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml" virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml"
trap exit_script SIGHUP SIGINT SIGTERM #trap exit_script SIGHUP SIGINT SIGTERM
[[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}" [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}"
virsh --connect="${QEMU}" start "${VM_NAME}-clone" virsh --connect="${QEMU}" start "${VM_NAME}-clone"
fi fi
echo "starting viewer" echo "starting viewer"
trap exit_script SIGHUP SIGINT SIGTERM
virt-viewer --connect="${QEMU}" --full-screen "${VM_NAME}-clone" virt-viewer --connect="${QEMU}" --full-screen "${VM_NAME}-clone"

2
roles/lmn_vm/files/start-virtiofsd.sh
View file

@ -19,7 +19,7 @@ fi
[[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null & #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null & #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/nosuidmedia/${SUDO_USER}" -o sandbox=chroot > /dev/null & /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/media/${SUDO_USER}" -o sandbox=chroot > /dev/null &
# Wait until socket-File exists and chown to user # Wait until socket-File exists and chown to user
until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do
echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"