From cfee1178cf81ce68cc7212b5bbe55caf0768ae2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Fri, 10 Jan 2020 09:09:56 +0100
Subject: [PATCH] Updated the scripts for OpenDSA - nologin on the account.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Filip Strömbäck <filip.stromback@liu.se>
---
files/opendsa/manage.sh | 15 +++++++++++++--
files/sudoers_aes | 2 +-
manifests/opendsa.pp | 5 ++---
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/files/opendsa/manage.sh b/files/opendsa/manage.sh
index 32cf02c..f8b0f5c 100755
--- a/files/opendsa/manage.sh
+++ b/files/opendsa/manage.sh
@@ -1,8 +1,19 @@
#!/bin/bash
+
+OPENDSA_HOME="/srv/opendsa"
+
if [ $# == 0 ]
then
echo "This script is only intended for managing the server. Please provide one argument as an action!"
exit 1
fi
-cd ~/OpenDSA/server/
-~/OpenDSA/server/main.py "$@"
+
+if [[ $(whoami) != "opendsa" ]]
+then
+ sudo -u opendsa $OPENDSA_HOME/manage.sh "$@"
+ exit $?
+fi
+
+cd $OPENDSA_HOME/OpenDSA/server/
+$OPENDSA_HOME/OpenDSA/server/main.py "$@"
+exit $?
diff --git a/files/sudoers_aes b/files/sudoers_aes
index 01e92de..7a58779 100644
--- a/files/sudoers_aes
+++ b/files/sudoers_aes
@@ -2,7 +2,7 @@ klaar36 ALL=(ALL) NOPASSWD: ALL
filst04 ALL=(ALL) NOPASSWD: ALL
User_Alias EXAM_ADMINS = torjo38, klaar36, vikol94, magni54, filst04
-Runas_Alias EXAM_USER = examadm, %examadm
+Runas_Alias EXAM_USER = examadm, %examadm, opendsa, %opendsa
Cmnd_Alias SERVICE_CMDS = /usr/bin/systemctl /usr/bin/less
diff --git a/manifests/opendsa.pp b/manifests/opendsa.pp
index 2c4ed51..632f7f0 100644
--- a/manifests/opendsa.pp
+++ b/manifests/opendsa.pp
@@ -12,8 +12,7 @@ class aes::opendsa {
managehome => false,
membership => inclusive,
system => true,
- # Do we need login shell. YES
- shell => '/bin/bash',
+ shell => '/sbin/nologin',
}
file { "${opendsa_home}":
@@ -63,7 +62,7 @@ class aes::opendsa {
ensure => present,
owner => "${opendsa_user}",
group => "${opendsa_group}",
- mode => '0751',
+ mode => '0755',
source => "puppet:///modules/${module_name}/opendsa/manage.sh",
}
--
GitLab