apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-7143: cleanup configure_login.sh code

Browse Source 
Had to change various things to make this code re-entrant. In particular,
the sed-based manipulation of /etc/sudoers is gone and replaced with a
simpler, minimal (but compatible) sudoers file.

Remove the sshd_config tuning since sshd_config is overwritten when we
apply the cloud_scripts overlay (from build.sh).
This commit is contained in:
Leo Simons 2014-07-21 11:10:59 +02:00 committed by Rohit Yadav
parent e86121db7b
commit 3f8c31b0da
1 changed files with 53 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
tools/appliance/definitions/systemvmtemplate/configure_login.sh
View File

@ -1,26 +1,49 @@
setup_accounts() {
# Setup sudo to allow no-password sudo for "admin"
groupadd -r admin
# Create a 'cloud' user if it's not there
id cloud
if [[ $? -ne 0 ]]
then
useradd -G admin cloud
else
usermod -a -G admin cloud
fi
echo "root:$ROOTPW" | chpasswd
echo "cloud:`openssl rand -base64 32`" | chpasswd
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers
# Disable password based authentication via ssh, this will take effect on next reboot
sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
# Secure ~/.ssh
mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
#!/bin/bash
set -e
set -x
function add_admin_group() {
groupadd -f -r admin
}
fix_inittab() {
function configure_cloud_user() {
usermod -a -G admin cloud
mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
echo "cloud:`openssl rand -base64 32`" | chpasswd
}
function configure_sudoers() {
cat >/etc/sudoers <<END
Defaults env_reset
Defaults exempt_group=admin
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
#includedir /etc/sudoers.d
END
echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud
}
# sshd_config is overwritten from cloud_scripts
#function configure_sshd() {
# grep "UseDNS no" /etc/ssh/sshd_config && \
# grep "PasswordAuthentication no" /etc/ssh/sshd_config && \
# return
# # Tweak sshd to prevent DNS resolution (speed up logins)
# echo 'UseDNS no' >> /etc/ssh/sshd_config
#
# # Require ssh keys for login
# sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
#}
function configure_inittab() {
grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
# Fix inittab
cat >> /etc/inittab << EOF
@ -28,5 +51,12 @@ vc:2345:respawn:/sbin/getty 38400 hvc0
EOF
}
setup_accounts
fix_inittab
function configure_login() {
add_admin_group
configure_cloud_user
configure_sudoers
# configure_sshd
configure_inittab
}
return 2>/dev/null || configure_login