From: Thomas Walker Lynch Date: Fri, 21 Jul 2023 20:07:33 +0000 (+0000) Subject: iseq nomenclature X-Git-Url: https://git.reasoningtechnology.com/style/static/git-logo.png?a=commitdiff_plain;h=95425ae76cdab676f9e37f274fbe9a48e88f4566;p=subu iseq nomenclature --- diff --git a/user/cantari/fix_mode b/user/cantari/fix_mode deleted file mode 100755 index 9faf4b8..0000000 --- a/user/cantari/fix_mode +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/python -# -# The subu admin is member of all subu users groups, so group rw enables -# administration of file. -# -# Consequently, in the subu environement we may think of the group permissions -# as 'admin permissions'. We remove x from administrator permissions because the -# administor does not want to execute user's executables. -# -# This script exists because it is possible for users to mess with the subu -# admin permissions, because they are the same as the user's group -# permissions. I should instead be using acls instead. -# -# Here is a flaw in this approach: when the administrator moves files from, say, -# Thomas/repo to Thomas/archive, the set gid bit on the archive directory causes -# the file to to have group ownership of thomas-archive, while the user remains -# thomas-repo. Now, as the thomas-archive does not own the file thomas-archive -# may not change the permissions on the file. Compounding this problem, since -# we cleared the group x bit (except for directories), thomas-archive may not -# execute the file even if he wants to. Compunding this yet further, the original -# file owner, who still owns the file, can not change the permissions because -# the original file owner has no permissions on the directory. -# -# ^^ hence the prior owner remains on the transferred file, that is kind of -# nice, so we know where the file came from - but this is not a good way to keep -# track of the history of ownership. BSD has a mode where the set UID bit on a -# directory has an analogous function to the set GID bit, but Linux does not. We -# do not know if a whole file tree was transferred, we can end up with a -# mess. The solution seems to be that the admin needs to manually 'chown -R -# target_user:target_group' the transferred files and assign them to the target -# user. -# -# Another interesting permissions use case is that of the subu repo and subu Lustucru. -# Lustuctru is a member of group repo. subu repo does not have sudo access. However -# the Lustucur project uses the chroot command, so it needs it. I did not want to give -# sudo to all repos projects, so I created subu Lustucru that does have sudo. Lustucru -# makes use of the repo/Lustucru files by being in the repo group. Now the repo group -# has two purposes, one being admin, and one to give group members access to files. This -# is not going to work because the admin set the mode bits to turn off x. I.e. there -# are conflicts between what the admin wants as a group member and what subu Lustucru wants -# as a group member. -# -# modes changes occur on the symbolic links directly, i.e. this script -# does not follow sym links. -# -# We start by clearing all mode bits that we might want cleared. Then -# we set mode bits we know we want. - -import sys -import os -import stat - -def mode_clear(mode): - return mode & ~(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH | stat.S_IXGRP) - -# files -# user is as found -# administrator is given rw permissions -# -def mode_file(mode): - mode = mode_clear(mode) - return mode | stat.S_IRGRP | stat.S_IWGRP - -# directories -# administrator is given rwx, and set gid so that files made in the directory -# will be made in the user's group, which the administrator is a member. -# -def mode_dir(mode): - mode = mode_clear(mode) - return mode | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP | stat.S_ISGID - -# By default os.walk does not follow symlinks, so dn will be a directory not a -# link to one. stat follows symlinks, lstat does not, so we use lstat -# -exclude = set(['.cache' ,'.dbus' ,'.ssh' ,'.gnupg']) -for darg in sys.argv[1:]: - if os.path.isdir(darg): - for dn, dnp1s, files in os.walk(darg): - dnp1s[:] = [d for d in dnp1s if d not in exclude] - dn_mode = os.lstat(dn).st_mode - if not stat.S_ISDIR(dn_mode): - print("os.walk returned a non directory for dn, strange, ignoring it.") - else: - os.chmod(dn ,mode_dir(dn_mode)) - for f in files: - f_path = "/".join([dn ,f]) - f_mode = os.lstat(f_path).st_mode - os.chmod(f_path ,mode_file(f_mode) ,follow_symlinks=False) - - diff --git a/user/cantari/subu b/user/cantari/subu deleted file mode 100755 index f601bb6..0000000 --- a/user/cantari/subu +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# - -# to make audio work will need to do this: -# > sudo dnf install pulseaudio-utils -# > pactl load-module module-native-protocol-tcp -# To load a specific module to the PA server, you add it to /etc/pulse/default.pa: -# I created the file because it was not there... - -#set -x - -subu=$1 -stem=$2 - - -if [ ! -x "/usr/local/bin/user-stem" ]; then - echo "no /usr/local/bin/user-stem program found (it is in the system repo)" - exit 1 -fi - -if [ -z "$subu" ]; then - echo "no subuser name supplied" - exit 1 -fi - -machine="$(hostname)" -xkey=$(xauth list | grep "$machine" | head -1 | awk '{print $3}') - -if [ -z "$xkey" ]; then - echo "xauth key not found" - exit 1 -fi - -# stem includes all characters up to the first '-' -if [ -z "$stem" ]; then - stem=$(/usr/local/bin/user-stem) -fi - -subu_username="$stem-$subu" -subu_user_directory=/home/"$stem"/"$subu"/user -bashrc="$subu_user_directory/.bashrc" -xauthority="$subu_user_directory/.Xauthority" - -read -r -d '' script0 <<-EOF - cd "$subu_user_directory" \ - ;export DISPLAY=$DISPLAY \ - ;export NO_AT_BRIDGE=1 \ - ;export PULSE_SERVER=localhost \ - ;touch "$xauthority" \ - ;xauth add "$DISPLAY" . "$xkey" \ - ;gnome-terminal --title="$subu" -EOF - - -sudo su -l "$subu_username" -c "$script0" - -#just hangs -#sudo -u "$subu_username" sh -c "$script0" - -#set +x diff --git a/user/cantari/subu_add b/user/cantari/subu_add deleted file mode 100755 index 4179307..0000000 --- a/user/cantari/subu_add +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# must have commands rsync and user-stem -# user-stem is in the system repo -# -# wish we could set the uids and gids so that backups would restore properly on other systems but it is too much trouble -# to do in a shell script. Perhaps in the python code for the actual release. - -#set -x - -subu=$1 -stem=$2 - -if [ ! -x "/usr/local/bin/user-stem" ]; then - echo "no /usr/local/bin/user-stem program found (it is in the system repo)" - exit 1 -fi - -if [ -z "$subu" ]; then - echo "no subuser name supplied" - exit 1 -fi - -# stem includes all characters up to the first '-' -if [ -z "$stem" ]; then - stem=$(/usr/local/bin/user-stem) -fi - -subu_username="$stem-$subu" -admin_username="$stem-admin" - -subu_home="/home/$stem" -subu_dir="$subu_home/$subu" -subu_user="$subu_dir"/user - -admin_home="/home/$stem/admin" -subu_initial_files="$admin_home"/user/library/subu_initial_files - -sudo useradd --badname --home-dir "$subu_dir" "$subu_username" -sudo usermod -aG "$subu_username" "$admin_username" - -if [[ ! -d "$subu_user" ]]; then - sudo mkdir "$subu_user" - sudo chown "$subu_username":"$subu_username" "$subu_user" -fi - -subu_initialize "$subu" "$stem" - - - diff --git a/user/cantari/subu_del b/user/cantari/subu_del deleted file mode 100755 index e139fba..0000000 --- a/user/cantari/subu_del +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -# must have command user-stem -# user-stem is in the system repo -# -# currently this is setup to be run by any user who has sudo - it doesn't have -# to be run by the user-admin account; though chances are it will be. -# -# userdel -r deletes both the /var/spool/mail/user and the user's home -# directory. We don't want to delete the old data just in case there is -# something important there. However we can not leave the old -# /var/spool/mail/user file under /var/spool/mail in case another subu is -# created later with the same name. Hence we will move the /var/spool/mail/user -# file into the users home directory. We will give ownership of the old home -# directory to the admin. -# -# I have run into a problem that subu users do not inherit the MAIL variable, I -# wouldn't trust it anyway. I do not know if userdel -r references the MAIL -# variable. I will hard code a local variable to /var/spool/mail. This must be -# changed for systems that put the mail spool file eleswhere. -# -# It seems that upon upgrade to Fedora 36 it stopped making a /var/spool/mail -# file for a new user. Anyway I am getting errors on that.file not existing, so -# added a conditional for if /var/spool/mail/user file - -#set -x - -subu=$1 -stem=$2 - -if [ ! -x "/usr/local/bin/user-stem" ]; then - echo "no /usr/local/bin/user-stem program found (it is in the system repo)" - exit 1 -fi - -if [ -z "$subu" ]; then - echo "no subuser name supplied" - exit 1 -fi - -# stem includes all characters up to the first '-' -if [ -z "$stem" ]; then - stem=$(/usr/local/bin/user-stem) -fi - -subu_username="$stem-$subu" -admin_username="$stem-admin" -subu_home="/home/$stem/$subu" -archive_suffix=";1" -archive_home="$subu_home$archive_suffix" -mail_source_dir="/var/spool/mail" -mail_source_file="$mail_source_dir/$subu_username" -mail_target_file="$subu_home/mail_spool" - -if ! id "$subu_username" &>/dev/null; then - echo "no such user" - exit 1 -fi - -if [ -e "$archive_home" ]; then - echo "there is already a saved directory for a deleted subu with this name, move this out of the way first: $archive_home" - exit 1 -fi -if [ ! -d "$mail_source_dir" ]; then - echo "could not find mail spooler directory: $mail_source_dir" - exit 1 -fi - -if [ -e "$mail_target_file" ]; then - echo "there is already file system object where we planned to move the deleted user's mail spool, which is here: $subu_home/mail_spool" - exit 1 -fi - -sudo killall --signal 5 --wait --user "$subu_username" && true - -if [ -e "$mail_source_file" ]; then - sudo mv "$mail_source_file" "$mail_target_file" -fi -sudo chmod -R go-rwx "$subu_home" -sudo chown -R "$admin_username":"$admin_username" "$subu_home" -mv "$subu_home" "$archive_home" -sudo groupdel -f "$subu_username" -sudo userdel "$subu_username" - -# common to follow up with rm -r and get an error that gvfs can not be deleted -# (probably better to move it trash or tmp than rm -r, and let the system clean it up later) -# rather surprising as we did a kill all on its processes -gvfs="$archive_home/.cache/gvfs" -if [ -e "$gvfs" ]; then - sudo umount "$gvfs" -fi - -#set +x diff --git a/user/cantari/subu_initialize b/user/cantari/subu_initialize deleted file mode 100755 index 8e57407..0000000 --- a/user/cantari/subu_initialize +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# symbolic links made this complicated -#set -x - -subu=$1 -stem=$2 - -if [ ! -x "/usr/local/bin/user-stem" ]; then - echo "no /usr/local/bin/user-stem program found (it is in the system repo)" - exit 1 -fi - -if [ -z "$subu" ]; then - echo "no subuser name supplied" - exit 1 -fi - -# stem includes all characters up to the first '-' -if [ -z "$stem" ]; then - stem=$(/usr/local/bin/user-stem) -fi - -subu_username="$stem-$subu" -subu_home="/home/$stem/$subu" -subu_initial_files="/home/$stem/subu_initial_files" - -# install always derefs sym links ... actually it didn't work at all here -#shopt -s dotglob -#sudo install -o "$subu_username" -g "$subu_username" -t "$subu_home" "$subu_initial_files"/* - -# free a brief moment, files that appear in the initial subu will have their subu_initial -# ownership instead of being owned by the subu -#find "$subu_initial_files" -mindepth 1 -exedir copy({} -# -execdir cp -a {} "$subu_home" \; \ -# -execdir chown -h "$subu_username":"$subu_username" "$subu_home"/{} \; -# cp --remove-destination -RP "$1" "$2" - -function copy { - s0="$1" - filename="${s0:2}" - destination_directory="$2" - username="$3" - - source_directory=$(pwd) - source_path="$source_directory"/"$filename" - destination_path="$destination_directory"/"$filename" - echo "ln -fs" "$source_path" "$destination_path" - #ln -f did work when the existing object was a file rather than anotehr link so .. - sudo rm -f "$destination_path" - sudo ln -s "$source_path" "$destination_path" - sudo chown -h "$username":"$username" "$destination_path" -} -export -f copy - -find "$subu_initial_files" -mindepth 1 -execdir \ - bash -c 'copy "$1" "$2" "$3"' _ {} "$subu_home" "$subu_username" \; - - -#set +x diff --git a/user/document/todo.txt b/user/document/todo.txt index 96099e2..7ccdf1e 100644 --- a/user/document/todo.txt +++ b/user/document/todo.txt @@ -13,5 +13,14 @@ not adjust their permissions. Hence, if the admin owns a file, though it is group of the subu, the subu can not change permissions (can not make them more permissive, or not change them at all?). +2022-10-05T12:24:06Z +Combine the repo and subu commands into one. activate becomes bashrc? add an archive script +for each subu, and a push script for each repo. +repo is similar to subu, but it does not login. Thus the environment of the caller is +still available. subu handles environment sharing through a shared bashrc file. This would +also work for repo. + +perhaps leave repo as a script, then source the script as part of the bashrc of a subu. I.e. +each repo would be a subu, only different due to running the repo script. diff --git a/user/iseq_loadable/fix_mode b/user/iseq_loadable/fix_mode new file mode 100755 index 0000000..9faf4b8 --- /dev/null +++ b/user/iseq_loadable/fix_mode @@ -0,0 +1,90 @@ +#!/bin/python +# +# The subu admin is member of all subu users groups, so group rw enables +# administration of file. +# +# Consequently, in the subu environement we may think of the group permissions +# as 'admin permissions'. We remove x from administrator permissions because the +# administor does not want to execute user's executables. +# +# This script exists because it is possible for users to mess with the subu +# admin permissions, because they are the same as the user's group +# permissions. I should instead be using acls instead. +# +# Here is a flaw in this approach: when the administrator moves files from, say, +# Thomas/repo to Thomas/archive, the set gid bit on the archive directory causes +# the file to to have group ownership of thomas-archive, while the user remains +# thomas-repo. Now, as the thomas-archive does not own the file thomas-archive +# may not change the permissions on the file. Compounding this problem, since +# we cleared the group x bit (except for directories), thomas-archive may not +# execute the file even if he wants to. Compunding this yet further, the original +# file owner, who still owns the file, can not change the permissions because +# the original file owner has no permissions on the directory. +# +# ^^ hence the prior owner remains on the transferred file, that is kind of +# nice, so we know where the file came from - but this is not a good way to keep +# track of the history of ownership. BSD has a mode where the set UID bit on a +# directory has an analogous function to the set GID bit, but Linux does not. We +# do not know if a whole file tree was transferred, we can end up with a +# mess. The solution seems to be that the admin needs to manually 'chown -R +# target_user:target_group' the transferred files and assign them to the target +# user. +# +# Another interesting permissions use case is that of the subu repo and subu Lustucru. +# Lustuctru is a member of group repo. subu repo does not have sudo access. However +# the Lustucur project uses the chroot command, so it needs it. I did not want to give +# sudo to all repos projects, so I created subu Lustucru that does have sudo. Lustucru +# makes use of the repo/Lustucru files by being in the repo group. Now the repo group +# has two purposes, one being admin, and one to give group members access to files. This +# is not going to work because the admin set the mode bits to turn off x. I.e. there +# are conflicts between what the admin wants as a group member and what subu Lustucru wants +# as a group member. +# +# modes changes occur on the symbolic links directly, i.e. this script +# does not follow sym links. +# +# We start by clearing all mode bits that we might want cleared. Then +# we set mode bits we know we want. + +import sys +import os +import stat + +def mode_clear(mode): + return mode & ~(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH | stat.S_IXGRP) + +# files +# user is as found +# administrator is given rw permissions +# +def mode_file(mode): + mode = mode_clear(mode) + return mode | stat.S_IRGRP | stat.S_IWGRP + +# directories +# administrator is given rwx, and set gid so that files made in the directory +# will be made in the user's group, which the administrator is a member. +# +def mode_dir(mode): + mode = mode_clear(mode) + return mode | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP | stat.S_ISGID + +# By default os.walk does not follow symlinks, so dn will be a directory not a +# link to one. stat follows symlinks, lstat does not, so we use lstat +# +exclude = set(['.cache' ,'.dbus' ,'.ssh' ,'.gnupg']) +for darg in sys.argv[1:]: + if os.path.isdir(darg): + for dn, dnp1s, files in os.walk(darg): + dnp1s[:] = [d for d in dnp1s if d not in exclude] + dn_mode = os.lstat(dn).st_mode + if not stat.S_ISDIR(dn_mode): + print("os.walk returned a non directory for dn, strange, ignoring it.") + else: + os.chmod(dn ,mode_dir(dn_mode)) + for f in files: + f_path = "/".join([dn ,f]) + f_mode = os.lstat(f_path).st_mode + os.chmod(f_path ,mode_file(f_mode) ,follow_symlinks=False) + + diff --git a/user/iseq_loadable/subu b/user/iseq_loadable/subu new file mode 100755 index 0000000..efabbe6 --- /dev/null +++ b/user/iseq_loadable/subu @@ -0,0 +1,68 @@ +#!/bin/bash +# + +# did not have to do this for F37, seems the pactl was already there +# to make audio work will need to do this: +# > sudo dnf install pulseaudio-utils +# > pactl load-module module-native-protocol-tcp +# To load a specific module to the PA server, you add it to /etc/pulse/default.pa: +# I created the file because it was not there... + +#set -x + +subu="$1" +shell="${@:2}" + +export HOME=$(/usr/local/bin/home) +export PATH=/usr/bin + +error=false +user=$(/usr/local/bin/user) +if [ ! $? ]; then + echo "/usr/local/bin/user failed" + error=true +fi +if [ -z "$subu" ]; then + echo "no subuser name supplied" + error=true +fi + +machine="$(hostname)" +xkey=$(xauth list | grep "$machine" | head -1 | awk '{print $3}') +if [ -z "$xkey" ]; then + echo "xauth key not found" + error=true +fi +if $error; then + exit 1 +fi + +if [ -z "$shell" ]; then + shell="gnome-terminal --title="$subu"" +fi +if [ "$shell" == "emacs" ]; then + shell="emacs --title $subu" +fi + +# SUBU_SHARE_DIR has files optionally shared among subu, e.g. bashrc +read -r -d '' script0 <<-EOF + export NO_AT_BRIDGE=1 \ + ;touch .Xauthority \ + ;xauth add "$DISPLAY" . "$xkey" \ + ;$shell +EOF + +subu_username="$user-$subu" +sudo -E su \ + -l \ + -w SUBU_SHARE_DIR,DISPLAY,PULSE_SERVER \ + -c "$script0" \ + "$subu_username" + + + + +#just hangs +#sudo -u "$subu_username" sh -c "$script0" + +#set +x diff --git a/user/iseq_loadable/subu_add b/user/iseq_loadable/subu_add new file mode 100755 index 0000000..5148b0a --- /dev/null +++ b/user/iseq_loadable/subu_add @@ -0,0 +1,54 @@ +#!/bin/bash +# must have commands rsync and user-stem +# user-stem is in the system repo +# +# wish we could set the uids and gids so that backups would restore properly on other systems but it is too much trouble +# to do in a shell script. Perhaps in the python code for the actual release. + +#set -x + + echo "deprecated due to moving to the /var/user_data/ model" + exit 1 + + + +subu=$1 +stem=$2 + +if [ ! -x "/usr/local/bin/user-stem" ]; then + echo "no /usr/local/bin/user-stem program found (it is in the system repo)" + exit 1 +fi + +if [ -z "$subu" ]; then + echo "no subuser name supplied" + exit 1 +fi + +# stem includes all characters up to the first '-' +if [ -z "$stem" ]; then + stem=$(/usr/local/bin/user-stem) +fi + +subu_username="$stem-$subu" +admin_username="$stem" + +subu_home="/home" +subu_dir="$subu_home/$subu" +subu_user="$subu_dir"/user + +admin_home="/home/$stem/admin" +subu_initial_files="$admin_home"/user/library/subu_initial_files + +sudo useradd --badname --home-dir "$subu_dir" "$subu_username" +sudo usermod -aG "$subu_username" "$admin_username" + +if [[ ! -d "$subu_user" ]]; then + sudo mkdir "$subu_user" + sudo chown "$subu_username":"$subu_username" "$subu_user" +fi + +subu_initialize "$subu" "$stem" + + + diff --git a/user/iseq_loadable/subu_del b/user/iseq_loadable/subu_del new file mode 100755 index 0000000..e139fba --- /dev/null +++ b/user/iseq_loadable/subu_del @@ -0,0 +1,92 @@ +#!/bin/bash +# must have command user-stem +# user-stem is in the system repo +# +# currently this is setup to be run by any user who has sudo - it doesn't have +# to be run by the user-admin account; though chances are it will be. +# +# userdel -r deletes both the /var/spool/mail/user and the user's home +# directory. We don't want to delete the old data just in case there is +# something important there. However we can not leave the old +# /var/spool/mail/user file under /var/spool/mail in case another subu is +# created later with the same name. Hence we will move the /var/spool/mail/user +# file into the users home directory. We will give ownership of the old home +# directory to the admin. +# +# I have run into a problem that subu users do not inherit the MAIL variable, I +# wouldn't trust it anyway. I do not know if userdel -r references the MAIL +# variable. I will hard code a local variable to /var/spool/mail. This must be +# changed for systems that put the mail spool file eleswhere. +# +# It seems that upon upgrade to Fedora 36 it stopped making a /var/spool/mail +# file for a new user. Anyway I am getting errors on that.file not existing, so +# added a conditional for if /var/spool/mail/user file + +#set -x + +subu=$1 +stem=$2 + +if [ ! -x "/usr/local/bin/user-stem" ]; then + echo "no /usr/local/bin/user-stem program found (it is in the system repo)" + exit 1 +fi + +if [ -z "$subu" ]; then + echo "no subuser name supplied" + exit 1 +fi + +# stem includes all characters up to the first '-' +if [ -z "$stem" ]; then + stem=$(/usr/local/bin/user-stem) +fi + +subu_username="$stem-$subu" +admin_username="$stem-admin" +subu_home="/home/$stem/$subu" +archive_suffix=";1" +archive_home="$subu_home$archive_suffix" +mail_source_dir="/var/spool/mail" +mail_source_file="$mail_source_dir/$subu_username" +mail_target_file="$subu_home/mail_spool" + +if ! id "$subu_username" &>/dev/null; then + echo "no such user" + exit 1 +fi + +if [ -e "$archive_home" ]; then + echo "there is already a saved directory for a deleted subu with this name, move this out of the way first: $archive_home" + exit 1 +fi +if [ ! -d "$mail_source_dir" ]; then + echo "could not find mail spooler directory: $mail_source_dir" + exit 1 +fi + +if [ -e "$mail_target_file" ]; then + echo "there is already file system object where we planned to move the deleted user's mail spool, which is here: $subu_home/mail_spool" + exit 1 +fi + +sudo killall --signal 5 --wait --user "$subu_username" && true + +if [ -e "$mail_source_file" ]; then + sudo mv "$mail_source_file" "$mail_target_file" +fi +sudo chmod -R go-rwx "$subu_home" +sudo chown -R "$admin_username":"$admin_username" "$subu_home" +mv "$subu_home" "$archive_home" +sudo groupdel -f "$subu_username" +sudo userdel "$subu_username" + +# common to follow up with rm -r and get an error that gvfs can not be deleted +# (probably better to move it trash or tmp than rm -r, and let the system clean it up later) +# rather surprising as we did a kill all on its processes +gvfs="$archive_home/.cache/gvfs" +if [ -e "$gvfs" ]; then + sudo umount "$gvfs" +fi + +#set +x diff --git a/user/iseq_loadable/subu_initialize b/user/iseq_loadable/subu_initialize new file mode 100755 index 0000000..8e57407 --- /dev/null +++ b/user/iseq_loadable/subu_initialize @@ -0,0 +1,59 @@ +#!/bin/bash +# symbolic links made this complicated +#set -x + +subu=$1 +stem=$2 + +if [ ! -x "/usr/local/bin/user-stem" ]; then + echo "no /usr/local/bin/user-stem program found (it is in the system repo)" + exit 1 +fi + +if [ -z "$subu" ]; then + echo "no subuser name supplied" + exit 1 +fi + +# stem includes all characters up to the first '-' +if [ -z "$stem" ]; then + stem=$(/usr/local/bin/user-stem) +fi + +subu_username="$stem-$subu" +subu_home="/home/$stem/$subu" +subu_initial_files="/home/$stem/subu_initial_files" + +# install always derefs sym links ... actually it didn't work at all here +#shopt -s dotglob +#sudo install -o "$subu_username" -g "$subu_username" -t "$subu_home" "$subu_initial_files"/* + +# free a brief moment, files that appear in the initial subu will have their subu_initial +# ownership instead of being owned by the subu +#find "$subu_initial_files" -mindepth 1 -exedir copy({} +# -execdir cp -a {} "$subu_home" \; \ +# -execdir chown -h "$subu_username":"$subu_username" "$subu_home"/{} \; +# cp --remove-destination -RP "$1" "$2" + +function copy { + s0="$1" + filename="${s0:2}" + destination_directory="$2" + username="$3" + + source_directory=$(pwd) + source_path="$source_directory"/"$filename" + destination_path="$destination_directory"/"$filename" + echo "ln -fs" "$source_path" "$destination_path" + #ln -f did work when the existing object was a file rather than anotehr link so .. + sudo rm -f "$destination_path" + sudo ln -s "$source_path" "$destination_path" + sudo chown -h "$username":"$username" "$destination_path" +} +export -f copy + +find "$subu_initial_files" -mindepth 1 -execdir \ + bash -c 'copy "$1" "$2" "$3"' _ {} "$subu_home" "$subu_username" \; + + +#set +x diff --git a/user/library/bashrc b/user/library/bashrc new file mode 100644 index 0000000..eb62f44 --- /dev/null +++ b/user/library/bashrc @@ -0,0 +1,43 @@ +# note ssh will fail if .bashrc writes to stdout +# set -x +# in F37 something seems to be caching PATH, which is requiring logging in again or there will be redundant paths + +umask 0007 +export HOME=$(/usr/local/bin/home) + +# it is nearly impossible to get Linux to use ISO8601 +export TZ=UTC +export TIME_STYLE=long-iso +export LC_ALL=en_DK.UTF-8 + +export EDITOR=emacs +export PS_FORMAT=user:15,pid,%cpu,%mem,vsz,rss,tty,stat,start,time,command + +# without -i bash clear PS1, just because, so we set PPS1, etc. +# use $(pwd) instead of \w or it will prefix ~ which confuses dirtrack when the user is changed using su +export PPS1='\n$(/usr/local/bin/Z)[$PROJECT]\n\u@\h§$(pwd)§\n> ' +export PPS2='>> ' +export PS1="$PPS1" +export PS2="$PPS2" + +# No sound in subu shells without this +# as of F37, group audio and video work for speakers and camera, but this is still needed for the mic +# often fails with unknown code, yet is needed for the mic to work ... +pactl load-module module-native-protocol-tcp >& /dev/null + +# suppresses the no at bridge error .. no one seems to know why ... +# now built into the subu command +# export NO_AT_BRIDGE=1 + +for p in "$SUBU_HOME" "$RESOURCE_HOME" "$HOME";do + if [ -d "$p/user/cantari" ]; then + PATH="$p/user/cantari:$PATH" + fi +done + +alias emacs="emacs --title='$(/usr/local/bin/user-subu $(/usr/local/bin/user))'" +alias pstree='pstree -lp' +alias printenv='printenv | sort' +alias cd='HOME=$HOME/user cd' +alias ls='ls -a' +