Table of Contents
Linux Login Scripts
This wiki page is the new home for the information here:- http://www.rainsbrook.co.uk/linux/loginscripts/index.html
You can contact me on “loginscripts atsymbol <website domain name>”.
Background
The original idea for this came some years ago when I was wanting to access a Novell NetWare5 server from Slackware Linux desktop. This was my initial full conversion to using Linux as a desktop and dumping windows. The two killer apps I needed were access to networked file systems for shared files and Lotus Notes for email. Without these, a conversion would have not been possible.
Lotus Notes v5 worked with Wine, subsequently IBM supported Notes natively on Linux based on the Eclipse framework, 10/10 for this IBM.
Novell access was supported, initially with IPX/SPX with the NCPFS package but the command line was a bit long and ugly, and if you needed several drives mapping, a fixed shell script was a bit ungainly. The ncpfs package did not support interpreting the Novell Login Scripts. Subsequently Novell produced a Linux Client, but it was only for supported SuSE systems. Novell Client link.
Hence, my idea of writing some generic scripts which could be fed a config file containing the filesystems to mount. This idea developed further and code was written to allow SMB/windows filesystems to be mounted. I don't like NFS for mounting user's filesystems from one *nix box to another, it assumes consistent UID and GID's between systems (which should be the case in an ideal world), and anyway NFS always seems like a server to server solution. It is not practical to have an export for each and every user on all file servers. I like sshfs which uses FUSE and overcomes my NFS dislikes, as a bonus the traffic in encrypted in transit, but there is probably a small overhead from encryption and the user space element.
Details
The configuration for the filesystems to mount are held in a text file called login.cfg. There is a separate block for each filesystem.
The main script (login.sh) is now reduced in size because several of the functions are now in external files which are sourced by login.sh. This is just to make development easier.
login.sh reads the login.cfg file and for each block runs different code for sshfs, cifs and ncp filesystems. An appropriate icon is placed on the Desktop for convenience.
sshfs
sshfs relies on the FUSE libraries, the package is fuse-sshfs-2.2-6 on Fedora14.
Useful sshfs option is -o ro for read only access to mount point. eg
sshfs -o idmap=user -o ro user@example.com:public_html/ /home/chow/Website/
cifs
Windows fileshare mounting used to work really well with mount.smbfs, but as part of the move to cifs, mount.cifs cannot be setuid and without lines in /etc/fstab, fails to work. The reason for this is claimed to be security. I want the login scripts to run as user space programs and not require root to edit fstab, so windows mounting is currently “broken”. Please let me know if you can see a solution.
From Princeton Edu
for example, if your NetID is “zorro999” and your password is “zorrospassword”, and you use /etc/cifspw for the credentials filename, and your local user on your home computer is called “bigzorro”, your fstab should have the following line
//files.princeton.edu/zorro999 /mnt/h-drive cifs uid=bigzorro,credentials=/etc/cifspw,domain=Princeton 0 0
of, if you want to mount it with SAMBA, it should look like
//files.princeton.edu/zorro999 /mnt/h-drive smbfs uid=bigzorro,credentials=/etc/cifspw,workgroup=Princeton 0 0
and in /etc/cifspw should be
username=zorro999 password=zorrospassword
Using sudo.
Need to add lines to sudoers with visudo
# Allow network loginscript users to run mounts as root %networklogin ALL = (root) NOPASSWD: NETWORKLOGIN user ALL = (root) NOPASSWD: NETWORKLOGIN ## NetworkLogin users Cmnd_Alias NETWORKLOGIN = /sbin/mount.cifs #get uid and gid of user #example #uid=501(user) gid=501(user) groups=501(user),505(ww-noc),999(networklogin) #UID is set as an env variable and cannot be reset, GID is not, so needs to be set. GID=`id -g` #Test if mount point exists test_dir_exists ${HOME}/${LOGIN_LOCALPATH[${1}]} test_mountpoint ${HOME}/${LOGIN_LOCALPATH[${1}]} ${DEBUG} "=>Running ${CIFSPATH}/${CIFS} //${LOGIN_SERVER[${1}]}/${LOGIN_SERVPATH[${1}]} ${HOME}/${LOGIN_LOCALPATH[${1}]} -o dom=${LOGIN_DOMAIN[${1}]},user=${LOGIN_USER[${1}]},uid=${UID},gid=${GID} &&" sudo ${CIFSPATH}/${CIFS} //${LOGIN_SERVER[${1}]}/${LOGIN_SERVPATH[${1}]} ${HOME}/${LOGIN_LOCALPATH[${1}]} -o dom=${LOGIN_DOMAIN[${1}]},user=${LOGIN_USER[${1}]},uid=${UID},gid=${GID} &&
Also beware of trying to mount a subdirectory, eg. \\server/UK_Home/username when the shared directory is just \\server/UK_Home. This will give an error mount error(13): Permission denied
.
ncp
Mounting Novell servers is done with the ncpfs package. Sadly with the demise of NetWare/OpenEnterprise server, this section has not received as much attention as the others.
Logout.sh
logout.sh is a bit sketchy at present, most of the work has gone on with login.sh.
Currently it reads the login.cfg file to determine which mounts to dismount. One problem is that if a filesystem is in use, the umount will fail. Not sure how best to handle this.
To Do
- Work out the windows login server from dns drv (_) records
- Use ldap to retrieve windows home directory.
- Write a logincfg.sh script to configure the config file.
- Maybe push a public ssh key out to ssh based servers for passwordless logins.
- Check out autoFS to see if this is worth implementing. Initial thoughts are that the auto.map requires root access to edit, so this is not possible for a pure user space application. See:- https://help.ubuntu.com/community/Autofs#CIFS for CIFS and SSHFS access.
- Use systemd to do the mount / umount. Probably a more modern way which was not an option when I started this.
GUI utilities for logins
Zenity
Zenity is a quick way to create a gui from a shell script. There are a few attempts in the mail login.sh script to detect whether we are running in a gui environment or a shell only session. If a GUI (KDE/GNOME etc) is present, it would be nice to present the user with GUI-ified dialogues rather than just lines of text.
There are some sample scripts in the download section for this.
gtkdialog
xdialog and dialog
https://linuxgazette.net/101/sunil.html
https://unix.stackexchange.com/questions/272705/xdialog-capture-user-and-password-for-a-shellscript
https://askubuntu.com/questions/491509/how-to-get-dialog-box-input-directed-to-a-variable
Download Files
Files for download are available from here.
Problems and workarounds
fuse: failed to exec fusermount: Permission denied
Your user name is probably not a member of the fuse
group, run this as root and log out and log back in:-
# usermod -G fuse <username>
You can check this with:-
[user@cube loginscripts]$ getent group | grep fuse fuse:x:103:user [user@cube
Using getent for user passwd and groups is better than grep-ing the passwd and group files, getent will take account of any LDAP authentication in use.
Finding out the OS version:-
Apple Mac
iMac:playground auser$ echo $OSTYPE darwin10.0
Ubuntu
12.04
root@usertest:/etc# echo $OSTYPE linux-gnu root@usertest:/etc# uname -a Linux usertest 3.8.0-29-generic #42~precise1-Ubuntu root@usertest:/etc# cat /etc/debian_version wheezy/sid root@usertest:~# cat /etc/os-release NAME="Ubuntu" VERSION="12.04.3 LTS, Precise Pangolin" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu precise (12.04.3 LTS)" VERSION_ID="12.04" root@usertest:~#
14.04
admin@sys01:~/$ echo $OSTYPE linux-gnu admin@sys01:~/$ admin@sys01:~/$ uname -a Linux sys01 3.13.0-62-generic #102-Ubuntu SMP Tue Aug 11 14:29:36 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux admin@sys01:~/$ admin@sys01:~/$ cat /etc/debian_version jessie/sid admin@sys01:~/$ fmadmin@mon01:~/hlsingestcheck$ cat /etc/os-release NAME="Ubuntu" VERSION="14.04.5 LTS, Trusty Tahr" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 14.04.5 LTS" VERSION_ID="14.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" admin@sys01:~/$
16.04
root@monit:/# echo $OSTYPE linux-gnu root@monit:/# uname -a Linux monit 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux root@monit:/# root@monit:/# cat /etc/debian_version stretch/sid root@monit:/# cat /etc/os-release NAME="Ubuntu" VERSION="16.04.2 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.2 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial root@monit:/#
Fedora
[user@eb8470w ~]$ echo $OSTYPE linux-gnu [user@eb8470w ~]$ uname -a Linux eb8470w.domain.int 3.14.27-100.fc19.x86_64 #1 SMP Wed Dec 17 19:36:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [user@eb8470w ~]$ cat /etc/fedora-release Fedora release 19 (Schrödinger’s Cat) [user@eb8470w ~]$ [user@eb8470w ~]$ cat /etc/os-release NAME=Fedora VERSION="19 (Schrödinger’s Cat)" ID=fedora VERSION_ID=19 PRETTY_NAME="Fedora 19 (Schrödinger’s Cat)" ANSI_COLOR="0;34" CPE_NAME="cpe:/o:fedoraproject:fedora:19" HOME_URL="https://fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=19 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=19 [user@eb8470w ~]$