Linux Login Scripts

This wiki page is the new home for the information here:- http://www.rainsbrook.co.uk/linux/loginscripts/index.html

You can contact me on “loginscripts atsymbol <website domain name>”.

Background

The original idea for this came some years ago when I was wanting to access a Novell NetWare5 server from Slackware Linux desktop. This was my initial full conversion to using Linux as a desktop and dumping windows. The two killer apps I needed were access to networked file systems for shared files and Lotus Notes for email. Without these, a conversion would have not been possible.

Lotus Notes v5 worked with Wine, subsequently IBM supported Notes natively on Linux based on the Eclipse framework, 10/10 for this IBM.

Novell access was supported, initially with IPX/SPX with the NCPFS package but the command line was a bit long and ugly, and if you needed several drives mapping, a fixed shell script was a bit ungainly. The ncpfs package did not support interpreting the Novell Login Scripts. Subsequently Novell produced a Linux Client, but it was only for supported SuSE systems. Novell Client link.

Hence, my idea of writing some generic scripts which could be fed a config file containing the filesystems to mount. This idea developed further and code was written to allow SMB/windows filesystems to be mounted. I don't like NFS for mounting user's filesystems from one *nix box to another, it assumes consistent UID and GID's between systems (which should be the case in an ideal world), and anyway NFS always seems like a server to server solution. It is not practical to have an export for each and every user on all file servers. I like sshfs which uses FUSE and overcomes my NFS dislikes, as a bonus the traffic in encrypted in transit, but there is probably a small overhead from encryption and the user space element.

Details

The configuration for the filesystems to mount are held in a text file called login.cfg. There is a separate block for each filesystem.

The main script (login.sh) is now reduced in size because several of the functions are now in external files which are sourced by login.sh. This is just to make development easier.

login.sh reads the login.cfg file and for each block runs different code for sshfs, cifs and ncp filesystems. An appropriate icon is placed on the Desktop for convenience.

sshfs

sshfs relies on the FUSE libraries, the package is fuse-sshfs-2.2-6 on Fedora14.

Useful sshfs option is -o ro for read only access to mount point. eg

sshfs -o idmap=user -o ro user@example.com:public_html/ /home/chow/Website/

cifs

Windows fileshare mounting used to work really well with mount.smbfs, but as part of the move to cifs, mount.cifs cannot be setuid and without lines in /etc/fstab, fails to work. The reason for this is claimed to be security. I want the login scripts to run as user space programs and not require root to edit fstab, so windows mounting is currently “broken”. Please let me know if you can see a solution.

FIXME - https://discussion.fedoraproject.org/t/suddenly-user-cifs-mounts-not-supported/78652/8#systemd-example-1

From Princeton Edu

for example, if your NetID is “zorro999” and your password is “zorrospassword”, and you use /etc/cifspw for the credentials filename, and your local user on your home computer is called “bigzorro”, your fstab should have the following line

 //files.princeton.edu/zorro999 /mnt/h-drive cifs uid=bigzorro,credentials=/etc/cifspw,domain=Princeton 0 0

of, if you want to mount it with SAMBA, it should look like

 //files.princeton.edu/zorro999 /mnt/h-drive smbfs uid=bigzorro,credentials=/etc/cifspw,workgroup=Princeton 0 0

and in /etc/cifspw should be

username=zorro999
password=zorrospassword

Using sudo.
Need to add lines to sudoers with visudo

# Allow network loginscript users to run mounts as root 
%networklogin  ALL = (root) NOPASSWD: NETWORKLOGIN

user ALL = (root) NOPASSWD: NETWORKLOGIN

## NetworkLogin users
Cmnd_Alias NETWORKLOGIN = /sbin/mount.cifs

#get uid and gid of user
#example
#uid=501(user) gid=501(user) groups=501(user),505(ww-noc),999(networklogin)
#UID is set as an env variable and cannot be reset, GID is not, so needs to be set.
GID=`id -g`
  
#Test if mount point exists
test_dir_exists ${HOME}/${LOGIN_LOCALPATH[${1}]}
test_mountpoint ${HOME}/${LOGIN_LOCALPATH[${1}]}

  ${DEBUG} "=>Running ${CIFSPATH}/${CIFS} //${LOGIN_SERVER[${1}]}/${LOGIN_SERVPATH[${1}]} ${HOME}/${LOGIN_LOCALPATH[${1}]} -o dom=${LOGIN_DOMAIN[${1}]},user=${LOGIN_USER[${1}]},uid=${UID},gid=${GID} &&"

sudo ${CIFSPATH}/${CIFS} //${LOGIN_SERVER[${1}]}/${LOGIN_SERVPATH[${1}]} ${HOME}/${LOGIN_LOCALPATH[${1}]} -o dom=${LOGIN_DOMAIN[${1}]},user=${LOGIN_USER[${1}]},uid=${UID},gid=${GID} &&

Also beware of trying to mount a subdirectory, eg. \\server/UK_Home/username when the shared directory is just \\server/UK_Home. This will give an error mount error(13): Permission denied.

ncp

Mounting Novell servers is done with the ncpfs package. Sadly with the demise of NetWare/OpenEnterprise server, this section has not received as much attention as the others.

Logout.sh

logout.sh is a bit sketchy at present, most of the work has gone on with login.sh.

Currently it reads the login.cfg file to determine which mounts to dismount. One problem is that if a filesystem is in use, the umount will fail. Not sure how best to handle this.

To Do

  • Work out the windows login server from dns drv (_) records
  • Use ldap to retrieve windows home directory.
  • Try to retrieve a windows logon script from the netlogon shared directory once we know the server where it is held and parse it to dynamically build the linux login version. This will break the login.cfg configuration, so some redesign is needed. Find out your Windows Login server
  • Write a logincfg.sh script to configure the config file.
  • Maybe push a public ssh key out to ssh based servers for passwordless logins.
  • Check out autoFS to see if this is worth implementing. Initial thoughts are that the auto.map requires root access to edit, so this is not possible for a pure user space application. See:- https://help.ubuntu.com/community/Autofs#CIFS for CIFS and SSHFS access.
  • Use systemd to do the mount / umount. Probably a more modern way which was not an option when I started this.

GUI utilities for logins

Zenity

Zenity is a quick way to create a gui from a shell script. There are a few attempts in the mail login.sh script to detect whether we are running in a gui environment or a shell only session. If a GUI (KDE/GNOME etc) is present, it would be nice to present the user with GUI-ified dialogues rather than just lines of text.

There are some sample scripts in the download section for this.

gtkdialog

xdialog and dialog

Download Files

Files for download are available from here.

Problems and workarounds

fuse: failed to exec fusermount: Permission denied

Your user name is probably not a member of the fuse group, run this as root and log out and log back in:-

# usermod -G fuse <username>

You can check this with:-

[user@cube loginscripts]$ getent group | grep fuse
fuse:x:103:user
[user@cube

Using getent for user passwd and groups is better than grep-ing the passwd and group files, getent will take account of any LDAP authentication in use.

Finding out the OS version:-

Apple Mac

iMac:playground auser$ echo $OSTYPE
darwin10.0

Ubuntu

12.04

root@usertest:/etc# echo $OSTYPE
linux-gnu
root@usertest:/etc# uname -a
Linux usertest 3.8.0-29-generic #42~precise1-Ubuntu 
root@usertest:/etc# cat /etc/debian_version 
wheezy/sid

root@usertest:~# cat /etc/os-release 
NAME="Ubuntu"
VERSION="12.04.3 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.3 LTS)"
VERSION_ID="12.04"
root@usertest:~#

14.04

admin@sys01:~/$ echo $OSTYPE
linux-gnu
admin@sys01:~/$ 
admin@sys01:~/$ uname -a
Linux sys01 3.13.0-62-generic #102-Ubuntu SMP Tue Aug 11 14:29:36 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
admin@sys01:~/$
admin@sys01:~/$ cat /etc/debian_version
jessie/sid
admin@sys01:~/$

fmadmin@mon01:~/hlsingestcheck$ cat /etc/os-release
NAME="Ubuntu"
VERSION="14.04.5 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.5 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
admin@sys01:~/$ 

16.04

root@monit:/# echo $OSTYPE
linux-gnu
root@monit:/# uname -a
Linux monit 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
root@monit:/# 
root@monit:/# cat /etc/debian_version
stretch/sid
root@monit:/# cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
root@monit:/#

Fedora

[user@eb8470w ~]$ echo $OSTYPE
linux-gnu
[user@eb8470w ~]$ uname -a
Linux eb8470w.domain.int 3.14.27-100.fc19.x86_64 #1 SMP Wed Dec 17 19:36:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[user@eb8470w ~]$ cat /etc/fedora-release                                                                                                           
Fedora release 19 (Schrödinger’s Cat)                                                                                                                    
[user@eb8470w ~]$ 
[user@eb8470w ~]$ cat /etc/os-release
NAME=Fedora
VERSION="19 (Schrödinger’s Cat)"
ID=fedora
VERSION_ID=19
PRETTY_NAME="Fedora 19 (Schrödinger’s Cat)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:19"
HOME_URL="https://fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=19
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=19
[user@eb8470w ~]$
 
linux/linuxloginscripts.txt · Last modified: 10/11/2023 17:29 by andrew