forked from obel1x/fedora-OEMDRV
Moved local dir to /opt/sys_config
Improved error logging and added function handling calls with log and return values Improved check for matching sudo rule
This commit is contained in:
Daniel Pätzold
@@ -14,7 +14,7 @@ elog_add "Logging to File ${LOGFILE}"
|
||||
|
||||
if [ "$EUID" -eq 0 ]; then
|
||||
elog_add "Error: Cannot run this script as root."
|
||||
exit 1
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
|
||||
#TODO C: Check if Desktop is KDE/Plasma and support other Displays
|
||||
@@ -22,51 +22,62 @@ fi
|
||||
kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo
|
||||
if [ $? -ne 0 ]; then
|
||||
elog_add "This script should be run in KDE- Desktop. The setup of kwriteconfig5 has failed. Please check, if you are using KDE."
|
||||
exit 1
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
|
||||
#Copy current Version of Autostart-Entry
|
||||
rm -f "${HOME}/.config/autostart/logon_script.sh.desktop"
|
||||
cp "${SCRIPTPATH}/logon_script.sh.desktop" "${HOME}/.config/autostart"
|
||||
if [ $? -ne 0 ]; then
|
||||
elog_add "Failed to setup autostart- entry. Check your installation of these scripts."
|
||||
exit 1
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
|
||||
# Mount the private Directory
|
||||
if [ ${IPAVAULTUSE} == "true" ]; then
|
||||
./mount_ecrypt_home.sh
|
||||
else
|
||||
./mount_nocrypt_home.sh
|
||||
fi
|
||||
elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"
|
||||
if [ $? -ne 0 ]; then
|
||||
elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
|
||||
elog_add "The script was searched by SYSCONFIGPATH in directory ${SYSCONFIGPATH}, please check if your setup is correct."
|
||||
elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}"
|
||||
echo "Press any key to continue"
|
||||
read -n 1 -s -r
|
||||
exit 1
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
|
||||
#Get WEBDAV TOKEN from Nextcloud
|
||||
get_nc_token
|
||||
if [ $? -ne 0 ]; then
|
||||
elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}"
|
||||
|
||||
#Install Software
|
||||
elog_add "==="
|
||||
elog_add "Update and install client Software"
|
||||
# Without sudoers-rule for run without asking for password, it won't run and quit complaining about not askpass utilities found
|
||||
# Hint: To get this working, create a new ipa rule with options "!authenticate" and "setenv"
|
||||
# And also add the following sudo-rule: "^\/sys_config\/system_setup\/sync_client_software\.sh.*$"
|
||||
/usr/bin/sudo -A --preserve-env /sys_config/system_setup/sync_client_software.sh install 2>&1 | tee ${LOGFILE} -a | grep -v askpass
|
||||
INST_RET=$?
|
||||
INST_OUT=$( cat ${LOGFILE} )
|
||||
if [[ $INST_RET -ne 0 ]]; then
|
||||
if [[ $INST_OUT == *"askpass"* ]]; then
|
||||
elog_add "Not doing Software Updates, as your user is not allowed to execute the script without a password."
|
||||
elog_add "If you want to change this, make a FreeIPA sudoers rule for the script sync_client_software.sh with !authenticate for you and become a member."
|
||||
else
|
||||
elog_add "*** Error executing software sync and install, please check your output! ***"
|
||||
# TODO: This is not working due to the above Command. Redesign command to make it work
|
||||
exit 1
|
||||
elog_add ""
|
||||
elog_add "Update and install client software"
|
||||
|
||||
# First, check the sudo rule
|
||||
elog_add "Check the matching client rule:"
|
||||
#Somewhat strange sudo -l will ask for password instead of just checking if the rule can be found, so it needs -n to be silent
|
||||
# The behaviour will be:
|
||||
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
|
||||
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
|
||||
# error "a password is needed" an retno is 1
|
||||
# If there is no sudo rule at all, it will only set retno to 1
|
||||
elog_add_command "/usr/bin/sudo -n -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
|
||||
if [[ $RETNO -ne 0 ]]; then
|
||||
elog_add "Error was no $RETNO"
|
||||
elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this."
|
||||
elog_add "If you want to change: Please check the sudo rules in ipa and your group membership."
|
||||
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
|
||||
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
|
||||
else
|
||||
elog_add "Matching Sudo rule found."
|
||||
elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install"
|
||||
#ERRTXT=$( { /usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install > >(tee -a ${LOGFILE}); } 2>&1 )
|
||||
#ERR=$?
|
||||
if [[ $RETNO -ne 0 ]]; then
|
||||
elog_add "Errorcode was $RETNO"
|
||||
elog_add "Error executing software sync and install, please check your output!"
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user