Add a qubes group and then add the user 'user' to the group

This is to allow permissions to be set on some devices where the user needs less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes a few xen devices to allow the users in the qubes group access
2015-02-07 06:07:35 -05:00 · 2015-02-07 06:07:35 -05:00 · ccff1f3149
commit ccff1f3149
parent 328430d3bf
3 changed files with 28 additions and 13 deletions
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@ -209,9 +209,13 @@ pre_install() {
  # Add qubes core related fstab entries
  echo "xen	/proc/xen	xenfs	defaults	0 0" >> /etc/fstab
  # Add a qubes group
  groupadd --force --system --gid 98 qubes
  # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
  # See https://bugs.archlinux.org/task/31831
  useradd --shell /bin/zsh --create-home user
  usermod --groups qubes user
 }
 ## arg 1:  the new package version
--- a/debian/qubes-core-agent.preinst
+++ b/debian/qubes-core-agent.preinst
@ -34,6 +34,24 @@ set -e
 # the debian-policy package
 if [ "$1" = "install" ] ; then
    # --------------------------------------------------------------------------
    # Required groups
    # --------------------------------------------------------------------------
    groupadd --force --system --gid 98 qubes
    groupadd --force --system sudo
    # --------------------------------------------------------------------------
    # User add / modifications
    # --------------------------------------------------------------------------
    id -u 'user' >/dev/null 2>&1 || {
        useradd --user-group --create-home --shell /bin/bash user
    }
    id -u 'tinyproxy' >/dev/null 2>&1 || {
        useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
    }
    usermod -p '' root
    usermod -L --groups qubes,sudo user
    # --------------------------------------------------------------------------
    # Create required directories
    # --------------------------------------------------------------------------
@ -45,18 +63,6 @@ if [ "$1" = "install" ] ; then
    # Remove `mesg` from root/.profile?
    # --------------------------------------------------------------------------
    sed -i -e '/^mesg n/d' /root/.profile
    # --------------------------------------------------------------------------
    # User add / modifications
    # --------------------------------------------------------------------------
    id -u 'user' >/dev/null 2>&1 || {
        useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
    }
    id -u 'tinyproxy' >/dev/null 2>&1 || {
        useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy
    }
    usermod -p '' root
    usermod -L user
 fi
 if [ "$1" = "upgrade" ] ; then
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do
 done
 %pre
 # Make sure there is a qubes group
 groupadd --force --system --gid 98 qubes
 id -u 'user' >/dev/null 2>&1 || {
  useradd --user-group --create-home --shell /bin/bash user
 }
 usermod --groups qubes user
 if [ "$1" !=  1 ] ; then
 # do this whole %pre thing only when updating for the first time...
@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then
 mv /etc/fstab /var/lib/qubes/fstab.orig
 fi
 adduser --create-home user
 usermod -p '' root
 usermod -L user