Add a qubes group and then add the user 'user' to the group

This is to allow permissions to be set on some devices where the user needs
less restrictive permissions.  /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
This commit is contained in:
Jason Mehring 2015-02-07 06:07:35 -05:00
parent bb850ab95d
commit fc42561586
3 changed files with 28 additions and 13 deletions

View File

@ -209,9 +209,13 @@ pre_install() {
# Add qubes core related fstab entries # Add qubes core related fstab entries
echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab
# Add a qubes group
groupadd --force --system --gid 98 qubes
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this. # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
# See https://bugs.archlinux.org/task/31831 # See https://bugs.archlinux.org/task/31831
useradd --shell /bin/zsh --create-home user useradd --shell /bin/zsh --create-home user
usermod --groups qubes user
} }
## arg 1: the new package version ## arg 1: the new package version

View File

@ -34,6 +34,24 @@ set -e
# the debian-policy package # the debian-policy package
if [ "$1" = "install" ] ; then if [ "$1" = "install" ] ; then
# --------------------------------------------------------------------------
# Required groups
# --------------------------------------------------------------------------
groupadd --force --system --gid 98 qubes
groupadd --force --system sudo
# --------------------------------------------------------------------------
# User add / modifications
# --------------------------------------------------------------------------
id -u 'user' >/dev/null 2>&1 || {
useradd --user-group --create-home --shell /bin/bash user
}
id -u 'tinyproxy' >/dev/null 2>&1 || {
useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
}
usermod -p '' root
usermod -L --groups qubes,sudo user
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Create required directories # Create required directories
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
@ -45,18 +63,6 @@ if [ "$1" = "install" ] ; then
# Remove `mesg` from root/.profile? # Remove `mesg` from root/.profile?
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' /root/.profile sed -i -e '/^mesg n/d' /root/.profile
# --------------------------------------------------------------------------
# User add / modifications
# --------------------------------------------------------------------------
id -u 'user' >/dev/null 2>&1 || {
useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
}
id -u 'tinyproxy' >/dev/null 2>&1 || {
useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy
}
usermod -p '' root
usermod -L user
fi fi
if [ "$1" = "upgrade" ] ; then if [ "$1" = "upgrade" ] ; then

View File

@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do
done done
%pre %pre
# Make sure there is a qubes group
groupadd --force --system --gid 98 qubes
id -u 'user' >/dev/null 2>&1 || {
useradd --user-group --create-home --shell /bin/bash user
}
usermod --groups qubes user
if [ "$1" != 1 ] ; then if [ "$1" != 1 ] ; then
# do this whole %pre thing only when updating for the first time... # do this whole %pre thing only when updating for the first time...
@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then
mv /etc/fstab /var/lib/qubes/fstab.orig mv /etc/fstab /var/lib/qubes/fstab.orig
fi fi
adduser --create-home user
usermod -p '' root usermod -p '' root
usermod -L user usermod -L user