From 24222a38e29a6beb9423c53fed6c5ee51ba5aa01 Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Sun, 6 Jan 2013 03:53:13 -0500 Subject: [PATCH] Update create-user for new nodes Extract keytabs, change names of a few functions to indicate their intended functionality, clean up $PATHBITS permissions after creating so that they aren't owned by whoever ran the script. --- create-user | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/create-user b/create-user index 3ffa5f9..f71edfa 100755 --- a/create-user +++ b/create-user @@ -40,24 +40,27 @@ fi # Run a command on both mire and deleuze; assumes that no escaping is # needed. -function mire_and_deleuze() { - execute_on_deleuze $* - execute_on_mire $* + + +function execute_on_web_nodes() { + ssh -K deleuze $* + ssh -K mire $* + ssh -K navajos $* } -function execute_on_deleuze () { +# change to execute_on_domtool_server +function execute_on_domtool_server () { ssh -K deleuze.hcoop.net $* } -function execute_on_mire () { - ssh -K mire.hcoop.net $* -} function execute_on_all_machines () { $* ssh -K mire.hcoop.net $* ssh -K hopper.hcoop.net $* ssh -K deleuze.hcoop.net $* + ssh -K navajos.hcoop.net $* + ssh -K bog.hcoop.net $* } # @@ -124,6 +127,9 @@ sudo chmod 440 /etc/keytabs/user.daemon/$USER (cd /etc/keytabs sudo tar clpf - user.daemon/$USER | \ ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) +(cd /etc/keytabs + sudo tar clpf - user.daemon/$USER | \ + ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) # # Create/mount/set-perms on user's volumes (home, mail, databases, logs) @@ -142,6 +148,9 @@ fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$USER chown $USER:nogroup $HOMEPATH fs sa $HOMEPATH $USER all fs sa $HOMEPATH system:anyuser l +# cleanliness / needed to keep suphp happy +chown root:root $HOMEPATH/../../ +chown root:root $HOMEPATH/../ # Apache logs mkdir -p $HOMEPATH/.logs @@ -175,7 +184,7 @@ mkdir -p $HOMEPATH/.public/.domtool chown $USER:nogroup $HOMEPATH/.public/.domtool test -e $HOMEPATH/.domtool || \ test -L $HOMEPATH/.domtool || \ - execute_on_deleuze sudo -u $USER ln -s $HOMEPATH/.public/.domtool $HOMEPATH/.domtool + execute_on_domtool_server sudo -u $USER ln -s $HOMEPATH/.public/.domtool $HOMEPATH/.domtool # ^^ work around sudo env_reset crap without having to # actually figure out how to make it work cleanly -- clinton, # 2011-11-30 @@ -253,18 +262,18 @@ execute_on_all_machines fs checkvolumes # Make per-user apache DAV lock directory -- the directory must be # both user and group-writable, which is silly. -mire_and_deleuze sudo mkdir -p /var/lock/apache2/dav/$USER -mire_and_deleuze sudo chown $USER:www-data /var/lock/apache2/dav/$USER -mire_and_deleuze sudo chmod ug=rwx,o= /var/lock/apache2/dav/$USER +execute_on_web_nodes sudo mkdir -p /var/lock/apache2/dav/$USER +execute_on_web_nodes sudo chown $USER:www-data /var/lock/apache2/dav/$USER +execute_on_web_nodes sudo chmod ug=rwx,o= /var/lock/apache2/dav/$USER # # Domtool integration # -execute_on_deleuze domtool-adduser $USER +execute_on_domtool_server domtool-adduser $USER # # Subscribe user to our mailing lists. # -echo $USER@hcoop.net | execute_on_deleuze sudo -u list \ +echo $USER@hcoop.net | ssh -K deleuze sudo -u list \ /var/lib/mailman/bin/add_members -r - hcoop-announce -- 2.20.1