Move all default user group modifications to the 10-setup_user.sh script
This commit is contained in:
Josh.5
@@ -1,30 +1,56 @@
|
||||
#!/usr/bin/env bash
|
||||
###
|
||||
# File: 10-setup_user.sh
|
||||
# Project: cont-init.d
|
||||
# File Created: Friday, 12th January 2022 8:54:01 am
|
||||
# Author: Josh.5 (jsunnex@gmail.com)
|
||||
# -----
|
||||
# Last Modified: Tuesday, 4th October 2022 11:27:10 am
|
||||
# Modified By: Josh.5 (jsunnex@gmail.com)
|
||||
###
|
||||
|
||||
PUID=${PUID:-99}
|
||||
PGID=${PGID:-100}
|
||||
UMASK=${UMASK:-000}
|
||||
USER_PASSWORD=${USER_PASSWORD:-password}
|
||||
|
||||
echo "**** Configure default user ****"
|
||||
echo "**** Configure default user ****"
|
||||
|
||||
echo "Setting run user uid=${PUID}(${USER}) gid=${PGID}(${USER})"
|
||||
echo "Setting default user uid=${PUID}(${USER}) gid=${PGID}(${USER})"
|
||||
usermod -o -u "${PUID}" ${USER}
|
||||
groupmod -o -g "${PGID}" ${USER}
|
||||
|
||||
|
||||
echo "Adding run user to video, audio, input and pulse groups"
|
||||
echo "Adding default user to video, audio, input and pulse groups"
|
||||
usermod -a -G video,audio,input,pulse ${USER}
|
||||
|
||||
|
||||
echo "Adding run user to render group (for HW accelerated encoding)"
|
||||
render_guid=$(stat -c "%g" /dev/dri/render* | tail -n 1)
|
||||
if [[ ! -z ${render_guid} ]]; then
|
||||
render_group=$(getent group "${render_guid}" | cut -d: -f1)
|
||||
if [[ -z ${render_group} ]]; then
|
||||
groupadd -g "${render_guid}" "videorender"
|
||||
render_group="videorender"
|
||||
echo "Adding default user to any additional required device groups"
|
||||
device_nodes=( /dev/input/event* /dev/dri/render* )
|
||||
added_groups=""
|
||||
for dev in "${device_nodes[@]}"; do
|
||||
# Only process $dev if it's a character device
|
||||
if [[ ! -c "${dev}" ]]; then
|
||||
continue
|
||||
fi
|
||||
usermod -a -G ${render_group} ${USER}
|
||||
fi
|
||||
|
||||
# Get group name and ID
|
||||
dev_group=$(stat -c "%G" "${dev}")
|
||||
dev_gid=$(stat -c "%g" "${dev}")
|
||||
|
||||
# Create a name for the group ID if it does not yet already exist
|
||||
if [[ "${dev_group}" = "UNKNOWN" ]]; then
|
||||
dev_group="user-gid-${dev_gid}"
|
||||
groupadd -g $dev_gid "${dev_group}"
|
||||
fi
|
||||
|
||||
# Add group to user
|
||||
if [[ "${added_groups}" != *"${dev_group}"* ]]; then
|
||||
echo "Adding user '${USER}' to group: '${dev_group}'"
|
||||
usermod -a -G ${dev_group} ${USER}
|
||||
added_groups=" ${added_groups} ${dev_group} "
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo "Setting umask to ${UMASK}";
|
||||
@@ -45,6 +71,7 @@ echo "Adding default home directory template"
|
||||
mkdir -p ${USER_HOME}
|
||||
chown -R ${PUID}:${PGID} /etc/home_directory_template
|
||||
rsync -aq --ignore-existing /etc/home_directory_template/ ${USER_HOME}/
|
||||
# TODO: Move this to its own init script. It does not really belong here
|
||||
chmod +x /usr/bin/start-desktop.sh
|
||||
|
||||
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
# File Created: Friday, 12th January 2022 8:54:01 am
|
||||
# Author: Josh.5 (jsunnex@gmail.com)
|
||||
# -----
|
||||
# Last Modified: Saturday, 22nd January 2022 8:20:34 pm
|
||||
# Modified By: Console and webGui login account (jsunnex@gmail.com)
|
||||
# Last Modified: Tuesday, 4th October 2022 11:20:48 am
|
||||
# Modified By: Josh.5 (jsunnex@gmail.com)
|
||||
###
|
||||
|
||||
# Running udev only works in privileged container
|
||||
@@ -38,6 +38,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
echo "**** Ensure the default user has the correct permissions on input devices ****";
|
||||
chmod +x /usr/bin/ensure-groups
|
||||
/usr/bin/ensure-groups /dev/uinput /dev/input/event*
|
||||
if [[ -e /dev/uinput ]]; then
|
||||
echo "**** Ensure the default user has permission to r/w on input devices ****";
|
||||
chmod 0666 /dev/uinput
|
||||
fi
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Source: https://github.com/games-on-whales/gow/
|
||||
|
||||
set -e
|
||||
|
||||
function join_by { local IFS="$1"; shift; echo "$*"; }
|
||||
|
||||
declare -A group_map
|
||||
|
||||
for dev in "$@"; do
|
||||
# Only process $dev if it's a character device
|
||||
if [ ! -c "$dev" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
dev_group=$(stat -c "%G" "$dev")
|
||||
dev_gid=$(stat -c "%g" "$dev")
|
||||
|
||||
if [ "$dev_group" = "UNKNOWN" ]; then
|
||||
new_name="user-gid-$dev_gid"
|
||||
# We only have a GID for this group; create a named group for it
|
||||
# this isn't 100% necessary but it prevents some useless noise in the console
|
||||
groupadd -g $dev_gid "$new_name"
|
||||
group_map[$new_name]=1
|
||||
else
|
||||
# the group already exists; just add it to the list
|
||||
group_map[$dev_group]=1
|
||||
fi
|
||||
done
|
||||
|
||||
# uinput is usually set to be read/write only by user root, we want to allow the group too
|
||||
if [ -e /dev/uinput ]; then
|
||||
echo "Allow /dev/uinput r/w to the group"
|
||||
chmod 0660 /dev/uinput
|
||||
fi
|
||||
|
||||
groups=$(join_by "," "${!group_map[@]}")
|
||||
if [ "$groups" != "" ]; then
|
||||
echo "Adding user '${USER}' to groups: $groups"
|
||||
|
||||
usermod -a -G $groups ${USER}
|
||||
else
|
||||
echo "Not modifying user groups ($groups)"
|
||||
fi
|
||||
Reference in New Issue
Block a user