Move VM mount functionality to PAM for better umount handling.
This commit is contained in:
Andreas B. Mundt
parent
f854b3659c
commit
793b37853e
4 changed files with 32 additions and 61 deletions
|
|
@ -14,19 +14,12 @@
|
|||
dest: /etc/security/pam_mount.conf.xml
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
|
||||
block: |
|
||||
<!-- mounts for home, share and nextcloud -->
|
||||
<volume
|
||||
fstype="cifs"
|
||||
server="{{ smb_server }}"
|
||||
path="{{ smb_share }}"
|
||||
mountpoint="/srv/samba/schools/default-school"
|
||||
options="sec=krb5i,cruid=%(USERUID),user=%(USER),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
|
||||
</volume>
|
||||
<volume
|
||||
fstype="cifs"
|
||||
server="{{ smb_server }}"
|
||||
path="{{ smb_share }}share"
|
||||
mountpoint="/lmn/media/%(USER)/share"
|
||||
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
|
||||
</volume>
|
||||
|
|
@ -37,6 +30,20 @@
|
|||
options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
|
||||
</volume>
|
||||
|
||||
<!-- bind mounts for the VMs, setting gid here does not work -->
|
||||
<volume
|
||||
path="~"
|
||||
mountpoint="/lmn/media/%(USER)/home"
|
||||
options="bind"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
|
||||
</volume>
|
||||
<volume
|
||||
path="/srv/samba/schools/default-school/share"
|
||||
mountpoint="/lmn/media/%(USER)/share"
|
||||
options="bind"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
|
||||
</volume>
|
||||
insertafter: "<!-- Volume definitions -->"
|
||||
|
||||
|
||||
|
|
@ -78,21 +85,6 @@
|
|||
line: KillUserProcesses=yes
|
||||
insertafter: '#KillUserProcesses=no'
|
||||
|
||||
- name: Umount all user-mounts on logout
|
||||
blockinfile:
|
||||
dest: /usr/share/sddm/scripts/Xstop
|
||||
block: |
|
||||
for i in $(mount | /usr/bin/grep "/lmn/media/" | /usr/bin/cut -f 3 -d ' '); do
|
||||
umount $i
|
||||
done
|
||||
umount /srv/samba/schools/default-school
|
||||
|
||||
- name: Deploy script to generate links in /lmn/media/$USER/
|
||||
copy:
|
||||
src: lmn-mounthome.sh
|
||||
dest: /etc/profile.d/
|
||||
mode: '0644'
|
||||
|
||||
- name: Bind mount lmn/media with nosuid directory
|
||||
ansible.posix.mount:
|
||||
src: /lmn/media
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue