You are not logged in.

#1 2019-04-26 17:18:53

r00t
Member
From: Canada
Registered: 2019-04-18
Posts: 43

little blerb about someting i'm working on [and questions]

So i am working on a guest account type system actually for public computers.. runs fully from ram ..... home is also volly, only usb storage is allowed..

currently it is a custom boot option... similar to your live cd boot install i would think... except i have not squash fs.

now ....  the home folder for the user which is currently adhoc...  is tmpfs. 50MB
the system is loading  ramfs / [so no swap out ] the /sda in not mounted at all .... /usr/  is  ro..


... the system is intended to be a shield on public computers with the intent of allowing users do do whatever set prefs, and the like but without effecting the actulle system ... now i have tested it vs a few rather mean virues and it works, well that part works

Anyway right now i am stuck ... because what i want to do is require a usb for the adhoc user to log in at all..

it makes /home/ on the stick during log in ... to "save"  user prefs to, or incase it has been already loaded by the system, load the user prefs ... now i also want to to work ... on another system with the same setup [ this should be easy ].. the username would be same across the board.


what i would like to know .... what would be the best [ in this case best is not easy but secure ]----

i was thinking pam to do this ?? anyone have a faq i can look at that may help to light things up a bit   

_______ Something i noticed regarding paths
--- ... WHY do you have sbin ... in path .. i have mitigated the issue on my install ...

but perhaps that should be corrected ??  or why is it that way ??


The distance between insanity, or genus is measured only by success .

Offline

#2 2019-04-26 18:24:25

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,409

Re: little blerb about someting i'm working on [and questions]

Make /home part of rootfs and equip /home/adhoc with an .xsession file or similar that runs immediately after the user authenticates successfully (or via the display manager, PAM, whatever you're using).

.xsession takes care of failing when no USB is mounted on /home/adhoc. The USB would be mounted there as an overlay (https://wiki.archlinux.org/index.php/Overlay_filesystem) immediately after plugging in using udev (important: Force mount on /home/adhoc or similar). After that, session startup continues and user settings are loaded and can be written.

FYI, systemd has a lot of features that are meant to support implementing stateless systems. You now have a custom solution that covers all your use cases but perhaps someday systemd will make such custom solutions largely obsolete.

I don't think involving PAM is necessary unless you authenticate users against an user directory (like LDAP server) and each user gets his/hers own custom /home/directory, in which case PAM could take care of forcing all users' homes to be /home/adhoc or something. It depends on how exactly different PAM modules are used.


Tempra la cetra e canta

Offline

#3 2019-04-26 18:29:34

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,409

Re: little blerb about someting i'm working on [and questions]

--- ... WHY do you have sbin ... in path .. i have mitigated the issue on my install ...

Because a lot of useful stuff is in the sbins. It's not a hidden directory anyway. IMO not an issue.


Tempra la cetra e canta

Offline

#4 2019-04-27 15:47:55

r00t
Member
From: Canada
Registered: 2019-04-18
Posts: 43

Re: little blerb about someting i'm working on [and questions]

twoion wrote:

Make /home part of rootfs and equip /home/adhoc with an .xsession file or

FYI, systemd has a lot of features that are meant to support implementing stateless systems. You now have a custom solution that covers all your use cases but perhaps someday systemd will make such custom solutions largely obsolete.


yes it sure dose ..... and i did look at that .... however it would not work for me,
i passed the appropriate args VIA  grub  perhaps i did it in the wrong place ... ??

in the end i found it easier to build a custom initrd ...

------
yes the overlay fs i have looked at as well and currely moving that way,

and in that light is it possible to overlay an overlay ?

Last edited by r00t (2019-04-27 15:56:20)


The distance between insanity, or genus is measured only by success .

Offline

#5 2019-04-27 16:04:19

r00t
Member
From: Canada
Registered: 2019-04-18
Posts: 43

Re: little blerb about someting i'm working on [and questions]

actually this is from the system i am working on .... now this is dose not seem to be needed on bunsen labs ..... but when i was useing pure Debian it was needed..

my question is here ....  i know there is a easier way to to this ... and this works but..
in my opinion sloppy ...  maybe not as bad as i think ... anyway there is a comment about sed and not converting numbers thats what i am asking about ..

......
# poll current load use to get percent value for evauation of ya nay flush
Check_CPU_Load(){
	# get load store as Cur_Cpu_Load
	Cur_Cpu_Load=$(cat /proc/loadavg | cut -d " " -f 2)
	# the sed is needed here, i'd rather not but it keept telling me it could not convert the numbers
	LOAD=$(printf "scale=2; ($Cur_Cpu_Load / $Get_Cores * 100)\n" | bc | sed -e 's/[0.]*$//g')
	if [ $LOAD -le 25 ]; then drop_it; else printf "$(date) $LOAD Percent  Dropped=N\n"  >> /tmp/ramfree.log;  fi
}
.......

Last edited by r00t (2019-04-27 16:05:51)


The distance between insanity, or genus is measured only by success .

Offline

#6 2019-04-27 16:19:31

r00t
Member
From: Canada
Registered: 2019-04-18
Posts: 43

Re: little blerb about someting i'm working on [and questions]

twoion wrote:

--- ... WHY do you have sbin ... in path .. i have mitigated the issue on my install ...

Because a lot of useful stuff is in the sbins. It's not a hidden directory anyway. IMO not an issue.

This is true but sbin root tools ... err mostly ... and sudo secure path covers /sbin ...  thats my thoughts there ...


The distance between insanity, or genus is measured only by success .

Offline

#7 2019-05-03 15:13:08

r00t
Member
From: Canada
Registered: 2019-04-18
Posts: 43

Re: little blerb about someting i'm working on [and questions]

twoion wrote:

......

.xsession takes care of failing when no USB is mounted on /home/adhoc. The USB would be mounted there as an overlay (https://wiki.archlinux.org/index.php/Overlay_filesystem) immediately after plugging in using udev (important: Force mount on /home/adhoc or similar). After that, session startup continues and user settings are loaded and can be written.


and just to tack a bit onto  overlays..
overlayfs

Last edited by r00t (2019-05-03 15:13:34)


The distance between insanity, or genus is measured only by success .

Offline

Board footer

Powered by FluxBB