tune_new_system.sh: more safe

73d77463 · Vitaly Lipatov · 941e40b1 · 73d77463
Commit 73d77463 authored Nov 07, 2019 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 6 deletions

tune_new_system.sh etersoft/tune_new_system.sh +15 -6

No files found.
--- a/etersoft/tune_new_system.sh
+++ b/etersoft/tune_new_system.sh
 #!/bin/sh
+# Скрипт для настройки новых машин по нашим правилам
 #if grep -q ftp.altlinux.org /etc/apt/sources.list.d/alt.list ; then
 if [ ! -r /etc/apt/sources.list.d/etersoft.list ] ; then
    cat /etc/apt/sources.list.d/alt.list | sed -e "s|http://ftp.altlinux.org/pub/distributions|http://download.etersoft.ru/pub|" > /etc/apt/sources.list.d/etersoft.list
@@ -27,7 +29,9 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpX0yMvZS1r4mfEaeN4rjMlPPbtV3vdsLvV++wcajyx
 EOF
 fi
-epm -q avahi-daemon >/dev/null && epm remove avahi-daemon
+# TODO: нужен или нет для cups?
+#epm -q avahi-daemon >/dev/null && epm remove avahi-daemon
 control sudo public
 if ! grep "/home" /etc/fstab | grep -q nfs ; then
@@ -55,19 +59,24 @@ fi
 # TODO
 subst "s|# WHEEL_USERS ALL=(ALL) NOPASSWD: ALL|WHEEL_USERS ALL=(ALL) NOPASSWD: ALL|" /etc/sudoers
-userdel user
+getent passwd user && userdel user
+# server side
 subst "s|^#GSSAPIAuthentication no|GSSAPIAuthentication yes|" /etc/openssh/sshd_config
 subst "s|^#GSSAPICleanupCredentials yes|GSSAPICleanupCredentials yes|" /etc/openssh/sshd_config
-# TODO: тонкости. seat?
+# client side
-serv lightdm off
+subst "s|#   GSSAPIAuthentication yes|    GSSAPIAuthentication yes|" /etc/openssh/ssh_config
-serv dm on
+subst "s|#   GSSAPIDelegateCredentials yes|    GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config
+# TODO: тонкости. seat? (eterbug #12145)
+#serv lightdm off
+#serv dm on
 # https://bugs.etersoft.ru/show_bug.cgi?id=12207
 epmi chrony
-serv chronyd on
 subst "s|^\(pool pool.ntp.*\)|server ntp.etersoft.ru iburst\n#\1|" /etc/chrony.conf
+serv chronyd on
 # TODO: выключение NetworkManager для интерфейса
 # DISABLED=yes