Servidores centros secundaria

##

## Note, to get this to work as it is currently typed you need

##

## 1. to run an application as root

## 2. add the following groups to the /etc/group file:

## floppy, games, sound

##

#

# *** Please note that giving group membership on a session basis is

# *** NOT inherently secure. If a user can create an executable that

# *** is setgid a group that they are infrequently given membership

# *** of, they can basically obtain group membership any time they

# *** like. Example: games are allowed between the hours of 6pm and 6am

# *** user joe logs in at 7pm writes a small C-program toplay.c that

# *** invokes their favorite shell, compiles it and does

# *** "chgrp games toplay; chmod g+s toplay". They are basically able

# *** to play games any time... You have been warned. AGM

#

# this is an example configuration file for the pam_group module. Its

# syntax is based on that of the pam_time module and (at some point in

# the distant past was inspired by the 'shadow' package)

#

# the syntax of the lines is as follows:

#

# services;ttys;users;times;groups

#

# white space is ignored and lines maybe extended with '\\n' (escaped

# newlines). From reading these comments, it is clear that

# text following a '#' is ignored to the end of the line.

#

# the first four fields are described in the pam_time directory.

# The only difference for these is how the time field is interpretted:

# it is used to indicate "when" these groups are to be given to the user.

#

# groups

# The (comma or space separated) list of groups that the user

# inherits membership of. These groups are added if the previous

# fields are satisfied by the user's request

#

#

# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),

# the user 'us' is given access to the floppy (through membership of

# the floppy group)

#

#xsh;tty*&!ttyp*;us;Al0000-2400;floppy

# another example: running 'xsh' on tty* (any ttyXXX device),

# the user 'sword' is given access to games (through membership of

# the sound and play group) after work hours. (The games group owns

# high-score files and so on, so don't ever give users access to it.)

#

#xsh; tty* ;sword;!Wk0900-1800;sound, play

#xsh; tty* ;*;Al0900-1800;floppy

*; tty*&!ttyp*; *; Al0000-2400; audio,cdrom

*; :0; *; Al0000-2400; audio,cdrom,floppy,plugdev,video,powerdev

*; :0;*;Al0000-2400;lpadmin

#

# End of group.conf file

#

#/bin/bash

#Irá en /etc/X11/Xsession.d

#El nombre no es al azar, debe ser: XXcustom_script, sin extensiones, sino Xsession no lo procesa.

usuario=$USER

#Debemos saber si es profesor, ya que los alumnos tambien hacen login (indirectamente) en el equipo del profesor

#y aparecerían registrados en él.

es_profe=$(id -nG $usuario | grep teachers | wc -l)

if [ $es_profe -ne 0 ]

then

grep -v "^#" /etc/printcap | cut -d"|" -f1 |

while read printer

do

/usr/sbin/cupsdisable $printer

/usr/bin/cancel -a $printer

/usr/sbin/cupsenable $printer

/usr/sbin/cupsaccept $printer

done

fi

Instala un script que al hacer login el profesor en el equipo limpia la

cola de impresión de todas las impresoras y las reinicia y activa.

Evitamos colas de impresión con trabajos atascados durante días.

Es mas práctico que hacer que el profesor lo haga interactivamente, ya que

pasa de hacerlo y además olvida que ha mandado un trabajo, dejando el

trabajo encolado.

Pone un script en /etc/Xsession.d que hace la limpieza de colas y activacion.

Además, modifica /etc/security/group.conf para que todos los usuarios logados

en :0 pertenezcan al grupo lpadmin (para poder ejecutar comandos

cups de limpizeza y activacion).

17-01-2011

Alfonso Pastor.

IES Virgen de Guadalupe.

class limpiar_impresoras {

file { "/etc/X11/Xsession.d/98custom_clean_printers":

owner => root, group => root, mode => 755,

source => "puppet:///limpiar_impresoras/98custom_clean_printers",

}

file { "/etc/security/group.conf":

owner => root, group => root, mode => 644,

source => "puppet:///limpiar_impresoras/group.conf",

}

}