From 5ef2aed3f3961b72699d9881ed09560f4d01371a Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Fri, 18 Oct 2024 16:44:57 -0400 Subject: Tons of desktop fixes --- files/etc/cron.d/unbound.idm_server | 2 ++ files/etc/exports.common | 2 -- files/etc/exports.nfs_server | 2 ++ files/etc/login.conf.desktop | 2 +- files/etc/pam.d/cups.cups_server | 12 +++++------- files/etc/pam.d/kde.freebsd | 7 +++++-- files/etc/pam.d/login.freebsd | 16 ++++++++++++++++ files/etc/pam.d/sddm.freebsd | 23 ++++++++++++++--------- files/etc/pam.d/sshd.freebsd | 20 ++++++++------------ files/etc/pam.d/sudo.freebsd | 8 ++------ files/etc/profile.d/kde.sh.common | 6 ------ files/etc/profile.d/kde.sh.desktop | 6 ++++++ files/etc/profile.d/kde.sh.laptop | 1 + files/etc/profile.d/kde.sh.roadwarrior_laptop | 1 + 14 files changed, 63 insertions(+), 45 deletions(-) create mode 100644 files/etc/cron.d/unbound.idm_server delete mode 100644 files/etc/exports.common create mode 100644 files/etc/exports.nfs_server create mode 100644 files/etc/pam.d/login.freebsd delete mode 100644 files/etc/profile.d/kde.sh.common create mode 100644 files/etc/profile.d/kde.sh.desktop create mode 120000 files/etc/profile.d/kde.sh.laptop create mode 120000 files/etc/profile.d/kde.sh.roadwarrior_laptop (limited to 'files/etc') diff --git a/files/etc/cron.d/unbound.idm_server b/files/etc/cron.d/unbound.idm_server new file mode 100644 index 0000000..56d8809 --- /dev/null +++ b/files/etc/cron.d/unbound.idm_server @@ -0,0 +1,2 @@ +MAILTO=root +@daily ${unbound_user} /usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir} diff --git a/files/etc/exports.common b/files/etc/exports.common deleted file mode 100644 index 4ea7fd2..0000000 --- a/files/etc/exports.common +++ /dev/null @@ -1,2 +0,0 @@ -V4: ${nfs_root} -# The default is to not export anything. diff --git a/files/etc/exports.nfs_server b/files/etc/exports.nfs_server new file mode 100644 index 0000000..4ea7fd2 --- /dev/null +++ b/files/etc/exports.nfs_server @@ -0,0 +1,2 @@ +V4: ${nfs_root} +# The default is to not export anything. diff --git a/files/etc/login.conf.desktop b/files/etc/login.conf.desktop index 558c80a..919a887 100644 --- a/files/etc/login.conf.desktop +++ b/files/etc/login.conf.desktop @@ -2,7 +2,7 @@ default:\\ :passwd_format=sha512:\\ :copyright=/etc/COPYRIGHT:\\ :welcome=/var/run/motd:\\ - :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=/usr/local/override\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ + :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=${xdg_override_dir}\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ :mail=/var/mail/\$:\\ :path=/sbin /bin /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ~/bin:\\ :nologin=/var/run/nologin:\\ diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server index b61c074..03c2763 100644 --- a/files/etc/pam.d/cups.cups_server +++ b/files/etc/pam.d/cups.cups_server @@ -1,8 +1,6 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd index 2604c78..8f87b98 100644 --- a/files/etc/pam.d/kde.freebsd +++ b/files/etc/pam.d/kde.freebsd @@ -1,2 +1,5 @@ -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -account required /usr/local/lib/security/pam_krb5.so +auth required /usr/local/lib/security/pam_krb5.so try_first_pass + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd new file mode 100644 index 0000000..164fcb0 --- /dev/null +++ b/files/etc/pam.d/login.freebsd @@ -0,0 +1,16 @@ +auth sufficient pam_self.so no_warn +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so +session required /usr/local/lib/security/pam_krb5.so + +password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index ef359ff..6a75823 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -2,15 +2,20 @@ # try multiple authentication sources (like krb5 but fall back to pam_unix) # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir -auth optional pam_kwallet5.so +auth sufficient pam_self.so no_warn +auth required /usr/local/lib/security/pam_krb5.so try_first_pass +auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +auth optional pam_kwallet5.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -session required pam_lastlog.so no_fail -session optional pam_kwallet5.so auto_start +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional pam_kwallet5.so auto_start -password required /usr/local/lib/security/pam_krb5.so try_first_pass +password required /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd index 57b281b..559a980 100644 --- a/files/etc/pam.d/sshd.freebsd +++ b/files/etc/pam.d/sshd.freebsd @@ -1,17 +1,13 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required pam_nologin.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -# session -session required /usr/local/lib/security/pam_krb5.so -session required pam_permit.so +session required /usr/local/lib/security/pam_krb5.so +session required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd index 425bf4e..6a6b0a4 100644 --- a/files/etc/pam.d/sudo.freebsd +++ b/files/etc/pam.d/sudo.freebsd @@ -1,15 +1,11 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account account required /usr/local/lib/security/pam_krb5.so account required pam_login_access.so account required pam_unix.so -# session account required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/profile.d/kde.sh.common b/files/etc/profile.d/kde.sh.common deleted file mode 100644 index 010d5c1..0000000 --- a/files/etc/profile.d/kde.sh.common +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then - export SSH_ASKPASS_REQUIRE=prefer - export SSH_ASKPASS=/usr/local/bin/ksshaskpass -fi diff --git a/files/etc/profile.d/kde.sh.desktop b/files/etc/profile.d/kde.sh.desktop new file mode 100644 index 0000000..010d5c1 --- /dev/null +++ b/files/etc/profile.d/kde.sh.desktop @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then + export SSH_ASKPASS_REQUIRE=prefer + export SSH_ASKPASS=/usr/local/bin/ksshaskpass +fi diff --git a/files/etc/profile.d/kde.sh.laptop b/files/etc/profile.d/kde.sh.laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.laptop @@ -0,0 +1 @@ +kde.sh.desktop \ No newline at end of file diff --git a/files/etc/profile.d/kde.sh.roadwarrior_laptop b/files/etc/profile.d/kde.sh.roadwarrior_laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.roadwarrior_laptop @@ -0,0 +1 @@ +kde.sh.desktop \ No newline at end of file -- cgit v1.2.3