From bd96df2eb006d84829359d83535fe4b02b0c7258 Mon Sep 17 00:00:00 2001 From: Thomas Basler Date: Thu, 4 Nov 2021 20:12:24 +0100 Subject: [PATCH] xrdp_apphost: Add tsadmin user This user is able to e.g. run graphical installers for estlcam --- roles/xrdp_apphost/README.md | 7 +----- roles/xrdp_apphost/defaults/main.yml | 5 ++++ roles/xrdp_apphost/tasks/main.yml | 23 ++++++++++++++++++- .../templates/tsadmin_xsession.j2 | 4 ++++ 4 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 roles/xrdp_apphost/templates/tsadmin_xsession.j2 diff --git a/roles/xrdp_apphost/README.md b/roles/xrdp_apphost/README.md index 29f5c28..3c3e860 100644 --- a/roles/xrdp_apphost/README.md +++ b/roles/xrdp_apphost/README.md @@ -8,11 +8,7 @@ After the role has applied several manual installation steps have to be applied by a admin user. * Estlcam - * Create a .xsession file for the admin user with the following content: - xfwm4 & - exec xterm - * Login as admin user and execute the following commands - $ xhost si:localuser:estlcam + * Login as tsadmin user and execute the following commands $ sudo -u estlcam --preserve-env=DISPLAY /bin/bash $ cd ~ $ export WINEPREFIX=~/.wine32 @@ -21,4 +17,3 @@ by a admin user. $ winetricks dotnet40 gdiplus d3dx9_36 $ wget http://www.estlcam.de/downloads/Estlcam_32_11243.exe $ wine Estlcam_32_11243.exe - $ echo "Hide tooltips=no" >> ~/.wine32/drive_c/ProgramData/Estlcam/V11/Settings\ Estlcam.txt \ No newline at end of file diff --git a/roles/xrdp_apphost/defaults/main.yml b/roles/xrdp_apphost/defaults/main.yml index 7f3b336..08cfc45 100644 --- a/roles/xrdp_apphost/defaults/main.yml +++ b/roles/xrdp_apphost/defaults/main.yml @@ -35,3 +35,8 @@ estlcam_user: estlcam estlcam_group: estlcam estlcam_pass: fckgw01estlcam estlcam_salt: $1$SomeSalt$ + +tsadmin_user: tsadmin +tsadmin_group: tsadmin +tsadmin_pass: fckgw01tsadmin +tsadmin_salt: $1$SomeSalt$ diff --git a/roles/xrdp_apphost/tasks/main.yml b/roles/xrdp_apphost/tasks/main.yml index 89032c3..40af3d3 100644 --- a/roles/xrdp_apphost/tasks/main.yml +++ b/roles/xrdp_apphost/tasks/main.yml @@ -91,4 +91,25 @@ template: src=estlcam_xsession.j2 dest=/home/{{ estlcam_user }}/.xsession - name: Create Estlcam data directory - file: path=/home/{{ estlcam_user }}/data state=directory mode=0755 owner={{ estlcam_user }} group={{ estlcam_group }} \ No newline at end of file + file: path=/home/{{ estlcam_user }}/data state=directory mode=0755 owner={{ estlcam_user }} group={{ estlcam_group }} + + +- name: Create tsadmin group + group: name={{ tsadmin_group }} + +- name: Create tsadmin_user + user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }} + +- name: Allow 'tsadmin_user' group to have passwordless sudo to other users + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL' + line: '{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL' + validate: visudo -cf %s + with_items: + - "{{ estlcam_user }}" + - "{{ lightburn_user }}" + +- name: Create tsadmin_user .xsession + template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession diff --git a/roles/xrdp_apphost/templates/tsadmin_xsession.j2 b/roles/xrdp_apphost/templates/tsadmin_xsession.j2 new file mode 100644 index 0000000..93987e4 --- /dev/null +++ b/roles/xrdp_apphost/templates/tsadmin_xsession.j2 @@ -0,0 +1,4 @@ +xhost si:localuser:{{ lightburn_user }} +xhost si:localuser:{{ estlcam_user }} +xfwm4 & +exec xterm \ No newline at end of file