#!/usr/bin/perl -- # # Set up Windows directories for Samba PCs in ~: # ~/Windows for configuration data which is accessed direct from the PC # ~/My_Documents for the user's visible files, accessed directly # ~/.profiles for the roaming profile which is copied at login/logout # # For the moment the argument is /users/%g/%u/.profiles -- change that later ( $cmd = $0 ) =~ s!.*/!!; eval { ( $group, $user ) = $ARGV[0] =~ m!^/users/(.+?)/(.+?)/.profiles$! or die "Bad argument $ARGV[0]\n"; -e "/usr/sms.$_" and $host = $_, last foreach qw( rome bianco newrome newbianco ); $host or die "Bad host (must be bianco or rome)\n"; ## Undergrad group names are alpha followed by a single digit, ## thus e.g. mc2stuff or gen21 or st5 are NOT undergrads. #$is_undergrad = ( ( $host ne 'bianco' ) && ( $group =~ m!^[a-z]+[0-4]$! ) ); # Undergrad usernames contain a digit: see also siv:/s/SMS/User.pm $is_undergrad = ( $user =~ m!\d! ); # logmsg( "called for $user.$group" ); umask 077; chdir "/users/$group/$user" or die "Could not chdir to /users/$group/$user\n"; $group eq 'cap' || $user eq 'conf' and ! -w "/users/$group/$user" and exit; # Rarely we end up with ".profiles/Local Settings": sign that # profile is corrupted, or will be soon? Remove it. if( -e ".profiles/Local Settings" ) { logmsg( "Removing unwanted /users/$group/$user/.profiles/Local Settings" ); system( "rm", "-rf", ".profiles/Local Settings" ); } # Rarely we end up with ".profiles/prf*.tmp" files (would be # NTUSER.DAT but not renamed yet)? foreach( glob( ".profiles/prf*.tmp" ), glob( ".profiles/*/prf*.tmp" ) ) { unlink $_; logmsg( "Removed unwanted /users/$group/$user/$_" ); } # Rarely we have ".profiles/ntuser.dat", rename to NTUSER.DAT for # uniformity (though at WinXP it seems the "default" is lowercase) if( -e ".profiles/ntuser.dat" ) { if( -e ".profiles/NTUSER.DAT" ) { logmsg( "Both ntuser.dat and NTUSER.DAT in /users/$group/$user/.profiles" ); } else { logmsg( "Renaming /users/$group/$user/.profiles/ntuser.dat as NTUSER.DAT" ); rename ".profiles/ntuser.dat", ".profiles/NTUSER.DAT"; } } # Same for "ntuser.dat.LOG". Funny that capitalization... if( -e ".profiles/ntuser.dat.LOG" ) { if( -e ".profiles/NTUSER.DAT.LOG" ) { logmsg( "Both ntuser.dat.LOG and NTUSER.DAT.LOG in /users/$group/$user/.profiles" ); } else { logmsg( "Renaming /users/$group/$user/.profiles/ntuser.dat.LOG as NTUSER.DAT.LOG" ); rename ".profiles/ntuser.dat.LOG", ".profiles/NTUSER.DAT.LOG"; } } # Is this a "good" profile worth saving? # Should we (also) check the existence of ntuser.ini? if( ( -s ".profiles/NTUSER.DAT") > 256*1024 ) { # Only cleanup above, do nothing else for unset-profile at disconnect $cmd =~ m/unset/ and exit; # This is "good", save it $MNTUSER = -M _; $Msaved = -M ".profiles-saved.tgz"; if( $MNTUSER > 0 and $Msaved > 0 and $MNTUSER > $Msaved ) { #logmsg( "Not saving, /users/$group/$user/.profiles-saved.tgz newer than NTUSER.DAT" ); } else { #logmsg( "Saving to /users/$group/$user/.profiles-saved.tgz" ); # Do not save .profiles/Desktop: sometime too large. (Should be moved to ~/Windows instead.) # Do not save .profiles/MyDocuments: sometimes large, and wrongly still in profiles. # Do not save .profiles/ApplicationData: often large, and we do not really need. # Should not we save just NTUSER.DAT and maybe NTUSER.DAT.LOG ? system( "tar zcf .profiles-saved.tgz .profiles --exclude=.profiles/Desktop --exclude='.profiles/My Documents' --exclude='.profiles/Application Data' >/dev/null 2>/dev/null" ); } } # Otherwise is there a good saved profile? elsif( ( -s ".profiles-saved.tgz" ) > 20*1024 and 0 == system( "gunzip -t .profiles-saved.tgz >/dev/null 2>/dev/null" ) ) { # Only cleanup above, do nothing else for unset-profile at disconnect $cmd =~ m/unset/ and logmsg( "Should restore /users/$group/$user/.profiles-saved.tgz" ) and exit; # Saved is good, restore it logmsg( "Restoring /users/$group/$user/.profiles-saved.tgz" ); # Do not pre-remove: we did not save everything in .profiles (see above). #system( "rm -rf .profiles" ); # We used to have ">&- 2>&-" so as not to be bothered by bogus output; # but "tar zxf" does not seem to like that, would whinge # "gzip: stdout: Bad file descriptor" and fail. Instead use # ">/dev/null 2>/dev/null" (though "tar zcf" does not seem to mind). system( "tar zxf .profiles-saved.tgz .profiles >/dev/null 2>/dev/null" ); } # Only cleanup above, do nothing else for unset-profile at disconnect $cmd =~ m/unset/ and exit; # Unlikely this would ever happen after our restore above... # # Avoid problems with empty NTUSER.DAT file (left like that when # logging out with disk quota exceeded): remove so default one # can be created. # With an empty NTUSER.DAT, the user would get the error message # # Windows cannot load the locally stored profile. Contact your # network administrator. # DETAIL: the system has attempted to load or restore a file into # the registry, but the specified file is not in a registry file # format. # ... # Windows cannot load the profile and is logging you on with a # temporary profile. # Changes you make to this profile will be lost when you log off. # # With a missing NTUSER.DAT, the user's profile is not copied in; at # logout a default NTUSER.DAT and profile are written out; thus any # customizations to the profile are lost. # This also occurs for new users: the seeding of profiles does not # work on first login. # # Empty prefs.js files are (silently) picked up later. # # Any way of alerting the user (e.g. WinPopup with smbclient)? # Used to do this also when logging out, not only when logging in. # Want to alert anyway? (Users would needlessly ask for backups.) foreach( '.profiles/NTUSER.DAT' ) { if( -f $_ and ! -s _ ) { unlink $_; logmsg( "Removed empty /users/$group/$user/$_" ); } } if( ( -s ".profiles/NTUSER.DAT") == 256*1024 ) { logmsg( "Should remove /users/$group/$user/.profiles/NTUSER.DAT of 262144 bytes" ); } # On first login, we must make the .profiles directory. Paul points out # we also need to create some other directories, as if Windows does so it # will use inappropriate permissions. # 2 Nov 2001 (PSz) With Samba 2.2.1a I cannot see a permissions problem, # though we do not use any of # restrict acl with mask = yes # security mask = 0000 # directory security mask = 0000 # force security mode = 0600 # force directory security mode = 0700 # nor even # inherit permissions = Yes # in smb.conf, but have only # create mask = 0600 # directory mask = 0700 # force create mode = 0600 # force directory mode = 0700 # Still we need to pre-create some directories, as Windows attempts to # write files/dirs without creating the tree above. (In some cases it # tries again and creates the tree, but we do not like samba to whinge.) unless( $is_undergrad ) { makedirs_from_path( ".profiles/$_" ) foreach 'Start Menu/Programs/Startup/', 'Start Menu/Programs/Accessories/System Tools/', 'Start Menu/Programs/Accessories/Entertainment/', 'Start Menu/Programs/Accessories/Accessibility/', 'Favorites/Media/', 'Favorites/Links/', 'Desktop/', 'Application Data/Adobe/Acrobat/WHAPI/', 'Application Data/Microsoft/Crypto/RSA/', 'Application Data/Microsoft/Excel/XLSTART/', 'Application Data/Microsoft/FrontPage/State', 'Application Data/Microsoft/Internet Explorer/', 'Application Data/Microsoft/Office/Recent/', 'Application Data/Microsoft/Protect/', 'Application Data/Microsoft/SystemCertificates/My/', 'Application Data/Microsoft/Word/STARTUP/', 'Application Data/Identities/', 'My Documents/My Pictures/'; } # Need # [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\JSPrefs] # "bEnableJS"=dword:00000000 # [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Originals] # "bAllowOpenFile"=dword:00000000 # (set in Mike's policies). # I see the registry setting for "Enable External Streams", but # where is "Allow multimedia operations" (and are they dangerous)? # Glob.settings.js is not needed at least since version 7.0.7 (but does no harm): # See http://rome/u/psz/securepc.html#Acrobatx and /usr/sms/bin/acroread70 makedirs_from_path( '.profiles/Application Data/Adobe/Acrobat/7.0/JavaScripts/glob.settings.js/' ); if( $is_undergrad ) { # Mike will make Word user templates be written there for students makedirs_from_path( "Windows/.office/" ); } if( $host eq 'bianco' ) { # Mike want this for admin users makedirs_from_path( "Windows/Lotus/Backups/" ); } # For proper permissions makedirs_from_path( 'My_Documents/My_Pictures/' ); if( $host eq 'bianco' ) { # Set up Admin database reports files makedirs_from_path( "My_Documents/db/reports/$_/" ) foreach qw( staff ); } foreach( '.profiles/Start Menu/Programs/Startup/desktop.ini', '.profiles/Start Menu/Programs/Startup/Desktop.ini' ) { if( -f $_ ) { unlink $_; logmsg( "Removed annoying /users/$group/$user/$_" ); } } # Flag so we (i.e. Mike's login scripts) can recognize when # the seeding of the profiles did not work. provide_file( '.profiles/profile-ok.sms', '' ); # For Netscape 4 $NS4dir = 'Windows/.netscape'; $NS4prefs = "$NS4dir/prefs.js"; $NS4bookmark = "$NS4dir/bookmark.htm"; #$NS4addrbook = "$NS4dir/pab.na2"; # Not seeded, not used ## Not supported any more 10 Aug 05, mostly commented out # # unless( -f $NS4prefs && -s _ ) # { # setup_VAL(); # # provide_file( $NS4prefs, < # #Bookmarks for $VAL{FULLNAME} #

Bookmarks for $VAL{FULLNAME}

# #

#

Personal Toolbar Folder

#

#

School

#

#

SMSsearch #
scnews #
calendar #
scwho #
Research #
Teaching #
Administration #
Digital Alpha #

#

Usyd

#

#

University of Sydney #
University of Sydney Search #
Electronic Phone Book #
Library catalogue search #

#

#EO # # # So Netscape mail can work. # makedirs_from_path( "$NS4dir/mail/" ); # # } # # # Unconditionally inhibit instant messenging: # # provide_file( "$NS4dir/launch.aim", "DWH\r\n" ); # # if( $is_undergrad ) # { # # Undergraduates don't need https (except for MyUni) so don't get # # certificates. Other users do need certificates, even though they # # take a lot of space. (Could we link to a single common copy?) # make_symlink( '/dev/null', "$NS4dir/cert7.db" ); # } # For Netscape7 # Run L:\win\sfwinst\DataOnly\Netscape-7.2-NSSetup-Full.exe and do: # "recommended" install in default C:\Program Files\Netscape\Netscape; # no extra bits or maybe Java for staff; no quicklaunch; homepage does # not matter; cancel/exit when it asks which profile to use (or use # .netscape7, but do not run netscape anyway). # Delete the AIM (and mail) icons on the (all users) desktop [not there # after 7.1->7.2 upgrade?]. # (Could do "complete" install, but unnecessary; would then have Real # and cannot configure that away.) # For NS7.2, do not know how to disable AIM. # For NS7.1, to disable AIM [so it does not appear on PersonalToolbar # or ComponentBar (View Show/Hide) or under Window], rename the file # C:\Program Files\Netscape\Netscape\chrome\aim.jar # (e.g. to aim-UNWANTED.jar). # [For NS7.02, follow hints in http://www.hmetzger.de/etips6.html : # edit the file # C:\Program Files\Netscape\Netscape\chrome\overlayinfo\communicator\content\overlays.rdf # deleting all lines with references to AIM. (The file has UNIX-like # NL line terminators: edit on UNIX.)] # # To transfer NS4 mail files to NS7, do also (as plain PERSON): # Compact NS4 mail folders: run NS4 mail client, File CompactFolders. # Quit NS4, fully. # Run the NS7 mail client but do NOT enter the POP (PERSON@rome) # password when prompted (to prevent grabbing any new mail). # Quit NS7, fully. # The old NS4 mail files should be in # H:\Windows\.netscape\mail # while the new NS7 mail folder # H:\Windows\.netscape7\Mail\rome # should be pretty empty (have empty files). Copy the mail # files/folders from the old directory to the new one: files like # Drafts Inbox Sent Templates; do NOT copy *.snm files, empty files, # or Trash (or delete after copy). # Start NS7 mail client. May want to check that existing mail folders # are readable before entering POP password. # Delete old mail files when all is done. # Thanks to Ronald Jore for hints: # It seems that when NS7 pointed to an existing profile directory # it goes there and uses it instead of creating the salted path. # I am not sure if the presence of the prefs file would be enough # to recognise a given directory as a profile location ... # # To create the /usr/sms/win/netscape7-registry.dat file: # Use "Netscape7 Profile Manager" to delete old "default" profile and # create new one named ".netscape7" using folder "H:\Windows" (thus new # data will be in directory "H:\Windows\.netscape7"). # Copy the file "$HOME/.profiles/Application Data/Mozilla/registry.dat" # (written after logout only, when Windows does 'saving your settings'). # # The symlink will be replaced by a "real" file at each logout # (a timestamp is updated at each use, maybe other changes also): # need to keep putting it back. # # Do we decrease the security of NS7 by using fixed "well-known" data # paths, instead of hard-to-predict ones? # The "secret" path is recorded (plain-text buried among binary data) # in the registry.dat file: if the attacker can read arbitrary local # files then the game is up anyway. # Seems that the NS4 prefs.js file could be "stolen" only by virtue of # it being all valid JS code. Cleverly, NS7 uses a # comment at the # beginning to render it invalid. # make_symlink( # '/usr/sms/win/netscape7-registry.dat', # '.profiles/Application Data/Mozilla/registry.dat', # 'quiet' # ) if -e '/usr/sms/win/netscape7-registry.dat'; $NS7dir = 'Windows/.netscape7'; $NS7prefs = "$NS7dir/prefs.js"; $NS7bookmark = "$NS7dir/bookmarks.html"; $NS7addrbook = "$NS7dir/abook.mab"; # Not seeded, used for Thunderbird # Would like to not support any more from 10 Aug 05, but maybe needed for FTP upload ## Not supported any more 14 Aug 06, mostly commented out # # # We generate NS7 preferences and bookmarks based on NS4. For people # # that keep using NS4, we may need to re-generate the NS7 files: check # # if the NS4 files are newer. Seems that each use of NS4 modifies its # # prefs.js, no need to test bookmarks separately. # if( -f $NS7prefs ) # { # $M = -M _; # if( -f $NS4prefs and $M > -M _ ) # { # # logmsg( "/users/$group/$user/$NS7prefs is older than $NS4prefs" ); # # The Netscape7 file is older than the Netscape4 one: # # is unused yet, the default we gave some time ago? # eval # { # opendir D, $NS7dir or die "Cannot opendir $NS7dir\n"; # while( $_ = readdir D ) # { # m/^(\.|\.\.|Cache|Cache\.Trash|XUL.mfl|downloads.rdf|prefs.js|bookmarks\.html|localstore\.rdf)$/ or # die "Unexpected file $_ in $NS7dir\n"; # } # closedir D or die "Cannot closedir $NS7dir\n"; # }; # unless( $@ ) # { # logmsg( "Removing unused /users/$group/$user/$NS7prefs ($NS4prefs is newer)" ); # unlink $NS7prefs; # # Test newness of bookmarks? # # Or is it "cheaper" to recreate anyway? # unlink $NS7bookmark; # } # } # } # # unless( -f $NS7prefs && -s _ ) # { # setup_VAL(); # # # See: # # about:config # # http://developer.netscape.com/docs/manuals/communicator/preferences/ # # http://www.alain.knaff.lu/howto/MozillaCustomization/ # # # Should we also use: ## user_pref("nglayout.initialpaint.delay", 0); # # ? # # $prefs = < ), # close F or die "Cannot close $NS4prefs (to copy to $NS7prefs)\n" # ); # # provide_file( $NS7prefs, $prefs ); # # unless( -f $NS7bookmark && -s _ ) # { # $bookmark = ''; # # Use NS4 bookmarks if we can; otherwise use default. # open F, $NS4bookmark and ( # $bookmark = join( '', ), # close F or die "Cannot close $NS4bookmark (to copy to $NS7bookmark)\n" # ); # $bookmark or $bookmark = < # #Bookmarks #

Bookmarks

# #

#

Personal Toolbar Folder

#

#

School

#

#

SMSsearch #
scnews #
calendar #
scwho #
Research #
Teaching #
Administration #
Digital Alpha #

#

Usyd

#

#

University of Sydney #
University of Sydney Search #
Electronic Phone Book #
Library catalogue search #

#

#EO # # provide_file( $NS7bookmark, $bookmark ); # } # # unless( -f "$NS7dir/localstore.rdf" && -s _ ) # { # provide_file( "$NS7dir/localstore.rdf", < # # # # # # # # # # # # # # # # # # # # # #EO # } # # # No need as NS7 can create it if needed: # # makedirs_from_path("$NS7dir/Mail/"); # # } # # if( $is_undergrad ) # { # # Undergraduates don't need https (except for MyUni) so don't get # # certificates. Others do need this ... # make_symlink( '/dev/null', "$NS7dir/cert7.db" ); # # Would like to get away from cert8.db, but then (when using forms?) # # NS would say "Could not initialize the browser's security component". # #make_symlink( '/dev/null', "$NS7dir/cert8.db" ); # # We remove it (at logout also?) instead... # unlink "$NS7dir/cert8.db"; # } # # # Be double-safe even with browser.cache.disk.capacity set to 0 # # and nglayout.debug.disable_xul_cache set to true. # # Do not know how else to turn off download records... # foreach( # "$NS7dir/Cache", # "$NS7dir/Cache.Trash", # "$NS7dir/XUL.mfl", # "$NS7dir/downloads.rdf" ) # { # make_empty0file( $_ ); # } # For Firefox 1.5.X or 2.0.X or 3.0.X # Might do even without installing (Thunderbird also?), see # http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028772.html # : # >> Can the Firefox settings be controlled centrally? # > ... Download Firefox 1.0.zip, unpack it to R/O share on file server, # > edit JS configuration files in .\defaults\pref and .\greprefs, then # > create a shortcut to firefox.exe on user desktops. To change FF # > settings, edit JS configs again. Voila! # Run L:\win\sfwinst\DataOnly\FirefoxSetup-3.0.X.exe and do: # accept licence, # Standard install (or Custom without "Quality Feedback Agent"?) # in C:\Program Files\Mozilla Firefox. # Start firefox (as admin), as that still creates a few things. # User might want to copy his latest bookmarks file e.g. # ~/Windows/.netscape7/bookmarks.html # to # ~/Windows/.firefox/ # at any time (but not while firefox is running). # There is some slowness on first use of FF ... # and two tabs at upgrade or version change ... # FF3 uses not bookmarks.html but places.sqlite, and does the automatic # translation or seeding only if there is no inaccessible bookmarkbackups # object. Use urlclassifierkey3.txt as a flag whether we need this. provide_file( '.profiles/Application Data/Mozilla/Firefox/profiles.ini', < 1500; # Must be newer than we had already next unless ( -M _ ) < $M; $M = ( -M _ ); $FFbak = $_; } if( $FFbak ) { logmsg( "Restoring /users/$group/$user/$FFbak" ); system( "cp", $FFbak, $FFprefs ); } } # Generate FF preferences and bookmarks based on NS7. # Could check if NS7 settings are newer, and re-create. # Not really needed: we have "static" FF preferences; user can # easily copy his latest bookmarks file. # if( -f $FFprefs ) # { # $M = -M _; # if( -f $NS7prefs and $M > -M _ ) # { # # logmsg( "/users/$group/$user/$FFprefs is older than $NS7prefs" ); # # The FF file is older than the NS7 one: # # is unused yet, the default we gave some time ago? # eval # { # opendir D, $FFdir or die "Cannot opendir $FFdir\n"; # while( $_ = readdir D ) # { # m/^(\.|\.\.|Cache|Cache\.Trash|XUL.mfl|compreg.dat|compreg.dat.tmp|prefs.js|bookmarks\.html)$/ or # die "Unexpected file $_ in $FFdir\n"; # } # closedir D or die "Cannot closedir $FFdir\n"; # }; # unless( $@ ) # { # logmsg( "Removing unused /users/$group/$user/$FFprefs ($NS7prefs is newer)" ); # unlink $FFprefs; # # Test newness of bookmarks? # # Or is it "cheaper" to recreate anyway? # unlink $FFbookmark; # } # } # } unless( -f $FFprefs && -s _ ) { setup_VAL(); ## Tempting to copy NS7 preferences, but do not want to keep ## directory settings. Do afresh, from scratch. # # Keep NS7 preferences. # # Some (mail, news etc) lines are not needed/used by FF: strip them out? # open F, $NS7prefs and ( # $prefs = join( '', ), # close F or die "Cannot close $NS7prefs (to copy to $FFprefs)\n" # ); # $prefs .= < ), close F or die "Cannot close $NS7bookmark (to copy to $FFbookmark)\n" ); $bookmark or $bookmark = < Bookmarks

Bookmarks

Personal Toolbar Folder

School

SMSsearch
scnews
calendar
scwho
Research
Teaching
Administration
Digital Alpha

Usyd

University of Sydney
University of Sydney Search
Electronic Phone Book
Library catalogue search

EO provide_file( $FFbookmark, $bookmark ); } } if( $is_undergrad ) { # Undergraduates don't need https (except for MyUni) so don't get # certificates. Others may need this ... unlink "$FFdir/cert8.db"; } # Be double-safe even with browser.cache.disk.capacity set to 0 foreach( "$FFdir/Cache", "$FFdir/Cache.Trash", "$FFdir/XPC.mfasl", "$FFdir/XPC.mfl", "$FFdir/XUL.mfasl", "$FFdir/XUL.mfl", "$FFdir/compreg.dat", "$FFdir/compreg.dat.tmp", "$FFdir/urlclassifier2.sqlite", "$FFdir/urlclassifier3.sqlite" ) { make_empty0file( $_ ); } # FF3 uses not bookmarks.html but places.sqlite, and does the automatic # translation or seeding only if there is no inaccessible bookmarkbackups # object. Use urlclassifierkey3.txt as a flag whether we need this. if( -e "$FFdir/urlclassifierkey3.txt" ) { make_empty0file( "$FFdir/bookmarkbackups" ); } else { # Remove a file, leave a directory alone unlink "$FFdir/bookmarkbackups"; } # For Thunderbird 1.5.X or 2.0.X # Run L:\win\sfwinst\DataOnly\ThunderbirdSetup-2.0.X.exe and do: # accept licence, # Standard install (or Custom without "Quality Feedback Agent"?) # in C:\Program Files\Mozilla Thunderbird. # Start thunderbird (as admin), as that still creates a few things. # User should start thunderbird (to create mail directory structure), # then quit. Copy mail files and address books e.g. # ~/Windows/.netscape7/Mail/rome/Inbox # ~/Windows/.netscape7/abook.mab # to # ~/Windows/.thunderbird/Mail/rome/ # ~/Windows/.thunderbird/ # respectively. (*.summary or *.msf files should not be copied; the # TB *.msf files could be dropped to ensure they are re-created.) # If you have more than just the one abook.mab, then in thunderbird # pre-create new, empty ones named abook-N.mab with # address book, file, new, address book # then copy them on top. # For NS4 users, the mail files e.g. # ~/Windows/.netscape/mail/Inbox # can be copied as above. But thunderbird does not understand the # ~/Windows/.netscape/pab.na2 files: use NS7 to import and convert # to *.mab format. # When starting from UNIX NS4, the ~/nsmail/Inbox files will need # to get DOS-like line termination e.g. with # perl -i.bak -pe 's/\r/$/' Inbox Outbox # while it seems that the UNIX ~/.netscape/pab.na2 address book cannot # be "fed" to Windows NS7 to convert to abook.mab format. provide_file( '.profiles/Application Data/Thunderbird/profiles.ini', < -M _ ) # { # # logmsg( "/users/$group/$user/$TBprefs is older than $NS7prefs" ); # # The TB file is older than the NS7 one: # # is unused yet, the default we gave some time ago? # eval # { # opendir D, $TBdir or die "Cannot opendir $TBdir\n"; # while( $_ = readdir D ) # { # m/^(\.|\.\.|XUL.mfl|compreg.dat|compreg.dat.tmp|prefs.js)$/ or # die "Unexpected file $_ in $TBdir\n"; # } # closedir D or die "Cannot closedir $TBdir\n"; # }; # unless( $@ ) # { # logmsg( "Removing unused /users/$group/$user/$TBprefs ($NS7prefs is newer)" ); # unlink $TBprefs; # unlink $TBaddrbook; # } # } # } unless( -f $TBprefs && -s _ ) { setup_VAL(); ## Tempting to copy NS7 preferences, but do not want to keep ## directory settings. Do afresh, from scratch. # # Keep NS7 preferences. # # Only mail lines are needed/used by TB: strip others out? # open F, $NS7prefs and ( # $prefs = join( '', ), # close F or die "Cannot close $NS7prefs (to copy to $TBprefs)\n" # ); # $prefs .= < ), close F or die "Cannot close $NS7addrbook (to copy to $TBaddrbook)\n" ); $addrbook and provide_file( $TBaddrbook, $addrbook ); } } if( $is_undergrad ) { # Undergraduates don't need https (except for MyUni) so don't get # certificates. Others may need this ... unlink "$TBdir/cert8.db"; } # Be double-safe even with browser.cache.disk.capacity set to 0 # and nglayout.debug.disable_xul_cache set to true. foreach( "$TBdir/XPC.mfasl", "$TBdir/XPC.mfl", "$TBdir/XUL.mfasl", "$TBdir/XUL.mfl", "$TBdir/compreg.dat", "$TBdir/compreg.dat.tmp" ) { make_empty0file( $_ ); } ## Not supported any more 10 Aug 05, commented out # # unless( -f 'Windows/.eudora/Eudora.ini' && -s _ ) # { # # Initialize Eudora for new user: # # TidyAttach means 'Delete attachments when emptying Trash' # # UseBidentAlways means 'Use Microsoft's viewer' # # RunHtmlCode means 'Allow executables in HTML content' # # EmptyTrashOnQuit means 'Empty Trash when exiting' # # WarnEmptyTrash means (Warn me when I) 'Empty the Trash mailbox' # # FetchInlineContent means 'Automatically download HTML graphics' # # setup_VAL(); # # provide_file( 'Windows/.eudora/Eudora.ini', <$file" ) or die "Could not open $file (\l$!)\n"; $cont =~ s!\r?\n!\r\n!g; print F $cont or die "Could not print $file (\l$!)\n"; close F or die "Could not close $file (\l$!)\n"; } sub make_symlink { my ( $tgt, $lnk, $quiet ) = @_; lstat( $lnk ); if( -e _ ) { return if -l _ and readlink($lnk) eq $tgt; logmsg( "Removing, re-creating /users/$group/$user/$lnk -> $tgt" ) unless $quiet; unlink $lnk; system( "rm", "-rf", $lnk ) if -e $lnk; } makedirs_from_path( $lnk ); symlink( $tgt, $lnk ) or die "Could not symlink $lnk -> $tgt (\l$!)\n"; } sub make_empty0file { my ( $f ) = @_; if( -e $f ) { return if -f _ and ! -s _; logmsg( "Removing, re-creating /users/$group/$user/$f" ); unlink $f; system( "rm", "-rf", $f ) if -e $f; } provide_file( $f, '' ); chmod( 0000, $f ) or die "Cannot chmod 0 $f\n"; } sub setup_VAL { return if defined $VAL{ USER }; %VAL = ( USER => $user, GROUP => $group, FULLNAME => ( getpwnam $user )[6], WINDIR => 'H:\Windows', NOW => time, ); } sub logmsg { require WireSyslog; WireSyslog::syslog_options( IDENT => ( $cmd || 'setup-or-unset-profile' ), PID => 1 ); WireSyslog::slog( @_ ); } #!#