This file is indexed.

/usr/sbin/fai-setup is in fai-server 4.3.1+deb8u1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
#! /bin/bash

#*********************************************************************
#
# fai-setup -- set up FAI
#
# This script is part of FAI (Fully Automatic Installation)
# (c) 2000-2014 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
#
#*********************************************************************
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# A copy of the GNU General Public License is available as
# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html.  You
# can also obtain it by writing to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
#*********************************************************************

PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin

set -e

cfdir=/etc/fai

options=$@ # all options are also passed to fai-make-nfsroot

while getopts pvC:efgkKlV:B: opt ; do
    case "$opt" in
        C) cfdir=$OPTARG ;;
        v) verbose=1 ; v=-v ;;
        e) expert=1 ;;
    esac
done


. $cfdir/fai.conf
. $cfdir/nfsroot.conf

: ${FAI_LOGPROTO:=ssh}

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_export_line() {

    # add a line to /etc/exports

    pattern=$1
    shift
    options="$@"

    [ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return
    echo "Adding line to /etc/exports: $pattern $options"
    echo "$pattern $options" >> /etc/exports
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_fai_account() {

    if id $LOGUSER 2>/dev/null 1>&2 ; then
        echo Account \$LOGUSER=$LOGUSER  already exists.
        echo Make sure that all install clients can
        echo log into this account without a password.
        return
    fi

    adduser --system --disabled-password --home /var/log/fai --gecos "FAI account for log files" --shell /bin/sh  $LOGUSER
    # get the home dir of a user in a variable; do not exit when set -e is used
    # loguserhome is unset if $LOGUSER does not exists
    # this is not a evil hack, it's a very clever piece of code
    loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
    touch $loguserhome/.account_created_by_fai_package
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_fai_account() {

    # most things should be executed as user $LOGUSER, since root may not have write
    # permissions to $loguserhome (e.g if mount via NFS without no_root_squash)

    set +e
    loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
    sshdir=$loguserhome/.ssh
    if [ -z "$loguserhome" ]; then
        echo "Can't determine home directory for user $LOGUSER."
        echo "LOGUSER= $LOGUSER    loguserhome= $loguserhome"
        exit 8
    fi

    if [ "$FAI_LOGPROTO" = "ssh" ]; then
        # set up ssh on the server
        mkdir -p -m 700 $loguserhome/.ssh

        #Generating keys for LOGUSER
        [ -f $sshdir/id_rsa ] || {
            ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME"
            cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys
        }

        [ -f $sshdir/id_dsa ] || {
            ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME"
            cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys
        }

        #Adding servers keys to known_hosts list of LOGUSER.
        #So that installed clients can ssh $LOGUSER@$HOSTNAME without password
        if [ ! -f $sshdir/known_hosts ]; then
            [ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_dsa_key.pub)
            [ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_rsa_key.pub )
            # determine all IP addresses, and their host names
            ips=$(ip addr show up| grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1 | grep -v 127.0.0.1)
            for ip in $ips; do
                hname=$(getent hosts $ip| tr -s ' ' ',')
                : ${hname:=$ip}
                echo "Adding $hname to known_hosts."
                [ -z "$DSASERVER" ] || echo "$hname $DSASERVER" >> $sshdir/known_hosts
                [ -z "$RSASERVER" ] || echo "$hname $RSASERVER" >> $sshdir/known_hosts
            done
            echo "$sshdir/known_hosts created."
        else
            echo "$sshdir/known_hosts remained unchanged."
        fi

        chmod 0600 $sshdir/authorized_keys
        echo "$sshdir/authorized_keys created."
    fi
    if [ "$FAI_LOGPROTO" = "rsh" -a ! -f $loguserhome/.rhosts ]; then
        # use .rhosts authentication
        echo "+@faiclients root" > $loguserhome/.rhosts
        chmod go-rwx $loguserhome/.rhosts
        echo "$loguserhome/.rhosts created."
    fi

    logusergid=$(id -ng $LOGUSER)
    echo "User account $LOGUSER set up."
    set -e
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

{ # start huge block for capturing output

if [ -n "$LOGUSER" ]; then
    add_fai_account
    setup_fai_account
fi

fai-make-nfsroot $options

if [ -n "$LOGUSER" ]; then
    # chown only if cd was successful
    cd $loguserhome
    if [ $? -eq 0 ]; then
        [ -e .rhosts ] && chown $LOGUSER:$logusergid . .rhosts || true
        [ -d .ssh ] && chown -R $LOGUSER:$logusergid .ssh || true
    fi
    mkdir -p $TFTPROOT
    chown -R $LOGUSER:$logusergid $TFTPROOT || true
    fai-chboot -o default
fi

if [ -z "$FAI_CONFIGDIR" ]; then
    echo "FAI_CONFIGDIR not set in /etc/fai/nfsroot.conf."
    exit 7
fi
mkdir -p $FAI_CONFIGDIR

# in expert mode, do not export nfs directories
if [ -z "$expert" ]; then
    test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server

    : ${SERVERINTERFACE:=eth0}  # set to eth0 if not already set
    addr=$(ip addr show dev $SERVERINTERFACE | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | head -1)

    # if not NFS v4 entry is found add a dummy entry. Workaround for #676883
    if egrep -v ^# /etc/exports | grep fsid=0; then
	echo "No entry for NFS v4 found. Adding a dummy entry. This forces NFS v3 for the nfsroot."
	mkdir -p /srv/nfs4
	add_export_line "/srv/nfs4  $addr(fsid=0,async,ro,no_subtree_check)"
    fi

    if [[ "$FAI_CONFIG_SRC" =~ ^nfs:// ]]; then
        add_export_line $FAI_CONFIGDIR  "$addr(async,ro,no_subtree_check)"
    fi
    add_export_line $NFSROOT  "$addr(async,ro,no_subtree_check,no_root_squash)"
    if [ -z "$nfsserver" ]; then
        echo "Could not find the type of your nfs server. Maybe"
        echo "no nfs server is installed. I can't restart it."
    else
        /etc/init.d/$nfsserver reload
    fi
fi

if [ ! -d $FAI_CONFIGDIR/class ]; then
    echo ""
    echo "   You have no FAI configuration space yet. Copy the simple examples with:"
    echo "   cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR"
    echo "   Then change the configuration files to meet your local needs."
    echo "Please don't forget to fill out the FAI questionnaire after you've finished your project with FAI."
    echo ""
fi
echo "FAI setup finished."
} 2>&1 | tee /var/log/fai/fai-setup.log
echo "Log file written to /var/log/fai/fai-setup.log"