From d4c3143655d2f6b49664828c915a6a924c1b1fd8 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 16 Feb 2017 12:34:24 +0100
Subject: [PATCH] library/roles/smartgears/r_connector/templates/rusersadd.j2:
 Use ACLs to set the userconfig.csv permissions. Touch the file at each login
 so that the file has been removed by the user, he can still connect.

---
 smartgears/r_connector/templates/rusersadd.j2 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/smartgears/r_connector/templates/rusersadd.j2 b/smartgears/r_connector/templates/rusersadd.j2
index c2f1e453..009b716b 100755
--- a/smartgears/r_connector/templates/rusersadd.j2
+++ b/smartgears/r_connector/templates/rusersadd.j2
@@ -11,6 +11,9 @@ RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename
 
 if [ -d $HDIR ] ; then
     logger "$LOG_PREFIX user $HDIR directory exists"
+    sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }}
+    sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
+    sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
     exit 0
 else 
     if id -u $USER >/dev/null 2>&1
@@ -21,9 +24,9 @@ else
         sudo /bin/chmod g-wr,o-rwx $HDIR
         sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }}
         sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }}
-        #sudo /bin/chgrp -R {{ smartgears_user }} $HDIR
+        sudo /bin/chown $USER:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
+        sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
         sudo /bin/chgrp {{ smartgears_user }} $HDIR
-        sudo /bin/chown {{ smartgears_user }}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
         sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
         exit 0
     else
@@ -37,6 +40,7 @@ else
             sudo /bin/chmod g+ws $HDIR
             sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }}
             sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }}
+            sudo /usr/bin/setfacl -m g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
             sudo /bin/chgrp -R {{ smartgears_user }} $HDIR
             sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
             exit 0