===== Bloquer les accès SSH pour PlcmSpIp =====
<code>
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config
echo "DenyUsers PlcmSpIp" >> /etc/e-smith/templates-custom/etc/ssh/sshd_config/99DenyUsers
expand-template /etc/ssh/sshd_config
sv t /service/sshd
</code>

===== Créer le répertoire de déploiement =====
<code bash>
mkdir -p /var/lib/phone/polycom/
</code>

===== Configurer le serveur DHCP =====
<code bash>
mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf/
cat <<EOF > /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
option boot-server code 66 = string;
group \{

option boot-server "ftp://PlcmSpIp:__SECRET__@{ \$LocalIP }";

host phone-1 \{
       hardware ethernet 00:04:f2:1d:fe:44;
       fixed-address 192.168.7.22;
\}
\}
EOF
SECRET=$(/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]')
sed -i -e "s/__SECRET__/$SECRET/" /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
echo $SECRET > ~/polycom.secret
chmod 600 ~/polycom.secret
unset SECRET
</code>

===== Configuration du serveur FTP =====
<code bash>
mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/
cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/04polycomRoot
DefaultRoot     /var/lib/phone/polycom       PlcmSpIp
EOF

cat <<EOF > /etc/e-smith/templates-custom/etc/proftpd.conf/50polycomShare
<Directory /var/lib/phone/polycom>
   GroupOwner PlcmSpIp
   Umask 047
   AllowOverwrite on
   <Limit READ WRITE>
       AllowUser PlcmSpIp
   </Limit>
</Directory>
EOF

mkdir -p /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/

cat <<EOF > /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/30polycom
PlcmSpIp
EOF
</code>

===== Création de l'(utilisateur système PlcmSpIp =====

<code bash>
groupadd PlcmSpIp
useradd -c 'Provisioning User For Polycom' -s /bin/false -m -g PlcmSpIp -d /var/lib/phone/polycom PlcmSpIp
cat ~/polycom.secret | passwd --stdin PlcmSpIp
db accounts set PlcmSpIp system-user comment 'user for polycom phones' PasswordSet yes
</code>

===== Redémarrage du serveur FTP =====
<code bash>
expand-template /etc/ftpusers
expand-template /etc/e-smith/pam/accounts.allow
expand-template /etc/e-smith/pam/accounts.deny
expand-template /etc/proftpd.conf
sv t /service/ftp
</code>

===== Restriction des permissions =====
<code bash>
cd /var/lib/phone/polycom
chown -R root:PlcmSpIp ./*
chmod -R o-rwx ./*
chown PlcmSpIp ./log
chown PlcmSpIp ./overrides
chown PlcmSpIp ./contacts
chmod u-w ../polycom
</code>