===== Bloquer les accès SSH pour PlcmSpIp =====
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config
echo "DenyUsers PlcmSpIp" >> /etc/e-smith/templates-custom/etc/ssh/sshd_config/99DenyUsers
expand-template /etc/ssh/sshd_config
sv t /service/sshd
===== Créer le répertoire de déploiement =====
mkdir -p /var/lib/phone/polycom/
===== Configurer le serveur DHCP =====
mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf/
cat < /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
option boot-server code 66 = string;
group \{
option boot-server "ftp://PlcmSpIp:__SECRET__@{ \$LocalIP }";
host phone-1 \{
hardware ethernet 00:04:f2:1d:fe:44;
fixed-address 192.168.7.22;
\}
\}
EOF
SECRET=$(/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]')
sed -i -e "s/__SECRET__/$SECRET/" /etc/e-smith/templates-custom/etc/dhcpd.conf/80polycom
echo $SECRET > ~/polycom.secret
chmod 600 ~/polycom.secret
unset SECRET
===== Configuration du serveur FTP =====
mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/
cat < /etc/e-smith/templates-custom/etc/proftpd.conf/04polycomRoot
DefaultRoot /var/lib/phone/polycom PlcmSpIp
EOF
cat < /etc/e-smith/templates-custom/etc/proftpd.conf/50polycomShare
GroupOwner PlcmSpIp
Umask 047
AllowOverwrite on
AllowUser PlcmSpIp
EOF
mkdir -p /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/
cat < /etc/e-smith/templates-custom/etc/e-smith/pam/users.allow/30polycom
PlcmSpIp
EOF
===== Création de l'(utilisateur système PlcmSpIp =====
groupadd PlcmSpIp
useradd -c 'Provisioning User For Polycom' -s /bin/false -m -g PlcmSpIp -d /var/lib/phone/polycom PlcmSpIp
cat ~/polycom.secret | passwd --stdin PlcmSpIp
db accounts set PlcmSpIp system-user comment 'user for polycom phones' PasswordSet yes
===== Redémarrage du serveur FTP =====
expand-template /etc/ftpusers
expand-template /etc/e-smith/pam/accounts.allow
expand-template /etc/e-smith/pam/accounts.deny
expand-template /etc/proftpd.conf
sv t /service/ftp
===== Restriction des permissions =====
cd /var/lib/phone/polycom
chown -R root:PlcmSpIp ./*
chmod -R o-rwx ./*
chown PlcmSpIp ./log
chown PlcmSpIp ./overrides
chown PlcmSpIp ./contacts
chmod u-w ../polycom