
#make sure the permissions are right on /var/lib/groovix/home in case a bad gnc erased it and it got recreated
chmod 700 /var/lib/groovix/home

#remount noexec if necessary
if [ "$GX_USER_NOEXEC" = "true" ] ; then
        mount -o remount,noexec /tmp
        mount -o remount,noexec /dev/shm

        #protect /var/tmp too, these machines are expected to completely reset across reboots, so /var/tmp doesn't need to be persistent
        #alternatively could give it a separate partition, but that's probably not necessary
        rm -r /var/tmp
        ln -s /tmp /var/tmp 

        #NOTE: can remount /usr ro on hard drive installs, usually done after network update
fi

if [ "$GX_HOME_NOEXEC" = "true" ] ; then
        mount -o remount,noexec /home
fi


#get rid of old users each boot:
for T in `cat /etc/passwd | perl -ni -e 'print if (/^u\d\d|^guest\d|^g\d/)'  | cut -f 1 -d:`; do  deluser $T; delgroup $T; done ;



#change permissions on executables we don't want users running, just in case they get access
#this should be made variable - don't always want to restrict all of these
chmod o-x /usr/lib/pm-utils/bin/pm-action

#now done in reset station since we unprotect it when saving off home environment
#chmod o-x,o-r /usr/bin/alacarte

chmod o-x /usr/bin/xterm
chmod o-x /usr/bin/koi8rxterm
chmod o-x /usr/bin/uxterm
chmod o-x /usr/bin/gnome-terminal
chmod o-x /usr/bin/xfce4-terminal

#old
#chmod o-x  /usr/bin/gdmflexiserver
#chmod o-x /usr/bin/pessulus
#chmod o-x,o-r /usr/bin/gmenu-simple-editor

#disable power management functions
rm -f /usr/sbin/pm-*


#regenerate grub file if we're missing password protection from staff entries like re-image and memtest
grep --  "--users staff" /boot/grub/grub.cfg
if [ $? -ne 0 ] ; then
	echo updating grub.cfg
	update-grub
fi



