#!/bin/sh
groupdel xguest 2>/dev/null
userdel -r xguest 2>/dev/null

useradd -s /bin/rbash -K UID_MIN=61000 -K UID_MAX=65000 -K GID_MIN=61000 -K GID_MAX=65000  -p '' -c "Guest Account" xguest || :

# Add two directories to /etc/skell so pam_namespace will label properly
mkdir /etc/skel/.mozilla 2> /dev/null
mkdir /etc/skel/.gnome2 2> /dev/null

/usr/bin/python << __eof
from sabayon import userdb
db = userdb.get_database()

db.set_profile("xguest", "xguest.zip")
__eof

# prevent remote login:
if ! grep -q xguest /etc/ssh/denyusers; then
	echo xguest >> /etc/ssh/denyusers
fi

# prevent accessing most configuration tools (mcc still available with root password)
for i in /etc/pam.d/{mandriva-simple-auth,simple_root_authen,urpmi.update}; do
	fgrep -q xguest $i && continue
	echo -e "\nauth\trequired\tpam_succeed_if.so\tquiet user != xguest" >> $i
done
