mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-30 10:38:37 +00:00
Extract the users/groups creation into a separate shell script.
This adds a few features: - it checks that the UID line has the right number of fields [1] - it tells the user that there are groups that he may want to remove [2] PR: 208800, 173318 [1], 157546 [2] Submitted by: mat Sponsored by: Absolight Differential Revision: https://reviews.freebsd.org/D5939
This commit is contained in:
Mathieu Arnold
parent
3b32b83f0a
commit
b1fb5a15c1
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=413604
179
Mk/Scripts/do-users-groups.sh
Normal file
179
Mk/Scripts/do-users-groups.sh
Normal file
@ -0,0 +1,179 @@
|
||||
#!/bin/sh
|
||||
# $FreeBSD$
|
||||
#
|
||||
# MAINTAINER: portmgr@FreeBSD.org
|
||||
|
||||
set -e
|
||||
|
||||
. "${dp_SCRIPTSDIR}/functions.sh"
|
||||
|
||||
validate_env dp_ECHO_MSG dp_GID_FILES dp_GID_OFFSET dp_GROUPS_BLACKLIST \
|
||||
dp_INSTALL dp_OPSYS dp_OSVERSION dp_PREFIX dp_PW dp_SCRIPTSDIR \
|
||||
dp_UG_DEINSTALL dp_UG_INSTALL dp_UID_FILES dp_UID_OFFSET \
|
||||
dp_USERS_BLACKLIST
|
||||
|
||||
set -u
|
||||
|
||||
USERS=$1
|
||||
GROUPS=$2
|
||||
|
||||
error() {
|
||||
${dp_ECHO_MSG} "${1}"
|
||||
|
||||
exit 1
|
||||
}
|
||||
|
||||
rm -f "${dp_UG_INSTALL}" "${dp_UG_DEINSTALL}" || :
|
||||
|
||||
# Before FreeBSD 10.2, PW did not have -R support.
|
||||
if [ "${dp_OPSYS}" = FreeBSD ] && [ "${dp_OSVERSION}" -ge 1002000 ]; then
|
||||
cat >> "${dp_UG_INSTALL}" <<-eot
|
||||
if [ -n "\${PKG_ROOTDIR}" ] && [ "\${PKG_ROOTDIR}" != "/" ]; then
|
||||
PW="${dp_PW} -R \${PKG_ROOTDIR}"
|
||||
else
|
||||
PW=${dp_PW}
|
||||
fi
|
||||
eot
|
||||
else
|
||||
echo "PW=${dp_PW}" >> "${dp_UG_INSTALL}"
|
||||
fi
|
||||
|
||||
# Both scripts need to start the same, so
|
||||
cp -f "${dp_UG_INSTALL}" "${dp_UG_DEINSTALL}"
|
||||
|
||||
if [ -n "${GROUPS}" ]; then
|
||||
for file in ${dp_GID_FILES}; do
|
||||
if [ ! -f "${file}" ]; then
|
||||
error "** ${file} doesn't exist. Exiting."
|
||||
fi
|
||||
done
|
||||
${dp_ECHO_MSG} "===> Creating groups."
|
||||
echo "echo \"===> Creating groups.\"" >> "${dp_UG_INSTALL}"
|
||||
for group in ${GROUPS}; do
|
||||
# _bgpd:*:130:
|
||||
if ! grep -q "^${group}:" ${dp_GID_FILES}; then \
|
||||
error "** Cannot find any information about group \`${group}' in ${dp_GID_FILES}."
|
||||
fi
|
||||
o_IFS=${IFS}
|
||||
IFS=":"
|
||||
while read -r group _ gid _; do
|
||||
if [ -z "${gid}" ]; then
|
||||
error "Group line for group ${group} has no gid"
|
||||
fi
|
||||
gid=$((gid+dp_GID_OFFSET))
|
||||
cat >> "${dp_UG_INSTALL}" <<-eot2
|
||||
if ! \${PW} groupshow $group >/dev/null 2>&1; then
|
||||
echo "Creating group '$group' with gid '$gid'."
|
||||
\${PW} groupadd $group -g $gid
|
||||
else
|
||||
echo "Using existing group '$group'."
|
||||
fi
|
||||
eot2
|
||||
done <<-eot
|
||||
$(grep -h "^${group}:" ${dp_GID_FILES} | head -n 1)
|
||||
eot
|
||||
IFS=${o_IFS}
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n "${USERS}" ]; then
|
||||
for file in ${dp_UID_FILES}; do
|
||||
if [ ! -f "${file}" ]; then
|
||||
error "** ${file} doesn't exist. Exiting."
|
||||
fi
|
||||
done
|
||||
|
||||
${dp_ECHO_MSG} "===> Creating users"
|
||||
echo "echo \"===> Creating users\"" >> "${dp_UG_INSTALL}"
|
||||
|
||||
for user in ${USERS}; do
|
||||
# _bgpd:*:130:130:BGP Daemon:/var/empty:/sbin/nologin
|
||||
if ! grep -q "^${user}:" ${dp_UID_FILES} ; then
|
||||
error "** Cannot find any information about user \`${user}' in ${dp_UID_FILES}."
|
||||
fi
|
||||
o_IFS=${IFS}
|
||||
IFS=":"
|
||||
while read -r login _ uid gid class _ _ gecos homedir shell; do
|
||||
if [ -z "$uid" ] || [ -z "$gid" ] || [ -z "$homedir" ] || [ -z "$shell" ]; then
|
||||
error "User line for ${user} is invalid"
|
||||
fi
|
||||
uid=$((uid+dp_UID_OFFSET))
|
||||
gid=$((gid+dp_GID_OFFSET))
|
||||
if [ -n "$class" ]; then
|
||||
class="-L $class"
|
||||
fi
|
||||
homedir=$(echo "$homedir" | sed "s|^/usr/local|${dp_PREFIX}|")
|
||||
cat >> "${dp_UG_INSTALL}" <<-eot2
|
||||
if ! \${PW} usershow $login >/dev/null 2>&1; then
|
||||
echo "Creating user '$login' with uid '$uid'."
|
||||
\${PW} useradd $login -u $uid -g $gid $class -c "$gecos" -d $homedir -s $shell
|
||||
else
|
||||
echo "Using existing user '$login'."
|
||||
fi
|
||||
eot2
|
||||
case $homedir in
|
||||
/|/nonexistent|/var/empty)
|
||||
;;
|
||||
*)
|
||||
echo "${dp_INSTALL} -d -g $gid -o $uid $homedir" >> "${dp_UG_INSTALL}"
|
||||
;;
|
||||
esac
|
||||
done <<-eot
|
||||
$(grep -h "^${user}:" ${dp_UID_FILES} | head -n 1)
|
||||
eot
|
||||
IFS=${o_IFS}
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n "${GROUPS}" ]; then
|
||||
for group in ${GROUPS}; do
|
||||
# mail:*:6:postfix,clamav
|
||||
o_IFS=${IFS}
|
||||
IFS=":"
|
||||
while read -r group _ gid members; do
|
||||
gid=$((gid+dp_GID_OFFSET))
|
||||
oo_IFS=${IFS}
|
||||
IFS=","
|
||||
for login in $members; do
|
||||
for user in ${USERS}; do
|
||||
if [ -n "${user}" ] && [ "${user}" = "${login}" ]; then
|
||||
cat >> "${dp_UG_INSTALL}" <<-eot2
|
||||
if ! \${PW} groupshow ${group} | grep -qw ${login}; then
|
||||
echo "Adding user '${login}' to group '${group}'."
|
||||
\${PW} groupmod ${group} -m ${login}
|
||||
fi
|
||||
eot2
|
||||
fi
|
||||
done
|
||||
done
|
||||
IFS=${oo_IFS}
|
||||
done <<-eot
|
||||
$(grep -h "^${group}:" ${dp_GID_FILES} | head -n 1)
|
||||
eot
|
||||
IFS=${o_IFS}
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n "${USERS}" ]; then
|
||||
for user in ${USERS}; do
|
||||
if ! echo "${dp_USERS_BLACKLIST}" | grep -qw "${user}"; then
|
||||
cat >> "${dp_UG_DEINSTALL}" <<-eot
|
||||
if \${PW} usershow ${user} >/dev/null 2>&1; then
|
||||
echo "==> You should manually remove the \"${user}\" user. "
|
||||
fi
|
||||
eot
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n "${GROUPS}" ]; then
|
||||
for group in ${GROUPS}; do
|
||||
if ! echo "${dp_GROUPS_BLACKLIST}" | grep -qw "${group}"; then
|
||||
cat >> "${dp_UG_DEINSTALL}" <<-eot
|
||||
if \${PW} groupshow ${group} >/dev/null 2>&1; then
|
||||
echo "==> You should manually remove the \"${group}\" group "
|
||||
fi
|
||||
eot
|
||||
fi
|
||||
done
|
||||
fi
|
||||
114
Mk/bsd.port.mk
114
Mk/bsd.port.mk
@ -1245,6 +1245,10 @@ GID_OFFSET?= 0
|
||||
# alpha numeric sort order
|
||||
USERS_BLACKLIST= _dhcp _pflogd auditdistd bin bind daemon games hast kmem mailnull man news nobody operator pop proxy root smmsp sshd toor tty uucp www
|
||||
|
||||
# predefined accounts from src/etc/group
|
||||
# alpha numeric sort order
|
||||
GROUPS_BLACKLIST= _dhcp _pflogd audit authpf bin bind daemon dialer ftp games guest hast kmem mail mailnull man network news nobody nogroup operator proxy smmsp sshd staff sys tty unbound uucp wheel www
|
||||
|
||||
LDCONFIG_DIR= libdata/ldconfig
|
||||
LDCONFIG32_DIR= libdata/ldconfig32
|
||||
|
||||
@ -3665,96 +3669,28 @@ install-ldconfig-file:
|
||||
|
||||
.if !target(create-users-groups)
|
||||
.if defined(GROUPS) || defined(USERS)
|
||||
_UG_OUTPUT= ${WRKDIR}/users-groups.sh
|
||||
PKGPREINSTALL+= ${_UG_OUTPUT}
|
||||
_UG_INSTALL= ${WRKDIR}/users-groups-install.sh
|
||||
_UG_DEINSTALL= ${WRKDIR}/users-groups-deinstall.sh
|
||||
PKGPREINSTALL+= ${_UG_INSTALL}
|
||||
PKGPOSTDEINSTALL+= ${_UG_DEINSTALL}
|
||||
create-users-groups:
|
||||
@${RM} -f ${_UG_OUTPUT} || ${TRUE}
|
||||
.if ${OPSYS} != FreeBSD || ${OSVERSION} < 1002000
|
||||
@${ECHO_CMD} "PW=${PW}" >> ${_UG_OUTPUT}
|
||||
.else
|
||||
@${ECHO_CMD} -e "if [ -n \"\$${PKG_ROOTDIR}\" -a \"\$${PKG_ROOTDIR}\" != \"/\" ]; then PW=\"${PW} -R \$${PKG_ROOTDIR}\"; else PW=${PW}; fi" >> ${_UG_OUTPUT}
|
||||
.endif
|
||||
.if defined(GROUPS)
|
||||
.for _file in ${GID_FILES}
|
||||
.if !exists(${_file})
|
||||
@${ECHO_CMD} "** ${_file} doesn't exist. Exiting."; exit 1
|
||||
.endif
|
||||
.endfor
|
||||
@${ECHO_MSG} "===> Creating users and/or groups."
|
||||
@${ECHO_CMD} "echo \"===> Creating users and/or groups.\"" >> ${_UG_OUTPUT}
|
||||
.for _group in ${GROUPS}
|
||||
# _bgpd:*:130:
|
||||
@if ! ${GREP} -h ^${_group}: ${GID_FILES} >/dev/null 2>&1; then \
|
||||
${ECHO_CMD} "** Cannot find any information about group \`${_group}' in ${GID_FILES}."; \
|
||||
exit 1; \
|
||||
fi
|
||||
@IFS=":"; ${GREP} -h ^${_group}: ${GID_FILES} | head -n 1 | while read group foo gid members; do \
|
||||
gid=$$(($$gid+${GID_OFFSET})); \
|
||||
${ECHO_CMD} -e "if ! \$${PW} groupshow $$group >/dev/null 2>&1; then \n \
|
||||
echo \"Creating group '$$group' with gid '$$gid'.\" \n \
|
||||
\$${PW} groupadd $$group -g $$gid; else echo \"Using existing group '$$group'.\"\nfi" >> ${_UG_OUTPUT}; \
|
||||
done
|
||||
.endfor
|
||||
.endif
|
||||
.if defined(USERS)
|
||||
.for _file in ${UID_FILES}
|
||||
.if !exists(${_file})
|
||||
@${ECHO_CMD} "** ${_file} doesn't exist. Exiting."; exit 1
|
||||
.endif
|
||||
.endfor
|
||||
.for _user in ${USERS}
|
||||
# _bgpd:*:130:130:BGP Daemon:/var/empty:/sbin/nologin
|
||||
@if ! ${GREP} -h ^${_user}: ${UID_FILES} >/dev/null 2>&1; then \
|
||||
${ECHO_CMD} "** Cannot find any information about user \`${_user}' in ${UID_FILES}."; \
|
||||
exit 1; \
|
||||
fi
|
||||
@IFS=":"; ${GREP} -h ^${_user}: ${UID_FILES} | head -n 1 | while read login passwd uid gid class change expire gecos homedir shell; do \
|
||||
uid=$$(($$uid+${UID_OFFSET})); \
|
||||
gid=$$(($$gid+${GID_OFFSET})); \
|
||||
class="$${class:+-L }$$class"; \
|
||||
homedir=$$(echo $$homedir | sed "s|^/usr/local|${PREFIX}|"); \
|
||||
${ECHO_CMD} -e "if ! \$${PW} usershow $$login >/dev/null 2>&1; then \n \
|
||||
echo \"Creating user '$$login' with uid '$$uid'.\" \n \
|
||||
\$${PW} useradd $$login -u $$uid -g $$gid $$class -c \"$$gecos\" -d $$homedir -s $$shell \n \
|
||||
else \necho \"Using existing user '$$login'.\" \nfi" >> ${_UG_OUTPUT}; \
|
||||
case $$homedir in /|/nonexistent|/var/empty) ;; *) ${ECHO_CMD} "${INSTALL} -d -g $$gid -o $$uid $$homedir" >> ${_UG_OUTPUT};; esac; \
|
||||
done
|
||||
.endfor
|
||||
.if defined(GROUPS)
|
||||
.for _group in ${GROUPS}
|
||||
# mail:*:6:postfix,clamav
|
||||
@IFS=":"; ${GREP} -h ^${_group}: ${GID_FILES} | head -n 1 | while read group foo gid members; do \
|
||||
gid=$$(($$gid+${GID_OFFSET})); \
|
||||
IFS=","; for _login in $$members; do \
|
||||
for _user in ${USERS}; do \
|
||||
if [ "x$${_user}" = "x$${_login}" ]; then \
|
||||
${ECHO_CMD} -e "if ! \$${PW} groupshow ${_group} | ${GREP} -qw $${_login}; then \n \
|
||||
echo \"Adding user '$${_login}' to group '${_group}'.\" \n \
|
||||
\$${PW} groupmod ${_group} -m $${_login} \nfi" >> ${_UG_OUTPUT}; \
|
||||
fi; \
|
||||
done; \
|
||||
done; \
|
||||
done
|
||||
.endfor
|
||||
.endif
|
||||
.if defined(USERS)
|
||||
.for _user in ${USERS}
|
||||
.if ${OPSYS} != FreeBSD || ${OSVERSION} < 1002000
|
||||
@if [ ! ${USERS_BLACKLIST:M${_user}} ]; then \
|
||||
${ECHO_CMD} "@unexec PW=${PW}; \
|
||||
if \$${PW} usershow ${_user} >/dev/null 2>&1; then \
|
||||
echo \"==> You should manually remove the \\\"${_user}\\\" user. \"; fi" >> ${TMPPLIST}; \
|
||||
fi
|
||||
.else
|
||||
@if [ ! ${USERS_BLACKLIST:M${_user}} ]; then \
|
||||
${ECHO_CMD} "@unexec if [ -n \"\$${PKG_ROOTDIR}\" -a \"\$${PKG_ROOTDIR}\" != \"/\" ]; then PW=\"${PW} -R \$${PKG_ROOTDIR}\"; else PW=${PW}; fi; \
|
||||
if \$${PW} usershow ${_user} >/dev/null 2>&1; then \
|
||||
echo \"==> You should manually remove the \\\"${_user}\\\" user. \"; fi" >> ${TMPPLIST}; \
|
||||
fi
|
||||
.endif
|
||||
.endfor
|
||||
.endif
|
||||
.endif
|
||||
@${SETENV} \
|
||||
dp_ECHO_MSG="${ECHO_MSG}" \
|
||||
dp_GID_FILES="${GID_FILES}" \
|
||||
dp_GID_OFFSET="${GID_OFFSET}" \
|
||||
dp_GROUPS_BLACKLIST="${GROUPS_BLACKLIST}" \
|
||||
dp_INSTALL="${INSTALL}" \
|
||||
dp_OPSYS="${OPSYS}" \
|
||||
dp_OSVERSION="${OSVERSION}" \
|
||||
dp_PREFIX="${PREFIX}" \
|
||||
dp_PW="${PW}" \
|
||||
dp_SCRIPTSDIR="${SCRIPTSDIR}" \
|
||||
dp_UG_DEINSTALL="${_UG_DEINSTALL}" \
|
||||
dp_UG_INSTALL="${_UG_INSTALL}" \
|
||||
dp_UID_FILES="${UID_FILES}" \
|
||||
dp_UID_OFFSET="${UID_OFFSET}" \
|
||||
dp_USERS_BLACKLIST="${USERS_BLACKLIST}" \
|
||||
${SH} ${SCRIPTSDIR}/do-users-groups.sh "${USERS}" "${GROUPS}"
|
||||
.endif
|
||||
.endif
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user