system-accounts (4450B)
1#!/bin/sh 2# 3# (Un)registers systems accounts (users/groups). 4# 5# Arguments: $ACTION = [run/targets] 6# $TARGET = [post-install/pre-remove] 7# $PKGNAME 8# $VERSION 9# $UPDATE = [yes/no] 10# 11ACTION="$1" 12TARGET="$2" 13PKGNAME="$3" 14VERSION="$4" 15UPDATE="$5" 16 17export PATH="usr/sbin:usr/bin:/usr/sbin:/usr/bin:/sbin:/bin" 18 19# Determine whether useradd/groupadd/usermod need a prefix argument 20if [ "$(readlink -f . 2>/dev/null || echo .)" != "/" ]; then 21 prefix="-P ." 22else 23 prefix= 24fi 25 26# show_acct_details <username> <description> <homedir> <shell> [groups] 27show_acct_details() { 28 echo " Account: $1" 29 echo " Description: '$2'" 30 echo " Homedir: '$3'" 31 echo " Shell: '$4'" 32 [ -n "$5" ] && echo " Additional groups: '$5'" 33} 34 35group_add() { 36 local _pretty_grname _grname _gid _prefix 37 38 if ! command -v groupadd >/dev/null 2>&1; then 39 echo "WARNING: cannot create $1 system group (missing groupadd)" 40 echo "The following group must be created manually: $1" 41 return 42 fi 43 44 _grname="${1%:*}" 45 _gid="${1##*:}" 46 47 [ "${_grname}" = "${_gid}" ] && _gid= 48 49 _pretty_grname="${_grname}${_gid:+ (gid: ${_gid})}" 50 51 groupadd ${prefix} -r ${_grname} ${_gid:+-g ${_gid}} >/dev/null 2>&1 52 53 case $? in 54 0) echo "Created ${_pretty_grname} system group." ;; 55 9) ;; 56 *) echo "ERROR: failed to create system group ${_pretty_grname}!"; exit 1;; 57 esac 58} 59 60case "$ACTION" in 61targets) 62 echo "post-install pre-remove" 63 ;; 64run) 65 [ -z "$system_accounts" -a -z "$system_groups" ] && exit 0 66 67 if command -v useradd >/dev/null 2>&1; then 68 USERADD="useradd ${prefix}" 69 fi 70 71 if command -v usermod >/dev/null 2>&1; then 72 USERMOD="usermod ${prefix}" 73 fi 74 75 case "$TARGET" in 76 post-install) 77 # System groups required by a package. 78 for grp in ${system_groups}; do 79 group_add $grp 80 done 81 82 # System user/group required by a package. 83 for acct in ${system_accounts}; do 84 _uname="${acct%:*}" 85 _uid="${acct##*:}" 86 87 [ "${_uname}" = "${_uid}" ] && _uid= 88 89 eval homedir="\$${_uname}_homedir" 90 eval shell="\$${_uname}_shell" 91 eval descr="\$${_uname}_descr" 92 eval groups="\$${_uname}_groups" 93 eval pgroup="\$${_uname}_pgroup" 94 95 [ -z "$homedir" ] && homedir="/var/empty" 96 [ -z "$shell" ] && shell="/sbin/nologin" 97 [ -z "$descr" ] && descr="${_uname} unprivileged user" 98 [ -n "$groups" ] && user_groups="-G $groups" 99 100 if [ -n "${_uid}" ]; then 101 use_id="-u ${_uid} -g ${pgroup:-${_uid}}" 102 _pretty_uname="${_uname} (uid: ${_uid})" 103 else 104 use_id="-g ${pgroup:-${_uname}}" 105 _pretty_uname="${_uname}" 106 fi 107 108 if [ -z "$USERADD" -o -z "$USERMOD" ]; then 109 echo "WARNING: cannot create ${_uname} system account (missing useradd or usermod)" 110 echo "The following system account must be created:" 111 show_acct_details "${_pretty_uname}" "${descr}" "${homedir}" "${shell}" "${groups}" 112 continue 113 fi 114 115 group_add ${pgroup:-${acct}} 116 117 ${USERADD} -c "${descr}" -d "${homedir}" \ 118 ${use_id} ${pgroup:+-N} -s "${shell}" \ 119 ${user_groups} -r ${_uname} >/dev/null 2>&1 120 121 case $? in 122 0) 123 echo "Created ${_pretty_uname} system user." 124 ${USERMOD} -L ${_uname} >/dev/null 2>&1 125 if [ $? -ne 0 ]; then 126 echo "WARNING: unable to lock password for ${_uname} system account" 127 fi 128 ;; 129 9) 130 ${USERMOD} -c "${descr}" -d "${homedir}" \ 131 -s "${shell}" -g "${pgroup:-${_uname}}" \ 132 ${user_groups} ${_uname} >/dev/null 2>&1 133 if [ $? -eq 0 ]; then 134 echo "Updated ${_uname} system user." 135 else 136 echo "WARNING: unable to modify ${_uname} system account" 137 echo "Please verify that account is compatible with these settings:" 138 show_acct_details "${_pretty_uname}" \ 139 "${descr}" "${homedir}" "${shell}" "${groups}" 140 continue 141 fi 142 ;; 143 *) 144 echo "ERROR: failed to create system user ${_pretty_uname}!" 145 exit 1 146 ;; 147 esac 148 done 149 ;; 150 pre-remove) 151 if [ "$UPDATE" = "no" ]; then 152 for acct in ${system_accounts}; do 153 _uname="${acct%:*}" 154 155 comment="$( (getent passwd "${_uname}" | cut -d: -f5 | head -n1) 2>/dev/null )" 156 comment="${comment:-unprivileged user} - for uninstalled package ${PKGNAME}" 157 158 if [ -z "$USERMOD" ]; then 159 echo "WARNING: cannot disable ${_uname} system user (missing usermod)" 160 continue 161 fi 162 163 ${USERMOD} -L -d /var/empty -s /bin/false \ 164 -c "${comment}" ${_uname} >/dev/null 2>&1 165 if [ $? -eq 0 ]; then 166 echo "Disabled ${_uname} system user." 167 fi 168 done 169 fi 170 ;; 171 esac 172 ;; 173*) 174 exit 1 175 ;; 176esac 177 178exit 0