forked from artix-linux/opensysusers
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sysusers
executable file
·164 lines (150 loc) · 4.19 KB
/
sysusers
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/sh
# Copyright (c) 2017 Chris Cromer
# Copyright (c) 2012 Gentoo Foundation
# Released under the 2-clause BSD license.
#
# This is an implementation of sysusers.d from systemd
warninvalid() {
local msg=$1
[ -z "${msg}" ] && msg='ignoring invalid entry'
printf "sysusers: ${msg} on line %d of \`%s'\n" "${line}" "${file}"
error=$(( error+1 ))
} >&2
add_group() {
local name=$1 id=$2
getent group "${name}" >/dev/null
if [ "$?" -ne 0 ]; then
if [ "${id}" == '-' ]; then
groupadd "${name}"
else
if ! grep -qiw "${id}" /etc/group; then
groupadd -g "${id}" "${name}"
fi
fi
fi
}
add_user() {
local name=$1 id=$2 gecos=$3 home=$4
getent passwd "${name}" >/dev/null
if [ "$?" -ne 0 ]; then
if [ "${id}" == '-' ]; then
useradd -rc "${gecos}" -g "${name}" -d "${home}" -s '/sbin/nologin' "${name}"
else
useradd -rc "${gecos}" -u "${id}" -g "${name}" -d "${home}" -s '/sbin/nologin' "${name}"
fi
passwd -l "${name}" &>/dev/null
fi
}
update_login_defs() {
local name=$1 id=$2
[ ! "${name}" == '-' ] && warninvalid && return
i=1;
IFS='-' read -ra temp <<< "${id}"
for part in "${temp[@]}"; do
if [ "${i}" -eq 1 ]; then
min=${part}
fi
if [ "${i}" -eq 2 ]; then
max=${part}
fi
if [ "${i}" -eq 3 ]; then
warninvalid && continue
fi
i=$(( i+1 ))
done
[ ${min} -ge ${max} ] && warninvalid "invalid range" && return
while read -r NAME VALUE; do
[ "${NAME}" == 'SYS_UID_MAX' ] && suid_max=${VALUE}
[ "${NAME}" == 'SYS_GID_MAX' ] && sgid_max=${VALUE}
done < /etc/login.defs
[[ $min -lt $suid_max ]] && warninvalid "invalid range" && return
[[ $min -lt $sgid_max ]] && warninvalid "invalid range" && return
sed -re "s/^(UID_MIN)([[:space:]]+)(.*)/\1\2${min}/" -i /etc/login.defs
sed -re "s/^(UID_MAX)([[:space:]]+)(.*)/\1\2${max}/" -i /etc/login.defs
sed -re "s/^(GID_MIN)([[:space:]]+)(.*)/\1\2${min}/" -i /etc/login.defs
sed -re "s/^(GID_MAX)([[:space:]]+)(.*)/\1\2${max}/" -i /etc/login.defs
}
sysusers_dirs='/usr/lib/sysusers.d /run/sysusers.d /etc/sysusers.d'
sysusers_basenames=''
error=0
# this part is based on OpenRC's opentmpfiles
# Build a list of sorted unique basenames
# directories declared later in the sysusers_d array will override earlier
# directories, on a per file basename basis.
# `/etc/sysusers.d/foo.conf' supersedes `/usr/lib/sysusers.d/foo.conf'.
# `/run/sysusers.d/foo.conf' will always be read after `/etc/sysusers.d/bar.conf'
for dir in ${sysusers_dirs}; do
[ -d "${dir}" ] && for file in "${dir}"/*.conf ; do
[ -f "${file}" ] && sysusers_basenames="${sysusers_basenames}\n${file##*/}"
done
done
FILES="$(printf "${sysusers_basenames}\n" | sort -u )"
sysusers_d=''
for b in ${FILES}; do
real_f=''
for d in $sysusers_dirs; do
f=${d}/${b}
[ -f "${f}" ] && real_f="${f}"
done
[ -f "${real_f}" ] && sysusers_d="${sysusers_d} ${real_f}"
done
for file in ${sysusers_d}; do
line=0
while read cline; do
[ ${cline:0:1} == "#" ] && continue
eval "set args ${cline}; shift"
i=0
for part in "${@}"; do
if [ $i -eq 0 ]; then
type="${part}"
fi
if [ $i -eq 1 ]; then
name="${part}"
fi
if [ $i -eq 2 ]; then
id="${part}"
fi
if [ $i -eq 3 ]; then
gecos="${part}"
fi
if [ $i -eq 4 ]; then
home="${part}"
fi
i=$(( i+1 ))
done
line=$(( line+1 ))
case "${type}" in
u)
[ "${id}" == '65535' ] && warninvalid && continue
[ "${id}" == '4294967295' ] && warninvalid && continue
[ "${home}" == '-' ] && home="/"
[ -z "${home}" ] && home="/"
add_group "${name}" "${id}"
[ "${id}" == '-' ] && id=$(getent group "${name}" | cut -d: -f3)
add_user "${name}" "${id}" "${gecos}" "${home}"
;;
g)
[ "${id}" == '65535' ] && warninvalid && continue
[ "${id}" == '4294967295' ] && warninvalid && continue
[ "${home}" == '-' ] && home="/"
[ -z "${home}" ] && home="/"
add_group "${name}" "${id}"
;;
m)
add_group "${name}" '-'
getent passwd "${name}" >/dev/null
if [ "$?" -ne 0 ]; then
useradd -r -g "${id}" -s '/sbin/nologin' "${name}"
passwd -l "${name}" &>/dev/null
else
usermod -a -G "${id}" "${name}"
fi
;;
r)
update_login_defs "${name}" "${id}"
;;
*) warninvalid; continue;;
esac
done < ${file}
done
exit ${error}