teldra
/
vp-build
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
vp-build/srcpkgs/xbps-triggers/files/system-accounts

179 lines
4.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# (Un)registers systems accounts (users/groups).
#
# Arguments: $ACTION = [run/targets]
# $TARGET = [post-install/pre-remove]
# $PKGNAME
# $VERSION
# $UPDATE = [yes/no]
#
ACTION="$1"
TARGET="$2"
PKGNAME="$3"
VERSION="$4"
UPDATE="$5"
export PATH="usr/sbin:usr/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Determine whether useradd/groupadd/usermod need a prefix argument
if [ "$(readlink -f . 2>/dev/null || echo .)" != "/" ]; then
prefix="-P ."
else
prefix=
fi
# show_acct_details <username> <description> <homedir> <shell> [groups]
show_acct_details() {
echo " Account: $1"
echo " Description: '$2'"
echo " Homedir: '$3'"
echo " Shell: '$4'"
[ -n "$5" ] && echo " Additional groups: '$5'"
}
group_add() {
local _pretty_grname _grname _gid _prefix
if ! command -v groupadd >/dev/null 2>&1; then
echo "WARNING: cannot create $1 system group (missing groupadd)"
echo "The following group must be created manually: $1"
return
fi
_grname="${1%:*}"
_gid="${1##*:}"
[ "${_grname}" = "${_gid}" ] && _gid=
_pretty_grname="${_grname}${_gid:+ (gid: ${_gid})}"
groupadd ${prefix} -r ${_grname} ${_gid:+-g ${_gid}} >/dev/null 2>&1
case $? in
0) echo "Created ${_pretty_grname} system group." ;;
9) ;;
*) echo "ERROR: failed to create system group ${_pretty_grname}!"; exit 1;;
esac
}
case "$ACTION" in
targets)
echo "post-install pre-remove"
;;
run)
[ -z "$system_accounts" -a -z "$system_groups" ] && exit 0
if command -v useradd >/dev/null 2>&1; then
USERADD="useradd ${prefix}"
fi
if command -v usermod >/dev/null 2>&1; then
USERMOD="usermod ${prefix}"
fi
case "$TARGET" in
post-install)
# System groups required by a package.
for grp in ${system_groups}; do
group_add $grp
done
# System user/group required by a package.
for acct in ${system_accounts}; do
_uname="${acct%:*}"
_uid="${acct##*:}"
[ "${_uname}" = "${_uid}" ] && _uid=
eval homedir="\$${_uname}_homedir"
eval shell="\$${_uname}_shell"
eval descr="\$${_uname}_descr"
eval groups="\$${_uname}_groups"
eval pgroup="\$${_uname}_pgroup"
[ -z "$homedir" ] && homedir="/var/empty"
[ -z "$shell" ] && shell="/sbin/nologin"
[ -z "$descr" ] && descr="${_uname} unprivileged user"
[ -n "$groups" ] && user_groups="-G $groups"
if [ -n "${_uid}" ]; then
use_id="-u ${_uid} -g ${pgroup:-${_uid}}"
_pretty_uname="${_uname} (uid: ${_uid})"
else
use_id="-g ${pgroup:-${_uname}}"
_pretty_uname="${_uname}"
fi
if [ -z "$USERADD" -o -z "$USERMOD" ]; then
echo "WARNING: cannot create ${_uname} system account (missing useradd or usermod)"
echo "The following system account must be created:"
show_acct_details "${_pretty_uname}" "${descr}" "${homedir}" "${shell}" "${groups}"
continue
fi
group_add ${pgroup:-${acct}}
${USERADD} -c "${descr}" -d "${homedir}" \
${use_id} ${pgroup:+-N} -s "${shell}" \
${user_groups} -r ${_uname} >/dev/null 2>&1
case $? in
0)
echo "Created ${_pretty_uname} system user."
${USERMOD} -L ${_uname} >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "WARNING: unable to lock password for ${_uname} system account"
fi
;;
9)
${USERMOD} -c "${descr}" -d "${homedir}" \
-s "${shell}" -g "${pgroup:-${_uname}}" \
${user_groups} ${_uname} >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Updated ${_uname} system user."
else
echo "WARNING: unable to modify ${_uname} system account"
echo "Please verify that account is compatible with these settings:"
show_acct_details "${_pretty_uname}" \
"${descr}" "${homedir}" "${shell}" "${groups}"
continue
fi
;;
*)
echo "ERROR: failed to create system user ${_pretty_uname}!"
exit 1
;;
esac
done
;;
pre-remove)
if [ "$UPDATE" = "no" ]; then
for acct in ${system_accounts}; do
_uname="${acct%:*}"
comment="$( (getent passwd "${_uname}" | cut -d: -f5 | head -n1) 2>/dev/null )"
comment="${comment:-unprivileged user} - for uninstalled package ${PKGNAME}"
if [ -z "$USERMOD" ]; then
echo "WARNING: cannot disable ${_uname} system user (missing usermod)"
continue
fi
${USERMOD} -L -d /var/empty -s /bin/false \
-c "${comment}" ${_uname} >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Disabled ${_uname} system user."
fi
done
fi
;;
esac
;;
*)
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink