Accepting request 786819 from home:favogt:nobash
- Clean up sysusers2shadow and make it use only /bin/sh - Don't let busybox adduser create the home directory, it breaks permissions of e.g. /sbin (home of daemon) - Use only /bin/sh in sysusers-generate-pre and the generated code OBS-URL: https://build.opensuse.org/request/show/786819 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=23
This commit is contained in:
parent
81802b4712
commit
54305a4169
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- Clean up sysusers2shadow and make it use only /bin/sh
|
||||
- Don't let busybox adduser create the home directory, it breaks
|
||||
permissions of e.g. /sbin (home of daemon)
|
||||
- Use only /bin/sh in sysusers-generate-pre and the generated code
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
# pass systemd sysusers config files a as argument to this script.
|
||||
#!/bin/sh
|
||||
# pass systemd sysusers config paths as argument to this script.
|
||||
|
||||
echo '#!/bin/bash'
|
||||
echo '#!/bin/sh'
|
||||
echo 'cat <<"EOF" |'
|
||||
grep -he '^[ugmr]' "$@"
|
||||
echo 'EOF'
|
||||
echo '/usr/sbin/sysusers2shadow || [[ -f /.buildenv ]]'
|
||||
echo '/usr/sbin/sysusers2shadow || [ -f /.buildenv ]'
|
||||
|
@ -1,96 +1,83 @@
|
||||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
while read LINE
|
||||
# Print the command and run it
|
||||
run() {
|
||||
echo "$@"
|
||||
"$@"
|
||||
}
|
||||
|
||||
# Absolute path to busybox, if found
|
||||
busybox=
|
||||
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
|
||||
|
||||
while read arg0 arg1 arg2 arg3 arg4
|
||||
do
|
||||
case "$LINE" in
|
||||
\#*|"")
|
||||
;;
|
||||
g*)
|
||||
eval arr=( $LINE )
|
||||
ARGUMENTS="${arr[1]}"
|
||||
if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then
|
||||
ARGUMENTS="-g ${arr[2]} $ARGUMENTS"
|
||||
fi
|
||||
if [ -x /usr/sbin/groupadd ]; then
|
||||
echo "groupadd -r $ARGUMENTS"
|
||||
/usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/sbin/groupadd -r $ARGUMENTS || exit $?
|
||||
elif [ -x /usr/bin/busybox ]; then
|
||||
echo "addgroup -S $ARGUMENTS"
|
||||
/usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/bin/busybox addgroup -S $ARGUMENTS || exit $?
|
||||
elif [ -x /bin/busybox ]; then
|
||||
echo "addgroup -S $ARGUMENTS"
|
||||
/usr/bin/getent group "${arr[1]}" >> /dev/null || /bin/busybox addgroup -S $ARGUMENTS || exit $?
|
||||
else
|
||||
echo "ERROR: neither groupadd nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
u*)
|
||||
eval arr=( $LINE )
|
||||
ARGUMENTS="${arr[1]}"
|
||||
if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then
|
||||
ARGUMENTS="-u ${arr[2]} $ARGUMENTS"
|
||||
fi
|
||||
if [ ! -z "${arr[4]}" -a "${arr[4]}" != "-" ]; then
|
||||
ARGUMENTS="-d ${arr[4]} $ARGUMENTS"
|
||||
else
|
||||
ARGUMENTS="-d / $ARGUMENTS"
|
||||
fi
|
||||
if [ -x /usr/sbin/useradd ]; then
|
||||
# this is useradd/shadow specific
|
||||
/usr/bin/getent group ${arr[1]} >> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
ARGUMENTS="-g ${arr[1]} $ARGUMENTS"
|
||||
case "$arg0" in
|
||||
g)
|
||||
ARGUMENTS="${arg1}"
|
||||
if [ -n "${arg2}" -a "${arg2}" != "-" ]; then
|
||||
ARGUMENTS="-g ${arg2} $ARGUMENTS"
|
||||
fi
|
||||
|
||||
if ! /usr/bin/getent group "${arg1}" >> /dev/null; then
|
||||
if [ -x "/usr/sbin/groupadd" ]; then
|
||||
run /usr/sbin/groupadd -r $ARGUMENTS
|
||||
elif [ -x "$busybox" ]; then
|
||||
run $busybox addgroup -S $ARGUMENTS
|
||||
else
|
||||
echo "ERROR: neither groupadd nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
u)
|
||||
ARGUMENTS="${arg1}"
|
||||
if [ -n "${arg2}" ] && [ "${arg2}" != "-" ]; then
|
||||
ARGUMENTS="-u ${arg2} $ARGUMENTS"
|
||||
fi
|
||||
if [ -n "${arg4}" ] && [ "${arg4}" != "-" ]; then
|
||||
ARGUMENTS="-d ${arg4} $ARGUMENTS"
|
||||
else
|
||||
ARGUMENTS="-U $ARGUMENTS"
|
||||
ARGUMENTS="-d / $ARGUMENTS"
|
||||
fi
|
||||
echo "useradd -r -s /sbin/nologin -c \"${arr[3]}\" $ARGUMENTS"
|
||||
/usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/sbin/useradd -r -s /sbin/nologin -c "${arr[3]}" $ARGUMENTS || exit $?
|
||||
elif [ -x /usr/bin/busybox ]; then
|
||||
/usr/bin/getent group ${arr[1]} >> /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
/usr/bin/busybox addgroup ${arr[1]}
|
||||
|
||||
if [ -x /usr/sbin/useradd ]; then
|
||||
if ! /usr/bin/getent passwd "${arg1}" >> /dev/null; then
|
||||
# this is useradd/shadow specific
|
||||
ARGUMENTS="-g ${arg1} $ARGUMENTS"
|
||||
/usr/bin/getent group "${arg1}" >> /dev/null || ARGUMENTS="-U $ARGUMENTS"
|
||||
|
||||
run /usr/sbin/useradd -r -s /sbin/nologin -c "${arg3}" $ARGUMENTS
|
||||
fi
|
||||
elif [ -x "$busybox" ]; then
|
||||
/usr/bin/getent group "${arg1}" >> /dev/null || $busybox addgroup "${arg1}"
|
||||
|
||||
if ! /usr/bin/getent passwd ${arg1} >> /dev/null; then
|
||||
ARGUMENTS="$(echo -G ${arg1} $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g')"
|
||||
run $busybox adduser -S -H -s /sbin/nologin -g "${arg3}" $ARGUMENTS
|
||||
fi
|
||||
else
|
||||
echo "ERROR: neither useradd nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
ARGUMENTS="-G ${arr[1]} $ARGUMENTS"
|
||||
ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'`
|
||||
echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS"
|
||||
/usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $?
|
||||
elif [ -x /bin/busybox ]; then
|
||||
/usr/bin/getent group ${arr[1]} >> /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
/bin/busybox addgroup ${arr[1]}
|
||||
;;
|
||||
m)
|
||||
if [ -x /usr/sbin/usermod ] ; then
|
||||
run /usr/sbin/usermod -a -G ${arg2} ${arg1}
|
||||
elif [ -x "$busybox" ]; then
|
||||
run $busybox addgroup ${arg1} ${arg2}
|
||||
else
|
||||
echo "ERROR: neither usermod nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
ARGUMENTS="-G ${arr[1]} $ARGUMENTS"
|
||||
ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'`
|
||||
echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS"
|
||||
/usr/bin/getent passwd ${arr[1]} >> /dev/null || /bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $?
|
||||
else
|
||||
echo "ERROR: neither useradd nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
m*)
|
||||
eval arr=( $LINE )
|
||||
if [ -x /usr/sbin/usermod ] ; then
|
||||
echo "usermod -a -G ${arr[2]} ${arr[1]}"
|
||||
/usr/sbin/usermod -a -G ${arr[2]} ${arr[1]} || exit $?
|
||||
elif [ -x /usr/bin/busybox ]; then
|
||||
echo "addgroup ${arr[1]} ${arr[2]}"
|
||||
/usr/bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $?
|
||||
elif [ -x /bin/busybox ]; then
|
||||
echo "addgroup ${arr[1]} ${arr[2]}"
|
||||
/bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $?
|
||||
else
|
||||
echo "ERROR: neither usermod nor busybox found!"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
r*)
|
||||
echo "range option ignored: \"$LINE\""
|
||||
;;
|
||||
r)
|
||||
echo "range option ignored: \"$arg0 $arg1 $arg2 $arg3\""
|
||||
;;
|
||||
*)
|
||||
echo "Syntax Error: \"$LINE\""
|
||||
echo "Syntax Error: \"$arg0\""
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
done
|
||||
|
Loading…
Reference in New Issue
Block a user