rpm/shadow
SHA256
1
0
Fork 0
forked from pool/shadow
Code Pull Requests Activity

Accepting request 139680 from home:kukuk

Browse Source 
FATE#314473: Replace pwdutils with shadow utilities

OBS-URL: https://build.opensuse.org/request/show/139680
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=1
This commit is contained in:
Thorsten Kukuk 2012-10-29 15:15:23 +00:00 committed by Git OBS Bridge
commit 37abeb5bf8
14 changed files with 981 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

62
README.changes-pwdutils Normal file
View File

@ -0,0 +1,62 @@
This file lists changes between pwdutils used in the past and
the shadow utils used now.
General changes:
================
- No support to modify LDAP accounts anymore (-D and --service option)
- No -P/--path option
- /etc/default/passwd was removed. The configure options are
partly available in /etc/login.defs.
/etc/login.defs:
----------------
SYSTEM_UID_MIN/SYSTEM_UID_MAX were renamed to SYS_UID_MIN/SYS_UID_MAX
SYSTEM_GID_MIN/SYSTEM_GID_MAX were renamed to SYS_GID_MIN/SYS_GID_MAX
chfn
----
-m/--other has changed to -o/--other
-o/--office has changed to -r/--room.
-p/--phone has changed to -w/--work-phone
chpasswd
--------
-c blowfish is now longer supported, instead SHA256 and SHA512 were added.
chsh
----
-l/--list-shells was removed.
gpasswd
-------
-l/-u option are missing
groupadd
--------
/usr/sbin/groupadd.local is missing
--preferred-gid was removed
groupmod
--------
-A/--add-user was removed
-R/--remove-user was removed
passwd
------
-f was dropped (use chfn instead)
-g was dropped (use gpasswd instead)
-s was dropped (use chsh instead)
useradd
-------
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
-U/--umask was removed, -U has now another meaning
--preferred-uid was removed
userdel
-------
-r/--remove-home was renamed to -r/--remove
usermod
-------
-e/--expire has changed to -e/--expiredate (incompatible arguments!)

91
chkname-regex.diff Normal file
View File

@ -0,0 +1,91 @@
--- lib/getdef.c
+++ lib/getdef.c 2012/09/26 14:14:15
@@ -51,6 +51,7 @@
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
--- libmisc/chkname.c
+++ libmisc/chkname.c 2012/09/27 12:32:18
@@ -43,31 +43,55 @@
#ident "$Id: chkname.c 2828 2009-04-28 19:14:05Z nekral-guest $"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
- return false;
- }
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result)
+ {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
- }
+ return false;
+ }
+
+ if (regexec (&reg, name, 0, NULL, 0) != 0)
+ return false;
- return true;
+ return true;
}
bool is_valid_user_name (const char *name)
@@ -96,4 +120,3 @@
return is_valid_name (name);
}
-

3
pamd.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:51dc6651d0c5abcc777db007b1dadfb8a5a1f2d7985e3cb93a24de91753eb1b4
size 577

3
shadow-4.1.5.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb
size 2193325

338
shadow-login_defs.diff Normal file
View File

@ -0,0 +1,338 @@
--- etc/login.defs
+++ etc/login.defs 2012/09/26 12:02:14
@@ -1,8 +1,6 @@
#
# /etc/login.defs - Configuration control definitions for the shadow package.
#
-# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $
-#
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -12,11 +10,6 @@
FAIL_DELAY 3
#
-# Enable logging and display of /var/log/faillog login failure info.
-#
-FAILLOG_ENAB yes
-
-#
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB no
@@ -27,34 +20,6 @@
LOG_OK_LOGINS no
#
-# Enable logging and display of /var/log/lastlog login time info.
-#
-LASTLOG_ENAB yes
-
-#
-# Enable checking and display of mailbox status upon login.
-#
-# Disable if the shell startup files already check for mail
-# ("mailx -e" or equivalent).
-#
-MAIL_CHECK_ENAB yes
-
-#
-# Enable additional checks upon password changes.
-#
-OBSCURE_CHECKS_ENAB yes
-
-#
-# Enable checking of time restrictions specified in /etc/porttime.
-#
-PORTTIME_CHECKS_ENAB yes
-
-#
-# Enable setting of ulimit, umask, and niceness from passwd gecos field.
-#
-QUOTAS_ENAB yes
-
-#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
@@ -82,75 +47,31 @@
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
-# If defined, this file will be output before each login prompt.
-#
-#ISSUE_FILE /etc/issue
-
-#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
-# If defined, login failures will be logged here in a utmp format.
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, name of file whose presence which will inhibit non-root
-# logins. The contents of this file should be a message indicating
-# why logins are inhibited.
-#
-NOLOGINS_FILE /etc/nologin
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# *REQUIRED*
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/spool/mail
-#MAIL_FILE .mail
-
-#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# If defined, either a TZ environment parameter spec or the
-# fully-rooted pathname of a file containing such a spec.
-#
-#ENV_TZ TZ=CST6CDT
-#ENV_TZ /etc/tzname
-
-#
-# If defined, an HZ environment parameter spec.
-#
-# for Linux/x86
-ENV_HZ HZ=100
-# For Linux/Alpha...
-#ENV_HZ HZ=1024
+#HUSHLOGIN_FILE .hushlogin
+HUSHLOGIN_FILE /etc/hushlogins
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin
+
+#
+# The default PATH settings for root (used by login):
+#
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
#
# Terminal permissions
@@ -164,24 +85,20 @@
# TTYPERM to either 622 or 600.
#
TTYGROUP tty
-TTYPERM 0600
+TTYPERM 0620
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# ULIMIT Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
-#ULIMIT 2097152
# Default initial "umask" value used by login on non-PAM enabled systems.
# Default "umask" value for pam_umask on PAM enabled systems.
@@ -206,40 +123,37 @@
PASS_WARN_AGE 7
#
-# If "yes", the user must be listed as a member of the first gid 0 group
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
-# to uid 0 accounts. If the group doesn't exist or is empty, no one
-# will be able to "su" to uid 0.
-#
-SU_WHEEL_ONLY no
-
-#
-# If compiled with cracklib support, where are the dictionaries
-#
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
-
-#
# Min/max values for automatic uid selection in useradd
#
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts.
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
+# allocated user accounts.
+#
UID_MIN 1000
UID_MAX 60000
# System accounts
-SYS_UID_MIN 101
-SYS_UID_MAX 999
+SYS_UID_MIN 100
+SYS_UID_MAX 499
#
# Min/max values for automatic gid selection in groupadd
#
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups.
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
+# allocated groups.
+#
GID_MIN 1000
GID_MAX 60000
# System accounts
-SYS_GID_MIN 101
-SYS_GID_MAX 999
+SYS_GID_MIN 100
+SYS_GID_MAX 499
#
# Max number of login retries if password is bad
#
-LOGIN_RETRIES 5
+LOGIN_RETRIES 3
#
# Max time in seconds for login
@@ -247,28 +161,6 @@
LOGIN_TIMEOUT 60
#
-# Maximum number of attempts to change password if rejected (too easy)
-#
-PASS_CHANGE_TRIES 5
-
-#
-# Warn about weak passwords (but still allow them) if you are root.
-#
-PASS_ALWAYS_WARN yes
-
-#
-# Number of significant characters in the password for crypt().
-# Default is 8, don't change unless your crypt() is better.
-# Ignored if MD5_CRYPT_ENAB set to "yes".
-#
-#PASS_MAX_LEN 8
-
-#
-# Require password before chfn/chsh can make any changes.
-#
-CHFN_AUTH yes
-
-#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
@@ -277,13 +169,6 @@
CHFN_RESTRICT rwh
#
-# Password prompt (%s will be replaced by user name).
-#
-# XXX - it doesn't work correctly yet, for now leave it commented out
-# to use the default which is just "Password: ".
-#LOGIN_STRING "%s's Password: "
-
-#
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
@@ -345,16 +230,12 @@
DEFAULT_HOME yes
#
-# If this file exists and is readable, login environment will be
-# read from it. Every line should be in the form name=value.
-#
-ENVIRON_FILE /etc/environment
-
-#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
+# See USERDEL_PRECMD/POSTCMD below.
+#
#USERDEL_CMD /usr/sbin/userdel_local
#
@@ -364,7 +245,7 @@
#
# This also enables userdel to remove user groups if no members exist.
#
-USERGROUPS_ENAB yes
+USERGROUPS_ENAB no
#
# If set to a non-nul number, the shadow utilities will make sure that
@@ -383,5 +264,41 @@
# This option is overridden with the -M or -m flags on the useradd command
# line.
#
-#CREATE_HOME yes
+CREATE_HOME no
+
+#
+# User/group names must match the following regex expression.
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
+# but be aware that the result could depend on the locale settings.
+#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
+#
+# If defined, this command is run when adding a group.
+# It should rebuild any NIS database etc. to add the
+# new created group.
+#
+GROUPADD_CMD /usr/sbin/groupadd.local
+
+#
+# If defined, this command is run when adding a user.
+# It should rebuild any NIS database etc. to add the
+# new created account.
+#
+USERADD_CMD /usr/sbin/useradd.local
+
+#
+# If defined, this command is run before removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed.
+#
+USERDEL_PRECMD /usr/sbin/userdel-pre.local
+
+#
+# If defined, this command is run after removing a user.
+# It should rebuild any NIS database etc. to remove the
+# account from it.
+#
+USERDEL_POSTCMD /usr/sbin/userdel-post.local

25
shadow.changes Normal file
View File

@ -0,0 +1,25 @@
-------------------------------------------------------------------
Thu Sep 27 15:20:44 CEST 2012 - kukuk@suse.de
- Implement CHARACTER_CLASS support
(chkname-regex.diff)
-------------------------------------------------------------------
Wed Sep 26 15:20:06 CEST 2012 - kukuk@suse.de
- Add support for useradd.local
(useradd-script.diff)
-------------------------------------------------------------------
Tue Sep 25 16:22:18 CEST 2012 - kukuk@suse.de
- Fix spec file
- Adjust login.defs
(shadow-login_defs.diff)
- Add userdel*.local script support and scrips
(userdel-scripts.diff)
-------------------------------------------------------------------
Mon Sep 24 16:04:03 CEST 2012 - kukuk@suse.de
- Initial package [FATE#314473]

242
shadow.spec Normal file
View File

@ -0,0 +1,242 @@
#
# spec file for package shadow-utils
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Summary: Utilities to Manage User and Group Accounts
Name: shadow
Version: 4.1.5.1
Release: 1
License: BSD-3-Clause ; GPL-2.0+
Group: System/Base
Url: http://pkg-shadow.alioth.debian.org/
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
Source1: pamd.tar.bz2
Source2: README.changes-pwdutils
Source3: useradd.local
Source4: userdel-pre.local
Source5: userdel-post.local
Patch: shadow-login_defs.diff
Patch1: userdel-scripts.diff
Patch2: useradd-script.diff
Patch3: chkname-regex.diff
BuildRequires: pam-devel
BuildRequires: libselinux-devel
BuildRequires: audit-devel
BuildRequires: libsemanage-devel
BuildRequires: libacl-devel libattr-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: permissions
Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19
%description
This package includes the necessary programs for converting plain
password files to the shadow password format and to manage user and
group accounts.
%prep
%setup -q -a 1
%patch -p0
%patch1 -p0
%patch2 -p0
%patch3 -p0
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
%build
export CFLAGS="$RPM_OPT_FLAGS -fpie"
export LDFLAGS="-pie"
%configure \
--disable-shadowgrp \
--enable-account-tools-setuid \
--with-audit \
--with-libpam \
--with-sha-crypt \
--with-acl \
--with-attr \
--with-nscd \
--with-selinux \
--without-libcrack \
--disable-shared \
--with-group-name-max-length=32
make
%install
cp %SOURCE2 .
make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
# install useradd.local, userdel.local, ...
install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/
install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/
install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/
# Remove binaries we don't use.
rm $RPM_BUILD_ROOT/%{_bindir}/groups
rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/groups.*
rm $RPM_BUILD_ROOT/%{_sbindir}/grpconv
rm $RPM_BUILD_ROOT/%{_mandir}/man8/grpconv.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/grpconv.*
rm $RPM_BUILD_ROOT/%{_sbindir}/grpunconv
rm $RPM_BUILD_ROOT/%{_mandir}/man8/grpunconv.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/grpunconv.*
rm $RPM_BUILD_ROOT/%{_sbindir}/groupmems
rm $RPM_BUILD_ROOT/%{_mandir}/man8/groupmems.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/groupmems.*
rm $RPM_BUILD_ROOT/etc/pam.d/groupmems
rm $RPM_BUILD_ROOT/%{_bindir}/login
rm $RPM_BUILD_ROOT/%{_mandir}/man1/login.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/login.*
rm $RPM_BUILD_ROOT/etc/pam.d/login
rm $RPM_BUILD_ROOT/%{_bindir}/su
rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
rm $RPM_BUILD_ROOT/etc/pam.d/su
rm $RPM_BUILD_ROOT/%{_bindir}/faillog
rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.*
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
rm $RPM_BUILD_ROOT/etc/pam.d/chgpasswd
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/gshadow.5*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/gshadow.5*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.5*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.5*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/shadow.5*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/shadow.5*
rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??}
%find_lang shadow
%clean
rm -rf $RPM_BUILD_ROOT
%post
%set_permissions /usr/bin/chage
%set_permissions /usr/bin/chfn
%set_permissions /usr/bin/chsh
%set_permissions /usr/bin/expiry
%set_permissions /usr/bin/gpasswd
%set_permissions /usr/bin/newgrp
%set_permissions /usr/bin/passwd
%verifyscript
%verify_permissions /usr/bin/chage
%verify_permissions /usr/bin/chfn
%verify_permissions /usr/bin/chsh
%verify_permissions /usr/bin/expiry
%verify_permissions /usr/bin/gpasswd
%verify_permissions /usr/bin/newgrp
%verify_permissions /usr/bin/passwd
%files -f shadow.lang
%defattr(-,root,root)
%doc NEWS doc/HOWTO README README.changes-pwdutils
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
%config /etc/pam.d/chage
%config /etc/pam.d/chfn
%config /etc/pam.d/chsh
%config /etc/pam.d/passwd
%config /etc/pam.d/useradd
%config /etc/pam.d/chpasswd
%config /etc/pam.d/groupadd
%config /etc/pam.d/groupdel
%config /etc/pam.d/groupmod
%config /etc/pam.d/newusers
%config /etc/pam.d/useradd
%config /etc/pam.d/userdel
%config /etc/pam.d/usermod
%attr(4755,root,shadow) %{_bindir}/chage
%attr(4755,root,shadow) %{_bindir}/chfn
%attr(4755,root,shadow) %{_bindir}/chsh
%attr(4755,root,shadow) %{_bindir}/expiry
%attr(4755,root,shadow) %{_bindir}/gpasswd
%{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp
%attr(4755,root,shadow) %{_bindir}/passwd
%{_bindir}/sg
%{_sbindir}/groupadd
%{_sbindir}/groupdel
%{_sbindir}/groupmod
%{_sbindir}/grpck
%{_sbindir}/pwck
%{_sbindir}/useradd
%{_sbindir}/userdel
%{_sbindir}/usermod
%{_sbindir}/pwconv
%{_sbindir}/pwunconv
%{_sbindir}/chpasswd
%{_sbindir}/newusers
%{_sbindir}/vipw
%{_sbindir}/vigr
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-pre.local
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-post.local
%{_mandir}/man1/chage.1*
%{_mandir}/man1/chfn.1*
%{_mandir}/man1/chsh.1*
%{_mandir}/man1/expiry.1*
%{_mandir}/man1/gpasswd.1*
%{_mandir}/man1/newgrp.1*
%{_mandir}/man1/passwd.1*
%{_mandir}/man1/sg.1*
%{_mandir}/man3/shadow.3*
%{_mandir}/man5/login.defs.5*
%{_mandir}/man8/chpasswd.8*
%{_mandir}/man8/groupadd.8*
%{_mandir}/man8/groupdel.8*
%{_mandir}/man8/groupmod.8*
%{_mandir}/man8/grpck.8*
%{_mandir}/man8/lastlog.8*
%{_mandir}/man8/newusers.8*
%{_mandir}/man8/pwck.8*
%{_mandir}/man8/pwconv.8*
%{_mandir}/man8/pwunconv.8*
%{_mandir}/man8/useradd.8*
%{_mandir}/man8/userdel.8*
%{_mandir}/man8/usermod.8*
%{_mandir}/man8/vigr.8*
%{_mandir}/man8/vipw.8*
%changelog

42
useradd-script.diff Normal file
View File

@ -0,0 +1,42 @@
--- src/useradd.c
+++ src/useradd.c 2012/09/26 13:06:50
@@ -1845,6 +1845,30 @@
}
/*
+ * call_script - call a script to do some work
+ *
+ * call_script calls a script for additional changes to the
+ * account.
+ */
+
+static void call_script (const char *user)
+{
+ const char *cmd;
+ const char *argv[3];
+ int status;
+
+ cmd = getdef_str ("USERADD_CMD");
+ if (NULL == cmd) {
+ return;
+ }
+ argv[0] = cmd;
+ argv[1] = user;
+ argv[2] = (char *)0;
+ (void) run_command (cmd, argv, NULL, &status);
+}
+
+
+/*
* main - useradd command
*/
int main (int argc, char **argv)
@@ -2076,6 +2100,7 @@
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ call_script (user_name);
+
return E_SUCCESS;
}
-

44
useradd.local Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
#
# Here you can add your own stuff, that should be done for every user who
# was new created.
#
# When you create a user with useradd, this script will be called
# with the login name as parameter. Optional, UID, GID and the HOME
# directory are added.
#
case "$1" in
--help|--version)
echo Usage: $0 username [uid gid home]
exit 0
;;
esac
# Check for the required argument.
if [ $# -lt 1 -o $# -gt 4 ]; then
echo Usage: $0 username [uid gid home]
exit 1
fi
# Update NIS database
# make -C /var/yp
# If SELinux is enabled, we have to run restorecon to assign
# appropriate fcontexts to the respective $HOME and files under it
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
test -x /sbin/restorecon || exit 2
if [ $# -lt 4 ]; then
home_dir=/home/$1
else
home_dir=$4
fi
if [ -d $home_dir ]; then
/sbin/restorecon -R $home_dir
fi
fi
# All done.
exit 0

29
userdel-post.local Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
#
# Here you can add your own stuff, that should be done for every user
# which we deleted.
#
# If you delete a user with userdel, this script will be called
# with the login name as parameter after the account and optional
# home directory was removed from the system.
#
case "$1" in
--help|--version)
echo Usage: $0 username uid gid home
exit 0
;;
esac
# Check for the required argument.
if [ $# != 1 ]; then
echo Usage: $0 username
exit 1
fi
# Rebuild NIS database to remove the account from it.
# make -C /var/yp
# All done.
exit 0

28
userdel-pre.local Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
#
# Here you can add your own stuff, that should be done for every user
# who will be deleted.
#
# When you delete a user with userdel, this script will be called
# with the login name as parameter before any other action is done.
#
case "$1" in
--help|--version)
echo Usage: $0 username uid gid home
exit 0
;;
esac
# Check for the required argument.
if [ $# != 1 ]; then
echo Usage: $0 username
exit 1
fi
# Remove cron jobs
test -x /usr/bin/crontab && /usr/bin/crontab -r -u $1
# All done.
exit 0

50
userdel-scripts.diff Normal file
View File

@ -0,0 +1,50 @@
--- src/userdel.c
+++ src/userdel.c 2012/09/25 13:46:38
@@ -635,13 +635,13 @@
* cron, at, or print jobs.
*/
-static void user_cancel (const char *user)
+static void call_script (const char *program, const char *user)
{
const char *cmd;
const char *argv[3];
int status;
- cmd = getdef_str ("USERDEL_CMD");
+ cmd = getdef_str (program);
if (NULL == cmd) {
return;
}
@@ -1032,9 +1032,10 @@
}
/*
- * Do the hard stuff - open the files, create the user entries,
- * create the home directory, then close and update the files.
+ * Do the hard stuff - open the files, remove the user entries,
+ * remove the home directory, then close and update the files.
*/
+ call_script ("USERDEL_PRECMD", user_name);
open_files ();
update_user ();
update_groups ();
@@ -1137,7 +1138,7 @@
* Cancel any crontabs or at jobs. Have to do this before we remove
* the entry from /etc/passwd.
*/
- user_cancel (user_name);
+ call_script ("USERDEL_CMD", user_name);
close_files ();
#ifdef WITH_TCB
@@ -1147,6 +1148,8 @@
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ /* Call the post script, for example to rebuild NIS database */
+ call_script ("USERDEL_POSTCMD", user_name);
+
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
}
-