From 81802b47121b6d85c3c995e254b5e258d4032f813436d581ca483763153cc4e0 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 17 Mar 2020 14:34:59 +0000 Subject: [PATCH 1/4] Accepting request 785867 from home:favogt:branches:openSUSE:Factory - Drop use of tail from the generated %pre scriptlets I'll try dropping the bash dep next. A pure lua implementation is possible, but would require some work and is IMO not really necessary. If any of those users are needed, there's very likely also a shell available. For system-user-root it's already pure lua. OBS-URL: https://build.opensuse.org/request/show/785867 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=22 --- sysuser-tools.changes | 5 +++++ sysuser-tools.spec | 2 +- sysusers-generate-pre | 26 ++++---------------------- 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/sysuser-tools.changes b/sysuser-tools.changes index 1c3f2ad..5435114 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt + +- Drop use of tail from the generated %pre scriptlets + ------------------------------------------------------------------- Sun Dec 29 19:16:13 UTC 2019 - kukuk@suse.de diff --git a/sysuser-tools.spec b/sysuser-tools.spec index e687589..e77250c 100644 --- a/sysuser-tools.spec +++ b/sysuser-tools.spec @@ -1,7 +1,7 @@ # # spec file for package sysuser-tools # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/sysusers-generate-pre b/sysusers-generate-pre index c79114a..ff32446 100644 --- a/sysusers-generate-pre +++ b/sysusers-generate-pre @@ -1,26 +1,8 @@ #!/bin/bash # pass systemd sysusers config files a as argument to this script. -# It will output a shell script that creates those users by -# appending the data to itself. - -tmpfile=`mktemp -q -t sysusers.XXXXXX` -cleanup() -{ - rm -f "$tmpfile" -} - -trap cleanup EXIT - -for i in "$@"; do - grep -e '^[ugmr]' "$i" >> "$tmpfile" -done - -lines=`wc -l < "$tmpfile"` echo '#!/bin/bash' -echo "tail -n $lines \$0 | /usr/sbin/sysusers2shadow" -echo 'RET=$?' -echo 'test -f /.buildenv && exit 0' -echo 'exit $RET' -echo '######## data below ########' -cat "$tmpfile" +echo 'cat <<"EOF" |' +grep -he '^[ugmr]' "$@" +echo 'EOF' +echo '/usr/sbin/sysusers2shadow || [[ -f /.buildenv ]]' \ No newline at end of file From 54305a4169eb91b7a15774625bd00a1068f7ffa9ca358b84e2d5b6486be3c988 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 20 Mar 2020 11:31:21 +0000 Subject: [PATCH 2/4] Accepting request 786819 from home:favogt:nobash - Clean up sysusers2shadow and make it use only /bin/sh - Don't let busybox adduser create the home directory, it breaks permissions of e.g. /sbin (home of daemon) - Use only /bin/sh in sysusers-generate-pre and the generated code OBS-URL: https://build.opensuse.org/request/show/786819 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=23 --- sysuser-tools.changes | 8 +++ sysusers-generate-pre | 8 +-- sysusers2shadow.sh | 157 +++++++++++++++++++----------------------- 3 files changed, 84 insertions(+), 89 deletions(-) diff --git a/sysuser-tools.changes b/sysuser-tools.changes index 5435114..2c65dd1 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt + +- Clean up sysusers2shadow and make it use only /bin/sh +- Don't let busybox adduser create the home directory, it breaks + permissions of e.g. /sbin (home of daemon) +- Use only /bin/sh in sysusers-generate-pre and the generated code + ------------------------------------------------------------------- Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt diff --git a/sysusers-generate-pre b/sysusers-generate-pre index ff32446..3a37819 100644 --- a/sysusers-generate-pre +++ b/sysusers-generate-pre @@ -1,8 +1,8 @@ -#!/bin/bash -# pass systemd sysusers config files a as argument to this script. +#!/bin/sh +# pass systemd sysusers config paths as argument to this script. -echo '#!/bin/bash' +echo '#!/bin/sh' echo 'cat <<"EOF" |' grep -he '^[ugmr]' "$@" echo 'EOF' -echo '/usr/sbin/sysusers2shadow || [[ -f /.buildenv ]]' \ No newline at end of file +echo '/usr/sbin/sysusers2shadow || [ -f /.buildenv ]' diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh index f51297e..cc25eff 100644 --- a/sysusers2shadow.sh +++ b/sysusers2shadow.sh @@ -1,96 +1,83 @@ -#!/bin/bash +#!/bin/sh +set -eu -while read LINE +# Print the command and run it +run() { + echo "$@" + "$@" +} + +# Absolute path to busybox, if found +busybox= +for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done + +while read arg0 arg1 arg2 arg3 arg4 do - case "$LINE" in - \#*|"") - ;; - g*) - eval arr=( $LINE ) - ARGUMENTS="${arr[1]}" - if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then - ARGUMENTS="-g ${arr[2]} $ARGUMENTS" - fi - if [ -x /usr/sbin/groupadd ]; then - echo "groupadd -r $ARGUMENTS" - /usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/sbin/groupadd -r $ARGUMENTS || exit $? - elif [ -x /usr/bin/busybox ]; then - echo "addgroup -S $ARGUMENTS" - /usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/bin/busybox addgroup -S $ARGUMENTS || exit $? - elif [ -x /bin/busybox ]; then - echo "addgroup -S $ARGUMENTS" - /usr/bin/getent group "${arr[1]}" >> /dev/null || /bin/busybox addgroup -S $ARGUMENTS || exit $? - else - echo "ERROR: neither groupadd nor busybox found!" - exit 1 - fi - ;; - u*) - eval arr=( $LINE ) - ARGUMENTS="${arr[1]}" - if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then - ARGUMENTS="-u ${arr[2]} $ARGUMENTS" - fi - if [ ! -z "${arr[4]}" -a "${arr[4]}" != "-" ]; then - ARGUMENTS="-d ${arr[4]} $ARGUMENTS" - else - ARGUMENTS="-d / $ARGUMENTS" - fi - if [ -x /usr/sbin/useradd ]; then - # this is useradd/shadow specific - /usr/bin/getent group ${arr[1]} >> /dev/null - if [ $? -eq 0 ]; then - ARGUMENTS="-g ${arr[1]} $ARGUMENTS" + case "$arg0" in + g) + ARGUMENTS="${arg1}" + if [ -n "${arg2}" -a "${arg2}" != "-" ]; then + ARGUMENTS="-g ${arg2} $ARGUMENTS" + fi + + if ! /usr/bin/getent group "${arg1}" >> /dev/null; then + if [ -x "/usr/sbin/groupadd" ]; then + run /usr/sbin/groupadd -r $ARGUMENTS + elif [ -x "$busybox" ]; then + run $busybox addgroup -S $ARGUMENTS + else + echo "ERROR: neither groupadd nor busybox found!" + exit 1 + fi + fi + ;; + u) + ARGUMENTS="${arg1}" + if [ -n "${arg2}" ] && [ "${arg2}" != "-" ]; then + ARGUMENTS="-u ${arg2} $ARGUMENTS" + fi + if [ -n "${arg4}" ] && [ "${arg4}" != "-" ]; then + ARGUMENTS="-d ${arg4} $ARGUMENTS" else - ARGUMENTS="-U $ARGUMENTS" + ARGUMENTS="-d / $ARGUMENTS" fi - echo "useradd -r -s /sbin/nologin -c \"${arr[3]}\" $ARGUMENTS" - /usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/sbin/useradd -r -s /sbin/nologin -c "${arr[3]}" $ARGUMENTS || exit $? - elif [ -x /usr/bin/busybox ]; then - /usr/bin/getent group ${arr[1]} >> /dev/null - if [ $? -ne 0 ]; then - /usr/bin/busybox addgroup ${arr[1]} + + if [ -x /usr/sbin/useradd ]; then + if ! /usr/bin/getent passwd "${arg1}" >> /dev/null; then + # this is useradd/shadow specific + ARGUMENTS="-g ${arg1} $ARGUMENTS" + /usr/bin/getent group "${arg1}" >> /dev/null || ARGUMENTS="-U $ARGUMENTS" + + run /usr/sbin/useradd -r -s /sbin/nologin -c "${arg3}" $ARGUMENTS + fi + elif [ -x "$busybox" ]; then + /usr/bin/getent group "${arg1}" >> /dev/null || $busybox addgroup "${arg1}" + + if ! /usr/bin/getent passwd ${arg1} >> /dev/null; then + ARGUMENTS="$(echo -G ${arg1} $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g')" + run $busybox adduser -S -H -s /sbin/nologin -g "${arg3}" $ARGUMENTS + fi + else + echo "ERROR: neither useradd nor busybox found!" + exit 1 fi - ARGUMENTS="-G ${arr[1]} $ARGUMENTS" - ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'` - echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS" - /usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $? - elif [ -x /bin/busybox ]; then - /usr/bin/getent group ${arr[1]} >> /dev/null - if [ $? -ne 0 ]; then - /bin/busybox addgroup ${arr[1]} + ;; + m) + if [ -x /usr/sbin/usermod ] ; then + run /usr/sbin/usermod -a -G ${arg2} ${arg1} + elif [ -x "$busybox" ]; then + run $busybox addgroup ${arg1} ${arg2} + else + echo "ERROR: neither usermod nor busybox found!" + exit 1 fi - ARGUMENTS="-G ${arr[1]} $ARGUMENTS" - ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'` - echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS" - /usr/bin/getent passwd ${arr[1]} >> /dev/null || /bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $? - else - echo "ERROR: neither useradd nor busybox found!" - exit 1 - fi - ;; - m*) - eval arr=( $LINE ) - if [ -x /usr/sbin/usermod ] ; then - echo "usermod -a -G ${arr[2]} ${arr[1]}" - /usr/sbin/usermod -a -G ${arr[2]} ${arr[1]} || exit $? - elif [ -x /usr/bin/busybox ]; then - echo "addgroup ${arr[1]} ${arr[2]}" - /usr/bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $? - elif [ -x /bin/busybox ]; then - echo "addgroup ${arr[1]} ${arr[2]}" - /bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $? - else - echo "ERROR: neither usermod nor busybox found!" - exit 1 - fi - ;; - r*) - echo "range option ignored: \"$LINE\"" ;; + r) + echo "range option ignored: \"$arg0 $arg1 $arg2 $arg3\"" + ;; *) - echo "Syntax Error: \"$LINE\"" + echo "Syntax Error: \"$arg0\"" exit 1 ;; - esac + esac done From 1111c839cc62a69a9e69b342aa5f305448a17ef9745be40850e7a5829d78ee3a Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 24 Mar 2020 11:54:36 +0000 Subject: [PATCH 3/4] Accepting request 787733 from home:favogt:nobash - Use eval set -- $LINE instead of read for parsing Fixes system-user-man. eval is evil though, so if there is a better idea, please tell OBS-URL: https://build.opensuse.org/request/show/787733 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=24 --- sysuser-tools.changes | 5 +++++ sysusers2shadow.sh | 52 ++++++++++++++++++++++++------------------- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/sysuser-tools.changes b/sysuser-tools.changes index 2c65dd1..86b90d3 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 24 10:01:39 UTC 2020 - Fabian Vogt + +- Use eval set -- $LINE instead of read for parsing + ------------------------------------------------------------------- Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh index cc25eff..3c55131 100644 --- a/sysusers2shadow.sh +++ b/sysusers2shadow.sh @@ -11,16 +11,20 @@ run() { busybox= for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done -while read arg0 arg1 arg2 arg3 arg4 +while read LINE do - case "$arg0" in + eval set -- $LINE + case "${1-}" in + \#*|"") + ;; g) - ARGUMENTS="${arg1}" - if [ -n "${arg2}" -a "${arg2}" != "-" ]; then - ARGUMENTS="-g ${arg2} $ARGUMENTS" + shift + ARGUMENTS="$1" + if [ -n "${2-}" ] && [ "$2" != "-" ]; then + ARGUMENTS="-g $2 $ARGUMENTS" fi - if ! /usr/bin/getent group "${arg1}" >> /dev/null; then + if ! /usr/bin/getent group "$1" >> /dev/null; then if [ -x "/usr/sbin/groupadd" ]; then run /usr/sbin/groupadd -r $ARGUMENTS elif [ -x "$busybox" ]; then @@ -32,30 +36,31 @@ do fi ;; u) - ARGUMENTS="${arg1}" - if [ -n "${arg2}" ] && [ "${arg2}" != "-" ]; then - ARGUMENTS="-u ${arg2} $ARGUMENTS" + shift + ARGUMENTS="$1" + if [ -n "${2-}" ] && [ "$2" != "-" ]; then + ARGUMENTS="-u $2 $ARGUMENTS" fi - if [ -n "${arg4}" ] && [ "${arg4}" != "-" ]; then - ARGUMENTS="-d ${arg4} $ARGUMENTS" + if [ -n "${4-}" ] && [ "$4" != "-" ]; then + ARGUMENTS="-d $4 $ARGUMENTS" else ARGUMENTS="-d / $ARGUMENTS" fi if [ -x /usr/sbin/useradd ]; then - if ! /usr/bin/getent passwd "${arg1}" >> /dev/null; then + if ! /usr/bin/getent passwd "$1" >> /dev/null; then # this is useradd/shadow specific - ARGUMENTS="-g ${arg1} $ARGUMENTS" - /usr/bin/getent group "${arg1}" >> /dev/null || ARGUMENTS="-U $ARGUMENTS" + ARGUMENTS="-g $1 $ARGUMENTS" + /usr/bin/getent group "$1" >> /dev/null || ARGUMENTS="-U $ARGUMENTS" - run /usr/sbin/useradd -r -s /sbin/nologin -c "${arg3}" $ARGUMENTS + run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" $ARGUMENTS fi elif [ -x "$busybox" ]; then - /usr/bin/getent group "${arg1}" >> /dev/null || $busybox addgroup "${arg1}" + /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup "$1" - if ! /usr/bin/getent passwd ${arg1} >> /dev/null; then - ARGUMENTS="$(echo -G ${arg1} $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g')" - run $busybox adduser -S -H -s /sbin/nologin -g "${arg3}" $ARGUMENTS + if ! /usr/bin/getent passwd $1 >> /dev/null; then + ARGUMENTS="$(echo -G $1 $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g')" + run $busybox adduser -S -H -s /sbin/nologin -g "$3" $ARGUMENTS fi else echo "ERROR: neither useradd nor busybox found!" @@ -63,20 +68,21 @@ do fi ;; m) + shift if [ -x /usr/sbin/usermod ] ; then - run /usr/sbin/usermod -a -G ${arg2} ${arg1} + run /usr/sbin/usermod -a -G $2 $1 elif [ -x "$busybox" ]; then - run $busybox addgroup ${arg1} ${arg2} + run $busybox addgroup $1 $2 else echo "ERROR: neither usermod nor busybox found!" exit 1 fi ;; r) - echo "range option ignored: \"$arg0 $arg1 $arg2 $arg3\"" + echo "range option ignored: \"$LINE\"" ;; *) - echo "Syntax Error: \"$arg0\"" + echo "Syntax Error: \"$LINE\"" exit 1 ;; esac From d7b80fccdd9be987758e49af219c99c3269bb8fb34d069cc14dd41de096e820f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 Mar 2020 10:07:14 +0000 Subject: [PATCH 4/4] Accepting request 788085 from home:favogt:nobash - Fix bug introduced by simplification of check for useradd -g - Refactor use of sed away OBS-URL: https://build.opensuse.org/request/show/788085 OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=25 --- sysuser-tools.changes | 6 ++++++ sysusers2shadow.sh | 21 +++++++++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/sysuser-tools.changes b/sysuser-tools.changes index 86b90d3..e40311e 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 25 07:53:55 UTC 2020 - Fabian Vogt + +- Fix bug introduced by simplification of check for useradd -g +- Refactor use of sed away + ------------------------------------------------------------------- Tue Mar 24 10:01:39 UTC 2020 - Fabian Vogt diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh index 3c55131..c91c9ac 100644 --- a/sysusers2shadow.sh +++ b/sysusers2shadow.sh @@ -41,26 +41,27 @@ do if [ -n "${2-}" ] && [ "$2" != "-" ]; then ARGUMENTS="-u $2 $ARGUMENTS" fi - if [ -n "${4-}" ] && [ "$4" != "-" ]; then - ARGUMENTS="-d $4 $ARGUMENTS" - else - ARGUMENTS="-d / $ARGUMENTS" + homedir="/" # If null, empty or '-' + if [ "${4:--}" != "-" ]; then + homedir="$4" fi if [ -x /usr/sbin/useradd ]; then if ! /usr/bin/getent passwd "$1" >> /dev/null; then # this is useradd/shadow specific - ARGUMENTS="-g $1 $ARGUMENTS" - /usr/bin/getent group "$1" >> /dev/null || ARGUMENTS="-U $ARGUMENTS" + if /usr/bin/getent group "$1" >> /dev/null; then + ARGUMENTS="-g $1 $ARGUMENTS" + else + ARGUMENTS="-U $ARGUMENTS" + fi - run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" $ARGUMENTS + run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" -d "${homedir}" $ARGUMENTS fi elif [ -x "$busybox" ]; then /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup "$1" - if ! /usr/bin/getent passwd $1 >> /dev/null; then - ARGUMENTS="$(echo -G $1 $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g')" - run $busybox adduser -S -H -s /sbin/nologin -g "$3" $ARGUMENTS + if ! /usr/bin/getent passwd "$1" >> /dev/null; then + run $busybox adduser -S -H -s /sbin/nologin -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS fi else echo "ERROR: neither useradd nor busybox found!"