Added new option -r, --system for system accounts in useradd, groupadd,

and newusers.

ChangeLog

@@ -1,3 +1,16 @@
+2008-02-19  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, etc/login.defs: Set GID_MIN to the same value as UID_MIN
+	by default (1000).
+	* NEWS, etc/login.defs: Added variables SYS_UID_MIN (100),
+	SYS_UID_MAX (999), SYS_GID_MIN (100), SYS_GID_MAX (999) for system
+	accounts.
+	* libmisc/find_new_ids.c: Added support for system accounts in
+	find_new_uid() and find_new_gid().
+	* NEWS, src/newusers.c, src/useradd.c, src/groupadd.c: Added new
+	option -r, --system for system accounts in useradd, groupadd, and
+	newusers.
+
 2008-02-18  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, src/groupmems.c: Fix buffer overflow when adding an user

NEWS

@@ -12,6 +12,10 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
 - general
   * Do not translate the messages sent to syslog. This avoids logging
     PAM error messages in the users's locale.
+- etc/login.defs
+  * Set GID_MIN to the same value as UID_MIN by default (1000).
+  * Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100),
+    SYS_GID_MAX (999) for system accounts.
 - etc/useradd
   * /etc/default/useradd now defines HOME as /home to match FHS.
 - chage
@@ -19,6 +23,7 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
     passwd entry, but no shadow entry.
 - groupadd
   * New option -p/--password to specify an encrypted password.
+  * New option -r, --system for system accounts.
 - groupmems
   * Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec.
 - groupmod
@@ -46,6 +51,7 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
   * Fix support for the NONE crypt method.
   * newusers will behave more like useradd regarding the choice of UID or
     GID or regarding the validity of user and group names.
+  * New option -r, --system for system accounts.
 - passwd
   * Make sure that no more than one username argument was provided.
 - pwck
@@ -63,6 +69,7 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
     but should behave as -D)
   * Document the --defaults option, which was already described in the
     useradd's Usage information.
+  * New option -r, --system for system accounts.
 - usermod
   * Keep the access and modification time of files when moving an user's home
     directory.

etc/login.defs

@@ -214,12 +214,18 @@ CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
 #
 UID_MIN			 1000
 UID_MAX			60000
+# System accounts
+SYS_UID_MIN		  100
+SYS_UID_MAX		  999
 
 #
 # Min/max values for automatic gid selection in groupadd
 #
-GID_MIN			  100
+GID_MIN			 1000
 GID_MAX			60000
+# System accounts
+SYS_GID_MIN		  100
+SYS_GID_MAX		  999
 
 #
 # Max number of login retries if password is bad

libmisc/find_new_ids.c

@@ -24,11 +24,15 @@ int find_new_uid (int sys_user, uid_t *uid, uid_t const *preferred_uid)
 	uid_t uid_min, uid_max, user_id;
 
 	assert (uid != NULL);
-	/* TODO: add support for system users */
-	assert (sys_user == 0);
 
+	if (sys_user == 0) {
 	uid_min = getdef_unum ("UID_MIN", 1000);
 	uid_max = getdef_unum ("UID_MAX", 60000);
+	} else {
+		uid_min = getdef_unum ("SYS_UID_MIN", 1);
+		uid_max = getdef_unum ("UID_MIN", 1000) - 1;
+		uid_max = getdef_unum ("SYS_UID_MAX", uid_max);
+	}
 
 	if (   (NULL != preferred_uid)
 	    && (*preferred_uid >= uid_min)
@@ -102,11 +106,15 @@ int find_new_gid (int sys_group, gid_t *gid, gid_t const *preferred_gid)
 	gid_t gid_min, gid_max, group_id;
 
 	assert (gid != NULL);
-	/* TODO: add support for system groups */
-	assert (sys_group == 0);
 
+	if (sys_group == 0) {
 	gid_min = getdef_unum ("GID_MIN", 1000);
 	gid_max = getdef_unum ("GID_MAX", 60000);
+	} else {
+		gid_min = getdef_unum ("SYS_GID_MIN", 1);
+		gid_max = getdef_unum ("GID_MIN", 1000) - 1;
+		gid_max = getdef_unum ("SYS_GID_MAX", gid_max);
+	}
 
 	if (   (NULL != preferred_gid)
 	    && (*preferred_gid >= gid_min)

src/groupadd.c

@@ -76,6 +76,7 @@ static char *Prog;
 static int oflg = 0;		/* permit non-unique group ID to be specified with -g */
 static int gflg = 0;		/* ID value for the new group */
 static int fflg = 0;		/* if group already exists, do nothing and exit(0) */
+static int rflg = 0;		/* create a system account */
 static int pflg = 0;		/* new encrypted password */
 
 #ifdef USE_PAM
@@ -114,6 +115,7 @@ static void usage (void)
 	         "  -K, --key KEY=VALUE           overrides /etc/login.defs defaults\n"
 	         "  -o, --non-unique              allow create group with duplicate\n"
 	         "                                (non-unique) GID\n"
+	         "  -r, --system                  create a system account\n"
 	         "\n"), stderr);
 	exit (E_USAGE);
 }
@@ -357,11 +359,12 @@ static void process_flags (int argc, char **argv)
 		{"key", required_argument, NULL, 'K'},
 		{"non-unique", required_argument, NULL, 'o'},
 		{"password", required_argument, NULL, 'p'},
+		{"system", no_argument, NULL, 'r'},
 		{NULL, 0, NULL, '\0'}
 	};
 
 	while ((c =
-		getopt_long (argc, argv, "fg:hK:o", long_options,
+		getopt_long (argc, argv, "fg:hK:or", long_options,
 		             &option_index)) != -1) {
 		switch (c) {
 		case 'f':
@@ -408,6 +411,9 @@ static void process_flags (int argc, char **argv)
 			pflg++;
 			group_passwd = optarg;
 			break;
+		case 'r':
+			rflg++;
+			break;
 		default:
 			usage ();
 		}
@@ -556,7 +562,7 @@ int main (int argc, char **argv)
 	open_files ();
 
 	if (!gflg) {
-		if (find_new_gid (0, &group_id, NULL) < 0) {
+		if (find_new_gid (rflg, &group_id, NULL) < 0) {
 			fprintf (stderr, _("%s: can't create group\n"), Prog);
 			fail_exit (E_GID_IN_USE);
 		}

src/newusers.c

@@ -62,6 +62,7 @@
  */
 static char *Prog;
 static int cflg = 0;
+static int rflg = 0;	/* create a system account */
 static int sflg = 0;
 
 static char *crypt_method = NULL;
@@ -97,6 +98,7 @@ static void usage (void)
 	fprintf (stderr, _("Usage: %s [options] [input]\n"
 	                   "\n"
 	                   "  -c, --crypt-method            the crypt method (one of %s)\n"
+	                   "  -r, --system                  create system accounts\n"
 	                   "%s"
 	                   "\n"),
 	                 Prog,
@@ -164,7 +166,7 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid)
 		 * already the name of an existing group.
 		 * In both cases, figure out what group ID can be used.
 		 */
-		if (find_new_gid(0, &grent.gr_gid, &uid) < 0) {
+		if (find_new_gid(rflg, &grent.gr_gid, &uid) < 0) {
 			return -1;
 		}
 	}
@@ -266,7 +268,7 @@ static int get_uid (const char *uid, uid_t *nuid) {
 				return -1;
 			}
 		} else {
-			if (find_new_uid (0, nuid, NULL) < 0) {
+			if (find_new_uid (rflg, nuid, NULL) < 0) {
 				return -1;
 			}
 		}

src/useradd.c

@@ -128,6 +128,7 @@ static int
     mflg = 0,			/* create user's home directory if it doesn't exist */
     nflg = 0,			/* create a group having the same name as the user */
     oflg = 0,			/* permit non-unique user ID to be specified with -u */
+    rflg = 0,			/* create a system account */
     sflg = 0,			/* shell program for new account */
     uflg = 0;			/* specify user ID for new account */
 
@@ -636,6 +637,7 @@ static void usage (void)
 	         "                                (non-unique) UID\n"
 	         "  -p, --password PASSWORD       use encrypted password for the new user\n"
 	         "                                account\n"
+	         "  -r, --system                  create a system account\n"
 	         "  -s, --shell SHELL             the login shell for the new user account\n"
 	         "  -u, --uid UID                 force use the UID for the new user account\n"
 	         "\n"), stderr);
@@ -684,11 +686,19 @@ static void new_spent (struct spwd *spent)
 	spent->sp_namp = (char *) user_name;
 	spent->sp_pwdp = (char *) user_pass;
 	spent->sp_lstchg = time ((time_t *) 0) / SCALE;
+	if (!rflg) {
 	spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
 	spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
 	spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
 	spent->sp_inact = scale_age (def_inactive);
 	spent->sp_expire = scale_age (user_expire);
+	} else {
+		spent->sp_min = scale_age (-1);
+		spent->sp_max = scale_age (-1);
+		spent->sp_warn = scale_age (-1);
+		spent->sp_inact = scale_age (-1);
+		spent->sp_expire = scale_age (-1);
+	}
 	spent->sp_flag = -1;
 }
 
@@ -842,12 +852,13 @@ static void process_flags (int argc, char **argv)
 			{"create-home", no_argument, NULL, 'm'},
 			{"non-unique", no_argument, NULL, 'o'},
 			{"password", required_argument, NULL, 'p'},
+			{"system", no_argument, NULL, 'r'},
 			{"shell", required_argument, NULL, 's'},
 			{"uid", required_argument, NULL, 'u'},
 			{NULL, 0, NULL, '\0'}
 		};
 		while ((c =
-			getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:s:u:",
+			getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:rs:u:",
 				     long_options, NULL)) != -1) {
 			switch (c) {
 			case 'b':
@@ -1000,6 +1011,9 @@ static void process_flags (int argc, char **argv)
 				}
 				user_pass = optarg;
 				break;
+			case 'r':
+				rflg++;
+				break;
 			case 's':
 				if (!VALID (optarg)
 				    || (optarg[0]
@@ -1599,7 +1613,7 @@ int main (int argc, char **argv)
 		 * We do this because later we can use the uid we found as
 		 * gid too ... --gafton */
 		if (!uflg) {
-			if (find_new_uid (0, &user_id, NULL) < 0) {
+			if (find_new_uid (rflg, &user_id, NULL) < 0) {
 				fprintf (stderr, _("%s: can't create user\n"), Prog);
 				fail_exit (E_UID_IN_USE);
 			}
@@ -1617,7 +1631,7 @@ int main (int argc, char **argv)
 	/* do we have to add a group for that user? This is why we need to
 	 * open the group files in the open_files() function  --gafton */
 	if (!(nflg || gflg)) {
-		if (find_new_gid (0, &user_gid, &user_id) < 0) {
+		if (find_new_gid (rflg, &user_gid, &user_id) < 0) {
 			fprintf (stderr,
 				 _("%s: can't create group\n"),
 				 Prog);