From 18c914f08631bf435c54c575ae3ba007ec92bcaf Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Tue, 19 Feb 2008 21:01:38 +0000 Subject: [PATCH] Added new option -r, --system for system accounts in useradd, groupadd, and newusers. --- ChangeLog | 13 +++++++++++++ NEWS | 7 +++++++ etc/login.defs | 8 +++++++- libmisc/find_new_ids.c | 16 ++++++++++++---- src/groupadd.c | 10 ++++++++-- src/newusers.c | 6 ++++-- src/useradd.c | 20 +++++++++++++++++--- 7 files changed, 68 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26b8a465..f7127359 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2008-02-19 Nicolas François + + * NEWS, etc/login.defs: Set GID_MIN to the same value as UID_MIN + by default (1000). + * NEWS, etc/login.defs: Added variables SYS_UID_MIN (100), + SYS_UID_MAX (999), SYS_GID_MIN (100), SYS_GID_MAX (999) for system + accounts. + * libmisc/find_new_ids.c: Added support for system accounts in + find_new_uid() and find_new_gid(). + * NEWS, src/newusers.c, src/useradd.c, src/groupadd.c: Added new + option -r, --system for system accounts in useradd, groupadd, and + newusers. + 2008-02-18 Nicolas François * NEWS, src/groupmems.c: Fix buffer overflow when adding an user diff --git a/NEWS b/NEWS index e10fbb8f..a5a0a0a8 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,10 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED - general * Do not translate the messages sent to syslog. This avoids logging PAM error messages in the users's locale. +- etc/login.defs + * Set GID_MIN to the same value as UID_MIN by default (1000). + * Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100), + SYS_GID_MAX (999) for system accounts. - etc/useradd * /etc/default/useradd now defines HOME as /home to match FHS. - chage @@ -19,6 +23,7 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED passwd entry, but no shadow entry. - groupadd * New option -p/--password to specify an encrypted password. + * New option -r, --system for system accounts. - groupmems * Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. - groupmod @@ -46,6 +51,7 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED * Fix support for the NONE crypt method. * newusers will behave more like useradd regarding the choice of UID or GID or regarding the validity of user and group names. + * New option -r, --system for system accounts. - passwd * Make sure that no more than one username argument was provided. - pwck @@ -63,6 +69,7 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED but should behave as -D) * Document the --defaults option, which was already described in the useradd's Usage information. + * New option -r, --system for system accounts. - usermod * Keep the access and modification time of files when moving an user's home directory. diff --git a/etc/login.defs b/etc/login.defs index e518d5db..fc839fb0 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -214,12 +214,18 @@ CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict # UID_MIN 1000 UID_MAX 60000 +# System accounts +SYS_UID_MIN 100 +SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # -GID_MIN 100 +GID_MIN 1000 GID_MAX 60000 +# System accounts +SYS_GID_MIN 100 +SYS_GID_MAX 999 # # Max number of login retries if password is bad diff --git a/libmisc/find_new_ids.c b/libmisc/find_new_ids.c index 63288d3a..487a5106 100644 --- a/libmisc/find_new_ids.c +++ b/libmisc/find_new_ids.c @@ -24,11 +24,15 @@ int find_new_uid (int sys_user, uid_t *uid, uid_t const *preferred_uid) uid_t uid_min, uid_max, user_id; assert (uid != NULL); - /* TODO: add support for system users */ - assert (sys_user == 0); + if (sys_user == 0) { uid_min = getdef_unum ("UID_MIN", 1000); uid_max = getdef_unum ("UID_MAX", 60000); + } else { + uid_min = getdef_unum ("SYS_UID_MIN", 1); + uid_max = getdef_unum ("UID_MIN", 1000) - 1; + uid_max = getdef_unum ("SYS_UID_MAX", uid_max); + } if ( (NULL != preferred_uid) && (*preferred_uid >= uid_min) @@ -102,11 +106,15 @@ int find_new_gid (int sys_group, gid_t *gid, gid_t const *preferred_gid) gid_t gid_min, gid_max, group_id; assert (gid != NULL); - /* TODO: add support for system groups */ - assert (sys_group == 0); + if (sys_group == 0) { gid_min = getdef_unum ("GID_MIN", 1000); gid_max = getdef_unum ("GID_MAX", 60000); + } else { + gid_min = getdef_unum ("SYS_GID_MIN", 1); + gid_max = getdef_unum ("GID_MIN", 1000) - 1; + gid_max = getdef_unum ("SYS_GID_MAX", gid_max); + } if ( (NULL != preferred_gid) && (*preferred_gid >= gid_min) diff --git a/src/groupadd.c b/src/groupadd.c index c7ce0d15..8a2b4294 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -76,6 +76,7 @@ static char *Prog; static int oflg = 0; /* permit non-unique group ID to be specified with -g */ static int gflg = 0; /* ID value for the new group */ static int fflg = 0; /* if group already exists, do nothing and exit(0) */ +static int rflg = 0; /* create a system account */ static int pflg = 0; /* new encrypted password */ #ifdef USE_PAM @@ -114,6 +115,7 @@ static void usage (void) " -K, --key KEY=VALUE overrides /etc/login.defs defaults\n" " -o, --non-unique allow create group with duplicate\n" " (non-unique) GID\n" + " -r, --system create a system account\n" "\n"), stderr); exit (E_USAGE); } @@ -357,11 +359,12 @@ static void process_flags (int argc, char **argv) {"key", required_argument, NULL, 'K'}, {"non-unique", required_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"system", no_argument, NULL, 'r'}, {NULL, 0, NULL, '\0'} }; while ((c = - getopt_long (argc, argv, "fg:hK:o", long_options, + getopt_long (argc, argv, "fg:hK:or", long_options, &option_index)) != -1) { switch (c) { case 'f': @@ -408,6 +411,9 @@ static void process_flags (int argc, char **argv) pflg++; group_passwd = optarg; break; + case 'r': + rflg++; + break; default: usage (); } @@ -556,7 +562,7 @@ int main (int argc, char **argv) open_files (); if (!gflg) { - if (find_new_gid (0, &group_id, NULL) < 0) { + if (find_new_gid (rflg, &group_id, NULL) < 0) { fprintf (stderr, _("%s: can't create group\n"), Prog); fail_exit (E_GID_IN_USE); } diff --git a/src/newusers.c b/src/newusers.c index 9f2579a8..25706bcc 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -62,6 +62,7 @@ */ static char *Prog; static int cflg = 0; +static int rflg = 0; /* create a system account */ static int sflg = 0; static char *crypt_method = NULL; @@ -97,6 +98,7 @@ static void usage (void) fprintf (stderr, _("Usage: %s [options] [input]\n" "\n" " -c, --crypt-method the crypt method (one of %s)\n" + " -r, --system create system accounts\n" "%s" "\n"), Prog, @@ -164,7 +166,7 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid) * already the name of an existing group. * In both cases, figure out what group ID can be used. */ - if (find_new_gid(0, &grent.gr_gid, &uid) < 0) { + if (find_new_gid(rflg, &grent.gr_gid, &uid) < 0) { return -1; } } @@ -266,7 +268,7 @@ static int get_uid (const char *uid, uid_t *nuid) { return -1; } } else { - if (find_new_uid (0, nuid, NULL) < 0) { + if (find_new_uid (rflg, nuid, NULL) < 0) { return -1; } } diff --git a/src/useradd.c b/src/useradd.c index 503f4063..57cbdfc7 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -128,6 +128,7 @@ static int mflg = 0, /* create user's home directory if it doesn't exist */ nflg = 0, /* create a group having the same name as the user */ oflg = 0, /* permit non-unique user ID to be specified with -u */ + rflg = 0, /* create a system account */ sflg = 0, /* shell program for new account */ uflg = 0; /* specify user ID for new account */ @@ -636,6 +637,7 @@ static void usage (void) " (non-unique) UID\n" " -p, --password PASSWORD use encrypted password for the new user\n" " account\n" + " -r, --system create a system account\n" " -s, --shell SHELL the login shell for the new user account\n" " -u, --uid UID force use the UID for the new user account\n" "\n"), stderr); @@ -684,11 +686,19 @@ static void new_spent (struct spwd *spent) spent->sp_namp = (char *) user_name; spent->sp_pwdp = (char *) user_pass; spent->sp_lstchg = time ((time_t *) 0) / SCALE; + if (!rflg) { spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1)); spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1)); spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1)); spent->sp_inact = scale_age (def_inactive); spent->sp_expire = scale_age (user_expire); + } else { + spent->sp_min = scale_age (-1); + spent->sp_max = scale_age (-1); + spent->sp_warn = scale_age (-1); + spent->sp_inact = scale_age (-1); + spent->sp_expire = scale_age (-1); + } spent->sp_flag = -1; } @@ -842,12 +852,13 @@ static void process_flags (int argc, char **argv) {"create-home", no_argument, NULL, 'm'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, + {"system", no_argument, NULL, 'r'}, {"shell", required_argument, NULL, 's'}, {"uid", required_argument, NULL, 'u'}, {NULL, 0, NULL, '\0'} }; while ((c = - getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:s:u:", + getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:rs:u:", long_options, NULL)) != -1) { switch (c) { case 'b': @@ -1000,6 +1011,9 @@ static void process_flags (int argc, char **argv) } user_pass = optarg; break; + case 'r': + rflg++; + break; case 's': if (!VALID (optarg) || (optarg[0] @@ -1599,7 +1613,7 @@ int main (int argc, char **argv) * We do this because later we can use the uid we found as * gid too ... --gafton */ if (!uflg) { - if (find_new_uid (0, &user_id, NULL) < 0) { + if (find_new_uid (rflg, &user_id, NULL) < 0) { fprintf (stderr, _("%s: can't create user\n"), Prog); fail_exit (E_UID_IN_USE); } @@ -1617,7 +1631,7 @@ int main (int argc, char **argv) /* do we have to add a group for that user? This is why we need to * open the group files in the open_files() function --gafton */ if (!(nflg || gflg)) { - if (find_new_gid (0, &user_gid, &user_id) < 0) { + if (find_new_gid (rflg, &user_gid, &user_id) < 0) { fprintf (stderr, _("%s: can't create group\n"), Prog);