From e8d2bc8d8b2c827e67cb8e3f9a6e1800af25c86f Mon Sep 17 00:00:00 2001
From: Andy Zaugg <andy.zaugg@gmail.com>
Date: Tue, 18 Oct 2022 16:30:14 -0700
Subject: [PATCH] Allow supplementary groups to be added via config file

Allow supplementary groups to be set via the /etc/default/useradd config
file. Allowing an administrator to set additonal groups via the GROUPS
configurable and control the default behaviour of useradd.
---
 man/useradd.8.xml                             |  4 +-
 src/useradd.c                                 | 20 +++++++++
 .../69_useradd_default_GROUPS_name/config.txt |  8 ++++
 .../config/etc/default/useradd                | 40 ++++++++++++++++++
 .../config/etc/group                          | 41 ++++++++++++++++++
 .../69_useradd_default_GROUPS_name/data/group | 42 +++++++++++++++++++
 .../useradd.test                              | 31 ++++++++++++++
 7 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
 create mode 100644 tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
 create mode 100644 tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
 create mode 100644 tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
 create mode 100755 tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test

diff --git a/man/useradd.8.xml b/man/useradd.8.xml
index a36db793..05e939a6 100644
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -263,7 +263,9 @@
 	    intervening whitespace. The groups are subject to the same
 	    restrictions as the group given with the <option>-g</option>
 	    option. The default is for the user to belong only to the
-	    initial group.
+	    initial group. In addition to passing in the -G flag, you can
+		add the option <option>GROUPS</option> to the file <filename>/etc/default/useradd</filename>
+		which in turn will add all users to those supplementary groups.
 	  </para>
 	</listitem>
       </varlistentry>
diff --git a/src/useradd.c b/src/useradd.c
index e784d602..e59e4768 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -80,6 +80,7 @@ const char *Prog;
  * These defaults are used if there is no defaults file.
  */
 static gid_t def_group = 1000;
+static const char *def_groups = "";
 static const char *def_gname = "other";
 static const char *def_home = "/home";
 static const char *def_shell = "/bin/bash";
@@ -183,6 +184,7 @@ static bool home_added = false;
 #endif				/* ENABLE_SUBIDS */
 
 #define DGROUP			"GROUP="
+#define DGROUPS			"GROUPS="
 #define DHOME			"HOME="
 #define DSHELL			"SHELL="
 #define DINACT			"INACTIVE="
@@ -399,6 +401,17 @@ static void get_defaults (void)
 			}
 		}
 
+		if (MATCH (buf, DGROUPS)) {
+			if (get_groups (cp) != 0) {
+				fprintf (stderr,
+				         _("%s: the '%s' configuraton in %s has an invalid group, ignoring the bad group\n"),
+				         Prog, DGROUPS, default_file);
+			}
+			if (user_groups[0] != NULL) {
+				do_grp_update = true;
+				def_groups = xstrdup (cp);
+			}
+		}
 		/*
 		 * Default HOME filesystem
 		 */
@@ -497,6 +510,7 @@ static void get_defaults (void)
 static void show_defaults (void)
 {
 	printf ("GROUP=%u\n", (unsigned int) def_group);
+	printf ("GROUPS=%s\n", def_groups);
 	printf ("HOME=%s\n", def_home);
 	printf ("INACTIVE=%ld\n", def_inactive);
 	printf ("EXPIRE=%s\n", def_expire);
@@ -525,6 +539,7 @@ static int set_defaults (void)
 	int ofd;
 	int wlen;
 	bool out_group = false;
+	bool out_groups = false;
 	bool out_home = false;
 	bool out_inactive = false;
 	bool out_expire = false;
@@ -628,6 +643,9 @@ static int set_defaults (void)
 		if (!out_group && MATCH (buf, DGROUP)) {
 			fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
 			out_group = true;
+		} else if (!out_groups && MATCH (buf, DGROUPS)) {
+			fprintf (ofp, DGROUPS "%s\n", def_groups);
+			out_groups = true;
 		} else if (!out_home && MATCH (buf, DHOME)) {
 			fprintf (ofp, DHOME "%s\n", def_home);
 			out_home = true;
@@ -668,6 +686,8 @@ static int set_defaults (void)
 	 */
 	if (!out_group)
 		fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
+	if (!out_groups)
+		fprintf (ofp, DGROUPS "%s\n", def_groups);
 	if (!out_home)
 		fprintf (ofp, DHOME "%s\n", def_home);
 	if (!out_inactive)
diff --git a/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
new file mode 100644
index 00000000..74c5907a
--- /dev/null
+++ b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
@@ -0,0 +1,8 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group bin
+user foo, in group adm
+user foo, in group man
+user foo, in group cdrom
diff --git a/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
new file mode 100644
index 00000000..9e75e543
--- /dev/null
+++ b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
@@ -0,0 +1,40 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# Addional supplementary groups for users
+GROUPS=bin,adm,man,cdrom
+#
+# The default home directory. Same as DHOME for adduser
+#
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
new file mode 100644
index 00000000..773c93bf
--- /dev/null
+++ b/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
\ No newline at end of file
diff --git a/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group b/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
new file mode 100644
index 00000000..02214e63
--- /dev/null
+++ b/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
@@ -0,0 +1,42 @@
+ root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
\ No newline at end of file
diff --git a/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test b/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
new file mode 100755
index 00000000..9446830f
--- /dev/null
+++ b/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname $0)"
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+printf "Create user foo, with group associations with bin,adm,man,cdrom..."
+useradd foo
+printf "OK\n"
+
+printf "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+printf "OK\n"
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+