emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Allow supplementary groups to be added via config file

Browse Source 
Allow supplementary groups to be set via the /etc/default/useradd config
file. Allowing an administrator to set additonal groups via the GROUPS
configurable and control the default behaviour of useradd.
This commit is contained in:
Andy Zaugg 2022-10-18 16:30:14 -07:00 committed by Serge Hallyn
parent e0524e813a
commit e8d2bc8d8b
7 changed files with 185 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
man/useradd.8.xml
View File

@ -263,7 +263,9 @@
intervening whitespace. The groups are subject to the same intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option> restrictions as the group given with the <option>-g</option>
option. The default is for the user to belong only to the option. The default is for the user to belong only to the
initial group. initial group. In addition to passing in the -G flag, you can
add the option <option>GROUPS</option> to the file <filename>/etc/default/useradd</filename>
which in turn will add all users to those supplementary groups.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

20
src/useradd.c
View File

@ -80,6 +80,7 @@ const char *Prog;
* These defaults are used if there is no defaults file. * These defaults are used if there is no defaults file.
*/ */
static gid_t def_group = 1000; static gid_t def_group = 1000;
static const char *def_groups = "";
static const char *def_gname = "other"; static const char *def_gname = "other";
static const char *def_home = "/home"; static const char *def_home = "/home";
static const char *def_shell = "/bin/bash"; static const char *def_shell = "/bin/bash";
@ -183,6 +184,7 @@ static bool home_added = false;
#endif /* ENABLE_SUBIDS */ #endif /* ENABLE_SUBIDS */
#define DGROUP "GROUP=" #define DGROUP "GROUP="
#define DGROUPS "GROUPS="
#define DHOME "HOME=" #define DHOME "HOME="
#define DSHELL "SHELL=" #define DSHELL "SHELL="
#define DINACT "INACTIVE=" #define DINACT "INACTIVE="
@ -399,6 +401,17 @@ static void get_defaults (void)
} }
} }
if (MATCH (buf, DGROUPS)) {
if (get_groups (cp) != 0) {
fprintf (stderr,
_("%s: the '%s' configuraton in %s has an invalid group, ignoring the bad group\n"),
Prog, DGROUPS, default_file);
}
if (user_groups[0] != NULL) {
do_grp_update = true;
def_groups = xstrdup (cp);
}
}
/* /*
* Default HOME filesystem * Default HOME filesystem
*/ */
@ -497,6 +510,7 @@ static void get_defaults (void)
static void show_defaults (void) static void show_defaults (void)
{ {
printf ("GROUP=%u\n", (unsigned int) def_group); printf ("GROUP=%u\n", (unsigned int) def_group);
printf ("GROUPS=%s\n", def_groups);
printf ("HOME=%s\n", def_home); printf ("HOME=%s\n", def_home);
printf ("INACTIVE=%ld\n", def_inactive); printf ("INACTIVE=%ld\n", def_inactive);
printf ("EXPIRE=%s\n", def_expire); printf ("EXPIRE=%s\n", def_expire);
@ -525,6 +539,7 @@ static int set_defaults (void)
int ofd; int ofd;
int wlen; int wlen;
bool out_group = false; bool out_group = false;
bool out_groups = false;
bool out_home = false; bool out_home = false;
bool out_inactive = false; bool out_inactive = false;
bool out_expire = false; bool out_expire = false;
@ -628,6 +643,9 @@ static int set_defaults (void)
if (!out_group && MATCH (buf, DGROUP)) { if (!out_group && MATCH (buf, DGROUP)) {
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group); fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
out_group = true; out_group = true;
} else if (!out_groups && MATCH (buf, DGROUPS)) {
fprintf (ofp, DGROUPS "%s\n", def_groups);
out_groups = true;
} else if (!out_home && MATCH (buf, DHOME)) { } else if (!out_home && MATCH (buf, DHOME)) {
fprintf (ofp, DHOME "%s\n", def_home); fprintf (ofp, DHOME "%s\n", def_home);
out_home = true; out_home = true;
@ -668,6 +686,8 @@ static int set_defaults (void)
*/ */
if (!out_group) if (!out_group)
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group); fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
if (!out_groups)
fprintf (ofp, DGROUPS "%s\n", def_groups);
if (!out_home) if (!out_home)
fprintf (ofp, DHOME "%s\n", def_home); fprintf (ofp, DHOME "%s\n", def_home);
if (!out_inactive) if (!out_inactive)

8
tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt Normal file
View File

@ -0,0 +1,8 @@
# no testsuite password
# root password: rootF00barbaz
# myuser password: myuserF00barbaz
user foo, in group bin
user foo, in group adm
user foo, in group man
user foo, in group cdrom

40
tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd Normal file
View File

@ -0,0 +1,40 @@
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/foobar
#
# The default group for users
# 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# The default behavior (when -n and -g are not specified) is to create a
# primary user group with the same name as the user being added to the
# system.
GROUP=10
#
# Addional supplementary groups for users
GROUPS=bin,adm,man,cdrom
#
# The default home directory. Same as DHOME for adduser
#
HOME=/tmp
#
# The number of days after a password expires until the account
# is permanently disabled
INACTIVE=12
#
# The default expire date
EXPIRE=2007-12-02
#
# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user's home directory when it is created.
# SKEL=/etc/skel
#
# Defines whether the mail spool should be created while
# creating the account
# CREATE_MAIL_SPOOL=yes

41
tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group Normal file
View File

@ -0,0 +1,41 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:

42
tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group Normal file
View File

@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:foo
sys:x:3:
adm:x:4:foo
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:foo
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:foo
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

31
tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
set -e
cd "$(dirname $0)"
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
printf "Create user foo, with group associations with bin,adm,man,cdrom..."
useradd foo
printf "OK\n"
printf "Check the group file..."
../../../common/compare_file.pl data/group /etc/group
printf "OK\n"
log_status "$0" "SUCCESS"
restore_config
trap '' 0