]>
git.cameronkatri.com Git - pw-darwin.git/blob - adduser/adduser.sh
3 # Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions
8 # 1. Redistributions of source code must retain the above copyright
9 # notice, this list of conditions and the following disclaimer.
10 # 2. Redistributions in binary form must reproduce the above copyright
11 # notice, this list of conditions and the following disclaimer in the
12 # documentation and/or other materials provided with the distribution.
14 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 # Email: Mike Makonnen <mtm@FreeBSD.Org>
31 # Display $msg on stderr, unless we're being quiet.
34 if [ -z "$quietflag" ]; then
35 echo 1>&2 ${THISCMD}: ERROR
: $
*
40 # Display $msg on stdout, unless we're being quiet.
43 if [ -z "$quietflag" ]; then
44 echo ${THISCMD}: INFO
: $
*
49 # Output the value of $_uid if it is available for use. If it
50 # is not, output the value of the next higher uid that is available.
51 # If a uid is not specified, output the first available uid, as indicated
58 if [ -z "$_uid" ]; then
59 _nextuid
="`${PWCMD} usernext | cut -f1 -d:`"
62 ${PWCMD} usershow
$_uid > /dev
/null
2>&1
63 if [ ! "$?" -eq 0 ]; then
74 # Display usage information for this utility.
77 echo "usage: ${THISCMD} [options]"
78 echo " options may include:"
79 echo " -C save to the configuration file only"
80 echo " -D do not attempt to create the home directory"
81 echo " -E disable this account after creation"
82 echo " -G additional groups to add accounts to"
83 echo " -L login class of the user"
84 echo " -N do not read configuration file"
85 echo " -S a nonexistent shell is not an error"
86 echo " -d home directory"
87 echo " -f file from which input will be received"
88 echo " -g default login group"
89 echo " -h display this usage message"
90 echo " -k path to skeleton home directory"
91 echo " -m user welcome message file"
92 echo " -q absolute minimal user feedback"
94 echo " -u uid to start at"
95 echo " -w password type: no, none, yes or random"
99 # Outputs a list of valid shells from /etc/shells. Only the
100 # basename of the shell is output.
105 while read _path _junk
; do
110 echo -n "${_prefix}`basename $_path`"
116 # /usr/sbin/nologin is a special case
117 [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
120 # fullpath_from_shell shell
121 # Given $shell, which is either the full path to a shell or
122 # the basename component of a valid shell, get the
123 # full path to the shell from the /etc/shells file.
125 fullpath_from_shell
() {
127 [ -z "$_shell" ] && return 1
129 # /usr/sbin/nologin is a special case; it needs to be handled
130 # before the cat | while loop, since a 'return' from within
131 # a subshell will not terminate the function's execution, and
132 # the path to the nologin shell might be printed out twice.
134 if [ "$_shell" = "${NOLOGIN}" -o \
135 "$_shell" = "${NOLOGIN_PATH}" ]; then
141 while read _path _junk
; do
146 if [ "$_path" = "$_shell" -o \
147 "`basename $_path`" = "$_shell" ]; then
159 # If the given shell is listed in ${ETCSHELLS} or it is
160 # the nologin shell this function will return 0.
161 # Otherwise, it will return 1. If shell is valid but
162 # the path is invalid or it is not executable it
163 # will emit an informational message saying so.
168 _shellchk
="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
170 if ! eval $_shellchk; then
171 # The nologin shell is not listed in /etc/shells.
172 if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
173 err
"Invalid shell ($_sh) for user $username."
178 info
"The shell ($_sh) does not exist or is not executable."
184 # Save some variables to a configuration file.
185 # Note: not all script variables are saved, only those that
186 # it makes sense to save.
189 echo "# Configuration file for adduser(8)." > ${ADDUSERCONF}
190 echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
191 echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF}
192 echo '' >> ${ADDUSERCONF}
193 echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
194 echo "defaultclass=$uclass" >> ${ADDUSERCONF}
195 echo "defaultgroups=$ugroups" >> ${ADDUSERCONF}
196 echo "passwdtype=$passwdtype" >> ${ADDUSERCONF}
197 echo "homeprefix=$homeprefix" >> ${ADDUSERCONF}
198 echo "defaultshell=$ushell" >> ${ADDUSERCONF}
199 echo "udotdir=$udotdir" >> ${ADDUSERCONF}
200 echo "msgfile=$msgfile" >> ${ADDUSERCONF}
201 echo "disableflag=$disableflag" >> ${ADDUSERCONF}
205 # Add a user to the user database. If the user chose to send a welcome
206 # message or lock the account, do so.
210 # Is this a configuration run? If so, don't modify user database.
212 if [ -n "$configflag" ]; then
233 _name
="-n '$username'"
234 [ -n "$uuid" ] && _uid
='-u "$uuid"'
235 [ -n "$ulogingroup" ] && _group
='-g "$ulogingroup"'
236 [ -n "$ugroups" ] && _grouplist
='-G "$ugroups"'
237 [ -n "$ushell" ] && _shell
='-s "$ushell"'
238 [ -n "$uclass" ] && _class
='-L "$uclass"'
239 [ -n "$ugecos" ] && _comment
='-c "$ugecos"'
240 [ -n "$udotdir" ] && _dotdir
='-k "$udotdir"'
241 [ -n "$uexpire" ] && _expire
='-e "$uexpire"'
242 [ -n "$upwexpire" ] && _pwexpire
='-p "$upwexpire"'
243 if [ -z "$Dflag" -a -n "$uhome" ]; then
244 # The /nonexistent home directory is special. It
245 # means the user has no home directory.
246 if [ "$uhome" = "$NOHOME" ]; then
249 _home
='-m -d "$uhome"'
251 elif [ -n "$Dflag" -a -n "$uhome" ]; then
256 _passwdmethod
="-w no"
260 # Note on processing the password: The outer double quotes
261 # make literal everything except ` and \ and $.
262 # The outer single quotes make literal ` and $.
263 # We can ensure the \ isn't treated specially by specifying
264 # the -r switch to the read command used to obtain the input.
266 _passwdmethod
="-w yes"
268 _upasswd
='echo "$upass" |'
271 _passwdmethod
="-w none"
274 _passwdmethod
="-w random"
278 _pwcmd
="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
279 _pwcmd
="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
280 _pwcmd
="$_pwcmd $_expire $_pwexpire"
282 if ! _output
=`eval $_pwcmd` ; then
283 err
"There was an error adding user ($username)."
286 info
"Successfully added ($username) to the user database."
287 if [ "random" = "$passwdtype" ]; then
288 randompass
="$_output"
289 info
"Password for ($username) is: $randompass"
293 if [ -n "$disableflag" ]; then
294 if ${PWCMD} lock
$username ; then
295 info
"Account ($username) is locked."
297 info
"Account ($username) could NOT be locked."
304 if [ -n "$msgflag" ]; then
305 [ -r "$msgfile" ] && {
306 # We're evaluating the contents of an external file.
307 # Let's not open ourselves up for attack. _perms will
308 # be empty if it's writeable only by the owner. _owner
309 # will *NOT* be empty if the file is owned by root.
311 _dir
="`dirname $msgfile`"
312 _file
="`basename $msgfile`"
313 _perms
=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
314 _owner
=`/usr/bin/find $_dir -name $_file -user 0 -prune`
315 if [ -z "$_owner" -o -n "$_perms" ]; then
316 err
"The message file ($msgfile) may be writeable only by root."
320 while read _line
; do
322 done | ${MAILCMD} -s"Welcome" ${username}
323 info
"Sent welcome message to ($username)."
329 # Reads username of the account from standard input or from a global
330 # variable containing an account line from a file. The username is
331 # required. If this is an interactive session it will prompt in
332 # a loop until a username is entered. If it is batch processing from
333 # a file it will output an error message and return to the caller.
338 # No need to take down user names if this is a configuration saving run.
339 [ -n "$configflag" ] && return
342 if [ -z "$fflag" ]; then
346 _input
="`echo "$fileline" | cut -f1 -d:`"
349 # There *must* be a username, and it must not exist. If
350 # this is an interactive session give the user an
351 # opportunity to retry.
353 if [ -z "$_input" ]; then
354 err
"You must enter a username!"
355 [ -z "$fflag" ] && continue
357 ${PWCMD} usershow
$_input > /dev
/null
2>&1
358 if [ "$?" -eq 0 ]; then
360 [ -z "$fflag" ] && continue
368 # Reads extra information about the user. Can be used both in interactive
369 # and batch (from file) mode.
374 # No need to take down additional user information for a configuration run.
375 [ -n "$configflag" ] && return
377 if [ -z "$fflag" ]; then
378 echo -n "Full name: "
381 _input
="`echo "$fileline" | cut -f7 -d:`"
387 # Get the account's shell. Works in interactive and batch mode. It
388 # accepts either the base name of the shell or the full path.
389 # If an invalid shell is entered it will simply use the default shell.
394 ushell
="$defaultshell"
396 # Make sure the current value of the shell is a valid one
397 if [ -z "$Sflag" ]; then
398 if ! shell_exists
$ushell ; then
399 info
"Using default shell ${defaultshell}."
400 ushell
="$defaultshell"
404 if [ -z "$fflag" ]; then
405 echo -n "Shell ($shells) [`basename $ushell`]: "
408 _input
="`echo "$fileline" | cut -f9 -d:`"
410 if [ -n "$_input" ]; then
411 if [ -n "$Sflag" ]; then
414 _fullpath
=`fullpath_from_shell $_input`
415 if [ -n "$_fullpath" ]; then
418 err
"Invalid shell ($_input) for user $username."
419 info
"Using default shell ${defaultshell}."
420 ushell
="$defaultshell"
427 # Reads the account's home directory. Used both with interactive input
432 if [ -z "$fflag" ]; then
433 echo -n "Home directory [${homeprefix}/${username}]: "
436 _input
="`echo "$fileline" | cut -f8 -d:`"
439 if [ -n "$_input" ]; then
441 # if this is a configuration run, then user input is the home
442 # directory prefix. Otherwise it is understood to
445 [ -z "$configflag" ] && homeprefix
="`dirname $uhome`" || homeprefix
="$uhome"
447 uhome
="${homeprefix}/${username}"
452 # Reads a numeric userid in an interactive or batch session. Automatically
453 # allocates one if it is not specified.
456 if [ -z "$uuid" ]; then
463 # No need to take down uids for a configuration saving run.
464 [ -n "$configflag" ] && return
466 if [ -n "$uuid" ]; then
467 _prompt
="Uid [$uuid]: "
469 _prompt
="Uid (Leave empty for default): "
471 if [ -z "$fflag" ]; then
475 _input
="`echo "$fileline" | cut -f2 -d:`"
478 [ -n "$_input" ] && uuid
=$_input
479 uuid
=`get_nextuid $uuid`
484 # Reads login class of account. Can be used in interactive or batch mode.
487 uclass
="$defaultclass"
489 _class
=${uclass:-"default"}
491 if [ -z "$fflag" ]; then
492 echo -n "Login class [$_class]: "
495 _input
="`echo "$fileline" | cut -f4 -d:`"
498 [ -n "$_input" ] && uclass
="$_input"
502 # Reads user's login group. Can be used in both interactive and batch
503 # modes. The specified value can be a group name or its numeric id.
504 # This routine leaves the field blank if nothing is provided and
505 # a default login group has not been set. The pw(8) command
506 # will then provide a login group with the same name as the username.
509 ulogingroup
="$defaultLgroup"
512 if [ -z "$fflag" ]; then
513 echo -n "Login group [${ulogingroup:-$username}]: "
516 _input
="`echo "$fileline" | cut -f3 -d:`"
519 # Pw(8) will use the username as login group if it's left empty
520 [ -n "$_input" ] && ulogingroup
="$_input"
524 # Read additional groups for the user. It can be used in both interactive
528 ugroups
="$defaultgroups"
530 _group
=${ulogingroup:-"${username}"}
532 if [ -z "$configflag" ]; then
533 [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
534 [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
536 [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
540 [ -n "$_input" ] && ugroups
="$_input"
544 # Read expiry information for the account and also for the password. This
545 # routine is used only from batch processing mode.
548 upwexpire
="`echo "$fileline" | cut -f5 -d:`"
549 uexpire
="`echo "$fileline" | cut -f6 -d:`"
553 # Read the password in batch processing mode. The password field matters
554 # only when the password type is "yes" or "random". If the field is empty and the
555 # password type is "yes", then it assumes the account has an empty passsword
556 # and changes the password type accordingly. If the password type is "random"
557 # and the password field is NOT empty, then it assumes the account will NOT
558 # have a random password and set passwdtype to "yes."
561 # We may temporarily change a password type. Make sure it's changed
562 # back to whatever it was before we process the next account.
564 [ -n "$savedpwtype" ] && {
565 passwdtype
=$savedpwtype
569 # There may be a ':' in the password
570 upass
=${fileline#*:*:*:*:*:*:*:*:*:}
572 if [ -z "$upass" ]; then
575 # if it's empty, assume an empty password
591 # Reads a line of account information from standard input and
592 # adds it to the user database.
597 while read -r fileline
; do
618 # Prompts for user information interactively, and commits to
621 input_interactive
() {
648 # The case where group = user is handled elsewhere, so
649 # validate any other groups the user is invited to.
650 until [ "$_logingroup_ok" = yes ]; do
653 if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
654 if ! ${PWCMD} show group
$ulogingroup > /dev
/null
2>&1; then
655 echo "Group $ulogingroup does not exist!"
660 until [ "$_groups_ok" = yes ]; do
663 for i
in $ugroups; do
664 if [ "$username" != "$i" ]; then
665 if ! ${PWCMD} show group
$i > /dev
/null
2>&1; then
666 echo "Group $i does not exist!"
678 echo -n "Use password-based authentication? [$_usepass]: "
680 [ -z "$_input" ] && _input
=$_usepass
685 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
687 echo -n "Use an empty password? (yes/no) [$_emptypass]: "
689 [ -n "$_input" ] && _emptypass
=$_input
692 echo -n "Use a random password? (yes/no) [$_random]: "
694 [ -n "$_input" ] && _random
="$_input"
696 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
702 [ -n "$configflag" ] && break
703 trap 'stty echo; exit' 0 1 2 3 15
705 echo -n "Enter password: "
708 echo -n "Enter password again: "
712 # if user entered a blank password
713 # explicitly ask again.
714 [ -z "$upass" -a -z "$_passconfirm" ] \
717 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
722 # invalid answer; repeat the loop
726 if [ "$upass" != "$_passconfirm" ]; then
727 echo "Passwords did not match!"
734 # invalid answer; repeat loop
740 _disable
=${disableflag:-"no"}
742 echo -n "Lock out the account after creation? [$_disable]: "
744 [ -z "$_input" ] && _input
=$_disable
749 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
753 # invalid answer; repeat loop
760 # Display the information we have so far and prompt to
763 _disable
=${disableflag:-"no"}
764 [ -z "$configflag" ] && printf "%-10s : %s\n" Username
$username
779 [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
780 [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
781 [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
782 [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
783 printf "%-10s : %s\n" "Class" "$uclass"
784 printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
785 printf "%-10s : %s\n" "Home" "$uhome"
786 printf "%-10s : %s\n" "Shell" "$ushell"
787 printf "%-10s : %s\n" "Locked" "$_disable"
789 echo -n "OK? (yes/no): "
795 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
807 #### END SUBROUTINE DEFINITION ####
809 THISCMD
=`/usr/bin/basename $0`
811 ADDUSERCONF
="${ADDUSERCONF:-/etc/adduser.conf}"
812 PWCMD
="${PWCMD:-/usr/sbin/pw}"
813 MAILCMD
="${MAILCMD:-mail}"
814 ETCSHELLS
="${ETCSHELLS:-/etc/shells}"
815 NOHOME
="/nonexistent"
817 NOLOGIN_PATH
="/usr/sbin/nologin"
818 GREPCMD
="/usr/bin/grep"
832 udotdir
=/usr
/share
/skel
836 shells
="`valid_shells`"
838 msgfile
=/etc
/adduser.msg
855 defaultshell
="${DEFAULTSHELL}"
857 # Make sure the user running this program is root. This isn't a security
858 # measure as much as it is a usefull method of reminding the user to
859 # 'su -' before he/she wastes time entering data that won't be saved.
861 procowner
=${procowner:-`/usr/bin/id -u`}
862 if [ "$procowner" != "0" ]; then
863 err
'you must be the super-user (uid 0) to use this utility.'
867 # Overide from our conf file
868 # Quickly go through the commandline line to see if we should read
869 # from our configuration file. The actual parsing of the commandline
870 # arguments happens after we read in our configuration file (commandline
871 # should override configuration file).
874 if [ "$_i" = "-N" ]; then
879 if [ -n "$readconfig" ]; then
880 # On a long-lived system, the first time this script is run it
881 # will barf upon reading the configuration file for its perl predecessor.
882 if ( .
${ADDUSERCONF} > /dev
/null
2>&1 ); then
883 [ -r ${ADDUSERCONF} ] && .
${ADDUSERCONF} > /dev
/null
2>&1
887 # Proccess command-line options
912 [ "$2" != "-" ] && infile
="$2"
965 defaultshell
="`fullpath_from_shell $2`"
979 # If the -f switch was used, get input from a file. Otherwise,
980 # this is an interactive session.
982 if [ -n "$fflag" ]; then
983 if [ -z "$infile" ]; then
985 elif [ -n "$infile" ]; then
986 if [ -r "$infile" ]; then
987 input_from_file
< $infile
989 err
"File ($infile) is unreadable or does not exist."
995 if [ -z "$configflag" ]; then
996 echo -n "Add another user? (yes/no): "
998 echo -n "Re-edit the default configuration? (yes/no): "
1002 [Yy
][Ee
][Ss
]|[Yy
][Ee
]|[Yy
])
1003 uidstart
=`get_nextuid $uidstart`