#
# err msg
-# Display $msg on stderr, unless we're being quiet.
-#
+# Display $msg on stderr, unless we're being quiet.
+#
err() {
if [ -z "$quietflag" ]; then
- echo 1>&2 ${THISCMD}: ERROR: $*
+ echo 1>&2 ${THISCMD}: ERROR: $*
fi
}
# info msg
-# Display $msg on stdout, unless we're being quiet.
-#
+# Display $msg on stdout, unless we're being quiet.
+#
info() {
if [ -z "$quietflag" ]; then
- echo ${THISCMD}: INFO: $*
+ echo ${THISCMD}: INFO: $*
fi
}
# is not, output the value of the next higher uid that is available.
# If a uid is not specified, output the first available uid, as indicated
# by pw(8).
-#
+#
get_nextuid () {
_uid=$1
_nextuid=
echo " -E disable this account after creation"
echo " -G additional groups to add accounts to"
echo " -L login class of the user"
+ echo " -M file permission for home directory"
echo " -N do not read configuration file"
echo " -S a nonexistent shell is not an error"
echo " -d home directory"
_shell=$1
[ -z "$_shell" ] && return 1
+ # /usr/sbin/nologin is a special case; it needs to be handled
+ # before the cat | while loop, since a 'return' from within
+ # a subshell will not terminate the function's execution, and
+ # the path to the nologin shell might be printed out twice.
+ #
+ if [ "$_shell" = "${NOLOGIN}" -o \
+ "$_shell" = "${NOLOGIN_PATH}" ]; then
+ echo ${NOLOGIN_PATH}
+ return 0;
+ fi
+
cat ${ETCSHELLS} |
while read _path _junk ; do
case "$_path" in
esac
done
- # /usr/sbin/nologin is a special case
- if [ "$_shell" = "${NOLOGIN}" ]; then
- echo ${NOLOGIN_PATH}
- return 0;
- fi
-
return 1
}
# the path is invalid or it is not executable it
# will emit an informational message saying so.
#
-shell_exists()
-{
+shell_exists() {
_sh="$1"
_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF}
echo '' >> ${ADDUSERCONF}
+ echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF}
echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
echo "defaultclass=$uclass" >> ${ADDUSERCONF}
echo "defaultgroups=$ugroups" >> ${ADDUSERCONF}
echo "udotdir=$udotdir" >> ${ADDUSERCONF}
echo "msgfile=$msgfile" >> ${ADDUSERCONF}
echo "disableflag=$disableflag" >> ${ADDUSERCONF}
+ echo "uidstart=$uidstart" >> ${ADDUSERCONF}
}
# add_user
if [ "$uhome" = "$NOHOME" ]; then
_home='-d "$uhome"'
else
- _home='-m -d "$uhome"'
+ # Use home directory permissions if specified
+ if [ -n "$uhomeperm" ]; then
+ _home='-m -d "$uhome" -M "$uhomeperm"'
+ else
+ _home='-m -d "$uhome"'
+ fi
fi
elif [ -n "$Dflag" -a -n "$uhome" ]; then
_home='-d "$uhome"'
_input="`echo "$fileline" | cut -f1 -d:`"
fi
- # There *must* be a username. If this is an interactive
- # session give the user an opportunity to retry.
+ # There *must* be a username, and it must not exist. If
+ # this is an interactive session give the user an
+ # opportunity to retry.
#
if [ -z "$_input" ]; then
err "You must enter a username!"
[ -z "$fflag" ] && continue
fi
+ ${PWCMD} usershow $_input > /dev/null 2>&1
+ if [ "$?" -eq 0 ]; then
+ err "User exists!"
+ [ -z "$fflag" ] && continue
+ fi
break
done
username="$_input"
fi
}
+# get_homeperm
+# Reads the account's home directory permissions.
+#
+get_homeperm() {
+ uhomeperm=$defaultHomePerm
+ _input=
+ _prompt=
+
+ if [ -n "$uhomeperm" ]; then
+ _prompt="Home directory permissions [${uhomeperm}]: "
+ else
+ _prompt="Home directory permissions (Leave empty for default): "
+ fi
+ if [ -z "$fflag" ]; then
+ echo -n "$_prompt"
+ read _input
+ fi
+
+ if [ -n "$_input" ]; then
+ uhomeperm="$_input"
+ fi
+}
+
# get_uid
# Reads a numeric userid in an interactive or batch session. Automatically
# allocates one if it is not specified.
_input=
_prompt=
- # No need to take down uids for a configuration saving run.
- [ -n "$configflag" ] && return
-
if [ -n "$uuid" ]; then
_prompt="Uid [$uuid]: "
else
while read -r fileline ; do
case "$fileline" in
\#*|'')
- return 0
;;
- esac
-
- get_user || continue
- get_gecos
- get_uid
- get_logingroup
- get_class
- get_shell
- get_homedir
- get_password
- get_expire_dates
+ *)
+ get_user || continue
+ get_gecos
+ get_uid
+ get_logingroup
+ get_class
+ get_shell
+ get_homedir
+ get_homeperm
+ get_password
+ get_expire_dates
+ ugroups="$defaultgroups"
- add_user
+ add_user
+ ;;
+ esac
done
}
# the user database.
#
input_interactive() {
-
_disable=
_pass=
_passconfirm=
get_class
get_shell
get_homedir
+ get_homeperm
while : ; do
echo -n "Use password-based authentication? [$_usepass]: "
printf "%-10s : %s\n" "Class" "$uclass"
printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
printf "%-10s : %s\n" "Home" "$uhome"
+ printf "%-10s : %s\n" "Home Mode" "$uhomeperm"
printf "%-10s : %s\n" "Shell" "$ushell"
printf "%-10s : %s\n" "Locked" "$_disable"
while : ; do
return 0
}
-#### END SUBROUTINE DEFENITION ####
+#### END SUBROUTINE DEFINITION ####
THISCMD=`/usr/bin/basename $0`
DEFAULTSHELL=/bin/sh
ulogingroup=
uclass=
uhome=
+uhomeperm=
upass=
ushell=
udotdir=/usr/share/skel
defaultLgroup=
defaultgroups=
defaultshell="${DEFAULTSHELL}"
+defaultHomePerm=
# Make sure the user running this program is root. This isn't a security
-# measure as much as it is a usefull method of reminding the user to
+# measure as much as it is a useful method of reminding the user to
# 'su -' before he/she wastes time entering data that won't be saved.
#
procowner=${procowner:-`/usr/bin/id -u`}
exit 1
fi
-# Overide from our conf file
+# Override from our conf file
# Quickly go through the commandline line to see if we should read
# from our configuration file. The actual parsing of the commandline
# arguments happens after we read in our configuration file (commandline
fi
fi
-# Proccess command-line options
+# Process command-line options
#
for _switch ; do
case $_switch in
esac
shift; shift
;;
+ -M)
+ defaultHomePerm=$2
+ shift; shift
+ ;;
-N)
readconfig=
shift
git.ckatri.com / pw-darwin.git / blobdiff