From 50568f27d680f3a286fdcfaebb5e4f361c4c7e8b Mon Sep 17 00:00:00 2001 From: Marcel Moolenaar Date: Wed, 10 Mar 2010 02:16:04 +0000 Subject: Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD. --- adduser/Makefile | 6 - adduser/adduser.8 | 480 ---------------------- adduser/adduser.conf.5 | 221 ---------- adduser/adduser.sh | 1050 ------------------------------------------------ adduser/rmuser.8 | 210 ---------- adduser/rmuser.sh | 361 ----------------- 6 files changed, 2328 deletions(-) delete mode 100644 adduser/Makefile delete mode 100644 adduser/adduser.8 delete mode 100644 adduser/adduser.conf.5 delete mode 100644 adduser/adduser.sh delete mode 100644 adduser/rmuser.8 delete mode 100644 adduser/rmuser.sh (limited to 'adduser') diff --git a/adduser/Makefile b/adduser/Makefile deleted file mode 100644 index 0ca2dae..0000000 --- a/adduser/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -# $FreeBSD$ - -SCRIPTS=adduser.sh rmuser.sh -MAN= adduser.conf.5 adduser.8 rmuser.8 - -.include diff --git a/adduser/adduser.8 b/adduser/adduser.8 deleted file mode 100644 index 03f7e34..0000000 --- a/adduser/adduser.8 +++ /dev/null @@ -1,480 +0,0 @@ -.\" Copyright (c) 1995-1996 Wolfram Schneider . Berlin. -.\" All rights reserved. -.\" Copyright (c) 2002-2004 Michael Telahun Makonnen -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd March 16, 2008 -.Dt ADDUSER 8 -.Os -.Sh NAME -.Nm adduser -.Nd command for adding new users -.Sh SYNOPSIS -.Nm -.Op Fl CDENShq -.Op Fl G Ar groups -.Op Fl L Ar login_class -.Op Fl M Ar mode -.Op Fl d Ar partition -.Op Fl f Ar file -.Op Fl g Ar login_group -.Op Fl k Ar dotdir -.Op Fl m Ar message_file -.Op Fl s Ar shell -.Op Fl u Ar uid_start -.Op Fl w Ar type -.Sh DESCRIPTION -The -.Nm -utility is a shell script, implemented around the -.Xr pw 8 -command, for adding new users. -It creates passwd/group entries, a home directory, -copies dotfiles and sends the new user a welcome message. -It supports two modes of operation. -It may be used interactively -at the command line to add one user at a time, or it may be directed -to get the list of new users from a file and operate in batch mode -without requiring any user interaction. -.Sh RESTRICTIONS -.Bl -tag -width indent -.It username -Login name. -The user name is restricted to whatever -.Xr pw 8 -will accept. -Generally this means it -may contain only lowercase characters or digits but cannot begin with the -.Ql - -character. -Maximum length -is 16 characters. -The reasons for this limit are historical. -Given that people have traditionally wanted to break this -limit for aesthetic reasons, it has never been of great importance to break -such a basic fundamental parameter in -.Ux . -You can change -.Dv UT_NAMESIZE -in -.In utmp.h -and recompile the -world; people have done this and it works, but you will have problems -with any precompiled programs, or source that assumes the 8-character -name limit, such as NIS. -The NIS protocol mandates an 8-character username. -If you need a longer login name for e-mail addresses, -you can define an alias in -.Pa /etc/mail/aliases . -.It "full name" -This is typically known as the gecos field and usually contains -the user's full name. -Additionally, it may contain a comma separated -list of values such as office number and work and home phones. -If the -name contains an ampersand it will be replaced by the capitalized -login name when displayed by other programs. -The -.Ql \&: -character is not allowed. -.It shell -Unless the -.Fl S -argument is supplied only valid shells from the shell database -.Pq Pa /etc/shells -are allowed. -In addition, -either the base name or the full path of the shell may be supplied. -.It UID -Automatically generated or your choice. -It must be less than 32000. -.It "GID/login group" -Automatically generated or your choice. -It must be less than 32000. -.It password -You may choose an empty password, disable the password, use a -randomly generated password or specify your own plaintext password, -which will be encrypted before being stored in the user database. -.El -.Sh UNIQUE GROUPS -Perhaps you are missing what -.Em can -be done with this scheme that falls apart -with most other schemes. -With each user in their own group, -they can safely run with a umask of 002 instead of the usual 022 -and create files in their home directory -without worrying about others being able to change them. -.Pp -For a shared area you create a separate UID/GID (like cvs or ncvs on freefall), -you place each person that should be able to access this area into that new -group. -.Pp -This model of UID/GID administration allows far greater flexibility than lumping -users into groups and having to muck with the umask when working in a shared -area. -.Pp -I have been using this model for almost 10 years and found that it works -for most situations, and has never gotten in the way. -(Rod Grimes) -.Sh CONFIGURATION -The -.Nm -utility reads its configuration information from -.Pa /etc/adduser.conf . -If this file does not exist, it will use predefined defaults. -While this file may be edited by hand, -the safer option is to use the -.Fl C -command line argument. -With this argument, -.Nm -will start interactive input, save the answers to its prompts in -.Pa /etc/adduser.conf , -and promptly exit without modifying the user -database. -Options specified on the command line will take precedence over -any values saved in this file. -.Sh OPTIONS -.Bl -tag -width indent -.It Fl C -Create new configuration file and exit. -This option is mutually exclusive with the -.Fl f -option. -.It Fl d Ar partition -Home partition. -Default partition, under which all user directories -will be located. -The -.Pa /nonexistent -partition is considered special. -The -.Nm -script will not create and populate a home directory by that name. -Otherwise, -by default it attempts to create a home directory. -.It Fl D -Do not attempt to create the home directory. -.It Fl E -Disable the account. -This option will lock the account by prepending the string -.Dq Li *LOCKED* -to the password field. -The account may be unlocked -by the super-user with the -.Xr pw 8 -command: -.Pp -.D1 Nm pw Cm unlock Op Ar name | uid -.It Fl f Ar file -Get the list of accounts to create from -.Ar file . -If -.Ar file -is -.Dq Fl , -then get the list from standard input. -If this option is specified, -.Nm -will operate in batch mode and will not seek any user input. -If an error is encountered while processing an account, it will write a -message to standard error and move to the next account. -The format -of the input file is described below. -.It Fl g Ar login_group -Normally, -if no login group is specified, -it is assumed to be the same as the username. -This option makes -.Ar login_group -the default. -.It Fl G Ar groups -Space-separated list of additional groups. -This option allows the user to specify additional groups to add users to. -The user is a member of these groups in addition to their login group. -.It Fl h -Print a summary of options and exit. -.It Fl k Ar directory -Copy files from -.Ar directory -into the home -directory of new users; -.Pa dot.foo -will be renamed to -.Pa .foo . -.It Fl L Ar login_class -Set default login class. -.It Fl m Ar file -Send new users a welcome message from -.Ar file . -Specifying a value of -.Cm no -for -.Ar file -causes no message to be sent to new users. -Please note that the message -file can reference the internal variables of the -.Nm -script. -.It Fl M Ar mode -Create the home directory with permissions set to -.Ar mode . -.It Fl N -Do not read the default configuration file. -.It Fl q -Minimal user feedback. -In particular, the random password will not be echoed to -standard output. -.It Fl s Ar shell -Default shell for new users. -The -.Ar shell -argument may be the base name of the shell or the full path. -Unless the -.Fl S -argument is supplied the shell must exist in -.Pa /etc/shells -or be the special shell -.Em nologin -to be considered a valid shell. -.It Fl S -The existence or validity of the specified shell will not be checked. -.It Fl u Ar uid -Use UIDs from -.Ar uid -on up. -.It Fl w Ar type -Password type. -The -.Nm -utility allows the user to specify what type of password to create. -The -.Ar type -argument may have one of the following values: -.Bl -tag -width ".Cm random" -.It Cm no -Disable the password. -Instead of an encrypted string, the password field will contain a single -.Ql * -character. -The user may not log in until the super-user -manually enables the password. -.It Cm none -Use an empty string as the password. -.It Cm yes -Use a user-supplied string as the password. -In interactive mode, -the user will be prompted for the password. -In batch mode, the -last (10th) field in the line is assumed to be the password. -.It Cm random -Generate a random string and use it as a password. -The password will be echoed to standard output. -In addition, it will be available for inclusion in the message file in the -.Va randompass -variable. -.El -.El -.Sh FORMAT -When the -.Fl f -option is used, the account information must be stored in a specific -format. -All empty lines or lines beginning with a -.Ql # -will be ignored. -All other lines must contain ten colon -.Pq Ql \&: -separated fields as described below. -Command line options do not take precedence -over values in the fields. -Only the password field may contain a -.Ql \&: -character as part of the string. -.Pp -.Sm off -.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password -.Sm on -.Bl -tag -width ".Ar password" -.It Ar name -Login name. -This field may not be empty. -.It Ar uid -Numeric login user ID. -If this field is left empty, it will be automatically generated. -.It Ar gid -Numeric primary group ID. -If this field is left empty, a group with the -same name as the user name will be created and its GID will be used -instead. -.It Ar class -Login class. -This field may be left empty. -.It Ar change -Password ageing. -This field denotes the password change date for the account. -The format of this field is the same as the format of the -.Fl p -argument to -.Xr pw 8 . -It may be -.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy , -where -.Ar dd -is for the day, -.Ar mmm -is for the month in numeric or alphabetical format: -.Dq Li 10 -or -.Dq Li Oct , -and -.Ar yy Ns Op Ar yy -is the four or two digit year. -To denote a time relative to the current date the format is: -.No + Ns Ar n Ns Op Ar mhdwoy , -where -.Ar n -denotes a number, followed by the minutes, hours, days, weeks, -months or years after which the password must be changed. -This field may be left empty to turn it off. -.It Ar expire -Account expiration. -This field denotes the expiry date of the account. -The account may not be used after the specified date. -The format of this field is the same as that for password ageing. -This field may be left empty to turn it off. -.It Ar gecos -Full name and other extra information about the user. -.It Ar home_dir -Home directory. -If this field is left empty, it will be automatically -created by appending the username to the home partition. -The -.Pa /nonexistent -home directory is considered special and -is understood to mean that no home directory is to be -created for the user. -.It Ar shell -Login shell. -This field should contain either the base name or -the full path to a valid login shell. -.It Ar password -User password. -This field should contain a plaintext string, which will -be encrypted before being placed in the user database. -If the password type is -.Cm yes -and this field is empty, it is assumed the account will have an empty password. -If the password type is -.Cm random -and this field is -.Em not -empty, its contents will be used -as a password. -This field will be ignored if the -.Fl w -option is used with a -.Cm no -or -.Cm none -argument. -Be careful not to terminate this field with a closing -.Ql \&: -because it will be treated as part of the password. -.El -.Sh FILES -.Bl -tag -width ".Pa /etc/adduser.message" -compact -.It Pa /etc/master.passwd -user database -.It Pa /etc/group -group database -.It Pa /etc/shells -shell database -.It Pa /etc/login.conf -login classes database -.It Pa /etc/adduser.conf -configuration file for -.Nm -.It Pa /etc/adduser.message -message file for -.Nm -.It Pa /usr/share/skel -skeletal login directory -.It Pa /var/log/adduser -logfile for -.Nm -.El -.Sh SEE ALSO -.Xr chpass 1 , -.Xr passwd 1 , -.Xr adduser.conf 5 , -.Xr aliases 5 , -.Xr group 5 , -.Xr login.conf 5 , -.Xr passwd 5 , -.Xr shells 5 , -.Xr adding_user 8 , -.Xr pw 8 , -.Xr pwd_mkdb 8 , -.Xr rmuser 8 , -.Xr vipw 8 , -.Xr yp 8 -.Sh HISTORY -The -.Nm -command appeared in -.Fx 2.1 . -.Sh AUTHORS -.An -nosplit -This manual page and the original script, in Perl, was written by -.An Wolfram Schneider Aq wosch@FreeBSD.org . -The replacement script, written as a Bourne -shell script with some enhancements, and the man page modification that -came with it were done by -.An Mike Makonnen Aq mtm@identd.net . -.Sh BUGS -In order for -.Nm -to correctly expand variables such as -.Va $username -and -.Va $randompass -in the message sent to new users, it must let the shell evaluate -each line of the message file. -This means that shell commands can also be embedded in the message file. -The -.Nm -utility attempts to mitigate the possibility of an attacker using this -feature by refusing to evaluate the file if it is not owned and writable -only by the root user. -In addition, shell special characters and operators will have to be -escaped when used in the message file. -.Pp -Also, password ageing and account expiry times are currently settable -only in batch mode or when specified in -.Pa /etc/adduser.conf . -The user should be able to set them in interactive mode as well. diff --git a/adduser/adduser.conf.5 b/adduser/adduser.conf.5 deleted file mode 100644 index a78aeea..0000000 --- a/adduser/adduser.conf.5 +++ /dev/null @@ -1,221 +0,0 @@ -.\" -.\" Copyright (c) 2004 Tom Rhodes -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd April 12, 2007 -.Dt ADDUSER.CONF 5 -.Os -.Sh NAME -.Nm adduser.conf -.Nd -.Xr adduser 8 -configuration file -.Sh DESCRIPTION -The -.Pa /etc/adduser.conf -file is automatically generated by the -.Xr adduser 8 -utility when invoked with the -.Fl C -command-line option. -It is not meant to be edited by hand. -.Pp -The -.Pa /etc/adduser.conf -file is used to pre-set certain configuration options for -the -.Xr adduser 8 -utility. -When -.Xr adduser 8 -is invoked, it will check to see if this file exists, and -if so, the configuration will be used or offered as the -default settings. -The -.Nm -file offers three types of configuration: -.Bl -bullet -.It -Default settings offered by -.Xr adduser 8 . -These options are specified in the configuration file and offered -as the default during every invocation of the -.Xr adduser 8 -utility. -.It -Configuration options which can be set in -.Nm , -but overridden by passing a flag to -.Xr adduser 8 . -.It -Configuration supported by -.Xr adduser 8 -but not offered by a flag or during initial invocation. -.El -.Pp -In the first case, these options can be set in -.Nm -but will still be offered when -.Xr adduser 8 -is invoked. -In the second case, -.Xr adduser 8 -will read the configuration data unless a flag -has been passed to override it. -For example, the -.Va defaultshell -option. -In the third case, the configuration will be utilized, but the -user will never be prompted to modify the default setting by -either a flag or an -.Xr adduser 8 -prompt. -For example, the -.Va upwexpire -setting. -.Pp -The following configuration options can be set in -.Nm : -.Bl -tag -width ".Va defaultgroups" -offset indent -.It Va defaultLgroup -The default group new users will be added to. -.It Va defaultclass -The default class to place users in as described in -.Xr login.conf 5 . -.It Va defaultgroups -This option is used to specify what other groups the new account -should be added to. -.It Va passwdtype -May be one of -.Cm no , none , random , -or -.Cm yes , -as described in -.Xr adduser 8 . -As such, the text is not duplicated here and may be -read in -.Xr adduser 8 . -.It Va homeprefix -The default home directory prefix, usually -.Pa /home . -.It Va defaultshell -The user's default shell which may be any of the shells listed in -.Xr shells 5 . -.It Va udotdir -Defines the location of the default shell and environment -configuration files. -.It Va msgfile -Location of the default new user message file. -This message will be sent to all new users if specified -here or at the -.Xr adduser 8 -prompt. -.It Va disableflag -The default message enclosed in brackets for the -lock account prompt. -.It Va upwexpire -The default password expiration time. -Format of the date is either a -.Ux -time in decimal, or a date in -.Sm off -.Ar dd No - Ar mmm No - Ar yy Op Ar yy -.Sm on -format, where -.Ar dd -is the day, -.Ar mmm -is the month in either numeric or -alphabetic format, and -.Ar yy Ns Op Ar yy -is either a two or four digit year. -This option also accepts a relative date in the form of -.Sm off -.Ar n Op Ar m h d w o y -.Sm on -where -.Ar n -is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit -followed by the number of Minutes, Hours, Days, Weeks, Months or -Years from the current date at -which the expiration time is to be set. -.It Va uexpire -The default account expire time. -The format is similar to the -.Va upwexpire -option. -.It Va ugecos -The default information to be held in the GECOS field of -.Pa /etc/master.passwd . -.It Va uidstart -The default user ID setting. -This must be a number above 1000 and fewer than 65534. -.El -.Sh EXAMPLES -The following is an example -.Nm -file created with the -.Fl C -.Xr adduser 8 -flag and modified. -.Bd -literal -offset indent -# Configuration file for adduser(8). -# NOTE: only *some* variables are saved. -# Last Modified on Fri Mar 30 14:04:05 EST 2004. - -defaultLgroup= -defaultclass= -defaultgroups= -passwdtype=yes -homeprefix=/home -defaultshell=/bin/csh -udotdir=/usr/share/skel -msgfile=/etc/adduser.msg -disableflag= -upwexpire=91d # Expire passwords 91 days after creation. -.Ed -.Sh SEE ALSO -.Xr group 5 , -.Xr passwd 5 , -.Xr adduser 8 , -.Xr pw 8 , -.Xr rmuser 8 -.Sh HISTORY -The -.Nm -manual page first appeared in -.Fx 5.3 . -.Sh BUGS -The internal variables documented here may change without notice. -Do not rely on them. -To modify this file invoke -.Xr adduser 8 -with the -.Fl C -option instead. -.Sh AUTHORS -This manual page was written by -.An Tom Rhodes Aq trhodes@FreeBSD.org . diff --git a/adduser/adduser.sh b/adduser/adduser.sh deleted file mode 100644 index 8e05f33..0000000 --- a/adduser/adduser.sh +++ /dev/null @@ -1,1050 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# Email: Mike Makonnen -# -# $FreeBSD$ -# - -# err msg -# Display $msg on stderr, unless we're being quiet. -# -err() { - if [ -z "$quietflag" ]; then - echo 1>&2 ${THISCMD}: ERROR: $* - fi -} - -# info msg -# Display $msg on stdout, unless we're being quiet. -# -info() { - if [ -z "$quietflag" ]; then - echo ${THISCMD}: INFO: $* - fi -} - -# get_nextuid -# Output the value of $_uid if it is available for use. If it -# is not, output the value of the next higher uid that is available. -# If a uid is not specified, output the first available uid, as indicated -# by pw(8). -# -get_nextuid () { - _uid=$1 - _nextuid= - - if [ -z "$_uid" ]; then - _nextuid="`${PWCMD} usernext | cut -f1 -d:`" - else - while : ; do - ${PWCMD} usershow $_uid > /dev/null 2>&1 - if [ ! "$?" -eq 0 ]; then - _nextuid=$_uid - break - fi - _uid=$(($_uid + 1)) - done - fi - echo $_nextuid -} - -# show_usage -# Display usage information for this utility. -# -show_usage() { - echo "usage: ${THISCMD} [options]" - echo " options may include:" - echo " -C save to the configuration file only" - echo " -D do not attempt to create the home directory" - echo " -E disable this account after creation" - echo " -G additional groups to add accounts to" - echo " -L login class of the user" - echo " -M file permission for home directory" - echo " -N do not read configuration file" - echo " -S a nonexistent shell is not an error" - echo " -d home directory" - echo " -f file from which input will be received" - echo " -g default login group" - echo " -h display this usage message" - echo " -k path to skeleton home directory" - echo " -m user welcome message file" - echo " -q absolute minimal user feedback" - echo " -s shell" - echo " -u uid to start at" - echo " -w password type: no, none, yes or random" -} - -# valid_shells -# Outputs a list of valid shells from /etc/shells. Only the -# basename of the shell is output. -# -valid_shells() { - _prefix= - cat ${ETCSHELLS} | - while read _path _junk ; do - case $_path in - \#*|'') - ;; - *) - echo -n "${_prefix}`basename $_path`" - _prefix=' ' - ;; - esac - done - - # /usr/sbin/nologin is a special case - [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" -} - -# fullpath_from_shell shell -# Given $shell, which is either the full path to a shell or -# the basename component of a valid shell, get the -# full path to the shell from the /etc/shells file. -# -fullpath_from_shell() { - _shell=$1 - [ -z "$_shell" ] && return 1 - - # /usr/sbin/nologin is a special case; it needs to be handled - # before the cat | while loop, since a 'return' from within - # a subshell will not terminate the function's execution, and - # the path to the nologin shell might be printed out twice. - # - if [ "$_shell" = "${NOLOGIN}" -o \ - "$_shell" = "${NOLOGIN_PATH}" ]; then - echo ${NOLOGIN_PATH} - return 0; - fi - - cat ${ETCSHELLS} | - while read _path _junk ; do - case "$_path" in - \#*|'') - ;; - *) - if [ "$_path" = "$_shell" -o \ - "`basename $_path`" = "$_shell" ]; then - echo $_path - return 0 - fi - ;; - esac - done - - return 1 -} - -# shell_exists shell -# If the given shell is listed in ${ETCSHELLS} or it is -# the nologin shell this function will return 0. -# Otherwise, it will return 1. If shell is valid but -# the path is invalid or it is not executable it -# will emit an informational message saying so. -# -shell_exists() { - _sh="$1" - _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" - - if ! eval $_shellchk; then - # The nologin shell is not listed in /etc/shells. - if [ "$_sh" != "${NOLOGIN_PATH}" ]; then - err "Invalid shell ($_sh) for user $username." - return 1 - fi - fi - ! [ -x "$_sh" ] && - info "The shell ($_sh) does not exist or is not executable." - - return 0 -} - -# save_config -# Save some variables to a configuration file. -# Note: not all script variables are saved, only those that -# it makes sense to save. -# -save_config() { - echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} - echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} - echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} - echo '' >> ${ADDUSERCONF} - echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF} - echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} - echo "defaultclass=$uclass" >> ${ADDUSERCONF} - echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} - echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} - echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} - echo "defaultshell=$ushell" >> ${ADDUSERCONF} - echo "udotdir=$udotdir" >> ${ADDUSERCONF} - echo "msgfile=$msgfile" >> ${ADDUSERCONF} - echo "disableflag=$disableflag" >> ${ADDUSERCONF} - echo "uidstart=$uidstart" >> ${ADDUSERCONF} -} - -# add_user -# Add a user to the user database. If the user chose to send a welcome -# message or lock the account, do so. -# -add_user() { - - # Is this a configuration run? If so, don't modify user database. - # - if [ -n "$configflag" ]; then - save_config - return - fi - - _uid= - _name= - _comment= - _gecos= - _home= - _group= - _grouplist= - _shell= - _class= - _dotdir= - _expire= - _pwexpire= - _passwd= - _upasswd= - _passwdmethod= - - _name="-n '$username'" - [ -n "$uuid" ] && _uid='-u "$uuid"' - [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' - [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' - [ -n "$ushell" ] && _shell='-s "$ushell"' - [ -n "$uclass" ] && _class='-L "$uclass"' - [ -n "$ugecos" ] && _comment='-c "$ugecos"' - [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' - [ -n "$uexpire" ] && _expire='-e "$uexpire"' - [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' - if [ -z "$Dflag" -a -n "$uhome" ]; then - # The /nonexistent home directory is special. It - # means the user has no home directory. - if [ "$uhome" = "$NOHOME" ]; then - _home='-d "$uhome"' - else - # Use home directory permissions if specified - if [ -n "$uhomeperm" ]; then - _home='-m -d "$uhome" -M "$uhomeperm"' - else - _home='-m -d "$uhome"' - fi - fi - elif [ -n "$Dflag" -a -n "$uhome" ]; then - _home='-d "$uhome"' - fi - case $passwdtype in - no) - _passwdmethod="-w no" - _passwd="-h -" - ;; - yes) - # Note on processing the password: The outer double quotes - # make literal everything except ` and \ and $. - # The outer single quotes make literal ` and $. - # We can ensure the \ isn't treated specially by specifying - # the -r switch to the read command used to obtain the input. - # - _passwdmethod="-w yes" - _passwd="-h 0" - _upasswd='echo "$upass" |' - ;; - none) - _passwdmethod="-w none" - ;; - random) - _passwdmethod="-w random" - ;; - esac - - _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" - _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" - _pwcmd="$_pwcmd $_expire $_pwexpire" - - if ! _output=`eval $_pwcmd` ; then - err "There was an error adding user ($username)." - return 1 - else - info "Successfully added ($username) to the user database." - if [ "random" = "$passwdtype" ]; then - randompass="$_output" - info "Password for ($username) is: $randompass" - fi - fi - - if [ -n "$disableflag" ]; then - if ${PWCMD} lock $username ; then - info "Account ($username) is locked." - else - info "Account ($username) could NOT be locked." - fi - fi - - _line= - _owner= - _perms= - if [ -n "$msgflag" ]; then - [ -r "$msgfile" ] && { - # We're evaluating the contents of an external file. - # Let's not open ourselves up for attack. _perms will - # be empty if it's writeable only by the owner. _owner - # will *NOT* be empty if the file is owned by root. - # - _dir="`dirname $msgfile`" - _file="`basename $msgfile`" - _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` - _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` - if [ -z "$_owner" -o -n "$_perms" ]; then - err "The message file ($msgfile) may be writeable only by root." - return 1 - fi - cat "$msgfile" | - while read _line ; do - eval echo "$_line" - done | ${MAILCMD} -s"Welcome" ${username} - info "Sent welcome message to ($username)." - } - fi -} - -# get_user -# Reads username of the account from standard input or from a global -# variable containing an account line from a file. The username is -# required. If this is an interactive session it will prompt in -# a loop until a username is entered. If it is batch processing from -# a file it will output an error message and return to the caller. -# -get_user() { - _input= - - # No need to take down user names if this is a configuration saving run. - [ -n "$configflag" ] && return - - while : ; do - if [ -z "$fflag" ]; then - echo -n "Username: " - read _input - else - _input="`echo "$fileline" | cut -f1 -d:`" - fi - - # There *must* be a username, and it must not exist. If - # this is an interactive session give the user an - # opportunity to retry. - # - if [ -z "$_input" ]; then - err "You must enter a username!" - [ -z "$fflag" ] && continue - fi - ${PWCMD} usershow $_input > /dev/null 2>&1 - if [ "$?" -eq 0 ]; then - err "User exists!" - [ -z "$fflag" ] && continue - fi - break - done - username="$_input" -} - -# get_gecos -# Reads extra information about the user. Can be used both in interactive -# and batch (from file) mode. -# -get_gecos() { - _input= - - # No need to take down additional user information for a configuration run. - [ -n "$configflag" ] && return - - if [ -z "$fflag" ]; then - echo -n "Full name: " - read _input - else - _input="`echo "$fileline" | cut -f7 -d:`" - fi - ugecos="$_input" -} - -# get_shell -# Get the account's shell. Works in interactive and batch mode. It -# accepts either the base name of the shell or the full path. -# If an invalid shell is entered it will simply use the default shell. -# -get_shell() { - _input= - _fullpath= - ushell="$defaultshell" - - # Make sure the current value of the shell is a valid one - if [ -z "$Sflag" ]; then - if ! shell_exists $ushell ; then - info "Using default shell ${defaultshell}." - ushell="$defaultshell" - fi - fi - - if [ -z "$fflag" ]; then - echo -n "Shell ($shells) [`basename $ushell`]: " - read _input - else - _input="`echo "$fileline" | cut -f9 -d:`" - fi - if [ -n "$_input" ]; then - if [ -n "$Sflag" ]; then - ushell="$_input" - else - _fullpath=`fullpath_from_shell $_input` - if [ -n "$_fullpath" ]; then - ushell="$_fullpath" - else - err "Invalid shell ($_input) for user $username." - info "Using default shell ${defaultshell}." - ushell="$defaultshell" - fi - fi - fi -} - -# get_homedir -# Reads the account's home directory. Used both with interactive input -# and batch input. -# -get_homedir() { - _input= - if [ -z "$fflag" ]; then - echo -n "Home directory [${homeprefix}/${username}]: " - read _input - else - _input="`echo "$fileline" | cut -f8 -d:`" - fi - - if [ -n "$_input" ]; then - uhome="$_input" - # if this is a configuration run, then user input is the home - # directory prefix. Otherwise it is understood to - # be $prefix/$user - # - [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" - else - uhome="${homeprefix}/${username}" - fi -} - -# get_homeperm -# Reads the account's home directory permissions. -# -get_homeperm() { - uhomeperm=$defaultHomePerm - _input= - _prompt= - - if [ -n "$uhomeperm" ]; then - _prompt="Home directory permissions [${uhomeperm}]: " - else - _prompt="Home directory permissions (Leave empty for default): " - fi - if [ -z "$fflag" ]; then - echo -n "$_prompt" - read _input - fi - - if [ -n "$_input" ]; then - uhomeperm="$_input" - fi -} - -# get_uid -# Reads a numeric userid in an interactive or batch session. Automatically -# allocates one if it is not specified. -# -get_uid() { - uuid=${uidstart} - _input= - _prompt= - - if [ -n "$uuid" ]; then - _prompt="Uid [$uuid]: " - else - _prompt="Uid (Leave empty for default): " - fi - if [ -z "$fflag" ]; then - echo -n "$_prompt" - read _input - else - _input="`echo "$fileline" | cut -f2 -d:`" - fi - - [ -n "$_input" ] && uuid=$_input - uuid=`get_nextuid $uuid` - uidstart=$uuid -} - -# get_class -# Reads login class of account. Can be used in interactive or batch mode. -# -get_class() { - uclass="$defaultclass" - _input= - _class=${uclass:-"default"} - - if [ -z "$fflag" ]; then - echo -n "Login class [$_class]: " - read _input - else - _input="`echo "$fileline" | cut -f4 -d:`" - fi - - [ -n "$_input" ] && uclass="$_input" -} - -# get_logingroup -# Reads user's login group. Can be used in both interactive and batch -# modes. The specified value can be a group name or its numeric id. -# This routine leaves the field blank if nothing is provided and -# a default login group has not been set. The pw(8) command -# will then provide a login group with the same name as the username. -# -get_logingroup() { - ulogingroup="$defaultLgroup" - _input= - - if [ -z "$fflag" ]; then - echo -n "Login group [${ulogingroup:-$username}]: " - read _input - else - _input="`echo "$fileline" | cut -f3 -d:`" - fi - - # Pw(8) will use the username as login group if it's left empty - [ -n "$_input" ] && ulogingroup="$_input" -} - -# get_groups -# Read additional groups for the user. It can be used in both interactive -# and batch modes. -# -get_groups() { - ugroups="$defaultgroups" - _input= - _group=${ulogingroup:-"${username}"} - - if [ -z "$configflag" ]; then - [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" - [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " - else - [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " - fi - read _input - - [ -n "$_input" ] && ugroups="$_input" -} - -# get_expire_dates -# Read expiry information for the account and also for the password. This -# routine is used only from batch processing mode. -# -get_expire_dates() { - upwexpire="`echo "$fileline" | cut -f5 -d:`" - uexpire="`echo "$fileline" | cut -f6 -d:`" -} - -# get_password -# Read the password in batch processing mode. The password field matters -# only when the password type is "yes" or "random". If the field is empty and the -# password type is "yes", then it assumes the account has an empty passsword -# and changes the password type accordingly. If the password type is "random" -# and the password field is NOT empty, then it assumes the account will NOT -# have a random password and set passwdtype to "yes." -# -get_password() { - # We may temporarily change a password type. Make sure it's changed - # back to whatever it was before we process the next account. - # - [ -n "$savedpwtype" ] && { - passwdtype=$savedpwtype - savedpwtype= - } - - # There may be a ':' in the password - upass=${fileline#*:*:*:*:*:*:*:*:*:} - - if [ -z "$upass" ]; then - case $passwdtype in - yes) - # if it's empty, assume an empty password - passwdtype=none - savedpwtype=yes - ;; - esac - else - case $passwdtype in - random) - passwdtype=yes - savedpwtype=random - ;; - esac - fi -} - -# input_from_file -# Reads a line of account information from standard input and -# adds it to the user database. -# -input_from_file() { - _field= - - while read -r fileline ; do - case "$fileline" in - \#*|'') - ;; - *) - get_user || continue - get_gecos - get_uid - get_logingroup - get_class - get_shell - get_homedir - get_homeperm - get_password - get_expire_dates - ugroups="$defaultgroups" - - add_user - ;; - esac - done -} - -# input_interactive -# Prompts for user information interactively, and commits to -# the user database. -# -input_interactive() { - _disable= - _pass= - _passconfirm= - _random="no" - _emptypass="no" - _usepass="yes" - _logingroup_ok="no" - _groups_ok="no" - case $passwdtype in - none) - _emptypass="yes" - _usepass="yes" - ;; - no) - _usepass="no" - ;; - random) - _random="yes" - ;; - esac - - get_user - get_gecos - get_uid - - # The case where group = user is handled elsewhere, so - # validate any other groups the user is invited to. - until [ "$_logingroup_ok" = yes ]; do - get_logingroup - _logingroup_ok=yes - if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then - if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then - echo "Group $ulogingroup does not exist!" - _logingroup_ok=no - fi - fi - done - until [ "$_groups_ok" = yes ]; do - get_groups - _groups_ok=yes - for i in $ugroups; do - if [ "$username" != "$i" ]; then - if ! ${PWCMD} show group $i > /dev/null 2>&1; then - echo "Group $i does not exist!" - _groups_ok=no - fi - fi - done - done - - get_class - get_shell - get_homedir - get_homeperm - - while : ; do - echo -n "Use password-based authentication? [$_usepass]: " - read _input - [ -z "$_input" ] && _input=$_usepass - case $_input in - [Nn][Oo]|[Nn]) - passwdtype="no" - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - while : ; do - echo -n "Use an empty password? (yes/no) [$_emptypass]: " - read _input - [ -n "$_input" ] && _emptypass=$_input - case $_emptypass in - [Nn][Oo]|[Nn]) - echo -n "Use a random password? (yes/no) [$_random]: " - read _input - [ -n "$_input" ] && _random="$_input" - case $_random in - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - passwdtype="random" - break - ;; - esac - passwdtype="yes" - [ -n "$configflag" ] && break - trap 'stty echo; exit' 0 1 2 3 15 - stty -echo - echo -n "Enter password: " - read -r upass - echo'' - echo -n "Enter password again: " - read -r _passconfirm - echo '' - stty echo - # if user entered a blank password - # explicitly ask again. - [ -z "$upass" -a -z "$_passconfirm" ] \ - && continue - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - passwdtype="none" - break; - ;; - *) - # invalid answer; repeat the loop - continue - ;; - esac - if [ "$upass" != "$_passconfirm" ]; then - echo "Passwords did not match!" - continue - fi - break - done - ;; - *) - # invalid answer; repeat loop - continue - ;; - esac - break; - done - _disable=${disableflag:-"no"} - while : ; do - echo -n "Lock out the account after creation? [$_disable]: " - read _input - [ -z "$_input" ] && _input=$_disable - case $_input in - [Nn][Oo]|[Nn]) - disableflag= - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - disableflag=yes - ;; - *) - # invalid answer; repeat loop - continue - ;; - esac - break - done - - # Display the information we have so far and prompt to - # commit it. - # - _disable=${disableflag:-"no"} - [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username - case $passwdtype in - yes) - _pass='*****' - ;; - no) - _pass='' - ;; - none) - _pass='' - ;; - random) - _pass='' - ;; - esac - [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" - [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" - printf "%-10s : %s\n" "Class" "$uclass" - printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" - printf "%-10s : %s\n" "Home" "$uhome" - printf "%-10s : %s\n" "Home Mode" "$uhomeperm" - printf "%-10s : %s\n" "Shell" "$ushell" - printf "%-10s : %s\n" "Locked" "$_disable" - while : ; do - echo -n "OK? (yes/no): " - read _input - case $_input in - [Nn][Oo]|[Nn]) - return 1 - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - add_user - ;; - *) - continue - ;; - esac - break - done - return 0 -} - -#### END SUBROUTINE DEFINITION #### - -THISCMD=`/usr/bin/basename $0` -DEFAULTSHELL=/bin/sh -ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" -PWCMD="${PWCMD:-/usr/sbin/pw}" -MAILCMD="${MAILCMD:-mail}" -ETCSHELLS="${ETCSHELLS:-/etc/shells}" -NOHOME="/nonexistent" -NOLOGIN="nologin" -NOLOGIN_PATH="/usr/sbin/nologin" -GREPCMD="/usr/bin/grep" -DATECMD="/bin/date" - -# Set default values -# -username= -uuid= -uidstart= -ugecos= -ulogingroup= -uclass= -uhome= -uhomeperm= -upass= -ushell= -udotdir=/usr/share/skel -ugroups= -uexpire= -upwexpire= -shells="`valid_shells`" -passwdtype="yes" -msgfile=/etc/adduser.msg -msgflag= -quietflag= -configflag= -fflag= -infile= -disableflag= -Dflag= -Sflag= -readconfig="yes" -homeprefix="/home" -randompass= -fileline= -savedpwtype= -defaultclass= -defaultLgroup= -defaultgroups= -defaultshell="${DEFAULTSHELL}" -defaultHomePerm= - -# Make sure the user running this program is root. This isn't a security -# measure as much as it is a useful method of reminding the user to -# 'su -' before he/she wastes time entering data that won't be saved. -# -procowner=${procowner:-`/usr/bin/id -u`} -if [ "$procowner" != "0" ]; then - err 'you must be the super-user (uid 0) to use this utility.' - exit 1 -fi - -# Overide from our conf file -# Quickly go through the commandline line to see if we should read -# from our configuration file. The actual parsing of the commandline -# arguments happens after we read in our configuration file (commandline -# should override configuration file). -# -for _i in $* ; do - if [ "$_i" = "-N" ]; then - readconfig= - break; - fi -done -if [ -n "$readconfig" ]; then - # On a long-lived system, the first time this script is run it - # will barf upon reading the configuration file for its perl predecessor. - if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then - [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 - fi -fi - -# Proccess command-line options -# -for _switch ; do - case $_switch in - -L) - defaultclass="$2" - shift; shift - ;; - -C) - configflag=yes - shift - ;; - -D) - Dflag=yes - shift - ;; - -E) - disableflag=yes - shift - ;; - -k) - udotdir="$2" - shift; shift - ;; - -f) - [ "$2" != "-" ] && infile="$2" - fflag=yes - shift; shift - ;; - -g) - defaultLgroup="$2" - shift; shift - ;; - -G) - defaultgroups="$2" - shift; shift - ;; - -h) - show_usage - exit 0 - ;; - -d) - homeprefix="$2" - shift; shift - ;; - -m) - case "$2" in - [Nn][Oo]) - msgflag= - ;; - *) - msgflag=yes - msgfile="$2" - ;; - esac - shift; shift - ;; - -M) - defaultHomePerm=$2 - shift; shift - ;; - -N) - readconfig= - shift - ;; - -w) - case "$2" in - no|none|random|yes) - passwdtype=$2 - ;; - *) - show_usage - exit 1 - ;; - esac - shift; shift - ;; - -q) - quietflag=yes - shift - ;; - -s) - defaultshell="`fullpath_from_shell $2`" - shift; shift - ;; - -S) - Sflag=yes - shift - ;; - -u) - uidstart=$2 - shift; shift - ;; - esac -done - -# If the -f switch was used, get input from a file. Otherwise, -# this is an interactive session. -# -if [ -n "$fflag" ]; then - if [ -z "$infile" ]; then - input_from_file - elif [ -n "$infile" ]; then - if [ -r "$infile" ]; then - input_from_file < $infile - else - err "File ($infile) is unreadable or does not exist." - fi - fi -else - input_interactive - while : ; do - if [ -z "$configflag" ]; then - echo -n "Add another user? (yes/no): " - else - echo -n "Re-edit the default configuration? (yes/no): " - fi - read _input - case $_input in - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - uidstart=`get_nextuid $uidstart` - input_interactive - continue - ;; - [Nn][Oo]|[Nn]) - echo "Goodbye!" - ;; - *) - continue - ;; - esac - break - done -fi diff --git a/adduser/rmuser.8 b/adduser/rmuser.8 deleted file mode 100644 index 68a99b5..0000000 --- a/adduser/rmuser.8 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Copyright 1995, 1996, 1997 -.\" Guy Helmer, Ames, Iowa 50014. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer as -.\" the first lines of this file unmodified. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY GUY HELMER ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL GUY HELMER BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd May 10, 2002 -.Dt RMUSER 8 -.Os -.Sh NAME -.Nm rmuser -.Nd remove users from the system -.Sh SYNOPSIS -.Nm -.Op Fl yv -.Op Fl f Ar file -.Op Ar username ... -.Sh DESCRIPTION -The -.Nm -utility removes one or more users submitted on the command line -or from a file. -In removing a user from the system, this utility: -.Bl -enum -.It -Removes the user's -.Xr crontab 1 -entry (if any). -.It -Removes any -.Xr at 1 -jobs belonging to the user. -.It -Sends a -.Dv SIGKILL -signal to all processes owned by the user. -.It -Removes the user from the system's local password file. -.It -Removes the user's home directory (if it is owned by the user), -including handling of symbolic links in the path to the actual home -directory. -.It -Removes the incoming mail and POP daemon mail files belonging to the -user from -.Pa /var/mail . -.It -Removes all files owned by the user from -.Pa /tmp , /var/tmp , -and -.Pa /var/tmp/vi.recover . -.It -Removes the username from all groups to which it belongs in -.Pa /etc/group . -(If a group becomes empty and the group name is the same as the username, -the group is removed; this complements -.Xr adduser 8 Ns 's -per-user unique groups.) -.It -Removes all message queues, shared memory segments and -semaphores owned by the user. -.El -.Pp -The -.Nm -utility refuses to remove users whose UID is 0 (typically root), since -certain actions (namely, killing all the user's processes, and perhaps -removing the user's home directory) would cause damage to a running system. -If it is necessary to remove a user whose UID is 0, see -.Xr vipw 8 -for information on directly editing the password file. -.Pp -If -.Nm -was not invoked with the -.Fl y -option, it will -show the selected user's password file entry and ask for confirmation -that the user be removed. -It will then ask for confirmation to delete -the user's home directory. -If the answer is in the affirmative, the home -directory and any files and subdirectories under it will be deleted only if -they are owned by the user. -See -.Xr pw 8 -for more details. -.Pp -As -.Nm -operates, it informs the user regarding the current activity. -If any -errors occur, they are posted to standard error and, if it is possible for -.Nm -to continue, it will. -.Pp -The options are as follows: -.Bl -tag -width ".Ar username" -.It Fl f Ar file -The -.Nm -utility will get a list of users to be removed from -.Ar file , -which will contain one user per line. -Anything following a hash mark -.Pq Ql # , -including the hash mark itself, is considered a comment and will not -be processed. -If the file is owned by anyone other than a user with -UID 0, or is writable by anyone other than the owner, -.Nm -will refuse to continue. -.It Fl y -Implicitly answer -.Dq Li yes -to any and all prompts. -Currently, this includes -prompts on whether to remove the specified user and whether to remove -the home directory. -This option requires that either the -.Fl f -option be used, or one or more user names be given as command line -arguments. -.It Fl v -Enable verbose mode. -Normally, -the output includes one line per removed user; -however, -with this option -.Nm -will be much more chatty about the steps taken. -.It Ar username -Identifies one or more users to be removed; if not present, -.Nm -interactively asks for one or more users to be removed. -.El -.Sh FILES -.Bl -tag -compact -.It Pa /etc/master.passwd -.It Pa /etc/passwd -.It Pa /etc/group -.It Pa /etc/spwd.db -.It Pa /etc/pwd.db -.El -.Sh SEE ALSO -.Xr at 1 , -.Xr chpass 1 , -.Xr crontab 1 , -.Xr finger 1 , -.Xr passwd 1 , -.Xr group 5 , -.Xr passwd 5 , -.Xr adduser 8 , -.Xr pw 8 , -.Xr pwd_mkdb 8 , -.Xr vipw 8 -.Sh HISTORY -The -.Nm -utility appeared in -.Fx 2.2 . -.Sh BUGS -The -.Nm -utility does not comprehensively search the file system for all files -owned by the removed user and remove them; to do so on a system -of any size is prohibitively slow and I/O intensive. -It is also unable to remove symbolic links that were created by the -user in -.Pa /tmp -or -.Pa /var/tmp , -as symbolic links on -.Bx 4.4 -file systems do not contain information -as to who created them. -Also, there may be other files created in -.Pa /var/mail -other than -.Pa /var/mail/ Ns Ar username -and -.Pa /var/mail/.pop. Ns Ar username -that are not owned by the removed user but should be removed. -.Pp -The -.Nm -utility has no knowledge of YP/NIS, and it operates only on the -local password file. diff --git a/adduser/rmuser.sh b/adduser/rmuser.sh deleted file mode 100644 index 6b09225..0000000 --- a/adduser/rmuser.sh +++ /dev/null @@ -1,361 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2002, 2003 Michael Telahun Makonnen. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# Email: Mike Makonnen -# -# $FreeBSD$ -# - -ATJOBDIR="/var/at/jobs" -CRONJOBDIR="/var/cron/tabs" -MAILSPOOL="/var/mail" -SIGKILL="-KILL" -TEMPDIRS="/tmp /var/tmp" -THISCMD=`/usr/bin/basename $0` -PWCMD="${PWCMD:-/usr/sbin/pw}" - -# err msg -# Display $msg on stderr. -# -err() { - echo 1>&2 ${THISCMD}: $* -} - -# verbose -# Returns 0 if verbose mode is set, 1 if it is not. -# -verbose() { - [ -n "$vflag" ] && return 0 || return 1 -} - -# rm_files login -# Removes files or empty directories belonging to $login from various -# temporary directories. -# -rm_files() { - # The argument is required - [ -n $1 ] && login=$1 || return - - totalcount=0 - for _dir in ${TEMPDIRS} ; do - filecount=0 - if [ ! -d $_dir ]; then - err "$_dir is not a valid directory." - continue - fi - verbose && echo -n "Removing files owned by ($login) in $_dir:" - filecount=`find 2>/dev/null "$_dir" -user "$login" -delete -print | - wc -l | sed 's/ *//'` - verbose && echo " $filecount removed." - totalcount=$(($totalcount + $filecount)) - done - ! verbose && [ $totalcount -ne 0 ] && echo -n " files($totalcount)" -} - -# rm_mail login -# Removes unix mail and pop daemon files belonging to the user -# specified in the $login argument. -# -rm_mail() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing mail spool(s) for ($login):" - if [ -f ${MAILSPOOL}/$login ]; then - verbose && echo -n " ${MAILSPOOL}/$login" || - echo -n " mailspool" - rm ${MAILSPOOL}/$login - fi - if [ -f ${MAILSPOOL}/.${login}.pop ]; then - verbose && echo -n " ${MAILSPOOL}/.${login}.pop" || - echo -n " pop3" - rm ${MAILSPOOL}/.${login}.pop - fi - verbose && echo '.' -} - -# kill_procs login -# Send a SIGKILL to all processes owned by $login. -# -kill_procs() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Terminating all processes owned by ($login):" - killcount=0 - proclist=`ps 2>/dev/null -U $login | grep -v '^\ *PID' | awk '{print $1}'` - for _pid in $proclist ; do - kill 2>/dev/null ${SIGKILL} $_pid - killcount=$(($killcount + 1)) - done - verbose && echo " ${SIGKILL} signal sent to $killcount processes." - ! verbose && [ $killcount -ne 0 ] && echo -n " processes(${killcount})" -} - -# rm_at_jobs login -# Remove at (1) jobs belonging to $login. -# -rm_at_jobs() { - # The argument is required - [ -n $1 ] && login=$1 || return - - atjoblist=`find 2>/dev/null ${ATJOBDIR} -maxdepth 1 -user $login -print` - jobcount=0 - verbose && echo -n "Removing at(1) jobs owned by ($login):" - for _atjob in $atjoblist ; do - rm -f $_atjob - jobcount=$(($jobcount + 1)) - done - verbose && echo " $jobcount removed." - ! verbose && [ $jobcount -ne 0 ] && echo -n " at($jobcount)" -} - -# rm_crontab login -# Removes crontab file belonging to user $login. -# -rm_crontab() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing crontab for ($login):" - if [ -f ${CRONJOBDIR}/$login ]; then - verbose && echo -n " ${CRONJOBDIR}/$login" || echo -n " crontab" - rm -f ${CRONJOBDIR}/$login - fi - verbose && echo '.' -} - -# rm_ipc login -# Remove all IPC mechanisms which are owned by $login. -# -rm_ipc() { - verbose && echo -n "Removing IPC mechanisms" - for i in s m q; do - ipcs -$i | - awk -v i=$i -v login=$1 '$1 == i && $5 == login { print $2 }' | - xargs -n 1 ipcrm -$i - done - verbose && echo '.' -} - -# rm_user login -# Remove user $login from the system. This subroutine makes use -# of the pw(8) command to remove a user from the system. The pw(8) -# command will remove the specified user from the user database -# and group file and remove any crontabs. His home -# directory will be removed if it is owned by him and contains no -# files or subdirectories owned by other users. Mail spool files will -# also be removed. -# -rm_user() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing user ($login)" - [ -n "$pw_rswitch" ] && { - verbose && echo -n " (including home directory)" - ! verbose && echo -n " home" - } - ! verbose && echo -n " passwd" - verbose && echo -n " from the system:" - ${PWCMD} userdel -n $login $pw_rswitch - verbose && echo ' Done.' -} - -# prompt_yesno msg -# Prompts the user with a $msg. The answer is expected to be -# yes, no, or some variation thereof. This subroutine returns 0 -# if the answer was yes, 1 if it was not. -# -prompt_yesno() { - # The argument is required - [ -n "$1" ] && msg="$1" || return - - while : ; do - echo -n "$msg" - read _ans - case $_ans in - [Nn][Oo]|[Nn]) - return 1 - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - return 0 - ;; - *) - ;; - esac - done -} - -# show_usage -# (no arguments) -# Display usage message. -# -show_usage() { - echo "usage: ${THISCMD} [-yv] [-f file] [user ...]" - echo " if the -y switch is used, either the -f switch or" - echo " one or more user names must be given" -} - -#### END SUBROUTINE DEFENITION #### - -ffile= -fflag= -procowner= -pw_rswitch= -userlist= -yflag= -vflag= - -procowner=`/usr/bin/id -u` -if [ "$procowner" != "0" ]; then - err 'you must be root (0) to use this utility.' - exit 1 -fi - -args=`getopt 2>/dev/null yvf: $*` -if [ "$?" != "0" ]; then - show_usage - exit 1 -fi -set -- $args -for _switch ; do - case $_switch in - -y) - yflag=1 - shift - ;; - -v) - vflag=1 - shift - ;; - -f) - fflag=1 - ffile="$2" - shift; shift - ;; - --) - shift - break - ;; - esac -done - -# Get user names from a file if the -f switch was used. Otherwise, -# get them from the commandline arguments. If we're getting it -# from a file, the file must be owned by and writable only by root. -# -if [ $fflag ]; then - _insecure=`find $ffile ! -user 0 -or -perm +0022` - if [ -n "$_insecure" ]; then - err "file ($ffile) must be owned by and writeable only by root." - exit 1 - fi - if [ -r "$ffile" ]; then - userlist=`cat $ffile | while read _user _junk ; do - case $_user in - \#*|'') - ;; - *) - echo -n "$userlist $_user" - ;; - esac - done` - fi -else - while [ $1 ] ; do - userlist="$userlist $1" - shift - done -fi - -# If the -y or -f switch has been used and the list of users to remove -# is empty it is a fatal error. Otherwise, prompt the user for a list -# of one or more user names. -# -if [ ! "$userlist" ]; then - if [ $fflag ]; then - err "($ffile) does not exist or does not contain any user names." - exit 1 - elif [ $yflag ]; then - show_usage - exit 1 - else - echo -n "Please enter one or more usernames: " - read userlist - fi -fi - -_user= -_uid= -for _user in $userlist ; do - # Make sure the name exists in the passwd database and that it - # does not have a uid of 0 - # - userrec=`pw 2>/dev/null usershow -n $_user` - if [ "$?" != "0" ]; then - err "user ($_user) does not exist in the password database." - continue - fi - _uid=`echo $userrec | awk -F: '{print $3}'` - if [ "$_uid" = "0" ]; then - err "user ($_user) has uid 0. You may not remove this user." - continue - fi - - # If the -y switch was not used ask for confirmation to remove the - # user and home directory. - # - if [ -z "$yflag" ]; then - echo "Matching password entry:" - echo - echo $userrec - echo - if ! prompt_yesno "Is this the entry you wish to remove? " ; then - continue - fi - _homedir=`echo $userrec | awk -F: '{print $9}'` - if prompt_yesno "Remove user's home directory ($_homedir)? "; then - pw_rswitch="-r" - fi - else - pw_rswitch="-r" - fi - - # Disable any further attempts to log into this account - ${PWCMD} 2>/dev/null lock $_user - - # Remove crontab, mail spool, etc. Then obliterate the user from - # the passwd and group database. - # - ! verbose && echo -n "Removing user ($_user):" - rm_crontab $_user - rm_at_jobs $_user - rm_ipc $_user - kill_procs $_user - rm_files $_user - rm_mail $_user - rm_user $_user - ! verbose && echo "." -done -- cgit v1.2.3-56-ge451