#!/bin/sh #---------------------------------------------------------------------------- # /var/install/bin/add-user - add user # # Creation: 2001-11-04 fm # Last Update: $Id$ # # Copyright (c) 2001-@@YEAR@@ the eisfair team, team(at)eisfair(dot)org # # usage: add-user # or: add-user [-d|-l|-r] user encrypted-password uid gid name home shell # # option -d : disable password # option -l : lock password # option -r : create system user # # if password is empty, user will be prompted # if gid is empty, values will be evaluated # if uid is empty, the system will set itself # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # include eislib etc. . /var/install/include/eislib . /var/install/include/check-eisfair-version #-----IMPORTANT-------------------------------- # This script is used on all eisfair systems #---------------------------------------------- # --------------------------------------------------------------------------- # do exit, check for interactive # --------------------------------------------------------------------------- do_exit() { if "${interactive:-false}" then mecho anykey fi exit $1 } # --------------------------------------------------------------------------- # sub: is_numeric # check if numeric value # input : $1 - value # return: 0 - numeric # 1 - no numeric # --------------------------------------------------------------------------- is_numeric() { echo "${1}" | grep -q '^[0-9]*$' } # --------------------------------------------------------------------------- # get optional flags # --------------------------------------------------------------------------- flags='' noadd=0 systemswitch='' while [ 1 ] do case "$1" in -d) if [ $noadd -eq 0 ] then flags="$flags -d" noadd=1 else mecho --warn "Redundant option '-d' will be ignored!" fi shift ;; -l) if [ $noadd -eq 0 ] then flags="$flags -l" noadd=1 else mecho --warn "Redundant option '-l' will be ignored!" fi shift ;; -r) systemswitch='-r' shift ;; *) break ;; esac done # --------------------------------------------------------------------------- # get parameter # --------------------------------------------------------------------------- case $# in 0) interactive='true' user="" password="" uid="" gid="" name="" home="" shell="" ;; 7) interactive='false' user="$1" password="$2" uid="$3" gid="$4" name="$5" home="$6" shell="$7" ;; *) echo "usage: $(basename $0)" >&2 echo " or: $(basename $0) user encrypted-password uid gid name home shell" >&2 do_exit 1 ;; esac # --------------------------------------------------------------------------- # clear screen # --------------------------------------------------------------------------- if "$interactive" then clrhome mecho --info "Add user" echo fi # --------------------------------------------------------------------------- # create uid # --------------------------------------------------------------------------- if [ -z "${uid}" ] && [ -z "${systemswitch}" ] then oldifs="$IFS" IFS=':' uid=2000 while read line do set -- $line if [ $3 -gt $uid -a $3 -lt 3000 ] then uid=$3 fi done ${_ask_tmpfile} rc=${?} read user < ${_ask_tmpfile} rm -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 1 fi fi # --------------------------------------------------------------------------- # get password and append user to files # --------------------------------------------------------------------------- if "${interactive:-false}" then echo fi case "${user}" in "") mecho --warn "no user added" do_exit 1 ;; *) grep "^$user:" /etc/passwd >/dev/null if [ $? = 0 ] then mecho --error "user $user already exists" do_exit 1 else if [ -z "$name" ] then _ask_tmpfile=$(/bin/mktemp -t XXXXXXXXXXXXX) /var/install/bin/ask "Name of user (comment field):" '' '*' > ${_ask_tmpfile} rc=${?} read name < ${_ask_tmpfile} rm -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 1 fi fi grep -q "^users:" /etc/group if [ $? != 0 ] then /usr/sbin/groupadd -g 100 users fi if [ -z "${gid}" ] then gid=100 else if is_numeric ${gid} then exists_gid=$(awk -F: '$3 == "'${gid}'" { print $3 }' /etc/group) gid_message='gid' if [ "${gid}" -eq "${exists_gid}" ] then gidexists=true fi else exists_gid=$(awk -F: '$1 == "'${gid}'" { print $1 }' /etc/group) gid_message='group' if [ "${gid}" = "${exists_gid}" ] then gidexists=true fi fi if ! ${gidexists:-false} then mecho --error "${gid_message} ${gid} doesn't exists" do_exit 1 fi fi if [ -z "$shell" ] then shell=/bin/bash fi # use -r if create system a acount homeswitch="" case ${EISFAIR_SYSTEM} in eisfair-1) #old home handling used from eisfair-1 only homeswitch="-m" # set systemswitch if [ -n "${uid}" ] && [ "${uid}" -lt 500 ] then systemswitch='-r' fi case "${home}" in "") home="/home/${user}" ;; "/dev/null") home="/home/__dummyhome__" homeswitch="-M" ;; esac ;; *) # eisfair-2 or eisxen-1 ... if [ -n "${uid}" ] && [ "${uid}" -lt 2000 ] then systemswitch="-r" else homeswitch="-m" fi case "XX$home" in "XX") home="/home/$user" if [ -z "$homeswitch" ] then mkdir -p ${home} fi ;; XX/dev/null) home="/home/__dummyhome__" ;; XX/*) if [ -z "$homeswitch" ] then mkdir -p ${home} fi ;; esac ;; esac enc_passwd='' # check if password given and # password length more then 10 charaters and # begin with '$' # modern encrypted with '$' to begin # without '$' -> des, :-( unwanted, broken # $1$ -> md5, not a good idea, broken # $2$ -> blowfish # $5$ -> sha-256 # $6$ -> sha-512, default in eisfair if [ -n "${password}" ] && [ ${#password} -ge 10 ] && echo ${password} | grep -q '^\$' then enc_passwd="-p ${password}" fi user_uid="-u ${uid}" # check if systemswitch given # if, then use automatic uid by useradd # defined in /etc/login.defs if [ -n "${systemswitch}" ] then user_uid='' fi # add user with password /usr/sbin/useradd ${systemswitch} ${user_uid} -g ${gid} \ -c "${name}" -s ${shell} \ -d ${home} ${enc_passwd} ${homeswitch} ${user} case $flags in *-d) # disable password passwd -d $user >/dev/null ;; *-l) # lock password case ${EISFAIR_SYSTEM} in eisfair-1) # use passwd for eisfair-1 passwd -l ${user} >/dev/null ;; eisfair-2|eisxen-1) # use eisfair-2 or eisxen-1 usermod -L ${user} ;; esac ;; *) # get / set password if [ -z "$password" ] then idx=1 while [ $idx -le 3 ] do passwd $user if [ $? = 0 ] then break fi idx=$((${idx} + 1)) if [ $idx -eq 4 ] then # disable password passwd -d $user >/dev/null echo mecho --error "Failed to get a valid password. Login for $user disabled." mecho --std "Please use 'passwd $user' to change password manually." if "${interactive:-false}" then anykey fi fi done fi ;; esac # # set permissions of home # if [ "$home" != "/home/__dummyhome__" ] # then # chown $user $home # chgrp $gid $home # chmod 0700 $home # fi fi ;; esac do_exit 0 # --------------------------------------------------------------------------- # end # ---------------------------------------------------------------------------