useradd 7.39 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
#! /bin/bash
# ------------------------------------------------------------------------------
# Copyright (c) 2010, 2011, 2012 Vifib SARL and Contributors.
# All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly advised to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# ------------------------------------------------------------------------------
#
# Simulate the command useradd to add a user on the Cygwin
#   useradd -d path -g init-group -s /bin/false -G group NAME
#
Jondy Zhao's avatar
Jondy Zhao committed
32 33
#   -g, --gid GROUP
#     The group name or number of the user's new initial login group. The group must exist.
34
#
Jondy Zhao's avatar
Jondy Zhao committed
35 36 37 38
#   -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
#     A list of supplementary groups which the user is also a member of.
#
#   -s
39 40
#     Shell used by user
#
41 42 43
#  This script will set password for each new user, the password is
#  same as the account, and will be saved in the registry.
#
Jondy Zhao's avatar
Jondy Zhao committed
44 45 46 47 48 49 50 51 52 53 54
export PATH=/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin:$PATH
if ! source /usr/share/csih/cygwin-service-installation-helper.sh ; then
    echo "Error: Download the csih package at first, I need this file:"
    echo "  /usr/share/csih/cygwin-service-installation-helper.sh"
    exit 1
fi

# Check Administrator rights
csih_get_system_and_admins_ids
if [[ ! " $(id -G) " == *\ $csih_ADMINSUID\ * ]] ; then
    echo
Marco Mariani's avatar
Marco Mariani committed
55 56
    echo "Note that creating a new user requires that the current account has"
    echo "Administrator privileges.  You don't have the rights to run this script. "
Jondy Zhao's avatar
Jondy Zhao committed
57 58 59 60 61 62 63 64 65 66
    echo "Please login as Administrator, or right-click this script"
    echo "then click Run as administrator."
    echo
    exit 1
fi

# ======================================================================
# Routine: create_unprivileged_user
#   Creates a new (unprivileged) user as specified by $1.
#   Useful for running services that do not require elevated privileges,
67
#     or running servers like cron in "privilege separation" mode.
68
#
Jondy Zhao's avatar
Jondy Zhao committed
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
#   Exits on catastrophic error
#   Returns 0 on total success
#   Returns 1 on failure
#
# csih_auto_answer=no behavior
#   if already exists
#     use it
#   else
#     do nothing, return 1
# ======================================================================
function create_unprivileged_user()
{
  csih_stacktrace "${@}"
  $_csih_trace
  local unpriv_user="$1"
  local unpriv_user_in_passwd=no
  local unpriv_user_in_sam=no
  local dos_var_empty=
  local ret=0

  _csih_setup

  /usr/bin/grep -q "^${unpriv_user}:" "${SYSCONFDIR}/passwd" && unpriv_user_in_passwd=yes
  csih_call_winsys32 net user "${unpriv_user}" >/dev/null 2>&1 && unpriv_user_in_sam=yes
  if [ "${unpriv_user_in_passwd}" != "yes" ]
  then
    if [ "${unpriv_user_in_sam}" != "yes" ]
    then
        dos_var_empty=$(/usr/bin/cygpath -w ${2-${LOCALSTATEDIR}/empty})
98 99
        csih_call_winsys32 net user "${unpriv_user}" "${unpriv_user}" /add \
            /fullname:"${unpriv_user} Nexedi Slapos" > /dev/null 2>&1 && unpriv_user_in_sam=yes
Jondy Zhao's avatar
Jondy Zhao committed
100 101
        if [ "${unpriv_user_in_sam}" != "yes" ]
        then
Marco Mariani's avatar
Marco Mariani committed
102
          csih_warning "Creation of user '${unpriv_user}' failed!"
Jondy Zhao's avatar
Jondy Zhao committed
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
        fi
    fi
    if [ "${unpriv_user_in_sam}" = "yes" ]
    then
      # user either already existed in local SAM, or we just created a new local
      # user.  Therefore, mkpasswd -l is appropriate.  However, the user does not
      # (yet) appear in /etc/passwd, so add it.
      /usr/bin/mkpasswd -l -u "${unpriv_user}" | /usr/bin/sed -n -e "/^${unpriv_user}/s/bash\$/false/p" >>\
        ${SYSCONFDIR}/passwd
      # make sure the previous command succeeded
      /usr/bin/grep -q "^${unpriv_user}:" "${SYSCONFDIR}/passwd" && unpriv_user_in_passwd=yes
      if [ "${unpriv_user_in_passwd}" != "yes" ]
      then
        csih_warning "Created new user '${unpriv_user}', but failed to add"
        csih_warning "corresponding entry to /etc/passwd!"
      fi
    fi
  else
    if [ "${unpriv_user_in_sam}" != "yes" ]
    then
      # FIXME: Needs real domain awareness to not print spurious warnings
      csih_warning "${unpriv_user} is in ${SYSCONFDIR}/passwd, but the"
      csih_warning "local machine's SAM does not know about ${unpriv_user}."
      csih_warning "Perhaps ${unpriv_user} is a pre-existing domain account."
      csih_warning "Continuing, but check if this is ok."
    fi
  fi
  # as long as the user is in /etc/passwd, return success
  # if missing from SAM, we've already issued a diagnostic
  # and are assuming the user is a valid domain account.
  [ "x${unpriv_user_in_passwd}" = "xyes" ] && return 0
  return 1
} # === End of create_unprivileged_user() === #

# ======================================================================
# Routine: add_member_to_group
#   Add a member $1 to a group $2, there is a special for slapos:
#   if $2 is not a group name, we'll try grp_$2 as group name
141
#
Jondy Zhao's avatar
Jondy Zhao committed
142 143 144 145 146 147 148 149 150 151 152 153 154 155
#   Exits on catastrophic error
#   Returns 0 on total success
#   Returns 1 on failure
#
#   if already exists
#     use it
#   else
#     do nothing, return 1
# ======================================================================

function add_member_to_group()
{
  local name=$1
  local grpname=$2
156
  net localgroup $grpname > /dev/null 2>&1 || grpname="$grpname"
157
  net localgroup $grpname > /dev/null 2>&1 || return 1
Jondy Zhao's avatar
Jondy Zhao committed
158 159 160 161
  if ! net localgroup $grpname | grep -q -e "^$name$" ; then
      net localgroup $grpname $name /add
  fi
} # === End of add_member_to_group() === #
162 163 164 165

while getopts "Dd:g:G:p:s:r" opt ; do
    case $opt in
        d)
Jondy Zhao's avatar
Jondy Zhao committed
166 167
            USER_HOME=$OPTARG
            ;;
168
        g)
Jondy Zhao's avatar
Jondy Zhao committed
169
            USER_INIT_GROUP=$OPTARG
170 171
            ;;
        G)
172
            USER_OTHER_GROUP="$USER_OTHER_GROUP $OPTARG"
Jondy Zhao's avatar
Jondy Zhao committed
173
            ;;
174 175
        p)
            USER_PASSWORD=$OPTARG
Jondy Zhao's avatar
Jondy Zhao committed
176
            ;;
177
        s)
178
            USER_SHELL=$OPTARG
179
            ;;
Jondy Zhao's avatar
Jondy Zhao committed
180 181
        r)
            ;;
182
        *)
Marco Mariani's avatar
Marco Mariani committed
183
            echo Error while adding user in Cygwin
Jondy Zhao's avatar
Jondy Zhao committed
184 185
            exit 1
            ;;
186 187 188 189 190
    esac
done

shift $(($OPTIND - 1))
USER_NAME=$1
Jondy Zhao's avatar
Jondy Zhao committed
191

Jondy Zhao's avatar
Jondy Zhao committed
192
if [[ -z "${USER_NAME}" ]] ; then
Jondy Zhao's avatar
Jondy Zhao committed
193 194 195 196
    echo Error: no user name specified.
    exit 1
fi

Jondy Zhao's avatar
Jondy Zhao committed
197 198 199
create_unprivileged_user ${USER_NAME} $USER_HOME ||
(echo "Failed to create user ${USER_NAME}" ; exit 1)

200 201 202
regpwd ${USER_NAME} ${USER_NAME} || 
(echo "Save ${USER_NAME}'s password failed" ; exit 1)

Jondy Zhao's avatar
Jondy Zhao committed
203
for grpname in ${USER_INIT_GROUP} ${USER_OTHER_GROUP} ; do
204
    [[ -z "$grpname" ]] && continue
Jondy Zhao's avatar
Jondy Zhao committed
205 206 207
    add_member_to_group ${USER_NAME} $grpname ||
    (echo "Failed to add ${USER_NAME} to group $group" ; exit 1)
done
208

209 210
set_primary_group $USER_NAME $USER_INIT_GROUP

Jondy Zhao's avatar
Jondy Zhao committed
211
# net user "${USER_NAME}" /delete ||
Marco Mariani's avatar
Marco Mariani committed
212
# (echo "Failed to delete user ${USER_NAME}" ; exit 1)
Jondy Zhao's avatar
Jondy Zhao committed
213
# sed -i -e "/^${USER_NAME}/d" /etc/passwd