adduser.sh revision 168651
1#!/bin/sh 2# 3# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions and the following disclaimer. 10# 2. Redistributions in binary form must reproduce the above copyright 11# notice, this list of conditions and the following disclaimer in the 12# documentation and/or other materials provided with the distribution. 13# 14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24# 25# Email: Mike Makonnen <mtm@FreeBSD.Org> 26# 27# $FreeBSD: head/usr.sbin/adduser/adduser.sh 168651 2007-04-12 07:38:26Z mtm $ 28# 29 30# err msg 31# Display $msg on stderr, unless we're being quiet. 32# 33err() { 34 if [ -z "$quietflag" ]; then 35 echo 1>&2 ${THISCMD}: ERROR: $* 36 fi 37} 38 39# info msg 40# Display $msg on stdout, unless we're being quiet. 41# 42info() { 43 if [ -z "$quietflag" ]; then 44 echo ${THISCMD}: INFO: $* 45 fi 46} 47 48# get_nextuid 49# Output the value of $_uid if it is available for use. If it 50# is not, output the value of the next higher uid that is available. 51# If a uid is not specified, output the first available uid, as indicated 52# by pw(8). 53# 54get_nextuid () { 55 _uid=$1 56 _nextuid= 57 58 if [ -z "$_uid" ]; then 59 _nextuid="`${PWCMD} usernext | cut -f1 -d:`" 60 else 61 while : ; do 62 ${PWCMD} usershow $_uid > /dev/null 2>&1 63 if [ ! "$?" -eq 0 ]; then 64 _nextuid=$_uid 65 break 66 fi 67 _uid=$(($_uid + 1)) 68 done 69 fi 70 echo $_nextuid 71} 72 73# show_usage 74# Display usage information for this utility. 75# 76show_usage() { 77 echo "usage: ${THISCMD} [options]" 78 echo " options may include:" 79 echo " -C save to the configuration file only" 80 echo " -D do not attempt to create the home directory" 81 echo " -E disable this account after creation" 82 echo " -G additional groups to add accounts to" 83 echo " -L login class of the user" 84 echo " -N do not read configuration file" 85 echo " -S a nonexistent shell is not an error" 86 echo " -d home directory" 87 echo " -f file from which input will be received" 88 echo " -g default login group" 89 echo " -h display this usage message" 90 echo " -k path to skeleton home directory" 91 echo " -m user welcome message file" 92 echo " -q absolute minimal user feedback" 93 echo " -s shell" 94 echo " -u uid to start at" 95 echo " -w password type: no, none, yes or random" 96} 97 98# valid_shells 99# Outputs a list of valid shells from /etc/shells. Only the 100# basename of the shell is output. 101# 102valid_shells() { 103 _prefix= 104 cat ${ETCSHELLS} | 105 while read _path _junk ; do 106 case $_path in 107 \#*|'') 108 ;; 109 *) 110 echo -n "${_prefix}`basename $_path`" 111 _prefix=' ' 112 ;; 113 esac 114 done 115 116 # /usr/sbin/nologin is a special case 117 [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" 118} 119 120# fullpath_from_shell shell 121# Given $shell, which is either the full path to a shell or 122# the basename component of a valid shell, get the 123# full path to the shell from the /etc/shells file. 124# 125fullpath_from_shell() { 126 _shell=$1 127 [ -z "$_shell" ] && return 1 128 129 # /usr/sbin/nologin is a special case; it needs to be handled 130 # before the cat | while loop, since a 'return' from within 131 # a subshell will not terminate the function's execution, and 132 # the path to the nologin shell might be printed out twice. 133 # 134 if [ "$_shell" = "${NOLOGIN}" -o \ 135 "$_shell" = "${NOLOGIN_PATH}" ]; then 136 echo ${NOLOGIN_PATH} 137 return 0; 138 fi 139 140 cat ${ETCSHELLS} | 141 while read _path _junk ; do 142 case "$_path" in 143 \#*|'') 144 ;; 145 *) 146 if [ "$_path" = "$_shell" -o \ 147 "`basename $_path`" = "$_shell" ]; then 148 echo $_path 149 return 0 150 fi 151 ;; 152 esac 153 done 154 155 return 1 156} 157 158# shell_exists shell 159# If the given shell is listed in ${ETCSHELLS} or it is 160# the nologin shell this function will return 0. 161# Otherwise, it will return 1. If shell is valid but 162# the path is invalid or it is not executable it 163# will emit an informational message saying so. 164# 165shell_exists() 166{ 167 _sh="$1" 168 _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" 169 170 if ! eval $_shellchk; then 171 # The nologin shell is not listed in /etc/shells. 172 if [ "$_sh" != "${NOLOGIN_PATH}" ]; then 173 err "Invalid shell ($_sh) for user $username." 174 return 1 175 fi 176 fi 177 ! [ -x "$_sh" ] && 178 info "The shell ($_sh) does not exist or is not executable." 179 180 return 0 181} 182 183# save_config 184# Save some variables to a configuration file. 185# Note: not all script variables are saved, only those that 186# it makes sense to save. 187# 188save_config() { 189 echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} 190 echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} 191 echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} 192 echo '' >> ${ADDUSERCONF} 193 echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} 194 echo "defaultclass=$uclass" >> ${ADDUSERCONF} 195 echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} 196 echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} 197 echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} 198 echo "defaultshell=$ushell" >> ${ADDUSERCONF} 199 echo "udotdir=$udotdir" >> ${ADDUSERCONF} 200 echo "msgfile=$msgfile" >> ${ADDUSERCONF} 201 echo "disableflag=$disableflag" >> ${ADDUSERCONF} 202} 203 204# add_user 205# Add a user to the user database. If the user chose to send a welcome 206# message or lock the account, do so. 207# 208add_user() { 209 210 # Is this a configuration run? If so, don't modify user database. 211 # 212 if [ -n "$configflag" ]; then 213 save_config 214 return 215 fi 216 217 _uid= 218 _name= 219 _comment= 220 _gecos= 221 _home= 222 _group= 223 _grouplist= 224 _shell= 225 _class= 226 _dotdir= 227 _expire= 228 _pwexpire= 229 _passwd= 230 _upasswd= 231 _passwdmethod= 232 233 _name="-n '$username'" 234 [ -n "$uuid" ] && _uid='-u "$uuid"' 235 [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' 236 [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' 237 [ -n "$ushell" ] && _shell='-s "$ushell"' 238 [ -n "$uclass" ] && _class='-L "$uclass"' 239 [ -n "$ugecos" ] && _comment='-c "$ugecos"' 240 [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' 241 [ -n "$uexpire" ] && _expire='-e "$uexpire"' 242 [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' 243 if [ -z "$Dflag" -a -n "$uhome" ]; then 244 # The /nonexistent home directory is special. It 245 # means the user has no home directory. 246 if [ "$uhome" = "$NOHOME" ]; then 247 _home='-d "$uhome"' 248 else 249 _home='-m -d "$uhome"' 250 fi 251 elif [ -n "$Dflag" -a -n "$uhome" ]; then 252 _home='-d "$uhome"' 253 fi 254 case $passwdtype in 255 no) 256 _passwdmethod="-w no" 257 _passwd="-h -" 258 ;; 259 yes) 260 # Note on processing the password: The outer double quotes 261 # make literal everything except ` and \ and $. 262 # The outer single quotes make literal ` and $. 263 # We can ensure the \ isn't treated specially by specifying 264 # the -r switch to the read command used to obtain the input. 265 # 266 _passwdmethod="-w yes" 267 _passwd="-h 0" 268 _upasswd='echo "$upass" |' 269 ;; 270 none) 271 _passwdmethod="-w none" 272 ;; 273 random) 274 _passwdmethod="-w random" 275 ;; 276 esac 277 278 _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" 279 _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" 280 _pwcmd="$_pwcmd $_expire $_pwexpire" 281 282 if ! _output=`eval $_pwcmd` ; then 283 err "There was an error adding user ($username)." 284 return 1 285 else 286 info "Successfully added ($username) to the user database." 287 if [ "random" = "$passwdtype" ]; then 288 randompass="$_output" 289 info "Password for ($username) is: $randompass" 290 fi 291 fi 292 293 if [ -n "$disableflag" ]; then 294 if ${PWCMD} lock $username ; then 295 info "Account ($username) is locked." 296 else 297 info "Account ($username) could NOT be locked." 298 fi 299 fi 300 301 _line= 302 _owner= 303 _perms= 304 if [ -n "$msgflag" ]; then 305 [ -r "$msgfile" ] && { 306 # We're evaluating the contents of an external file. 307 # Let's not open ourselves up for attack. _perms will 308 # be empty if it's writeable only by the owner. _owner 309 # will *NOT* be empty if the file is owned by root. 310 # 311 _dir="`dirname $msgfile`" 312 _file="`basename $msgfile`" 313 _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` 314 _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` 315 if [ -z "$_owner" -o -n "$_perms" ]; then 316 err "The message file ($msgfile) may be writeable only by root." 317 return 1 318 fi 319 cat "$msgfile" | 320 while read _line ; do 321 eval echo "$_line" 322 done | ${MAILCMD} -s"Welcome" ${username} 323 info "Sent welcome message to ($username)." 324 } 325 fi 326} 327 328# get_user 329# Reads username of the account from standard input or from a global 330# variable containing an account line from a file. The username is 331# required. If this is an interactive session it will prompt in 332# a loop until a username is entered. If it is batch processing from 333# a file it will output an error message and return to the caller. 334# 335get_user() { 336 _input= 337 338 # No need to take down user names if this is a configuration saving run. 339 [ -n "$configflag" ] && return 340 341 while : ; do 342 if [ -z "$fflag" ]; then 343 echo -n "Username: " 344 read _input 345 else 346 _input="`echo "$fileline" | cut -f1 -d:`" 347 fi 348 349 # There *must* be a username, and it must not exist. If 350 # this is an interactive session give the user an 351 # opportunity to retry. 352 # 353 if [ -z "$_input" ]; then 354 err "You must enter a username!" 355 [ -z "$fflag" ] && continue 356 fi 357 ${PWCMD} usershow $_input > /dev/null 2>&1 358 if [ "$?" -eq 0 ]; then 359 err "User exists!" 360 [ -z "$fflag" ] && continue 361 fi 362 break 363 done 364 username="$_input" 365} 366 367# get_gecos 368# Reads extra information about the user. Can be used both in interactive 369# and batch (from file) mode. 370# 371get_gecos() { 372 _input= 373 374 # No need to take down additional user information for a configuration run. 375 [ -n "$configflag" ] && return 376 377 if [ -z "$fflag" ]; then 378 echo -n "Full name: " 379 read _input 380 else 381 _input="`echo "$fileline" | cut -f7 -d:`" 382 fi 383 ugecos="$_input" 384} 385 386# get_shell 387# Get the account's shell. Works in interactive and batch mode. It 388# accepts either the base name of the shell or the full path. 389# If an invalid shell is entered it will simply use the default shell. 390# 391get_shell() { 392 _input= 393 _fullpath= 394 ushell="$defaultshell" 395 396 # Make sure the current value of the shell is a valid one 397 if [ -z "$Sflag" ]; then 398 if ! shell_exists $ushell ; then 399 info "Using default shell ${defaultshell}." 400 ushell="$defaultshell" 401 fi 402 fi 403 404 if [ -z "$fflag" ]; then 405 echo -n "Shell ($shells) [`basename $ushell`]: " 406 read _input 407 else 408 _input="`echo "$fileline" | cut -f9 -d:`" 409 fi 410 if [ -n "$_input" ]; then 411 if [ -n "$Sflag" ]; then 412 ushell="$_input" 413 else 414 _fullpath=`fullpath_from_shell $_input` 415 if [ -n "$_fullpath" ]; then 416 ushell="$_fullpath" 417 else 418 err "Invalid shell ($_input) for user $username." 419 info "Using default shell ${defaultshell}." 420 ushell="$defaultshell" 421 fi 422 fi 423 fi 424} 425 426# get_homedir 427# Reads the account's home directory. Used both with interactive input 428# and batch input. 429# 430get_homedir() { 431 _input= 432 if [ -z "$fflag" ]; then 433 echo -n "Home directory [${homeprefix}/${username}]: " 434 read _input 435 else 436 _input="`echo "$fileline" | cut -f8 -d:`" 437 fi 438 439 if [ -n "$_input" ]; then 440 uhome="$_input" 441 # if this is a configuration run, then user input is the home 442 # directory prefix. Otherwise it is understood to 443 # be $prefix/$user 444 # 445 [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" 446 else 447 uhome="${homeprefix}/${username}" 448 fi 449} 450 451# get_uid 452# Reads a numeric userid in an interactive or batch session. Automatically 453# allocates one if it is not specified. 454# 455get_uid() { 456 if [ -z "$uuid" ]; then 457 uuid=${uidstart} 458 fi 459 460 _input= 461 _prompt= 462 463 # No need to take down uids for a configuration saving run. 464 [ -n "$configflag" ] && return 465 466 if [ -n "$uuid" ]; then 467 _prompt="Uid [$uuid]: " 468 else 469 _prompt="Uid (Leave empty for default): " 470 fi 471 if [ -z "$fflag" ]; then 472 echo -n "$_prompt" 473 read _input 474 else 475 _input="`echo "$fileline" | cut -f2 -d:`" 476 fi 477 478 [ -n "$_input" ] && uuid=$_input 479 uuid=`get_nextuid $uuid` 480 uidstart=$uuid 481} 482 483# get_class 484# Reads login class of account. Can be used in interactive or batch mode. 485# 486get_class() { 487 uclass="$defaultclass" 488 _input= 489 _class=${uclass:-"default"} 490 491 if [ -z "$fflag" ]; then 492 echo -n "Login class [$_class]: " 493 read _input 494 else 495 _input="`echo "$fileline" | cut -f4 -d:`" 496 fi 497 498 [ -n "$_input" ] && uclass="$_input" 499} 500 501# get_logingroup 502# Reads user's login group. Can be used in both interactive and batch 503# modes. The specified value can be a group name or its numeric id. 504# This routine leaves the field blank if nothing is provided and 505# a default login group has not been set. The pw(8) command 506# will then provide a login group with the same name as the username. 507# 508get_logingroup() { 509 ulogingroup="$defaultLgroup" 510 _input= 511 512 if [ -z "$fflag" ]; then 513 echo -n "Login group [${ulogingroup:-$username}]: " 514 read _input 515 else 516 _input="`echo "$fileline" | cut -f3 -d:`" 517 fi 518 519 # Pw(8) will use the username as login group if it's left empty 520 [ -n "$_input" ] && ulogingroup="$_input" 521} 522 523# get_groups 524# Read additional groups for the user. It can be used in both interactive 525# and batch modes. 526# 527get_groups() { 528 ugroups="$defaultgroups" 529 _input= 530 _group=${ulogingroup:-"${username}"} 531 532 if [ -z "$configflag" ]; then 533 [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" 534 [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " 535 else 536 [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " 537 fi 538 read _input 539 540 [ -n "$_input" ] && ugroups="$_input" 541} 542 543# get_expire_dates 544# Read expiry information for the account and also for the password. This 545# routine is used only from batch processing mode. 546# 547get_expire_dates() { 548 upwexpire="`echo "$fileline" | cut -f5 -d:`" 549 uexpire="`echo "$fileline" | cut -f6 -d:`" 550} 551 552# get_password 553# Read the password in batch processing mode. The password field matters 554# only when the password type is "yes" or "random". If the field is empty and the 555# password type is "yes", then it assumes the account has an empty passsword 556# and changes the password type accordingly. If the password type is "random" 557# and the password field is NOT empty, then it assumes the account will NOT 558# have a random password and set passwdtype to "yes." 559# 560get_password() { 561 # We may temporarily change a password type. Make sure it's changed 562 # back to whatever it was before we process the next account. 563 # 564 [ -n "$savedpwtype" ] && { 565 passwdtype=$savedpwtype 566 savedpwtype= 567 } 568 569 # There may be a ':' in the password 570 upass=${fileline#*:*:*:*:*:*:*:*:*:} 571 572 if [ -z "$upass" ]; then 573 case $passwdtype in 574 yes) 575 # if it's empty, assume an empty password 576 passwdtype=none 577 savedpwtype=yes 578 ;; 579 esac 580 else 581 case $passwdtype in 582 random) 583 passwdtype=yes 584 savedpwtype=random 585 ;; 586 esac 587 fi 588} 589 590# input_from_file 591# Reads a line of account information from standard input and 592# adds it to the user database. 593# 594input_from_file() { 595 _field= 596 597 while read -r fileline ; do 598 case "$fileline" in 599 \#*|'') 600 ;; 601 *) 602 get_user || continue 603 get_gecos 604 get_uid 605 get_logingroup 606 get_class 607 get_shell 608 get_homedir 609 get_password 610 get_expire_dates 611 612 add_user 613 ;; 614 esac 615 done 616} 617 618# input_interactive 619# Prompts for user information interactively, and commits to 620# the user database. 621# 622input_interactive() { 623 624 _disable= 625 _pass= 626 _passconfirm= 627 _random="no" 628 _emptypass="no" 629 _usepass="yes" 630 _logingroup_ok="no" 631 _groups_ok="no" 632 case $passwdtype in 633 none) 634 _emptypass="yes" 635 _usepass="yes" 636 ;; 637 no) 638 _usepass="no" 639 ;; 640 random) 641 _random="yes" 642 ;; 643 esac 644 645 get_user 646 get_gecos 647 get_uid 648 649 # The case where group = user is handled elsewhere, so 650 # validate any other groups the user is invited to. 651 until [ "$_logingroup_ok" = yes ]; do 652 get_logingroup 653 _logingroup_ok=yes 654 if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then 655 if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then 656 echo "Group $ulogingroup does not exist!" 657 _logingroup_ok=no 658 fi 659 fi 660 done 661 until [ "$_groups_ok" = yes ]; do 662 get_groups 663 _groups_ok=yes 664 for i in $ugroups; do 665 if [ "$username" != "$i" ]; then 666 if ! ${PWCMD} show group $i > /dev/null 2>&1; then 667 echo "Group $i does not exist!" 668 _groups_ok=no 669 fi 670 fi 671 done 672 done 673 674 get_class 675 get_shell 676 get_homedir 677 678 while : ; do 679 echo -n "Use password-based authentication? [$_usepass]: " 680 read _input 681 [ -z "$_input" ] && _input=$_usepass 682 case $_input in 683 [Nn][Oo]|[Nn]) 684 passwdtype="no" 685 ;; 686 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 687 while : ; do 688 echo -n "Use an empty password? (yes/no) [$_emptypass]: " 689 read _input 690 [ -n "$_input" ] && _emptypass=$_input 691 case $_emptypass in 692 [Nn][Oo]|[Nn]) 693 echo -n "Use a random password? (yes/no) [$_random]: " 694 read _input 695 [ -n "$_input" ] && _random="$_input" 696 case $_random in 697 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 698 passwdtype="random" 699 break 700 ;; 701 esac 702 passwdtype="yes" 703 [ -n "$configflag" ] && break 704 trap 'stty echo; exit' 0 1 2 3 15 705 stty -echo 706 echo -n "Enter password: " 707 read -r upass 708 echo'' 709 echo -n "Enter password again: " 710 read -r _passconfirm 711 echo '' 712 stty echo 713 # if user entered a blank password 714 # explicitly ask again. 715 [ -z "$upass" -a -z "$_passconfirm" ] \ 716 && continue 717 ;; 718 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 719 passwdtype="none" 720 break; 721 ;; 722 *) 723 # invalid answer; repeat the loop 724 continue 725 ;; 726 esac 727 if [ "$upass" != "$_passconfirm" ]; then 728 echo "Passwords did not match!" 729 continue 730 fi 731 break 732 done 733 ;; 734 *) 735 # invalid answer; repeat loop 736 continue 737 ;; 738 esac 739 break; 740 done 741 _disable=${disableflag:-"no"} 742 while : ; do 743 echo -n "Lock out the account after creation? [$_disable]: " 744 read _input 745 [ -z "$_input" ] && _input=$_disable 746 case $_input in 747 [Nn][Oo]|[Nn]) 748 disableflag= 749 ;; 750 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 751 disableflag=yes 752 ;; 753 *) 754 # invalid answer; repeat loop 755 continue 756 ;; 757 esac 758 break 759 done 760 761 # Display the information we have so far and prompt to 762 # commit it. 763 # 764 _disable=${disableflag:-"no"} 765 [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username 766 case $passwdtype in 767 yes) 768 _pass='*****' 769 ;; 770 no) 771 _pass='<disabled>' 772 ;; 773 none) 774 _pass='<blank>' 775 ;; 776 random) 777 _pass='<random>' 778 ;; 779 esac 780 [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" 781 [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" 782 [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" 783 [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" 784 printf "%-10s : %s\n" "Class" "$uclass" 785 printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" 786 printf "%-10s : %s\n" "Home" "$uhome" 787 printf "%-10s : %s\n" "Shell" "$ushell" 788 printf "%-10s : %s\n" "Locked" "$_disable" 789 while : ; do 790 echo -n "OK? (yes/no): " 791 read _input 792 case $_input in 793 [Nn][Oo]|[Nn]) 794 return 1 795 ;; 796 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 797 add_user 798 ;; 799 *) 800 continue 801 ;; 802 esac 803 break 804 done 805 return 0 806} 807 808#### END SUBROUTINE DEFINITION #### 809 810THISCMD=`/usr/bin/basename $0` 811DEFAULTSHELL=/bin/sh 812ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" 813PWCMD="${PWCMD:-/usr/sbin/pw}" 814MAILCMD="${MAILCMD:-mail}" 815ETCSHELLS="${ETCSHELLS:-/etc/shells}" 816NOHOME="/nonexistent" 817NOLOGIN="nologin" 818NOLOGIN_PATH="/usr/sbin/nologin" 819GREPCMD="/usr/bin/grep" 820DATECMD="/bin/date" 821 822# Set default values 823# 824username= 825uuid= 826uidstart= 827ugecos= 828ulogingroup= 829uclass= 830uhome= 831upass= 832ushell= 833udotdir=/usr/share/skel 834ugroups= 835uexpire= 836upwexpire= 837shells="`valid_shells`" 838passwdtype="yes" 839msgfile=/etc/adduser.msg 840msgflag= 841quietflag= 842configflag= 843fflag= 844infile= 845disableflag= 846Dflag= 847Sflag= 848readconfig="yes" 849homeprefix="/home" 850randompass= 851fileline= 852savedpwtype= 853defaultclass= 854defaultLgroup= 855defaultgroups= 856defaultshell="${DEFAULTSHELL}" 857 858# Make sure the user running this program is root. This isn't a security 859# measure as much as it is a usefull method of reminding the user to 860# 'su -' before he/she wastes time entering data that won't be saved. 861# 862procowner=${procowner:-`/usr/bin/id -u`} 863if [ "$procowner" != "0" ]; then 864 err 'you must be the super-user (uid 0) to use this utility.' 865 exit 1 866fi 867 868# Overide from our conf file 869# Quickly go through the commandline line to see if we should read 870# from our configuration file. The actual parsing of the commandline 871# arguments happens after we read in our configuration file (commandline 872# should override configuration file). 873# 874for _i in $* ; do 875 if [ "$_i" = "-N" ]; then 876 readconfig= 877 break; 878 fi 879done 880if [ -n "$readconfig" ]; then 881 # On a long-lived system, the first time this script is run it 882 # will barf upon reading the configuration file for its perl predecessor. 883 if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then 884 [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 885 fi 886fi 887 888# Proccess command-line options 889# 890for _switch ; do 891 case $_switch in 892 -L) 893 defaultclass="$2" 894 shift; shift 895 ;; 896 -C) 897 configflag=yes 898 shift 899 ;; 900 -D) 901 Dflag=yes 902 shift 903 ;; 904 -E) 905 disableflag=yes 906 shift 907 ;; 908 -k) 909 udotdir="$2" 910 shift; shift 911 ;; 912 -f) 913 [ "$2" != "-" ] && infile="$2" 914 fflag=yes 915 shift; shift 916 ;; 917 -g) 918 defaultLgroup="$2" 919 shift; shift 920 ;; 921 -G) 922 defaultgroups="$2" 923 shift; shift 924 ;; 925 -h) 926 show_usage 927 exit 0 928 ;; 929 -d) 930 homeprefix="$2" 931 shift; shift 932 ;; 933 -m) 934 case "$2" in 935 [Nn][Oo]) 936 msgflag= 937 ;; 938 *) 939 msgflag=yes 940 msgfile="$2" 941 ;; 942 esac 943 shift; shift 944 ;; 945 -N) 946 readconfig= 947 shift 948 ;; 949 -w) 950 case "$2" in 951 no|none|random|yes) 952 passwdtype=$2 953 ;; 954 *) 955 show_usage 956 exit 1 957 ;; 958 esac 959 shift; shift 960 ;; 961 -q) 962 quietflag=yes 963 shift 964 ;; 965 -s) 966 defaultshell="`fullpath_from_shell $2`" 967 shift; shift 968 ;; 969 -S) 970 Sflag=yes 971 shift 972 ;; 973 -u) 974 uidstart=$2 975 shift; shift 976 ;; 977 esac 978done 979 980# If the -f switch was used, get input from a file. Otherwise, 981# this is an interactive session. 982# 983if [ -n "$fflag" ]; then 984 if [ -z "$infile" ]; then 985 input_from_file 986 elif [ -n "$infile" ]; then 987 if [ -r "$infile" ]; then 988 input_from_file < $infile 989 else 990 err "File ($infile) is unreadable or does not exist." 991 fi 992 fi 993else 994 input_interactive 995 while : ; do 996 if [ -z "$configflag" ]; then 997 echo -n "Add another user? (yes/no): " 998 else 999 echo -n "Re-edit the default configuration? (yes/no): " 1000 fi 1001 read _input 1002 case $_input in 1003 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 1004 uidstart=`get_nextuid $uidstart` 1005 input_interactive 1006 continue 1007 ;; 1008 [Nn][Oo]|[Nn]) 1009 echo "Goodbye!" 1010 ;; 1011 *) 1012 continue 1013 ;; 1014 esac 1015 break 1016 done 1017fi 1018