adduser.sh revision 167917
11195Srgrimes#!/bin/sh 250472Speter# 337Srgrimes# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. 4156813Sru# 5156813Sru# Redistribution and use in source and binary forms, with or without 6156813Sru# modification, are permitted provided that the following conditions 738103Speter# are met: 873251Sgshapiro# 1. Redistributions of source code must retain the above copyright 938103Speter# notice, this list of conditions and the following disclaimer. 10265037Sjmmv# 2. Redistributions in binary form must reproduce the above copyright 11265037Sjmmv# notice, this list of conditions and the following disclaimer in the 12265037Sjmmv# documentation and/or other materials provided with the distribution. 13265037Sjmmv# 14236965Sdes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15231849Seadler# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16231849Seadler# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17231849Seadler# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18231849Seadler# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19231849Seadler# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20231849Seadler# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21231849Seadler# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22231849Seadler# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23231849Seadler# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24231849Seadler# 25231849Seadler# Email: Mike Makonnen <mtm@FreeBSD.Org> 26231849Seadler# 27231849Seadler# $FreeBSD: head/usr.sbin/adduser/adduser.sh 167917 2007-03-26 22:22:10Z le $ 28231849Seadler# 29253853Sjlh 30231849Seadler# err msg 31231849Seadler# Display $msg on stderr, unless we're being quiet. 32231849Seadler# 33231849Seadlererr() { 34231849Seadler if [ -z "$quietflag" ]; then 35231849Seadler echo 1>&2 ${THISCMD}: ERROR: $* 36231849Seadler fi 37231849Seadler} 38231849Seadler 39231849Seadler# info msg 40231849Seadler# Display $msg on stdout, unless we're being quiet. 41231849Seadler# 42231849Seadlerinfo() { 43231849Seadler if [ -z "$quietflag" ]; then 44231849Seadler echo ${THISCMD}: INFO: $* 45231849Seadler fi 46231849Seadler} 47231849Seadler 48231849Seadler# get_nextuid 49231849Seadler# Output the value of $_uid if it is available for use. If it 50231849Seadler# is not, output the value of the next higher uid that is available. 51231849Seadler# If a uid is not specified, output the first available uid, as indicated 52231849Seadler# by pw(8). 53231849Seadler# 54231849Seadlerget_nextuid () { 55231849Seadler _uid=$1 56155210Srwatson _nextuid= 57255425Sdes 58255413Sdes if [ -z "$_uid" ]; then 59255385Sdes _nextuid="`${PWCMD} usernext | cut -f1 -d:`" 60255385Sdes else 61199249Sed while : ; do 62199249Sed ${PWCMD} usershow $_uid > /dev/null 2>&1 63209134Simp if [ ! "$?" -eq 0 ]; then 64209134Simp _nextuid=$_uid 65209134Simp break 66209134Simp fi 67199249Sed _uid=$(($_uid + 1)) 68209134Simp done 69199249Sed fi 70199249Sed echo $_nextuid 71155210Srwatson} 72155210Srwatson 73155210Srwatson# show_usage 74155210Srwatson# Display usage information for this utility. 75155210Srwatson# 76155210Srwatsonshow_usage() { 77155210Srwatson echo "usage: ${THISCMD} [options]" 78155210Srwatson echo " options may include:" 79183242Ssam echo " -C save to the configuration file only" 80183242Ssam echo " -D do not attempt to create the home directory" 81183242Ssam echo " -E disable this account after creation" 82183242Ssam echo " -G additional groups to add accounts to" 83183242Ssam echo " -L login class of the user" 84183242Ssam echo " -N do not read configuration file" 85183242Ssam echo " -S a nonexistent shell is not an error" 86183242Ssam echo " -d home directory" 87183242Ssam echo " -f file from which input will be received" 88183242Ssam echo " -g default login group" 89183242Ssam echo " -h display this usage message" 90183242Ssam echo " -k path to skeleton home directory" 91183242Ssam echo " -m user welcome message file" 92183242Ssam echo " -q absolute minimal user feedback" 93183242Ssam echo " -s shell" 94183242Ssam echo " -u uid to start at" 95183242Ssam echo " -w password type: no, none, yes or random" 96183242Ssam} 97183242Ssam 98183242Ssam# valid_shells 99183242Ssam# Outputs a list of valid shells from /etc/shells. Only the 100183242Ssam# basename of the shell is output. 101156813Sru# 102183242Ssamvalid_shells() { 103121911Smarkm _prefix= 10437Srgrimes cat ${ETCSHELLS} | 105183242Ssam while read _path _junk ; do 106183242Ssam case $_path in 107158115Sume \#*|'') 108158115Sume ;; 109193635Sedwin *) 110193635Sedwin echo -n "${_prefix}`basename $_path`" 111193635Sedwin _prefix=' ' 112193635Sedwin ;; 113156813Sru esac 11457488Speter done 11574837Sgreen 116124214Sdes # /usr/sbin/nologin is a special case 11757459Smarkm [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" 118156813Sru} 11960677Skris 12060677Skris# fullpath_from_shell shell 12160677Skris# Given $shell, which is either the full path to a shell or 122183242Ssam# the basename component of a valid shell, get the 123183242Ssam# full path to the shell from the /etc/shells file. 124183242Ssam# 125183242Ssamfullpath_from_shell() { 126183242Ssam _shell=$1 127183242Ssam [ -z "$_shell" ] && return 1 128183242Ssam 129183242Ssam # /usr/sbin/nologin is a special case; it needs to be handled 130183242Ssam # before the cat | while loop, since a 'return' from within 131183242Ssam # a subshell will not terminate the function's execution, and 132183242Ssam # the path to the nologin shell might be printed out twice. 133183242Ssam # 134184343Ssam if [ "$_shell" = "${NOLOGIN}" -o \ 135184343Ssam "$_shell" = "${NOLOGIN_PATH}" ]; then 136184343Ssam echo ${NOLOGIN_PATH} 137184343Ssam return 0; 138183268Ssam fi 139183268Ssam 140183268Ssam cat ${ETCSHELLS} | 141183268Ssam while read _path _junk ; do 14282521Salex case "$_path" in 143108002Sgreen \#*|'') 144147Srgrimes ;; 145196767Sflz *) 146260013Sjmmv if [ "$_path" = "$_shell" -o \ 147260013Sjmmv "`basename $_path`" = "$_shell" ]; then 148260013Sjmmv echo $_path 149156813Sru return 0 15095144Sgshapiro fi 15195144Sgshapiro ;; 152251512Semaste esac 153251512Semaste done 154251512Semaste 15599451Sru return 1 15699451Sru} 15799451Sru 158156813Sru# shell_exists shell 159117292Sgshapiro# If the given shell is listed in ${ETCSHELLS} or it is 160117292Sgshapiro# the nologin shell this function will return 0. 16164598Sgshapiro# Otherwise, it will return 1. If shell is valid but 16264598Sgshapiro# the path is invalid or it is not executable it 163117292Sgshapiro# will emit an informational message saying so. 16437Srgrimes# 165263Srgrimesshell_exists() 16699449Sru{ 167263Srgrimes _sh="$1" 168245825Sbrooks _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" 169245825Sbrooks 170245825Sbrooks if ! eval $_shellchk; then 171124831Sru # The nologin shell is not listed in /etc/shells. 172156813Sru if [ "$_sh" != "${NOLOGIN_PATH}" ]; then 173173135Syar err "Invalid shell ($_sh) for user $username." 174124831Sru return 1 175124831Sru fi 1764487Sphk fi 177270187Sian ! [ -x "$_sh" ] && 178270187Sian info "The shell ($_sh) does not exist or is not executable." 179270187Sian 180270187Sian return 0 181173135Syar} 1825948Sjkh 183142794Sru# save_config 184142794Sru# Save some variables to a configuration file. 185152471Sru# Note: not all script variables are saved, only those that 186152471Sru# it makes sense to save. 187142794Sru# 188152471Srusave_config() { 189152471Sru echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} 190142794Sru echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} 191149515Simp echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} 192149515Simp echo '' >> ${ADDUSERCONF} 193142794Sru echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} 194142794Sru echo "defaultclass=$uclass" >> ${ADDUSERCONF} 195246097Sbrooks echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} 196246097Sbrooks echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} 197246097Sbrooks echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} 198246097Sbrooks echo "defaultshell=$ushell" >> ${ADDUSERCONF} 1994487Sphk echo "udotdir=$udotdir" >> ${ADDUSERCONF} 200148282Sru echo "msgfile=$msgfile" >> ${ADDUSERCONF} 201148282Sru echo "disableflag=$disableflag" >> ${ADDUSERCONF} 202148282Sru} 203148282Sru 20499449Sru# add_user 205100872Sru# Add a user to the user database. If the user chose to send a welcome 20699451Sru# message or lock the account, do so. 207142794Sru# 208100872Sruadd_user() { 20999451Sru 210100872Sru # Is this a configuration run? If so, don't modify user database. 211184343Ssam # 212205329Sed if [ -n "$configflag" ]; then 213205335Sed save_config 214205329Sed return 215184343Ssam fi 216184443Smp 217184343Ssam _uid= 218184343Ssam _name= 219184343Ssam _comment= 220246097Sbrooks _gecos= 221246097Sbrooks _home= 222246097Sbrooks _group= 223246097Sbrooks _grouplist= 224246097Sbrooks _shell= 225246097Sbrooks _class= 226246097Sbrooks _dotdir= 227246097Sbrooks _expire= 228183242Ssam _pwexpire= 229173135Syar _passwd= 230183242Ssam _upasswd= 231173135Syar _passwdmethod= 232186249Sthompsa 233173135Syar _name="-n '$username'" 234173135Syar [ -n "$uuid" ] && _uid='-u "$uuid"' 235257353Sbdrewery [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' 236173135Syar [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' 237173135Syar [ -n "$ushell" ] && _shell='-s "$ushell"' 238173135Syar [ -n "$uclass" ] && _class='-L "$uclass"' 239173135Syar [ -n "$ugecos" ] && _comment='-c "$ugecos"' 240155210Srwatson [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' 241155210Srwatson [ -n "$uexpire" ] && _expire='-e "$uexpire"' 242155571Srwatson [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' 243155210Srwatson if [ -z "$Dflag" -a -n "$uhome" ]; then 244155210Srwatson # The /nonexistent home directory is special. It 245155210Srwatson # means the user has no home directory. 246255841Sdes if [ "$uhome" = "$NOHOME" ]; then 247255841Sdes _home='-d "$uhome"' 248255841Sdes else 249255841Sdes _home='-m -d "$uhome"' 250255841Sdes fi 251156813Sru elif [ -n "$Dflag" -a -n "$uhome" ]; then 252173135Syar _home='-d "$uhome"' 25373251Sgshapiro fi 254156813Sru case $passwdtype in 255100872Sru no) 25699451Sru _passwdmethod="-w no" 25757488Speter _passwd="-h -" 258156813Sru ;; 259100872Sru yes) 26099451Sru # Note on processing the password: The outer double quotes 26160677Skris # make literal everything except ` and \ and $. 262156813Sru # The outer single quotes make literal ` and $. 26399449Sru # We can ensure the \ isn't treated specially by specifying 264100872Sru # the -r switch to the read command used to obtain the input. 265120709Sphk # 266120709Sphk _passwdmethod="-w yes" 267120709Sphk _passwd="-h 0" 268120709Sphk _upasswd='echo "$upass" |' 269184343Ssam ;; 270184343Ssam none) 271184343Ssam _passwdmethod="-w none" 272184343Ssam ;; 273184343Ssam random) 274184343Ssam _passwdmethod="-w random" 27599451Sru ;; 276100872Sru esac 27799451Sru 278184343Ssam _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" 279184343Ssam _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" 280184343Ssam _pwcmd="$_pwcmd $_expire $_pwexpire" 281100872Sru 2821731Sjkh if ! _output=`eval $_pwcmd` ; then 283183242Ssam err "There was an error adding user ($username)." 284119058Sobrien return 1 2856177Samurai else 286183242Ssam info "Successfully added ($username) to the user database." 287183242Ssam if [ "random" = "$passwdtype" ]; then 288100872Sru randompass="$_output" 28964598Sgshapiro info "Password for ($username) is: $randompass" 290243101Seadler fi 29164629Sgshapiro fi 29264629Sgshapiro 29364629Sgshapiro if [ -n "$disableflag" ]; then 294183242Ssam if ${PWCMD} lock $username ; then 295100872Sru info "Account ($username) is locked." 29637Srgrimes else 297100872Sru info "Account ($username) could NOT be locked." 298147Srgrimes fi 299100872Sru fi 3001759Sjkh 301100872Sru _line= 30299451Sru _owner= 303209228Savg _perms= 304171427Simp if [ -n "$msgflag" ]; then 305126977Sru [ -r "$msgfile" ] && { 306126977Sru # We're evaluating the contents of an external file. 307126977Sru # Let's not open ourselves up for attack. _perms will 308171427Simp # be empty if it's writeable only by the owner. _owner 309209228Savg # will *NOT* be empty if the file is owned by root. 310224765Sdougb # 311224765Sdougb _dir="`dirname $msgfile`" 312224765Sdougb _file="`basename $msgfile`" 313224765Sdougb _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` 31437Srgrimes _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` 315245440Sbrooks if [ -z "$_owner" -o -n "$_perms" ]; then 316245440Sbrooks err "The message file ($msgfile) may be writeable only by root." 317245565Sbrooks return 1 318245565Sbrooks fi 319245565Sbrooks cat "$msgfile" | 320245565Sbrooks while read _line ; do 321251512Semaste eval echo "$_line" 322251512Semaste done | ${MAILCMD} -s"Welcome" ${username} 323251512Semaste info "Sent welcome message to ($username)." 324218941Suqs } 325245565Sbrooks fi 326218941Suqs} 327260013Sjmmv 328260024Sjmmv# get_user 329260013Sjmmv# Reads username of the account from standard input or from a global 330156813Sru# variable containing an account line from a file. The username is 331245565Sbrooks# required. If this is an interactive session it will prompt in 33295144Sgshapiro# a loop until a username is entered. If it is batch processing from 333245565Sbrooks# a file it will output an error message and return to the caller. 334245565Sbrooks# 335245565Sbrooksget_user() { 336245565Sbrooks _input= 337250116Sbrooks 338245565Sbrooks # No need to take down user names if this is a configuration saving run. 339245565Sbrooks [ -n "$configflag" ] && return 340245565Sbrooks 341245565Sbrooks while : ; do 342245565Sbrooks if [ -z "$fflag" ]; then 343245565Sbrooks echo -n "Username: " 344245565Sbrooks read _input 345245565Sbrooks else 346245565Sbrooks _input="`echo "$fileline" | cut -f1 -d:`" 347245565Sbrooks fi 348245825Sbrooks 349245825Sbrooks # There *must* be a username, and it must not exist. If 350245825Sbrooks # this is an interactive session give the user an 351245825Sbrooks # opportunity to retry. 352245825Sbrooks # 353245825Sbrooks if [ -z "$_input" ]; then 354245825Sbrooks err "You must enter a username!" 355245825Sbrooks [ -z "$fflag" ] && continue 356245825Sbrooks fi 357246127Sbrooks ${PWCMD} usershow $_input > /dev/null 2>&1 358246127Sbrooks if [ "$?" -eq 0 ]; then 359246127Sbrooks err "User exists!" 360246127Sbrooks [ -z "$fflag" ] && continue 361245825Sbrooks fi 362245825Sbrooks break 363247162Sache done 36477993Sache username="$_input" 365245571Sbrooks} 366245752Sbrooks 367245752Sbrooks# get_gecos 368245752Sbrooks# Reads extra information about the user. Can be used both in interactive 369245752Sbrooks# and batch (from file) mode. 37077993Sache# 371110663Sacheget_gecos() { 372245571Sbrooks _input= 373245752Sbrooks 374245571Sbrooks # No need to take down additional user information for a configuration run. 375245571Sbrooks [ -n "$configflag" ] && return 376110663Sache 377245571Sbrooks if [ -z "$fflag" ]; then 378245752Sbrooks echo -n "Full name: " 379245752Sbrooks read _input 380245752Sbrooks else 381110663Sache _input="`echo "$fileline" | cut -f7 -d:`" 382110663Sache fi 38377999Sache ugecos="$_input" 384245571Sbrooks} 385245752Sbrooks 38611635Sache# get_shell 38777999Sache# Get the account's shell. Works in interactive and batch mode. It 388147Srgrimes# accepts either the base name of the shell or the full path. 38948185Ssheldonh# If an invalid shell is entered it will simply use the default shell. 390100872Sru# 39199451Sruget_shell() { 39299451Sru _input= 393173135Syar _fullpath= 394119385Smtm ushell="$defaultshell" 39548185Ssheldonh 39637Srgrimes # Make sure the current value of the shell is a valid one 397 if [ -z "$Sflag" ]; then 398 if ! shell_exists $ushell ; then 399 info "Using default shell ${defaultshell}." 400 ushell="$defaultshell" 401 fi 402 fi 403 404 if [ -z "$fflag" ]; then 405 echo -n "Shell ($shells) [`basename $ushell`]: " 406 read _input 407 else 408 _input="`echo "$fileline" | cut -f9 -d:`" 409 fi 410 if [ -n "$_input" ]; then 411 if [ -n "$Sflag" ]; then 412 ushell="$_input" 413 else 414 _fullpath=`fullpath_from_shell $_input` 415 if [ -n "$_fullpath" ]; then 416 ushell="$_fullpath" 417 else 418 err "Invalid shell ($_input) for user $username." 419 info "Using default shell ${defaultshell}." 420 ushell="$defaultshell" 421 fi 422 fi 423 fi 424} 425 426# get_homedir 427# Reads the account's home directory. Used both with interactive input 428# and batch input. 429# 430get_homedir() { 431 _input= 432 if [ -z "$fflag" ]; then 433 echo -n "Home directory [${homeprefix}/${username}]: " 434 read _input 435 else 436 _input="`echo "$fileline" | cut -f8 -d:`" 437 fi 438 439 if [ -n "$_input" ]; then 440 uhome="$_input" 441 # if this is a configuration run, then user input is the home 442 # directory prefix. Otherwise it is understood to 443 # be $prefix/$user 444 # 445 [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" 446 else 447 uhome="${homeprefix}/${username}" 448 fi 449} 450 451# get_uid 452# Reads a numeric userid in an interactive or batch session. Automatically 453# allocates one if it is not specified. 454# 455get_uid() { 456 if [ -z "$uuid" ]; then 457 uuid=${uidstart} 458 fi 459 460 _input= 461 _prompt= 462 463 # No need to take down uids for a configuration saving run. 464 [ -n "$configflag" ] && return 465 466 if [ -n "$uuid" ]; then 467 _prompt="Uid [$uuid]: " 468 else 469 _prompt="Uid (Leave empty for default): " 470 fi 471 if [ -z "$fflag" ]; then 472 echo -n "$_prompt" 473 read _input 474 else 475 _input="`echo "$fileline" | cut -f2 -d:`" 476 fi 477 478 [ -n "$_input" ] && uuid=$_input 479 uuid=`get_nextuid $uuid` 480 uidstart=$uuid 481} 482 483# get_class 484# Reads login class of account. Can be used in interactive or batch mode. 485# 486get_class() { 487 uclass="$defaultclass" 488 _input= 489 _class=${uclass:-"default"} 490 491 if [ -z "$fflag" ]; then 492 echo -n "Login class [$_class]: " 493 read _input 494 else 495 _input="`echo "$fileline" | cut -f4 -d:`" 496 fi 497 498 [ -n "$_input" ] && uclass="$_input" 499} 500 501# get_logingroup 502# Reads user's login group. Can be used in both interactive and batch 503# modes. The specified value can be a group name or its numeric id. 504# This routine leaves the field blank if nothing is provided and 505# a default login group has not been set. The pw(8) command 506# will then provide a login group with the same name as the username. 507# 508get_logingroup() { 509 ulogingroup="$defaultLgroup" 510 _input= 511 512 if [ -z "$fflag" ]; then 513 echo -n "Login group [${ulogingroup:-$username}]: " 514 read _input 515 else 516 _input="`echo "$fileline" | cut -f3 -d:`" 517 fi 518 519 # Pw(8) will use the username as login group if it's left empty 520 [ -n "$_input" ] && ulogingroup="$_input" 521} 522 523# get_groups 524# Read additional groups for the user. It can be used in both interactive 525# and batch modes. 526# 527get_groups() { 528 ugroups="$defaultgroups" 529 _input= 530 _group=${ulogingroup:-"${username}"} 531 532 if [ -z "$configflag" ]; then 533 [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" 534 [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " 535 else 536 [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " 537 fi 538 read _input 539 540 [ -n "$_input" ] && ugroups="$_input" 541} 542 543# get_expire_dates 544# Read expiry information for the account and also for the password. This 545# routine is used only from batch processing mode. 546# 547get_expire_dates() { 548 upwexpire="`echo "$fileline" | cut -f5 -d:`" 549 uexpire="`echo "$fileline" | cut -f6 -d:`" 550} 551 552# get_password 553# Read the password in batch processing mode. The password field matters 554# only when the password type is "yes" or "random". If the field is empty and the 555# password type is "yes", then it assumes the account has an empty passsword 556# and changes the password type accordingly. If the password type is "random" 557# and the password field is NOT empty, then it assumes the account will NOT 558# have a random password and set passwdtype to "yes." 559# 560get_password() { 561 # We may temporarily change a password type. Make sure it's changed 562 # back to whatever it was before we process the next account. 563 # 564 [ -n "$savedpwtype" ] && { 565 passwdtype=$savedpwtype 566 savedpwtype= 567 } 568 569 # There may be a ':' in the password 570 upass=${fileline#*:*:*:*:*:*:*:*:*:} 571 572 if [ -z "$upass" ]; then 573 case $passwdtype in 574 yes) 575 # if it's empty, assume an empty password 576 passwdtype=none 577 savedpwtype=yes 578 ;; 579 esac 580 else 581 case $passwdtype in 582 random) 583 passwdtype=yes 584 savedpwtype=random 585 ;; 586 esac 587 fi 588} 589 590# input_from_file 591# Reads a line of account information from standard input and 592# adds it to the user database. 593# 594input_from_file() { 595 _field= 596 597 while read -r fileline ; do 598 case "$fileline" in 599 \#*|'') 600 ;; 601 esac 602 603 get_user || continue 604 get_gecos 605 get_uid 606 get_logingroup 607 get_class 608 get_shell 609 get_homedir 610 get_password 611 get_expire_dates 612 613 add_user 614 done 615} 616 617# input_interactive 618# Prompts for user information interactively, and commits to 619# the user database. 620# 621input_interactive() { 622 623 _disable= 624 _pass= 625 _passconfirm= 626 _random="no" 627 _emptypass="no" 628 _usepass="yes" 629 _logingroup_ok="no" 630 _groups_ok="no" 631 case $passwdtype in 632 none) 633 _emptypass="yes" 634 _usepass="yes" 635 ;; 636 no) 637 _usepass="no" 638 ;; 639 random) 640 _random="yes" 641 ;; 642 esac 643 644 get_user 645 get_gecos 646 get_uid 647 648 # The case where group = user is handled elsewhere, so 649 # validate any other groups the user is invited to. 650 until [ "$_logingroup_ok" = yes ]; do 651 get_logingroup 652 _logingroup_ok=yes 653 if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then 654 if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then 655 echo "Group $ulogingroup does not exist!" 656 _logingroup_ok=no 657 fi 658 fi 659 done 660 until [ "$_groups_ok" = yes ]; do 661 get_groups 662 _groups_ok=yes 663 for i in $ugroups; do 664 if [ "$username" != "$i" ]; then 665 if ! ${PWCMD} show group $i > /dev/null 2>&1; then 666 echo "Group $i does not exist!" 667 _groups_ok=no 668 fi 669 fi 670 done 671 done 672 673 get_class 674 get_shell 675 get_homedir 676 677 while : ; do 678 echo -n "Use password-based authentication? [$_usepass]: " 679 read _input 680 [ -z "$_input" ] && _input=$_usepass 681 case $_input in 682 [Nn][Oo]|[Nn]) 683 passwdtype="no" 684 ;; 685 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 686 while : ; do 687 echo -n "Use an empty password? (yes/no) [$_emptypass]: " 688 read _input 689 [ -n "$_input" ] && _emptypass=$_input 690 case $_emptypass in 691 [Nn][Oo]|[Nn]) 692 echo -n "Use a random password? (yes/no) [$_random]: " 693 read _input 694 [ -n "$_input" ] && _random="$_input" 695 case $_random in 696 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 697 passwdtype="random" 698 break 699 ;; 700 esac 701 passwdtype="yes" 702 [ -n "$configflag" ] && break 703 trap 'stty echo; exit' 0 1 2 3 15 704 stty -echo 705 echo -n "Enter password: " 706 read -r upass 707 echo'' 708 echo -n "Enter password again: " 709 read -r _passconfirm 710 echo '' 711 stty echo 712 # if user entered a blank password 713 # explicitly ask again. 714 [ -z "$upass" -a -z "$_passconfirm" ] \ 715 && continue 716 ;; 717 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 718 passwdtype="none" 719 break; 720 ;; 721 *) 722 # invalid answer; repeat the loop 723 continue 724 ;; 725 esac 726 if [ "$upass" != "$_passconfirm" ]; then 727 echo "Passwords did not match!" 728 continue 729 fi 730 break 731 done 732 ;; 733 *) 734 # invalid answer; repeat loop 735 continue 736 ;; 737 esac 738 break; 739 done 740 _disable=${disableflag:-"no"} 741 while : ; do 742 echo -n "Lock out the account after creation? [$_disable]: " 743 read _input 744 [ -z "$_input" ] && _input=$_disable 745 case $_input in 746 [Nn][Oo]|[Nn]) 747 disableflag= 748 ;; 749 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 750 disableflag=yes 751 ;; 752 *) 753 # invalid answer; repeat loop 754 continue 755 ;; 756 esac 757 break 758 done 759 760 # Display the information we have so far and prompt to 761 # commit it. 762 # 763 _disable=${disableflag:-"no"} 764 [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username 765 case $passwdtype in 766 yes) 767 _pass='*****' 768 ;; 769 no) 770 _pass='<disabled>' 771 ;; 772 none) 773 _pass='<blank>' 774 ;; 775 random) 776 _pass='<random>' 777 ;; 778 esac 779 [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" 780 [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" 781 [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" 782 [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" 783 printf "%-10s : %s\n" "Class" "$uclass" 784 printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" 785 printf "%-10s : %s\n" "Home" "$uhome" 786 printf "%-10s : %s\n" "Shell" "$ushell" 787 printf "%-10s : %s\n" "Locked" "$_disable" 788 while : ; do 789 echo -n "OK? (yes/no): " 790 read _input 791 case $_input in 792 [Nn][Oo]|[Nn]) 793 return 1 794 ;; 795 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 796 add_user 797 ;; 798 *) 799 continue 800 ;; 801 esac 802 break 803 done 804 return 0 805} 806 807#### END SUBROUTINE DEFINITION #### 808 809THISCMD=`/usr/bin/basename $0` 810DEFAULTSHELL=/bin/sh 811ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" 812PWCMD="${PWCMD:-/usr/sbin/pw}" 813MAILCMD="${MAILCMD:-mail}" 814ETCSHELLS="${ETCSHELLS:-/etc/shells}" 815NOHOME="/nonexistent" 816NOLOGIN="nologin" 817NOLOGIN_PATH="/usr/sbin/nologin" 818GREPCMD="/usr/bin/grep" 819DATECMD="/bin/date" 820 821# Set default values 822# 823username= 824uuid= 825uidstart= 826ugecos= 827ulogingroup= 828uclass= 829uhome= 830upass= 831ushell= 832udotdir=/usr/share/skel 833ugroups= 834uexpire= 835upwexpire= 836shells="`valid_shells`" 837passwdtype="yes" 838msgfile=/etc/adduser.msg 839msgflag= 840quietflag= 841configflag= 842fflag= 843infile= 844disableflag= 845Dflag= 846Sflag= 847readconfig="yes" 848homeprefix="/home" 849randompass= 850fileline= 851savedpwtype= 852defaultclass= 853defaultLgroup= 854defaultgroups= 855defaultshell="${DEFAULTSHELL}" 856 857# Make sure the user running this program is root. This isn't a security 858# measure as much as it is a usefull method of reminding the user to 859# 'su -' before he/she wastes time entering data that won't be saved. 860# 861procowner=${procowner:-`/usr/bin/id -u`} 862if [ "$procowner" != "0" ]; then 863 err 'you must be the super-user (uid 0) to use this utility.' 864 exit 1 865fi 866 867# Overide from our conf file 868# Quickly go through the commandline line to see if we should read 869# from our configuration file. The actual parsing of the commandline 870# arguments happens after we read in our configuration file (commandline 871# should override configuration file). 872# 873for _i in $* ; do 874 if [ "$_i" = "-N" ]; then 875 readconfig= 876 break; 877 fi 878done 879if [ -n "$readconfig" ]; then 880 # On a long-lived system, the first time this script is run it 881 # will barf upon reading the configuration file for its perl predecessor. 882 if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then 883 [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 884 fi 885fi 886 887# Proccess command-line options 888# 889for _switch ; do 890 case $_switch in 891 -L) 892 defaultclass="$2" 893 shift; shift 894 ;; 895 -C) 896 configflag=yes 897 shift 898 ;; 899 -D) 900 Dflag=yes 901 shift 902 ;; 903 -E) 904 disableflag=yes 905 shift 906 ;; 907 -k) 908 udotdir="$2" 909 shift; shift 910 ;; 911 -f) 912 [ "$2" != "-" ] && infile="$2" 913 fflag=yes 914 shift; shift 915 ;; 916 -g) 917 defaultLgroup="$2" 918 shift; shift 919 ;; 920 -G) 921 defaultgroups="$2" 922 shift; shift 923 ;; 924 -h) 925 show_usage 926 exit 0 927 ;; 928 -d) 929 homeprefix="$2" 930 shift; shift 931 ;; 932 -m) 933 case "$2" in 934 [Nn][Oo]) 935 msgflag= 936 ;; 937 *) 938 msgflag=yes 939 msgfile="$2" 940 ;; 941 esac 942 shift; shift 943 ;; 944 -N) 945 readconfig= 946 shift 947 ;; 948 -w) 949 case "$2" in 950 no|none|random|yes) 951 passwdtype=$2 952 ;; 953 *) 954 show_usage 955 exit 1 956 ;; 957 esac 958 shift; shift 959 ;; 960 -q) 961 quietflag=yes 962 shift 963 ;; 964 -s) 965 defaultshell="`fullpath_from_shell $2`" 966 shift; shift 967 ;; 968 -S) 969 Sflag=yes 970 shift 971 ;; 972 -u) 973 uidstart=$2 974 shift; shift 975 ;; 976 esac 977done 978 979# If the -f switch was used, get input from a file. Otherwise, 980# this is an interactive session. 981# 982if [ -n "$fflag" ]; then 983 if [ -z "$infile" ]; then 984 input_from_file 985 elif [ -n "$infile" ]; then 986 if [ -r "$infile" ]; then 987 input_from_file < $infile 988 else 989 err "File ($infile) is unreadable or does not exist." 990 fi 991 fi 992else 993 input_interactive 994 while : ; do 995 if [ -z "$configflag" ]; then 996 echo -n "Add another user? (yes/no): " 997 else 998 echo -n "Re-edit the default configuration? (yes/no): " 999 fi 1000 read _input 1001 case $_input in 1002 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 1003 uidstart=`get_nextuid $uidstart` 1004 input_interactive 1005 continue 1006 ;; 1007 [Nn][Oo]|[Nn]) 1008 echo "Goodbye!" 1009 ;; 1010 *) 1011 continue 1012 ;; 1013 esac 1014 break 1015 done 1016fi 1017