diff options
| author |   Mike Gilbert <floppym@gentoo.org> | 2022-10-17 16:18:37 -0400 |
|---|---|---|
| committer |   Michał Górny <mgorny@gentoo.org> | 2022-10-19 15:30:09 +0200 |
| commit | 308c02b897fa7fba442441fd3a7da17ce07ec8ee (patch) | |
| tree | c33a345bd42f76a6652b3131358ac65b0b73cf98 /eclass/acct-user.eclass | |
| parent | acct-user.eclass: respect ACCT_USER_NO_MODIFY in pkg_prerm (diff) | |
| download | gentoo-308c02b897fa7fba442441fd3a7da17ce07ec8ee.tar.gz gentoo-308c02b897fa7fba442441fd3a7da17ce07ec8ee.tar.bz2 gentoo-308c02b897fa7fba442441fd3a7da17ce07ec8ee.zip | |
acct-user.eclass: inline useradd and usermod
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'eclass/acct-user.eclass')
| -rw-r--r-- | eclass/acct-user.eclass | 113 |
1 files changed, 84 insertions, 29 deletions
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass index 6e7f6811a76f..a49279b542a1 100644 --- a/eclass/acct-user.eclass +++ b/eclass/acct-user.eclass @@ -48,7 +48,7 @@ case ${EAPI:-0} in *) die "EAPI=${EAPI:-0} not supported";; esac -inherit user +inherit user-info [[ ${CATEGORY} == acct-user ]] || die "Ebuild error: this eclass can be used only in acct-user category!" @@ -105,7 +105,7 @@ readonly ACCT_USER_NAME # The shell to use for the user. If not specified, a 'nologin' variant # for the system is used. This can be overriden in make.conf through # ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable. -: ${ACCT_USER_SHELL:=-1} +: ${ACCT_USER_SHELL:=/sbin/nologin} # @ECLASS_VARIABLE: ACCT_USER_HOME # @DESCRIPTION: @@ -437,27 +437,51 @@ acct-user_src_install() { acct-user_pkg_preinst() { debug-print-function ${FUNCNAME} "${@}" - # check if user already exists - _ACCT_USER_ALREADY_EXISTS= - if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then - _ACCT_USER_ALREADY_EXISTS=1 + if [[ ${EUID} -ne 0 ]]; then + einfo "Insufficient privileges to execute ${FUNCNAME[0]}" + return fi - readonly _ACCT_USER_ALREADY_EXISTS - enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \ - "${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \ - "${_ACCT_USER_GROUPS// /,}" + if egetent passwd "${ACCT_USER_NAME}" >/dev/null; then + elog "User ${ACCT_USER_NAME} already exists" + return + fi + + local groups=( ${_ACCT_USER_GROUPS} ) + local aux_groups=${groups[*]:1} + local opts=( + --system + --no-create-home + --no-user-group + --comment "${_ACCT_USER_COMMENT}" + --home-dir "${_ACCT_USER_HOME}" + --shell "${_ACCT_USER_SHELL}" + --gid "${groups[0]}" + --groups "${aux_groups// /,}" + ) + + if [[ ${_ACCT_USER_ID} -ne -1 ]] && + ! egetent passwd "${_ACCT_USER_ID}" >/dev/null; then + opts+=( --uid "${_ACCT_USER_ID}" ) + fi + + if [[ -n ${ROOT} ]]; then + opts+=( --prefix "${ROOT}" ) + fi + + elog "Adding user ${ACCT_USER_NAME}" + useradd "${opts[@]}" "${ACCT_USER_NAME}" || die + _ACCT_USER_ADDED=1 if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then # default ownership to user:group if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then - local group_array=( ${_ACCT_USER_GROUPS} ) - if [[ -n "${ROOT}" ]]; then + if [[ -n ${ROOT} ]]; then local euid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f3) local egid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f4) _ACCT_USER_HOME_OWNER=${euid}:${egid} else - _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]} + _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${groups[0]} fi fi # Path might be missing due to INSTALL_MASK, etc. @@ -480,26 +504,48 @@ acct-user_pkg_preinst() { acct-user_pkg_postinst() { debug-print-function ${FUNCNAME} "${@}" + if [[ -n ${_ACCT_USER_ADDED} ]]; then + # We just added the user; no need to update it + return + fi + if [[ ${EUID} -ne 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" - return 0 + return fi - if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then - eunlockuser "${ACCT_USER_NAME}" - + if [[ -n ${ACCT_USER_NO_MODIFY} ]]; then ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user" ewarn "due to set ACCT_USER_NO_MODIFY." - return 0 + return fi - # NB: eset* functions check current value - esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}" - esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}" - esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}" - # comment field can not contain colons - esetcomment "${ACCT_USER_NAME}" "${_ACCT_USER_COMMENT}" - eunlockuser "${ACCT_USER_NAME}" + local groups=( ${_ACCT_USER_GROUPS} ) + local aux_groups=${groups[*]:1} + local opts=( + --comment "${_ACCT_USER_COMMENT}" + --home "${_ACCT_USER_HOME}" + --shell "${_ACCT_USER_SHELL}" + --gid "${groups[0]}" + --groups "${aux_groups// /,}" + ) + + if eislocked "${ACCT_USER_NAME}"; then + opts+=( --expiredate "" --unlock ) + fi + + if [[ -n ${ROOT} ]]; then + opts+=( --prefix "${ROOT}" ) + fi + + elog "Updating user ${ACCT_USER_NAME}" + if ! usermod "${opts[@]}" "${ACCT_USER_NAME}" 2>"${T}/usermod-error.log"; then + # usermod outputs a warning if unlocking the account would result in an + # empty password. Hide stderr in a text file and display it if usermod + # fails. + cat "${T}/usermod-error.log" >&2 + die + fi } # @FUNCTION: acct-user_pkg_prerm @@ -533,10 +579,19 @@ acct-user_pkg_prerm() { return fi - esetshell "${ACCT_USER_NAME}" -1 - esetcomment "${ACCT_USER_NAME}" \ - "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)" - elockuser "${ACCT_USER_NAME}" + local opts=( + --expiredate 1 + --lock + --comment "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)" + --shell /sbin/nologin + ) + + if [[ -n ${ROOT} ]]; then + opts+=( --prefix "${ROOT}" ) + fi + + elog "Locking user ${ACCT_USER_NAME}" + usermod "${opts[@]}" "${ACCT_USER_NAME}" || die } fi |