do not create mail spool entries for system accounts (#402351)
This commit is contained in:
parent
7a19049eec
commit
1bed265897
3 changed files with 408 additions and 397 deletions
|
@ -1,5 +1,85 @@
|
||||||
|
--- shadow-4.0.18.1/man/newusers.8.redhat 2006-07-30 22:54:08.000000000 +0200
|
||||||
|
+++ shadow-4.0.18.1/man/newusers.8 2007-11-29 15:08:49.000000000 +0100
|
||||||
|
@@ -35,6 +35,8 @@ This field may be the name of an existin
|
||||||
|
This field will be checked for existence as a directory and a new directory with the same name will be created if it does not already exist. The ownership of the directory will be set to be that of the user being created or updated.
|
||||||
|
.PP
|
||||||
|
This command is intended to be used in a large system environment where many accounts are updated at a single time.
|
||||||
|
+.PP
|
||||||
|
+Default encryption algorithm is DES, but this setting can be changed in \fI/etc/login.defs\fR. Red Hat uses MD5 to encrypt passwords by default.
|
||||||
|
.SH "CAVEATS"
|
||||||
|
.PP
|
||||||
|
The input file must be protected since it contains unencrypted passwords.
|
||||||
|
--- shadow-4.0.18.1/man/useradd.8.redhat 2006-07-30 22:54:26.000000000 +0200
|
||||||
|
+++ shadow-4.0.18.1/man/useradd.8 2007-11-29 15:08:49.000000000 +0100
|
||||||
|
@@ -25,7 +25,7 @@ When invoked without the
|
||||||
|
\fB\-D\fR
|
||||||
|
option, the
|
||||||
|
\fBuseradd\fR
|
||||||
|
-command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.
|
||||||
|
+command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. The version provided with Red Hat Linux will create a group for each user added to the system by default.
|
||||||
|
.SH "OPTIONS"
|
||||||
|
.PP
|
||||||
|
The options which apply to the
|
||||||
|
@@ -65,7 +65,7 @@ The date on which the user account will
|
||||||
|
The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature. The default value is \-1.
|
||||||
|
.TP 3n
|
||||||
|
\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
|
||||||
|
-The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is 1 or whatever is specified in
|
||||||
|
+The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group.
|
||||||
|
\fI/etc/default/useradd\fR.
|
||||||
|
.TP 3n
|
||||||
|
\fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,...\fR[\fI,GROUPN\fR]]]
|
||||||
|
@@ -76,6 +76,9 @@ option. The default is for the user to b
|
||||||
|
\fB\-h\fR, \fB\-\-help\fR
|
||||||
|
Display help message and exit.
|
||||||
|
.TP 3n
|
||||||
|
+\fB-M\fR
|
||||||
|
+The user's home directory will not be created, even if the system wide settings from \fI/etc/login.defs\fR is to create home dirs.
|
||||||
|
+.TP 3n
|
||||||
|
\fB\-m\fR, \fB\-\-create\-home\fR
|
||||||
|
The user's home directory will be created if it does not exist. The files contained in
|
||||||
|
\fISKEL_DIR\fR
|
||||||
|
@@ -93,6 +96,9 @@ option is only valid in conjunction with
|
||||||
|
\fB\-m\fR
|
||||||
|
option. The default is to not create the directory and to not copy any files.
|
||||||
|
.TP 3n
|
||||||
|
+\fB-n\fR
|
||||||
|
+A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
|
||||||
|
+.TP 3n
|
||||||
|
\fB\-K\fR, \fB\-\-key\fR \fIKEY\fR=\fIVALUE\fR
|
||||||
|
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
|
||||||
|
|
||||||
|
@@ -118,6 +124,9 @@ Allow the creation of a user account wit
|
||||||
|
The encrypted password, as returned by
|
||||||
|
\fBcrypt\fR(3). The default is to disable the account.
|
||||||
|
.TP 3n
|
||||||
|
+\fB-r\fR
|
||||||
|
+This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in \fI/etc/login.defs\fR and whose password does not expire. Note that \fBuseradd\fR will not create a home directory for such an user, regardless of the default setting in \fI/etc/login.defs\fR. You have to specify \fB-m\fR option if you want a home directory for a system account to be created. This is an option added by Red Hat
|
||||||
|
+.TP 3n
|
||||||
|
\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
|
||||||
|
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
|
||||||
|
.TP 3n
|
||||||
|
@@ -161,6 +170,8 @@ displays the current default values.
|
||||||
|
The system administrator is responsible for placing the default user files in the
|
||||||
|
\fI/etc/skel/\fR
|
||||||
|
directory.
|
||||||
|
+.br
|
||||||
|
+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions.
|
||||||
|
.SH "CAVEATS"
|
||||||
|
.PP
|
||||||
|
You may not add a user to a NIS group. This must be performed on the NIS server.
|
||||||
|
@@ -181,6 +192,9 @@ Secure user account information.
|
||||||
|
\fI/etc/group\fR
|
||||||
|
Group account information.
|
||||||
|
.TP 3n
|
||||||
|
+\fI/etc/gshadow\fR
|
||||||
|
+Secure group account information.
|
||||||
|
+.TP 3n
|
||||||
|
\fI/etc/default/useradd\fR
|
||||||
|
Default values for account creation.
|
||||||
|
.TP 3n
|
||||||
--- shadow-4.0.18.1/man/groupadd.8.redhat 2006-07-30 22:53:48.000000000 +0200
|
--- shadow-4.0.18.1/man/groupadd.8.redhat 2006-07-30 22:53:48.000000000 +0200
|
||||||
+++ shadow-4.0.18.1/man/groupadd.8 2006-12-06 16:29:01.000000000 +0100
|
+++ shadow-4.0.18.1/man/groupadd.8 2007-11-29 15:08:49.000000000 +0100
|
||||||
@@ -14,7 +14,7 @@
|
@@ -14,7 +14,7 @@
|
||||||
groupadd \- create a new group
|
groupadd \- create a new group
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
|
@ -9,7 +89,7 @@
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
.PP
|
.PP
|
||||||
The
|
The
|
||||||
@@ -32,10 +32,13 @@
|
@@ -32,10 +32,13 @@ This option causes to just exit with suc
|
||||||
\fB\-g\fR
|
\fB\-g\fR
|
||||||
is turned off).
|
is turned off).
|
||||||
.TP 3n
|
.TP 3n
|
||||||
|
@ -24,78 +104,9 @@
|
||||||
.TP 3n
|
.TP 3n
|
||||||
\fB\-h\fR, \fB\-\-help\fR
|
\fB\-h\fR, \fB\-\-help\fR
|
||||||
Display help message and exit.
|
Display help message and exit.
|
||||||
--- shadow-4.0.18.1/man/useradd.8.redhat 2006-07-30 22:54:26.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/man/useradd.8 2006-12-06 16:29:01.000000000 +0100
|
|
||||||
@@ -25,7 +25,7 @@
|
|
||||||
\fB\-D\fR
|
|
||||||
option, the
|
|
||||||
\fBuseradd\fR
|
|
||||||
-command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.
|
|
||||||
+command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. The version provided with Red Hat Linux will create a group for each user added to the system by default.
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.PP
|
|
||||||
The options which apply to the
|
|
||||||
@@ -65,7 +65,7 @@
|
|
||||||
The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature. The default value is \-1.
|
|
||||||
.TP 3n
|
|
||||||
\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
|
|
||||||
-The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is 1 or whatever is specified in
|
|
||||||
+The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group.
|
|
||||||
\fI/etc/default/useradd\fR.
|
|
||||||
.TP 3n
|
|
||||||
\fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,...\fR[\fI,GROUPN\fR]]]
|
|
||||||
@@ -76,6 +76,9 @@
|
|
||||||
\fB\-h\fR, \fB\-\-help\fR
|
|
||||||
Display help message and exit.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-M\fR
|
|
||||||
+The user's home directory will not be created, even if the system wide settings from \fI/etc/login.defs\fR is to create home dirs.
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-m\fR, \fB\-\-create\-home\fR
|
|
||||||
The user's home directory will be created if it does not exist. The files contained in
|
|
||||||
\fISKEL_DIR\fR
|
|
||||||
@@ -93,6 +96,9 @@
|
|
||||||
\fB\-m\fR
|
|
||||||
option. The default is to not create the directory and to not copy any files.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-n\fR
|
|
||||||
+A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-K\fR, \fB\-\-key\fR \fIKEY\fR=\fIVALUE\fR
|
|
||||||
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
|
|
||||||
|
|
||||||
@@ -118,6 +124,9 @@
|
|
||||||
The encrypted password, as returned by
|
|
||||||
\fBcrypt\fR(3). The default is to disable the account.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-r\fR
|
|
||||||
+This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in \fI/etc/login.defs\fR and whose password does not expire. Note that \fBuseradd\fR will not create a home directory for such an user, regardless of the default setting in \fI/etc/login.defs\fR. You have to specify \fB-m\fR option if you want a home directory for a system account to be created. This is an option added by Red Hat
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
|
|
||||||
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
|
|
||||||
.TP 3n
|
|
||||||
@@ -161,6 +170,8 @@
|
|
||||||
The system administrator is responsible for placing the default user files in the
|
|
||||||
\fI/etc/skel/\fR
|
|
||||||
directory.
|
|
||||||
+.br
|
|
||||||
+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions.
|
|
||||||
.SH "CAVEATS"
|
|
||||||
.PP
|
|
||||||
You may not add a user to a NIS group. This must be performed on the NIS server.
|
|
||||||
@@ -181,6 +192,9 @@
|
|
||||||
\fI/etc/group\fR
|
|
||||||
Group account information.
|
|
||||||
.TP 3n
|
|
||||||
+\fI/etc/gshadow\fR
|
|
||||||
+Secure group account information.
|
|
||||||
+.TP 3n
|
|
||||||
\fI/etc/default/useradd\fR
|
|
||||||
Default values for account creation.
|
|
||||||
.TP 3n
|
|
||||||
--- shadow-4.0.18.1/man/chpasswd.8.redhat 2006-07-30 22:53:40.000000000 +0200
|
--- shadow-4.0.18.1/man/chpasswd.8.redhat 2006-07-30 22:53:40.000000000 +0200
|
||||||
+++ shadow-4.0.18.1/man/chpasswd.8 2006-12-06 16:24:59.000000000 +0100
|
+++ shadow-4.0.18.1/man/chpasswd.8 2007-11-29 15:08:49.000000000 +0100
|
||||||
@@ -24,7 +24,7 @@
|
@@ -24,7 +24,7 @@ reads a list of user name and password p
|
||||||
|
|
||||||
\fIuser_name\fR:\fIpassword\fR
|
\fIuser_name\fR:\fIpassword\fR
|
||||||
.PP
|
.PP
|
||||||
|
@ -104,19 +115,64 @@
|
||||||
.PP
|
.PP
|
||||||
This command is intended to be used in a large system environment where many accounts are created at a single time.
|
This command is intended to be used in a large system environment where many accounts are created at a single time.
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
--- shadow-4.0.18.1/man/newusers.8.redhat 2006-07-30 22:54:08.000000000 +0200
|
--- shadow-4.0.18.1/src/groupadd.c.redhat 2006-07-28 19:38:52.000000000 +0200
|
||||||
+++ shadow-4.0.18.1/man/newusers.8 2006-12-06 16:24:59.000000000 +0100
|
+++ shadow-4.0.18.1/src/groupadd.c 2007-11-29 15:08:49.000000000 +0100
|
||||||
@@ -35,6 +35,8 @@
|
@@ -74,6 +74,7 @@ static char *Prog;
|
||||||
This field will be checked for existence as a directory and a new directory with the same name will be created if it does not already exist. The ownership of the directory will be set to be that of the user being created or updated.
|
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
|
||||||
.PP
|
static int gflg = 0; /* ID value for the new group */
|
||||||
This command is intended to be used in a large system environment where many accounts are updated at a single time.
|
static int fflg = 0; /* if group already exists, do nothing and exit(0) */
|
||||||
+.PP
|
+static int rflg = 0; /* for adding system accounts (Red Hat) */
|
||||||
+Default encryption algorithm is DES, but this setting can be changed in \fI/etc/login.defs\fR. Red Hat uses MD5 to encrypt passwords by default.
|
|
||||||
.SH "CAVEATS"
|
/* local function prototypes */
|
||||||
.PP
|
static void usage (void);
|
||||||
The input file must be protected since it contains unencrypted passwords.
|
@@ -100,6 +101,7 @@ static void usage (void)
|
||||||
|
"Options:\n"
|
||||||
|
" -f, --force force exit with success status if the specified\n"
|
||||||
|
" group already exists\n"
|
||||||
|
+ " -r, create system account\n"
|
||||||
|
" -g, --gid GID use GID for the new group\n"
|
||||||
|
" -h, --help display this help message and exit\n"
|
||||||
|
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
||||||
|
@@ -198,8 +200,13 @@ static void find_new_gid (void)
|
||||||
|
const struct group *grp;
|
||||||
|
gid_t gid_min, gid_max;
|
||||||
|
|
||||||
|
- gid_min = getdef_unum ("GID_MIN", 1000);
|
||||||
|
- gid_max = getdef_unum ("GID_MAX", 60000);
|
||||||
|
+ if (!rflg) {
|
||||||
|
+ gid_min = getdef_unum ("GID_MIN", 500);
|
||||||
|
+ gid_max = getdef_unum ("GID_MAX", 60000);
|
||||||
|
+ } else {
|
||||||
|
+ gid_min = 1;
|
||||||
|
+ gid_max = getdef_unum ("GID_MIN", 500) - 1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Start with some GID value if the user didn't provide us with
|
||||||
|
@@ -430,7 +437,7 @@ int main (int argc, char **argv)
|
||||||
|
};
|
||||||
|
|
||||||
|
while ((c =
|
||||||
|
- getopt_long (argc, argv, "fg:hK:o", long_options,
|
||||||
|
+ getopt_long (argc, argv, "frg:hK:o", long_options,
|
||||||
|
&option_index)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'f':
|
||||||
|
@@ -443,6 +450,12 @@ int main (int argc, char **argv)
|
||||||
|
*/
|
||||||
|
fflg++;
|
||||||
|
break;
|
||||||
|
+ case 'r':
|
||||||
|
+ /*
|
||||||
|
+ * create a system group
|
||||||
|
+ */
|
||||||
|
+ rflg++;
|
||||||
|
+ break;
|
||||||
|
case 'g':
|
||||||
|
gflg++;
|
||||||
|
group_id = get_gid (optarg);
|
||||||
--- shadow-4.0.18.1/src/useradd.c.redhat 2006-07-28 19:42:48.000000000 +0200
|
--- shadow-4.0.18.1/src/useradd.c.redhat 2006-07-28 19:42:48.000000000 +0200
|
||||||
+++ shadow-4.0.18.1/src/useradd.c 2006-12-06 16:29:01.000000000 +0100
|
+++ shadow-4.0.18.1/src/useradd.c 2007-11-29 15:44:39.000000000 +0100
|
||||||
@@ -81,7 +81,7 @@
|
@@ -81,7 +81,7 @@
|
||||||
static gid_t def_group = 100;
|
static gid_t def_group = 100;
|
||||||
static const char *def_gname = "other";
|
static const char *def_gname = "other";
|
||||||
|
@ -126,7 +182,7 @@
|
||||||
static const char *def_template = SKEL_DIR;
|
static const char *def_template = SKEL_DIR;
|
||||||
static const char *def_create_mail_spool = "no";
|
static const char *def_create_mail_spool = "no";
|
||||||
|
|
||||||
@@ -93,7 +93,7 @@
|
@@ -93,7 +93,7 @@ static char def_file[] = USER_DEFAULTS_F
|
||||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||||
|
|
||||||
static const char *user_name = "";
|
static const char *user_name = "";
|
||||||
|
@ -135,7 +191,7 @@
|
||||||
static uid_t user_id;
|
static uid_t user_id;
|
||||||
static gid_t user_gid;
|
static gid_t user_gid;
|
||||||
static const char *user_comment = "";
|
static const char *user_comment = "";
|
||||||
@@ -124,8 +124,10 @@
|
@@ -124,8 +124,10 @@ static int
|
||||||
Gflg = 0, /* secondary group set for new account */
|
Gflg = 0, /* secondary group set for new account */
|
||||||
kflg = 0, /* specify a directory to fill new user directory */
|
kflg = 0, /* specify a directory to fill new user directory */
|
||||||
mflg = 0, /* create user's home directory if it doesn't exist */
|
mflg = 0, /* create user's home directory if it doesn't exist */
|
||||||
|
@ -147,7 +203,7 @@
|
||||||
sflg = 0, /* shell program for new account */
|
sflg = 0, /* shell program for new account */
|
||||||
uflg = 0; /* specify user ID for new account */
|
uflg = 0; /* specify user ID for new account */
|
||||||
|
|
||||||
@@ -633,6 +635,8 @@
|
@@ -633,6 +635,8 @@ static void usage (void)
|
||||||
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
||||||
" -m, --create-home create home directory for the new user\n"
|
" -m, --create-home create home directory for the new user\n"
|
||||||
" account\n"
|
" account\n"
|
||||||
|
@ -156,7 +212,7 @@
|
||||||
" -o, --non-unique allow create user with duplicate\n"
|
" -o, --non-unique allow create user with duplicate\n"
|
||||||
" (non-unique) UID\n"
|
" (non-unique) UID\n"
|
||||||
" -p, --password PASSWORD use encrypted password for the new user\n"
|
" -p, --password PASSWORD use encrypted password for the new user\n"
|
||||||
@@ -685,11 +689,20 @@
|
@@ -685,11 +689,20 @@ static void new_spent (struct spwd *spen
|
||||||
spent->sp_namp = (char *) user_name;
|
spent->sp_namp = (char *) user_name;
|
||||||
spent->sp_pwdp = (char *) user_pass;
|
spent->sp_pwdp = (char *) user_pass;
|
||||||
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
|
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
|
||||||
|
@ -182,7 +238,7 @@
|
||||||
spent->sp_flag = -1;
|
spent->sp_flag = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -837,8 +850,14 @@
|
@@ -837,8 +850,14 @@ static void find_new_uid (void)
|
||||||
const struct passwd *pwd;
|
const struct passwd *pwd;
|
||||||
uid_t uid_min, uid_max;
|
uid_t uid_min, uid_max;
|
||||||
|
|
||||||
|
@ -199,7 +255,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Start with some UID value if the user didn't provide us with
|
* Start with some UID value if the user didn't provide us with
|
||||||
@@ -868,7 +887,7 @@
|
@@ -868,7 +887,7 @@ static void find_new_uid (void)
|
||||||
#endif
|
#endif
|
||||||
exit (E_NAME_IN_USE);
|
exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
|
@ -208,7 +264,7 @@
|
||||||
fprintf (stderr, _("%s: UID %u is not unique\n"),
|
fprintf (stderr, _("%s: UID %u is not unique\n"),
|
||||||
Prog, (unsigned int) user_id);
|
Prog, (unsigned int) user_id);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@@ -923,8 +942,13 @@
|
@@ -923,8 +942,13 @@ static void find_new_gid ()
|
||||||
const struct group *grp;
|
const struct group *grp;
|
||||||
gid_t gid_min, gid_max;
|
gid_t gid_min, gid_max;
|
||||||
|
|
||||||
|
@ -224,7 +280,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Start with some GID value if the user didn't provide us with
|
* Start with some GID value if the user didn't provide us with
|
||||||
@@ -1022,7 +1046,7 @@
|
@@ -1022,7 +1046,7 @@ static void process_flags (int argc, cha
|
||||||
{NULL, 0, NULL, '\0'}
|
{NULL, 0, NULL, '\0'}
|
||||||
};
|
};
|
||||||
while ((c =
|
while ((c =
|
||||||
|
@ -233,7 +289,7 @@
|
||||||
long_options, NULL)) != -1) {
|
long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'b':
|
case 'b':
|
||||||
@@ -1194,6 +1218,15 @@
|
@@ -1194,6 +1218,15 @@ static void process_flags (int argc, cha
|
||||||
user_id = get_uid (optarg);
|
user_id = get_uid (optarg);
|
||||||
uflg++;
|
uflg++;
|
||||||
break;
|
break;
|
||||||
|
@ -249,7 +305,7 @@
|
||||||
default:
|
default:
|
||||||
usage ();
|
usage ();
|
||||||
}
|
}
|
||||||
@@ -1201,6 +1234,9 @@
|
@@ -1201,6 +1234,9 @@ static void process_flags (int argc, cha
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -259,7 +315,7 @@
|
||||||
/*
|
/*
|
||||||
* Certain options are only valid in combination with others.
|
* Certain options are only valid in combination with others.
|
||||||
* Check it here so that they can be specified in any order.
|
* Check it here so that they can be specified in any order.
|
||||||
@@ -1706,6 +1742,14 @@
|
@@ -1706,6 +1742,14 @@ int main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
||||||
|
@ -274,7 +330,7 @@
|
||||||
/*
|
/*
|
||||||
* See if we are messing with the defaults file, or creating
|
* See if we are messing with the defaults file, or creating
|
||||||
* a new user.
|
* a new user.
|
||||||
@@ -1736,7 +1780,7 @@
|
@@ -1736,7 +1780,7 @@ int main (int argc, char **argv)
|
||||||
* to that group, use useradd -g username username.
|
* to that group, use useradd -g username username.
|
||||||
* --bero
|
* --bero
|
||||||
*/
|
*/
|
||||||
|
@ -283,7 +339,7 @@
|
||||||
if (getgrnam (user_name)) {
|
if (getgrnam (user_name)) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_
|
_
|
||||||
@@ -1787,25 +1831,18 @@
|
@@ -1787,27 +1831,22 @@ int main (int argc, char **argv)
|
||||||
("%s: warning: the home directory already exists.\n"
|
("%s: warning: the home directory already exists.\n"
|
||||||
"Not copying any file from skel directory into it.\n"),
|
"Not copying any file from skel directory into it.\n"),
|
||||||
Prog);
|
Prog);
|
||||||
|
@ -306,6 +362,8 @@
|
||||||
- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
|
- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
|
||||||
- Prog);
|
- Prog);
|
||||||
}
|
}
|
||||||
|
-
|
||||||
|
- create_mail ();
|
||||||
+ /* Warning removed to protect the innocent. */
|
+ /* Warning removed to protect the innocent. */
|
||||||
+ /*
|
+ /*
|
||||||
+ * The whole idea about breaking some stupid scripts by creating a new
|
+ * The whole idea about breaking some stupid scripts by creating a new
|
||||||
|
@ -317,62 +375,10 @@
|
||||||
+ * behavior and they will break, but they were broken anyway to begin
|
+ * behavior and they will break, but they were broken anyway to begin
|
||||||
+ * with --gafton
|
+ * with --gafton
|
||||||
+ */
|
+ */
|
||||||
|
+
|
||||||
|
+ /* Do not create mail directory for system accounts */
|
||||||
|
+ if( !rflg )
|
||||||
|
+ create_mail ();
|
||||||
|
|
||||||
create_mail ();
|
nscd_flush_cache ("passwd");
|
||||||
|
nscd_flush_cache ("group");
|
||||||
--- shadow-4.0.18.1/src/groupadd.c.redhat 2006-07-28 19:38:52.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/src/groupadd.c 2006-12-06 16:29:01.000000000 +0100
|
|
||||||
@@ -74,6 +74,7 @@
|
|
||||||
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
|
|
||||||
static int gflg = 0; /* ID value for the new group */
|
|
||||||
static int fflg = 0; /* if group already exists, do nothing and exit(0) */
|
|
||||||
+static int rflg = 0; /* for adding system accounts (Red Hat) */
|
|
||||||
|
|
||||||
/* local function prototypes */
|
|
||||||
static void usage (void);
|
|
||||||
@@ -100,6 +101,7 @@
|
|
||||||
"Options:\n"
|
|
||||||
" -f, --force force exit with success status if the specified\n"
|
|
||||||
" group already exists\n"
|
|
||||||
+ " -r, create system account\n"
|
|
||||||
" -g, --gid GID use GID for the new group\n"
|
|
||||||
" -h, --help display this help message and exit\n"
|
|
||||||
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
|
||||||
@@ -198,8 +200,13 @@
|
|
||||||
const struct group *grp;
|
|
||||||
gid_t gid_min, gid_max;
|
|
||||||
|
|
||||||
- gid_min = getdef_unum ("GID_MIN", 1000);
|
|
||||||
- gid_max = getdef_unum ("GID_MAX", 60000);
|
|
||||||
+ if (!rflg) {
|
|
||||||
+ gid_min = getdef_unum ("GID_MIN", 500);
|
|
||||||
+ gid_max = getdef_unum ("GID_MAX", 60000);
|
|
||||||
+ } else {
|
|
||||||
+ gid_min = 1;
|
|
||||||
+ gid_max = getdef_unum ("GID_MIN", 500) - 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Start with some GID value if the user didn't provide us with
|
|
||||||
@@ -430,7 +437,7 @@
|
|
||||||
};
|
|
||||||
|
|
||||||
while ((c =
|
|
||||||
- getopt_long (argc, argv, "fg:hK:o", long_options,
|
|
||||||
+ getopt_long (argc, argv, "frg:hK:o", long_options,
|
|
||||||
&option_index)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'f':
|
|
||||||
@@ -443,6 +450,12 @@
|
|
||||||
*/
|
|
||||||
fflg++;
|
|
||||||
break;
|
|
||||||
+ case 'r':
|
|
||||||
+ /*
|
|
||||||
+ * create a system group
|
|
||||||
+ */
|
|
||||||
+ rflg++;
|
|
||||||
+ break;
|
|
||||||
case 'g':
|
|
||||||
gflg++;
|
|
||||||
group_id = get_gid (optarg);
|
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
--- /dev/null 2007-01-16 10:10:52.644263000 +0100
|
--- shadow-4.0.18.1/libmisc/Makefile.am.useradd 2005-09-05 18:21:37.000000000 +0200
|
||||||
+++ shadow-4.0.17/libmisc/system.c 2007-01-16 18:24:34.000000000 +0100
|
+++ shadow-4.0.18.1/libmisc/Makefile.am 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
@@ -41,6 +41,7 @@ libmisc_a_SOURCES = \
|
||||||
|
setugid.c \
|
||||||
|
setupenv.c \
|
||||||
|
shell.c \
|
||||||
|
+ system.c \
|
||||||
|
strtoday.c \
|
||||||
|
sub.c \
|
||||||
|
sulog.c \
|
||||||
|
--- shadow-4.0.18.1/libmisc/system.c.useradd 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
+++ shadow-4.0.18.1/libmisc/system.c 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -0,0 +1,37 @@
|
@@ -0,0 +1,37 @@
|
||||||
+#include <config.h>
|
+#include <config.h>
|
||||||
+
|
+
|
||||||
|
@ -38,19 +48,9 @@
|
||||||
+ exit (-1);
|
+ exit (-1);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
--- shadow-4.0.17/libmisc/Makefile.am.useradd 2005-09-05 18:21:37.000000000 +0200
|
--- shadow-4.0.18.1/libmisc/copydir.c.useradd 2006-07-10 06:35:56.000000000 +0200
|
||||||
+++ shadow-4.0.17/libmisc/Makefile.am 2007-01-16 18:24:34.000000000 +0100
|
+++ shadow-4.0.18.1/libmisc/copydir.c 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -41,6 +41,7 @@
|
@@ -54,7 +54,7 @@ struct link_name {
|
||||||
setugid.c \
|
|
||||||
setupenv.c \
|
|
||||||
shell.c \
|
|
||||||
+ system.c \
|
|
||||||
strtoday.c \
|
|
||||||
sub.c \
|
|
||||||
sulog.c \
|
|
||||||
--- shadow-4.0.17/libmisc/copydir.c.useradd 2006-07-10 06:35:56.000000000 +0200
|
|
||||||
+++ shadow-4.0.17/libmisc/copydir.c 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -54,7 +54,7 @@
|
|
||||||
static struct link_name *links;
|
static struct link_name *links;
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -59,8 +59,8 @@
|
||||||
{
|
{
|
||||||
security_context_t scontext = NULL;
|
security_context_t scontext = NULL;
|
||||||
|
|
||||||
--- shadow-4.0.17/man/usermod.8.xml.useradd 2006-06-16 18:11:04.000000000 +0200
|
--- shadow-4.0.18.1/man/usermod.8.xml.useradd 2006-07-24 07:48:36.000000000 +0200
|
||||||
+++ shadow-4.0.17/man/usermod.8.xml 2007-01-16 18:24:34.000000000 +0100
|
+++ shadow-4.0.18.1/man/usermod.8.xml 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -226,6 +226,19 @@
|
@@ -226,6 +226,19 @@
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -81,8 +81,33 @@
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
--- shadow-4.0.17/man/useradd.8.xml.useradd 2006-06-16 18:11:04.000000000 +0200
|
--- shadow-4.0.18.1/man/usermod.8.useradd 2006-07-30 22:54:28.000000000 +0200
|
||||||
+++ shadow-4.0.17/man/useradd.8.xml 2007-01-16 18:24:34.000000000 +0100
|
+++ shadow-4.0.18.1/man/usermod.8 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
@@ -92,6 +92,10 @@ Unlock a user's password. This removes t
|
||||||
|
\fB\-p\fR
|
||||||
|
or
|
||||||
|
\fB\-L\fR.
|
||||||
|
+.TP 3n
|
||||||
|
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
||||||
|
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
||||||
|
+
|
||||||
|
.SH "CAVEATS"
|
||||||
|
.PP
|
||||||
|
|
||||||
|
--- shadow-4.0.18.1/man/useradd.8.useradd 2007-11-29 15:46:24.000000000 +0100
|
||||||
|
+++ shadow-4.0.18.1/man/useradd.8 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
@@ -137,6 +137,9 @@ The name of the user's login shell. The
|
||||||
|
The numerical value of the user's ID. This value must be unique, unless the
|
||||||
|
\fB\-o\fR
|
||||||
|
option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts.
|
||||||
|
+.TP 3n
|
||||||
|
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
||||||
|
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
||||||
|
.SS "Changing the default values"
|
||||||
|
.PP
|
||||||
|
When invoked with the
|
||||||
|
--- shadow-4.0.18.1/man/useradd.8.xml.useradd 2006-07-24 07:48:36.000000000 +0200
|
||||||
|
+++ shadow-4.0.18.1/man/useradd.8.xml 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -251,6 +251,19 @@
|
@@ -251,6 +251,19 @@
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -103,218 +128,9 @@
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
<refsect2 id='changing_the_default_values'>
|
<refsect2 id='changing_the_default_values'>
|
||||||
--- shadow-4.0.17/man/useradd.8.useradd 2007-01-16 18:24:34.000000000 +0100
|
--- shadow-4.0.18.1/src/userdel.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
||||||
+++ shadow-4.0.17/man/useradd.8 2007-01-16 18:24:34.000000000 +0100
|
+++ shadow-4.0.18.1/src/userdel.c 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -137,6 +137,9 @@
|
@@ -792,6 +792,17 @@ int main (int argc, char **argv)
|
||||||
The numerical value of the user's ID. This value must be unique, unless the
|
|
||||||
\fB\-o\fR
|
|
||||||
option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts.
|
|
||||||
+.TP 3n
|
|
||||||
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
|
||||||
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
|
||||||
.SS "Changing the default values"
|
|
||||||
.PP
|
|
||||||
When invoked with the
|
|
||||||
--- shadow-4.0.17/man/usermod.8.useradd 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/man/usermod.8 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -90,6 +90,10 @@
|
|
||||||
\fB\-p\fR
|
|
||||||
or
|
|
||||||
\fB\-L\fR.
|
|
||||||
+.TP 3n
|
|
||||||
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
|
||||||
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
|
||||||
+
|
|
||||||
.SH "CAVEATS"
|
|
||||||
.PP
|
|
||||||
|
|
||||||
--- shadow-4.0.17/lib/prototypes.h.useradd 2006-02-07 17:36:30.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/lib/prototypes.h 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -52,6 +52,9 @@
|
|
||||||
/* copydir.c */
|
|
||||||
extern int copy_tree (const char *, const char *, uid_t, gid_t);
|
|
||||||
extern int remove_tree (const char *);
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+extern int selinux_file_context (const char *dst_name);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* encrypt.c */
|
|
||||||
extern char *pw_encrypt (const char *, const char *);
|
|
||||||
@@ -147,6 +150,9 @@
|
|
||||||
/* shell.c */
|
|
||||||
extern int shell (const char *, const char *, char *const *);
|
|
||||||
|
|
||||||
+/* system.c */
|
|
||||||
+extern int safe_system(const char *command, const char *argv[], const char *env[], int ignore_stderr);
|
|
||||||
+
|
|
||||||
/* strtoday.c */
|
|
||||||
extern long strtoday (const char *);
|
|
||||||
|
|
||||||
--- shadow-4.0.17/lib/defines.h.useradd 2005-09-05 18:22:03.000000000 +0200
|
|
||||||
+++ shadow-4.0.17/lib/defines.h 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -342,4 +342,7 @@
|
|
||||||
#include <libaudit.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+#include <selinux/selinux.h>
|
|
||||||
+#endif
|
|
||||||
#endif /* _DEFINES_H_ */
|
|
||||||
--- shadow-4.0.17/src/useradd.c.useradd 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/useradd.c 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -100,6 +100,7 @@
|
|
||||||
static const char *user_home = "";
|
|
||||||
static const char *user_shell = "";
|
|
||||||
static const char *create_mail_spool = "";
|
|
||||||
+static const char *user_selinux = "";
|
|
||||||
|
|
||||||
static long user_expire = -1;
|
|
||||||
static int is_shadow_pwd;
|
|
||||||
@@ -170,6 +171,7 @@
|
|
||||||
static int get_groups (char *);
|
|
||||||
static void usage (void);
|
|
||||||
static void new_pwent (struct passwd *);
|
|
||||||
+static void selinux_update_mapping (void);
|
|
||||||
|
|
||||||
static long scale_age (long);
|
|
||||||
static void new_spent (struct spwd *);
|
|
||||||
@@ -361,6 +363,7 @@
|
|
||||||
def_create_mail_spool = xstrdup (cp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ fclose(fp);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -648,7 +651,10 @@
|
|
||||||
" -p, --password PASSWORD use encrypted password for the new user\n"
|
|
||||||
" account\n"
|
|
||||||
" -s, --shell SHELL the login shell for the new user account\n"
|
|
||||||
- " -u, --uid UID force use the UID for the new user account\n"
|
|
||||||
+ " -u, --uid UID force use the UID for the new user account\n"
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ " -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"
|
|
||||||
+#endif
|
|
||||||
"\n"));
|
|
||||||
exit (E_USAGE);
|
|
||||||
}
|
|
||||||
@@ -1048,11 +1054,18 @@
|
|
||||||
{"non-unique", no_argument, NULL, 'o'},
|
|
||||||
{"password", required_argument, NULL, 'p'},
|
|
||||||
{"shell", required_argument, NULL, 's'},
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ {"selinux-user", required_argument, NULL, 'Z'},
|
|
||||||
+#endif
|
|
||||||
{"uid", required_argument, NULL, 'u'},
|
|
||||||
{NULL, 0, NULL, '\0'}
|
|
||||||
};
|
|
||||||
while ((c =
|
|
||||||
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:Z:",
|
|
||||||
+#else
|
|
||||||
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
|
||||||
+#endif
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'b':
|
|
||||||
@@ -1236,6 +1249,17 @@
|
|
||||||
case 'M':
|
|
||||||
Mflg++;
|
|
||||||
break;
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ case 'Z':
|
|
||||||
+ if (is_selinux_enabled() > 0)
|
|
||||||
+ user_selinux = optarg;
|
|
||||||
+ else {
|
|
||||||
+ fprintf (stderr,_("%s: -Z requires SELinux enabled kernel\n"), Prog);
|
|
||||||
+
|
|
||||||
+ exit (E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
default:
|
|
||||||
usage ();
|
|
||||||
}
|
|
||||||
@@ -1603,6 +1627,33 @@
|
|
||||||
grp_update ();
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void selinux_update_mapping () {
|
|
||||||
+
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ if (is_selinux_enabled() <= 0) return;
|
|
||||||
+
|
|
||||||
+ if (*user_selinux) { /* must be done after passwd write() */
|
|
||||||
+ const char *argv[7];
|
|
||||||
+ argv[0] = "/usr/sbin/semanage";
|
|
||||||
+ argv[1] = "login";
|
|
||||||
+ argv[2] = "-a";
|
|
||||||
+ argv[3] = "-s";
|
|
||||||
+ argv[4] = user_selinux;
|
|
||||||
+ argv[5] = user_name;
|
|
||||||
+ argv[6] = NULL;
|
|
||||||
+ if (safe_system(argv[0], argv, NULL, 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
||||||
+ Prog, user_name, user_selinux);
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
||||||
+ "adding SELinux user mapping", user_name, user_id, 0);
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+}
|
|
||||||
/*
|
|
||||||
* create_home - create the user's home directory
|
|
||||||
*
|
|
||||||
@@ -1612,7 +1663,11 @@
|
|
||||||
*/
|
|
||||||
static void create_home (void)
|
|
||||||
{
|
|
||||||
+
|
|
||||||
if (access (user_home, F_OK)) {
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ selinux_file_context (user_home);
|
|
||||||
+#endif
|
|
||||||
/* XXX - create missing parent directories. --marekm */
|
|
||||||
if (mkdir (user_home, 0)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
@@ -1840,6 +1895,15 @@
|
|
||||||
|
|
||||||
usr_update ();
|
|
||||||
|
|
||||||
+ create_mail ();
|
|
||||||
+
|
|
||||||
+ nscd_flush_cache ("passwd");
|
|
||||||
+ nscd_flush_cache ("group");
|
|
||||||
+
|
|
||||||
+ close_files ();
|
|
||||||
+
|
|
||||||
+ selinux_update_mapping();
|
|
||||||
+
|
|
||||||
if (mflg) {
|
|
||||||
create_home ();
|
|
||||||
if (home_added)
|
|
||||||
@@ -1863,13 +1927,6 @@
|
|
||||||
* with --gafton
|
|
||||||
*/
|
|
||||||
|
|
||||||
- create_mail ();
|
|
||||||
-
|
|
||||||
- nscd_flush_cache ("passwd");
|
|
||||||
- nscd_flush_cache ("group");
|
|
||||||
-
|
|
||||||
- close_files ();
|
|
||||||
-
|
|
||||||
#ifdef USE_PAM
|
|
||||||
if (retval == PAM_SUCCESS)
|
|
||||||
pam_end (pamh, PAM_SUCCESS);
|
|
||||||
--- shadow-4.0.17/src/userdel.c.useradd 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/userdel.c 2007-01-16 18:24:34.000000000 +0100
|
|
||||||
@@ -792,6 +792,17 @@
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -332,9 +148,9 @@
|
||||||
/*
|
/*
|
||||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||||
* the entry from /etc/passwd.
|
* the entry from /etc/passwd.
|
||||||
--- shadow-4.0.17/src/usermod.c.useradd 2007-01-16 18:24:34.000000000 +0100
|
--- shadow-4.0.18.1/src/usermod.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
||||||
+++ shadow-4.0.17/src/usermod.c 2007-01-16 18:29:45.000000000 +0100
|
+++ shadow-4.0.18.1/src/usermod.c 2007-11-29 15:47:39.000000000 +0100
|
||||||
@@ -90,6 +90,7 @@
|
@@ -90,6 +90,7 @@ static char *user_comment;
|
||||||
static char *user_home;
|
static char *user_home;
|
||||||
static char *user_newhome;
|
static char *user_newhome;
|
||||||
static char *user_shell;
|
static char *user_shell;
|
||||||
|
@ -342,7 +158,7 @@
|
||||||
static long user_expire;
|
static long user_expire;
|
||||||
static long user_inactive;
|
static long user_inactive;
|
||||||
static long sys_ngroups;
|
static long sys_ngroups;
|
||||||
@@ -132,6 +133,7 @@
|
@@ -132,6 +133,7 @@ static int is_shadow_grp;
|
||||||
static int get_groups (char *);
|
static int get_groups (char *);
|
||||||
static void usage (void);
|
static void usage (void);
|
||||||
static void new_pwent (struct passwd *);
|
static void new_pwent (struct passwd *);
|
||||||
|
@ -350,7 +166,7 @@
|
||||||
|
|
||||||
static void new_spent (struct spwd *);
|
static void new_spent (struct spwd *);
|
||||||
static void fail_exit (int);
|
static void fail_exit (int);
|
||||||
@@ -301,6 +303,9 @@
|
@@ -294,6 +296,9 @@ static void usage (void)
|
||||||
" -s, --shell SHELL new login shell for the user account\n"
|
" -s, --shell SHELL new login shell for the user account\n"
|
||||||
" -u, --uid UID new UID for the user account\n"
|
" -u, --uid UID new UID for the user account\n"
|
||||||
" -U, --unlock unlock the user account\n"
|
" -U, --unlock unlock the user account\n"
|
||||||
|
@ -360,7 +176,7 @@
|
||||||
"\n"));
|
"\n"));
|
||||||
exit (E_USAGE);
|
exit (E_USAGE);
|
||||||
}
|
}
|
||||||
@@ -925,13 +930,20 @@
|
@@ -918,13 +923,20 @@ static void process_flags (int argc, cha
|
||||||
{"move-home", no_argument, NULL, 'm'},
|
{"move-home", no_argument, NULL, 'm'},
|
||||||
{"non-unique", no_argument, NULL, 'o'},
|
{"non-unique", no_argument, NULL, 'o'},
|
||||||
{"password", required_argument, NULL, 'p'},
|
{"password", required_argument, NULL, 'p'},
|
||||||
|
@ -381,7 +197,7 @@
|
||||||
long_options, NULL)) != -1) {
|
long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'a':
|
case 'a':
|
||||||
@@ -1080,6 +1092,16 @@
|
@@ -1073,6 +1085,16 @@ static void process_flags (int argc, cha
|
||||||
|
|
||||||
Uflg++;
|
Uflg++;
|
||||||
break;
|
break;
|
||||||
|
@ -398,7 +214,7 @@
|
||||||
default:
|
default:
|
||||||
usage ();
|
usage ();
|
||||||
}
|
}
|
||||||
@@ -1549,6 +1571,8 @@
|
@@ -1542,6 +1564,8 @@ int main (int argc, char **argv)
|
||||||
if (Gflg || lflg)
|
if (Gflg || lflg)
|
||||||
grp_err = grp_update ();
|
grp_err = grp_update ();
|
||||||
|
|
||||||
|
@ -407,7 +223,7 @@
|
||||||
if (mflg)
|
if (mflg)
|
||||||
move_home ();
|
move_home ();
|
||||||
|
|
||||||
@@ -1580,3 +1604,62 @@
|
@@ -1573,3 +1597,62 @@ int main (int argc, char **argv)
|
||||||
exit (E_SUCCESS);
|
exit (E_SUCCESS);
|
||||||
/* NOT REACHED */
|
/* NOT REACHED */
|
||||||
}
|
}
|
||||||
|
@ -470,4 +286,190 @@
|
||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+}
|
+}
|
||||||
|
--- shadow-4.0.18.1/src/useradd.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
||||||
|
+++ shadow-4.0.18.1/src/useradd.c 2007-11-29 15:52:00.000000000 +0100
|
||||||
|
@@ -100,6 +100,7 @@ static const char *user_comment = "";
|
||||||
|
static const char *user_home = "";
|
||||||
|
static const char *user_shell = "";
|
||||||
|
static const char *create_mail_spool = "";
|
||||||
|
+static const char *user_selinux = "";
|
||||||
|
|
||||||
|
static long user_expire = -1;
|
||||||
|
static int is_shadow_pwd;
|
||||||
|
@@ -170,6 +171,7 @@ static int set_defaults (void);
|
||||||
|
static int get_groups (char *);
|
||||||
|
static void usage (void);
|
||||||
|
static void new_pwent (struct passwd *);
|
||||||
|
+static void selinux_update_mapping (void);
|
||||||
|
|
||||||
|
static long scale_age (long);
|
||||||
|
static void new_spent (struct spwd *);
|
||||||
|
@@ -354,6 +356,7 @@ static void get_defaults (void)
|
||||||
|
def_create_mail_spool = xstrdup (cp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ fclose(fp);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -641,7 +644,10 @@ static void usage (void)
|
||||||
|
" -p, --password PASSWORD use encrypted password for the new user\n"
|
||||||
|
" account\n"
|
||||||
|
" -s, --shell SHELL the login shell for the new user account\n"
|
||||||
|
- " -u, --uid UID force use the UID for the new user account\n"
|
||||||
|
+ " -u, --uid UID force use the UID for the new user account\n"
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ " -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"
|
||||||
|
+#endif
|
||||||
|
"\n"));
|
||||||
|
exit (E_USAGE);
|
||||||
|
}
|
||||||
|
@@ -1041,11 +1047,18 @@ static void process_flags (int argc, cha
|
||||||
|
{"non-unique", no_argument, NULL, 'o'},
|
||||||
|
{"password", required_argument, NULL, 'p'},
|
||||||
|
{"shell", required_argument, NULL, 's'},
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ {"selinux-user", required_argument, NULL, 'Z'},
|
||||||
|
+#endif
|
||||||
|
{"uid", required_argument, NULL, 'u'},
|
||||||
|
{NULL, 0, NULL, '\0'}
|
||||||
|
};
|
||||||
|
while ((c =
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:Z:",
|
||||||
|
+#else
|
||||||
|
getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
||||||
|
+#endif
|
||||||
|
long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'b':
|
||||||
|
@@ -1229,6 +1242,17 @@ static void process_flags (int argc, cha
|
||||||
|
case 'M':
|
||||||
|
Mflg++;
|
||||||
|
break;
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ case 'Z':
|
||||||
|
+ if (is_selinux_enabled() > 0)
|
||||||
|
+ user_selinux = optarg;
|
||||||
|
+ else {
|
||||||
|
+ fprintf (stderr,_("%s: -Z requires SELinux enabled kernel\n"), Prog);
|
||||||
+
|
+
|
||||||
|
+ exit (E_BAD_ARG);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
default:
|
||||||
|
usage ();
|
||||||
|
}
|
||||||
|
@@ -1596,6 +1620,33 @@ static void usr_update (void)
|
||||||
|
grp_update ();
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void selinux_update_mapping () {
|
||||||
|
+
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ if (is_selinux_enabled() <= 0) return;
|
||||||
|
+
|
||||||
|
+ if (*user_selinux) { /* must be done after passwd write() */
|
||||||
|
+ const char *argv[7];
|
||||||
|
+ argv[0] = "/usr/sbin/semanage";
|
||||||
|
+ argv[1] = "login";
|
||||||
|
+ argv[2] = "-a";
|
||||||
|
+ argv[3] = "-s";
|
||||||
|
+ argv[4] = user_selinux;
|
||||||
|
+ argv[5] = user_name;
|
||||||
|
+ argv[6] = NULL;
|
||||||
|
+ if (safe_system(argv[0], argv, NULL, 0)) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||||
|
+ Prog, user_name, user_selinux);
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
+ "adding SELinux user mapping", user_name, user_id, 0);
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
/*
|
||||||
|
* create_home - create the user's home directory
|
||||||
|
*
|
||||||
|
@@ -1605,7 +1656,11 @@ static void usr_update (void)
|
||||||
|
*/
|
||||||
|
static void create_home (void)
|
||||||
|
{
|
||||||
|
+
|
||||||
|
if (access (user_home, F_OK)) {
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ selinux_file_context (user_home);
|
||||||
|
+#endif
|
||||||
|
/* XXX - create missing parent directories. --marekm */
|
||||||
|
if (mkdir (user_home, 0)) {
|
||||||
|
fprintf (stderr,
|
||||||
|
@@ -1833,6 +1888,17 @@ int main (int argc, char **argv)
|
||||||
|
|
||||||
|
usr_update ();
|
||||||
|
|
||||||
|
+ /* Do not create mail directory for system accounts */
|
||||||
|
+ if( !rflg )
|
||||||
|
+ create_mail ();
|
||||||
|
+
|
||||||
|
+ nscd_flush_cache ("passwd");
|
||||||
|
+ nscd_flush_cache ("group");
|
||||||
|
+
|
||||||
|
+ close_files ();
|
||||||
|
+
|
||||||
|
+ selinux_update_mapping();
|
||||||
|
+
|
||||||
|
if (mflg) {
|
||||||
|
create_home ();
|
||||||
|
if (home_added)
|
||||||
|
@@ -1856,15 +1922,6 @@ int main (int argc, char **argv)
|
||||||
|
* with --gafton
|
||||||
|
*/
|
||||||
|
|
||||||
|
- /* Do not create mail directory for system accounts */
|
||||||
|
- if( !rflg )
|
||||||
|
- create_mail ();
|
||||||
|
-
|
||||||
|
- nscd_flush_cache ("passwd");
|
||||||
|
- nscd_flush_cache ("group");
|
||||||
|
-
|
||||||
|
- close_files ();
|
||||||
|
-
|
||||||
|
#ifdef USE_PAM
|
||||||
|
if (retval == PAM_SUCCESS)
|
||||||
|
pam_end (pamh, PAM_SUCCESS);
|
||||||
|
--- shadow-4.0.18.1/lib/defines.h.useradd 2005-09-05 18:22:03.000000000 +0200
|
||||||
|
+++ shadow-4.0.18.1/lib/defines.h 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
@@ -342,4 +342,7 @@ extern char *strerror ();
|
||||||
|
#include <libaudit.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+#include <selinux/selinux.h>
|
||||||
|
+#endif
|
||||||
|
#endif /* _DEFINES_H_ */
|
||||||
|
--- shadow-4.0.18.1/lib/prototypes.h.useradd 2006-02-07 17:36:30.000000000 +0100
|
||||||
|
+++ shadow-4.0.18.1/lib/prototypes.h 2007-11-29 15:47:39.000000000 +0100
|
||||||
|
@@ -52,6 +52,9 @@ extern int is_listed (const char *, cons
|
||||||
|
/* copydir.c */
|
||||||
|
extern int copy_tree (const char *, const char *, uid_t, gid_t);
|
||||||
|
extern int remove_tree (const char *);
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+extern int selinux_file_context (const char *dst_name);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* encrypt.c */
|
||||||
|
extern char *pw_encrypt (const char *, const char *);
|
||||||
|
@@ -147,6 +150,9 @@ extern void setup_env (struct passwd *);
|
||||||
|
/* shell.c */
|
||||||
|
extern int shell (const char *, const char *, char *const *);
|
||||||
|
|
||||||
|
+/* system.c */
|
||||||
|
+extern int safe_system(const char *command, const char *argv[], const char *env[], int ignore_stderr);
|
||||||
|
+
|
||||||
|
/* strtoday.c */
|
||||||
|
extern long strtoday (const char *);
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.0.18.1
|
Version: 4.0.18.1
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://shadow.pld.org.pl/
|
URL: http://shadow.pld.org.pl/
|
||||||
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
|
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
|
||||||
|
@ -215,6 +215,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%{_mandir}/man8/faillog.8*
|
%{_mandir}/man8/faillog.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 29 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-20
|
||||||
|
- do not create mail spool entries for system accounts (#402351)
|
||||||
|
|
||||||
* Thu Oct 18 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-19
|
* Thu Oct 18 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-19
|
||||||
- fix timestamps when moving home dirs to another file system (#278571)
|
- fix timestamps when moving home dirs to another file system (#278571)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue