3 # Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions
8 # 1. Redistributions of source code must retain the above copyright
9 # notice, this list of conditions and the following disclaimer.
10 # 2. Redistributions in binary form must reproduce the above copyright
11 # notice, this list of conditions and the following disclaimer in the
12 # documentation and/or other materials provided with the distribution.
14 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 # Email: Mike Makonnen <mtm@FreeBSD.Org>
27 # $FreeBSD: src/usr.sbin/adduser/adduser.sh,v 1.23 2004/06/06 17:55:55 mtm Exp $
28 # $DragonFly: src/usr.sbin/adduser/adduser.sh,v 1.1 2004/06/21 17:47:12 cpressey Exp $
32 # Display $msg on stderr, unless we're being quiet.
35 if [ -z "$quietflag" ]; then
36 echo 1>&2 ${THISCMD}: ERROR: $*
41 # Display $msg on stdout, unless we're being quiet.
44 if [ -z "$quietflag" ]; then
45 echo ${THISCMD}: INFO: $*
50 # Output the value of $_uid if it is available for use. If it
51 # is not, output the value of the next higher uid that is available.
52 # If a uid is not specified, output the first available uid, as indicated
59 if [ -z "$_uid" ]; then
60 _nextuid="`${PWCMD} usernext | cut -f1 -d:`"
63 ${PWCMD} usershow $_uid > /dev/null 2>&1
64 if [ ! "$?" -eq 0 ]; then
75 # Display usage information for this utility.
78 echo "usage: ${THISCMD} [options]"
79 echo " options may include:"
80 echo " -C save to the configuration file only"
81 echo " -D do not attempt to create the home directory"
82 echo " -E disable this account after creation"
83 echo " -G additional groups to add accounts to"
84 echo " -L login class of the user"
85 echo " -N do not read configuration file"
86 echo " -S a nonexistent shell is not an error"
87 echo " -d home directory"
88 echo " -f file from which input will be received"
89 echo " -g default login group"
90 echo " -h display this usage message"
91 echo " -k path to skeleton home directory"
92 echo " -m user welcome message file"
93 echo " -q absolute minimal user feedback"
95 echo " -u uid to start at"
96 echo " -w password type: no, none, yes or random"
100 # Outputs a list of valid shells from /etc/shells. Only the
101 # basename of the shell is output.
106 while read _path _junk ; do
111 echo -n "${_prefix}`basename $_path`"
117 # /usr/sbin/nologin is a special case
118 [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
121 # fullpath_from_shell shell
122 # Given $shell, which is either the full path to a shell or
123 # the basename component of a valid shell, get the
124 # full path to the shell from the /etc/shells file.
126 fullpath_from_shell() {
128 [ -z "$_shell" ] && return 1
131 while read _path _junk ; do
136 if [ "$_path" = "$_shell" -o \
137 "`basename $_path`" = "$_shell" ]; then
145 # /usr/sbin/nologin is a special case
146 if [ "$_shell" = "${NOLOGIN}" ]; then
155 # If the given shell is listed in ${ETCSHELLS} or it is
156 # the nologin shell this function will return 0.
157 # Otherwise, it will return 1. If shell is valid but
158 # the path is invalid or it is not executable it
159 # will emit an informational message saying so.
164 _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
166 if ! eval $_shellchk; then
167 # The nologin shell is not listed in /etc/shells.
168 if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
169 err "Invalid shell ($_sh) for user $username."
174 info "The shell ($_sh) does not exist or is not executable."
180 # Save some variables to a configuration file.
181 # Note: not all script variables are saved, only those that
182 # it makes sense to save.
185 echo "# Configuration file for adduser(8)." > ${ADDUSERCONF}
186 echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
187 echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF}
188 echo '' >> ${ADDUSERCONF}
189 echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
190 echo "defaultclass=$uclass" >> ${ADDUSERCONF}
191 echo "defaultgroups=$ugroups" >> ${ADDUSERCONF}
192 echo "passwdtype=$passwdtype" >> ${ADDUSERCONF}
193 echo "homeprefix=$homeprefix" >> ${ADDUSERCONF}
194 echo "defaultshell=$ushell" >> ${ADDUSERCONF}
195 echo "udotdir=$udotdir" >> ${ADDUSERCONF}
196 echo "msgfile=$msgfile" >> ${ADDUSERCONF}
197 echo "disableflag=$disableflag" >> ${ADDUSERCONF}
201 # Add a user to the user database. If the user chose to send a welcome
202 # message or lock the account, do so.
206 # Is this a configuration run? If so, don't modify user database.
208 if [ -n "$configflag" ]; then
229 _name="-n '$username'"
230 [ -n "$uuid" ] && _uid='-u "$uuid"'
231 [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
232 [ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
233 [ -n "$ushell" ] && _shell='-s "$ushell"'
234 [ -n "$uclass" ] && _class='-L "$uclass"'
235 [ -n "$ugecos" ] && _comment='-c "$ugecos"'
236 [ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
237 [ -n "$uexpire" ] && _expire='-e "$uexpire"'
238 [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
239 if [ -z "$Dflag" -a -n "$uhome" ]; then
240 # The /nonexistent home directory is special. It
241 # means the user has no home directory.
242 if [ "$uhome" = "$NOHOME" ]; then
245 _home='-m -d "$uhome"'
247 elif [ -n "$Dflag" -a -n "$uhome" ]; then
252 _passwdmethod="-w no"
256 # Note on processing the password: The outer double quotes
257 # make literal everything except ` and \ and $.
258 # The outer single quotes make literal ` and $.
259 # We can ensure the \ isn't treated specially by specifying
260 # the -r switch to the read command used to obtain the input.
262 _passwdmethod="-w yes"
264 _upasswd='echo "$upass" |'
267 _passwdmethod="-w none"
270 _passwdmethod="-w random"
274 _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
275 _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
276 _pwcmd="$_pwcmd $_expire $_pwexpire"
278 if ! _output=`eval $_pwcmd` ; then
279 err "There was an error adding user ($username)."
282 info "Successfully added ($username) to the user database."
283 if [ "random" = "$passwdtype" ]; then
284 randompass="$_output"
285 info "Password for ($username) is: $randompass"
289 if [ -n "$disableflag" ]; then
290 if ${PWCMD} lock $username ; then
291 info "Account ($username) is locked."
293 info "Account ($username) could NOT be locked."
300 if [ -n "$msgflag" ]; then
301 [ -r "$msgfile" ] && {
302 # We're evaluating the contents of an external file.
303 # Let's not open ourselves up for attack. _perms will
304 # be empty if it's writeable only by the owner. _owner
305 # will *NOT* be empty if the file is owned by root.
307 _dir="`dirname $msgfile`"
308 _file="`basename $msgfile`"
309 _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
310 _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
311 if [ -z "$_owner" -o -n "$_perms" ]; then
312 err "The message file ($msgfile) may be writeable only by root."
316 while read _line ; do
318 done | ${MAILCMD} -s"Welcome" ${username}
319 info "Sent welcome message to ($username)."
325 # Reads username of the account from standard input or from a global
326 # variable containing an account line from a file. The username is
327 # required. If this is an interactive session it will prompt in
328 # a loop until a username is entered. If it is batch processing from
329 # a file it will output an error message and return to the caller.
334 # No need to take down user names if this is a configuration saving run.
335 [ -n "$configflag" ] && return
338 if [ -z "$fflag" ]; then
342 _input="`echo "$fileline" | cut -f1 -d:`"
345 # There *must* be a username. If this is an interactive
346 # session give the user an opportunity to retry.
348 if [ -z "$_input" ]; then
349 err "You must enter a username!"
350 [ -z "$fflag" ] && continue
358 # Reads extra information about the user. Can be used both in interactive
359 # and batch (from file) mode.
364 # No need to take down additional user information for a configuration run.
365 [ -n "$configflag" ] && return
367 if [ -z "$fflag" ]; then
368 echo -n "Full name: "
371 _input="`echo "$fileline" | cut -f7 -d:`"
377 # Get the account's shell. Works in interactive and batch mode. It
378 # accepts either the base name of the shell or the full path.
379 # If an invalid shell is entered it will simply use the default shell.
384 ushell="$defaultshell"
386 # Make sure the current value of the shell is a valid one
387 if [ -z "$Sflag" ]; then
388 if ! shell_exists $ushell ; then
389 info "Using default shell ${defaultshell}."
390 ushell="$defaultshell"
394 if [ -z "$fflag" ]; then
395 echo -n "Shell ($shells) [`basename $ushell`]: "
398 _input="`echo "$fileline" | cut -f9 -d:`"
400 if [ -n "$_input" ]; then
401 if [ -n "$Sflag" ]; then
404 _fullpath=`fullpath_from_shell $_input`
405 if [ -n "$_fullpath" ]; then
408 err "Invalid shell ($_input) for user $username."
409 info "Using default shell ${defaultshell}."
410 ushell="$defaultshell"
417 # Reads the account's home directory. Used both with interactive input
422 if [ -z "$fflag" ]; then
423 echo -n "Home directory [${homeprefix}/${username}]: "
426 _input="`echo "$fileline" | cut -f8 -d:`"
429 if [ -n "$_input" ]; then
431 # if this is a configuration run, then user input is the home
432 # directory prefix. Otherwise it is understood to
435 [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
437 uhome="${homeprefix}/${username}"
442 # Reads a numeric userid in an interactive or batch session. Automatically
443 # allocates one if it is not specified.
450 # No need to take down uids for a configuration saving run.
451 [ -n "$configflag" ] && return
453 if [ -n "$uuid" ]; then
454 _prompt="Uid [$uuid]: "
456 _prompt="Uid (Leave empty for default): "
458 if [ -z "$fflag" ]; then
462 _input="`echo "$fileline" | cut -f2 -d:`"
465 [ -n "$_input" ] && uuid=$_input
466 uuid=`get_nextuid $uuid`
471 # Reads login class of account. Can be used in interactive or batch mode.
474 uclass="$defaultclass"
476 _class=${uclass:-"default"}
478 if [ -z "$fflag" ]; then
479 echo -n "Login class [$_class]: "
482 _input="`echo "$fileline" | cut -f4 -d:`"
485 [ -n "$_input" ] && uclass="$_input"
489 # Reads user's login group. Can be used in both interactive and batch
490 # modes. The specified value can be a group name or its numeric id.
491 # This routine leaves the field blank if nothing is provided and
492 # a default login group has not been set. The pw(8) command
493 # will then provide a login group with the same name as the username.
496 ulogingroup="$defaultLgroup"
499 if [ -z "$fflag" ]; then
500 echo -n "Login group [${ulogingroup:-$username}]: "
503 _input="`echo "$fileline" | cut -f3 -d:`"
506 # Pw(8) will use the username as login group if it's left empty
507 [ -n "$_input" ] && ulogingroup="$_input"
511 # Read additional groups for the user. It can be used in both interactive
515 ugroups="$defaultgroups"
517 _group=${ulogingroup:-"${username}"}
519 if [ -z "$configflag" ]; then
520 [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
521 [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
523 [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
527 [ -n "$_input" ] && ugroups="$_input"
531 # Read expiry information for the account and also for the password. This
532 # routine is used only from batch processing mode.
535 upwexpire="`echo "$fileline" | cut -f5 -d:`"
536 uexpire="`echo "$fileline" | cut -f6 -d:`"
540 # Read the password in batch processing mode. The password field matters
541 # only when the password type is "yes" or "random". If the field is empty and the
542 # password type is "yes", then it assumes the account has an empty passsword
543 # and changes the password type accordingly. If the password type is "random"
544 # and the password field is NOT empty, then it assumes the account will NOT
545 # have a random password and set passwdtype to "yes."
548 # We may temporarily change a password type. Make sure it's changed
549 # back to whatever it was before we process the next account.
551 [ -n "$savedpwtype" ] && {
552 passwdtype=$savedpwtype
556 # There may be a ':' in the password
557 upass=${fileline#*:*:*:*:*:*:*:*:*:}
559 if [ -z "$upass" ]; then
562 # if it's empty, assume an empty password
578 # Reads a line of account information from standard input and
579 # adds it to the user database.
584 while read -r fileline ; do
606 # Prompts for user information interactively, and commits to
609 input_interactive() {
636 # The case where group = user is handled elsewhere, so
637 # validate any other groups the user is invited to.
638 until [ "$_logingroup_ok" = yes ]; do
641 if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
642 if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
643 echo "Group $ulogingroup does not exist!"
648 until [ "$_groups_ok" = yes ]; do
651 for i in $ugroups; do
652 if [ "$username" != "$i" ]; then
653 if ! ${PWCMD} show group $i > /dev/null 2>&1; then
654 echo "Group $i does not exist!"
666 echo -n "Use password-based authentication? [$_usepass]: "
668 [ -z "$_input" ] && _input=$_usepass
673 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
675 echo -n "Use an empty password? (yes/no) [$_emptypass]: "
677 [ -n "$_input" ] && _emptypass=$_input
680 echo -n "Use a random password? (yes/no) [$_random]: "
682 [ -n "$_input" ] && _random="$_input"
684 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
690 [ -n "$configflag" ] && break
691 trap 'stty echo; exit' 0 1 2 3 15
693 echo -n "Enter password: "
696 echo -n "Enter password again: "
700 # if user entered a blank password
701 # explicitly ask again.
702 [ -z "$upass" -a -z "$_passconfirm" ] \
705 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
710 # invalid answer; repeat the loop
714 if [ "$upass" != "$_passconfirm" ]; then
715 echo "Passwords did not match!"
722 # invalid answer; repeat loop
728 _disable=${disableflag:-"no"}
730 echo -n "Lock out the account after creation? [$_disable]: "
732 [ -z "$_input" ] && _input=$_disable
737 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
741 # invalid answer; repeat loop
748 # Display the information we have so far and prompt to
751 _disable=${disableflag:-"no"}
752 [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
767 [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
768 [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
769 [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
770 [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
771 printf "%-10s : %s\n" "Class" "$uclass"
772 printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
773 printf "%-10s : %s\n" "Home" "$uhome"
774 printf "%-10s : %s\n" "Shell" "$ushell"
775 printf "%-10s : %s\n" "Locked" "$_disable"
777 echo -n "OK? (yes/no): "
783 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
795 #### END SUBROUTINE DEFENITION ####
797 THISCMD=`/usr/bin/basename $0`
799 ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
800 PWCMD="${PWCMD:-/usr/sbin/pw}"
801 MAILCMD="${MAILCMD:-mail}"
802 ETCSHELLS="${ETCSHELLS:-/etc/shells}"
803 NOHOME="/nonexistent"
805 NOLOGIN_PATH="/usr/sbin/nologin"
806 GREPCMD="/usr/bin/grep"
820 udotdir=/usr/share/skel
824 shells="`valid_shells`"
826 msgfile=/etc/adduser.msg
843 defaultshell="${DEFAULTSHELL}"
845 # Make sure the user running this program is root. This isn't a security
846 # measure as much as it is a usefull method of reminding the user to
847 # 'su -' before he/she wastes time entering data that won't be saved.
849 procowner=${procowner:-`/usr/bin/id -u`}
850 if [ "$procowner" != "0" ]; then
851 err 'you must be the super-user (uid 0) to use this utility.'
855 # Overide from our conf file
856 # Quickly go through the commandline line to see if we should read
857 # from our configuration file. The actual parsing of the commandline
858 # arguments happens after we read in our configuration file (commandline
859 # should override configuration file).
862 if [ "$_i" = "-N" ]; then
867 if [ -n "$readconfig" ]; then
868 # On a long-lived system, the first time this script is run it
869 # will barf upon reading the configuration file for its perl predecessor.
870 if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
871 [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
875 # Proccess command-line options
900 [ "$2" != "-" ] && infile="$2"
953 defaultshell="`fullpath_from_shell $2`"
967 # If the -f switch was used, get input from a file. Otherwise,
968 # this is an interactive session.
970 if [ -n "$fflag" ]; then
971 if [ -z "$infile" ]; then
973 elif [ -n "$infile" ]; then
974 if [ -r "$infile" ]; then
975 input_from_file < $infile
977 err "File ($infile) is unreadable or does not exist."
983 if [ -z "$configflag" ]; then
984 echo -n "Add another user? (yes/no): "
986 echo -n "Re-edit the default configuration? (yes/no): "
990 [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
991 uidstart=`get_nextuid $uidstart`
projects / dragonfly.git / blob