useradd: add -F option for updating /etc/sub[ig]id for system accounts

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
This commit is contained in:
Masatake YAMATO 2022-07-20 11:17:16 +09:00 committed by Iker Pedrosa
parent fb96d3f84d
commit 3f7a72e967
2 changed files with 36 additions and 3 deletions

View File

@ -213,6 +213,18 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-F</option>, <option>--add-subids-for-system</option>
</term>
<listitem>
<para>
Update <filename>/etc/subuid</filename> and <filename>
/etc/subgid</filename> even when creating a system account
with <option>-r</option> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</replaceable>
@ -466,7 +478,9 @@
</para>
<para>
Note that this option will not update <filename>/etc/subuid
</filename> and <filename>/etc/subgid</filename>.
</filename> and <filename>/etc/subgid</filename>. You have to
specify the <option>-F</option> options if you want to update
the files for a system account to be created.
</para>
</listitem>
</varlistentry>

View File

@ -139,6 +139,9 @@ static bool
Dflg = false, /* set/show new user default values */
eflg = false, /* days since 1970-01-01 when account is locked */
fflg = false, /* days until account with expired password is locked */
#ifdef ENABLE_SUBIDS
Fflg = false, /* update /etc/subuid and /etc/subgid even if -r option is given */
#endif
gflg = false, /* primary group ID for new account */
Gflg = false, /* secondary group set for new account */
kflg = false, /* specify a directory to fill new user directory */
@ -910,6 +913,9 @@ static void usage (int status)
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
(void) fputs (_(" -e, --expiredate EXPIRE_DATE expiration date of the new account\n"), usageout);
(void) fputs (_(" -f, --inactive INACTIVE password inactivity period of the new account\n"), usageout);
#ifdef ENABLE_SUBIDS
(void) fputs (_(" -F, --add-subids-for-system add entries to sub[ud]id even when adding a system user\n"), usageout);
#endif
(void) fputs (_(" -g, --gid GROUP name or ID of the primary group of the new\n"
" account\n"), usageout);
(void) fputs (_(" -G, --groups GROUPS list of supplementary groups of the new\n"
@ -1195,6 +1201,9 @@ static void process_flags (int argc, char **argv)
{"defaults", no_argument, NULL, 'D'},
{"expiredate", required_argument, NULL, 'e'},
{"inactive", required_argument, NULL, 'f'},
#ifdef ENABLE_SUBIDS
{"add-subids-for-system", no_argument,NULL, 'F'},
#endif
{"gid", required_argument, NULL, 'g'},
{"groups", required_argument, NULL, 'G'},
{"help", no_argument, NULL, 'h'},
@ -1222,6 +1231,9 @@ static void process_flags (int argc, char **argv)
#ifdef WITH_SELINUX
"Z:"
#endif /* WITH_SELINUX */
#ifdef ENABLE_SUBIDS
"F"
#endif /* ENABLE_SUBIDS */
"",
long_options, NULL)) != -1) {
switch (c) {
@ -1317,6 +1329,11 @@ static void process_flags (int argc, char **argv)
}
fflg = true;
break;
#ifdef ENABLE_SUBIDS
case 'F':
Fflg = true;
break;
#endif
case 'g':
grp = prefix_getgr_nam_gid (optarg);
if (NULL == grp) {
@ -2484,9 +2501,11 @@ int main (int argc, char **argv)
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536);
subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536);
is_sub_uid = subuid_count > 0 && sub_uid_file_present () && !rflg &&
is_sub_uid = subuid_count > 0 && sub_uid_file_present () &&
(!rflg || Fflg) &&
(!user_id || (user_id <= uid_max && user_id >= uid_min));
is_sub_gid = subgid_count > 0 && sub_gid_file_present () && !rflg &&
is_sub_gid = subgid_count > 0 && sub_gid_file_present () &&
(!rflg || Fflg) &&
(!user_id || (user_id <= uid_max && user_id >= uid_min));
#endif /* ENABLE_SUBIDS */