emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open

Browse Source 
audit after the potential chroot.
This commit is contained in:
nekral-guest 2011-11-06 18:37:25 +00:00
parent 0b5574c28a
commit cecae46ccf
4 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -4,6 +4,8 @@
po/POTFILES.in: Add process_root_flag() to process the --root po/POTFILES.in: Add process_root_flag() to process the --root
option and chroot so that the chroot config is used and changes option and chroot so that the chroot config is used and changes
are applied to the chroot. are applied to the chroot.
* NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open
audit after the potential chroot.
2011-10-22 Nicolas François <nicolas.francois@centraliens.net> 2011-10-22 Nicolas François <nicolas.francois@centraliens.net>

1
NEWS
View File

@ -71,6 +71,7 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
- useradd - useradd
* If the skeleton directory contained hardlinked files, copies of the * If the skeleton directory contained hardlinked files, copies of the
hardlink were removed from the skeleton directory. hardlink were removed from the skeleton directory.
* Add --root option.
- userdel - userdel
* Check the existence of the user's mail spool before trying to remove * Check the existence of the user's mail spool before trying to remove
it. If it does not exist, a warning is issued, but no failure. it. If it does not exist, a warning is issued, but no failure.

15
man/useradd.8.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright (c) 1991 - 1994, Julianne Frances Haugh Copyright (c) 1991 - 1994, Julianne Frances Haugh
Copyright (c) 2007 - 2009, Nicolas François Copyright (c) 2007 - 2011, Nicolas François
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
@ -434,6 +434,19 @@
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
<option>-R</option>, <option>--root</option>
<replaceable>CHROOT_DIR</replaceable>
</term>
<listitem>
<para>
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
directory and use the configuration files from the
<replaceable>CHROOT_DIR</replaceable> directory.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<option>-s</option>, <option>--shell</option> <option>-s</option>, <option>--shell</option>

17
src/useradd.c
View File

@ -724,6 +724,7 @@ static void usage (int status)
" (non-unique) UID\n"), usageout); " (non-unique) UID\n"), usageout);
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
(void) fputs (_(" -r, --system create a system account\n"), usageout); (void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
(void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout);
(void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout);
@ -997,6 +998,7 @@ static void process_flags (int argc, char **argv)
{"non-unique", no_argument, NULL, 'o'}, {"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'}, {"password", required_argument, NULL, 'p'},
{"system", no_argument, NULL, 'r'}, {"system", no_argument, NULL, 'r'},
{"root", required_argument, NULL, 'R'},
{"shell", required_argument, NULL, 's'}, {"shell", required_argument, NULL, 's'},
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
{"selinux-user", required_argument, NULL, 'Z'}, {"selinux-user", required_argument, NULL, 'Z'},
@ -1007,9 +1009,9 @@ static void process_flags (int argc, char **argv)
}; };
while ((c = getopt_long (argc, argv, while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
"b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:UZ:", "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
#else #else
"b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:U", "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
#endif #endif
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
@ -1178,6 +1180,8 @@ static void process_flags (int argc, char **argv)
case 'r': case 'r':
rflg = true; rflg = true;
break; break;
case 'R': /* no-op, handled in process_root_flag () */
break;
case 's': case 's':
if ( ( !VALID (optarg) ) if ( ( !VALID (optarg) )
|| ( ('\0' != optarg[0]) || ( ('\0' != optarg[0])
@ -1869,10 +1873,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT
audit_help_open ();
#endif
/* /*
* Get my name so that I can use it to report errors. * Get my name so that I can use it to report errors.
*/ */
@ -1882,7 +1882,12 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
process_root_flag ("-R", argc, argv);
OPENLOG ("useradd"); OPENLOG ("useradd");
#ifdef WITH_AUDIT
audit_help_open ();
#endif
sys_ngroups = sysconf (_SC_NGROUPS_MAX); sys_ngroups = sysconf (_SC_NGROUPS_MAX);
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *)); user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));