emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Allow disabling of subordinate IDs.

Browse Source 
* configure.in: Add configure options --enable-subordinate-ids /
	--disable-subordinate-ids. Enabled by default.
	* lib/prototypes.h: Include <config.h> before using its macros.
	* lib/commonio.h, lib/commonio.c: Define commonio_append only when
	ENABLE_SUBIDS is defined.
	* lib/prototypes.h, libmisc/find_new_sub_gids.c,
	libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Likewise.
	* libmisc/user_busy.c: Only check if subordinate IDs are in use if
	ENABLE_SUBIDS is defined.
	* src/Makefile.am: Create newgidmap and newuidmap only if
	ENABLE_SUBIDS is defined.
	* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
	subordinate IDs.
	* src/useradd.c: Likewise.
	* src/userdel.c: Likewise.
	* src/usermod.c: Likewise.
	* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
	* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 (not translated yet).
	* man/generate_mans.mak: Add xsltproc conditionals
	subids/no_subids.
	* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
	condition.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/usermod.8.xml: Document options for subordinate IDs and
	reference subgid(5) / subuid(5) depending on the subids condition.
This commit is contained in:
Nicolas François
2013-08-11 14:54:22 +02:00
parent 1fb1486c8a
commit d611d54ed4
21 changed files with 259 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Makefile.am
View File

@@ -24,8 +24,10 @@ INCLUDES = \
bin_PROGRAMS = groups login su
sbin_PROGRAMS = nologin
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd \
newgidmap newuidmap
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
if ENABLE_SUBIDS
ubin_PROGRAMS += newgidmap newuidmap
endif
usbin_PROGRAMS = \
chgpasswd \
chpasswd \

24
src/newusers.c
View File

@@ -65,7 +65,9 @@
#include "pwio.h"
#include "sgroupio.h"
#include "shadowio.h"
#ifdef ENABLE_SUBIDS
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
#include "chkname.h"
/*
@@ -83,8 +85,6 @@ static long sha_rounds = 5000;
#endif /* USE_SHA_CRYPT */
#endif /* !USE_PAM */
static bool is_sub_uid = false;
static bool is_sub_gid = false;
static bool is_shadow;
#ifdef SHADOWGRP
static bool is_shadow_grp;
@@ -93,8 +93,12 @@ static bool sgr_locked = false;
static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
#ifdef ENABLE_SUBIDS
static bool is_sub_uid = false;
static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
#endif /* ENABLE_SUBIDS */
/* local function prototypes */
static void usage (int status);
@@ -183,6 +187,7 @@ static void fail_exit (int code)
}
}
#endif
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -197,6 +202,7 @@ static void fail_exit (int code)
/* continue */
}
}
#endif /* ENABLE_SUBIDS */
exit (code);
}
@@ -778,6 +784,7 @@ static void open_files (void)
sgr_locked = true;
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_lock () == 0) {
fprintf (stderr,
@@ -796,6 +803,7 @@ static void open_files (void)
}
sub_gid_locked = true;
}
#endif /* ENABLE_SUBIDS */
if (pw_open (O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
@@ -815,6 +823,7 @@ static void open_files (void)
fail_exit (EXIT_FAILURE);
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_open (O_RDWR) == 0) {
fprintf (stderr,
@@ -831,6 +840,7 @@ static void open_files (void)
fail_exit (EXIT_FAILURE);
}
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -875,6 +885,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
fail_exit (EXIT_FAILURE);
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid && (sub_uid_close () == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
@@ -887,6 +898,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
fail_exit (EXIT_FAILURE);
}
#endif /* ENABLE_SUBIDS */
if (gr_unlock () == 0) {
fprintf (stderr,
@@ -916,6 +928,7 @@ static void close_files (void)
sgr_locked = false;
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -932,6 +945,7 @@ static void close_files (void)
}
sub_gid_locked = false;
}
#endif /* ENABLE_SUBIDS */
}
int main (int argc, char **argv)
@@ -973,8 +987,10 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
open_files ();
@@ -1156,6 +1172,7 @@ int main (int argc, char **argv)
continue;
}
#ifdef ENABLE_SUBIDS
/*
* Add subordinate uids if the user does not have them.
*/
@@ -1175,7 +1192,7 @@ int main (int argc, char **argv)
errors++;
}
}
/*
* Add subordinate gids if the user does not have them.
*/
@@ -1195,6 +1212,7 @@ int main (int argc, char **argv)
errors++;
}
}
#endif /* ENABLE_SUBIDS */
}
/*

33
src/useradd.c
View File

@@ -65,7 +65,9 @@
#include "sgroupio.h"
#endif
#include "shadowio.h"
#ifdef ENABLE_SUBIDS
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif
@@ -122,20 +124,22 @@ static bool is_shadow_pwd;
static bool is_shadow_grp;
static bool sgr_locked = false;
#endif
#ifdef ENABLE_SUBIDS
static bool is_sub_uid = false;
static bool is_sub_gid = false;
static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static char **user_groups; /* NULL-terminated list */
static long sys_ngroups;
static bool do_grp_update = false; /* group files need to be updated */
static uid_t sub_uid_start; /* New subordinate uid range */
static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
static char **user_groups; /* NULL-terminated list */
static long sys_ngroups;
static bool do_grp_update = false; /* group files need to be updated */
static bool
bflg = false, /* new default root of home directory */
@@ -177,8 +181,10 @@ static bool home_added = false;
#define E_GRP_UPDATE 10 /* can't update group file */
#define E_HOMEDIR 12 /* can't create home directory */
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
#ifdef ENABLE_SUBIDS
#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
#endif /* ENABLE_SUBIDS */
#define DGROUP "GROUP="
#define DHOME "HOME="
@@ -279,6 +285,7 @@ static void fail_exit (int code)
}
}
#endif
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -305,6 +312,7 @@ static void fail_exit (int code)
/* continue */
}
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1415,6 +1423,7 @@ static void close_files (void)
}
#endif
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid && (sub_uid_close () == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
@@ -1427,6 +1436,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
fail_exit (E_SUB_GID_UPDATE);
}
#endif /* ENABLE_SUBIDS */
if (is_shadow_pwd) {
if (spw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
@@ -1481,6 +1491,7 @@ static void close_files (void)
sgr_locked = false;
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -1509,6 +1520,7 @@ static void close_files (void)
}
sub_gid_locked = false;
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -1563,6 +1575,7 @@ static void open_files (void)
}
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_lock () == 0) {
fprintf (stderr,
@@ -1593,6 +1606,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
}
static void open_shadow (void)
@@ -1839,6 +1853,7 @@ static void usr_update (void)
#endif
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
(sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
fprintf (stderr,
@@ -1853,6 +1868,7 @@ static void usr_update (void)
Prog, sub_uid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -2005,8 +2021,10 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
get_defaults ();
@@ -2157,6 +2175,7 @@ int main (int argc, char **argv)
grp_add ();
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) {
fprintf (stderr,
@@ -2173,6 +2192,8 @@ int main (int argc, char **argv)
fail_exit(E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
usr_update ();
if (mflg) {

20
src/userdel.c
View File

@@ -65,7 +65,9 @@
#endif /* WITH_TCB */
/*@-exitarg@*/
#include "exitcodes.h"
#ifdef ENABLE_SUBIDS
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
/*
* exit status values
@@ -76,8 +78,10 @@
#define E_GRP_UPDATE 10 /* can't update group file */
#define E_HOMEDIR 12 /* can't remove home directory */
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
#ifdef ENABLE_SUBIDS
#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
#endif /* ENABLE_SUBIDS */
/*
* Global variables
@@ -99,13 +103,15 @@ static bool is_shadow_pwd;
static bool is_shadow_grp;
static bool sgr_locked = false;
#endif /* SHADOWGRP */
static bool is_sub_uid;
static bool is_sub_gid;
static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
#ifdef ENABLE_SUBIDS
static bool is_sub_uid;
static bool is_sub_gid;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
#endif /* ENABLE_SUBIDS */
/* local function prototypes */
static void usage (int status);
@@ -445,6 +451,7 @@ static void close_files (void)
}
#endif /* SHADOWGRP */
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_close () == 0) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
@@ -472,6 +479,7 @@ static void close_files (void)
}
sub_gid_locked = false;
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -509,6 +517,7 @@ static void fail_exit (int code)
}
}
#endif /* SHADOWGRP */
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -523,6 +532,7 @@ static void fail_exit (int code)
/* continue */
}
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -644,6 +654,7 @@ static void open_files (void)
}
}
#endif /* SHADOWGRP */
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_lock () == 0) {
fprintf (stderr,
@@ -696,6 +707,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -720,6 +732,7 @@ static void update_user (void)
Prog, user_name, spw_dbname ());
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid && sub_uid_remove(user_name, 0, ULONG_MAX) == 0) {
fprintf (stderr,
_("%s: cannot remove entry %lu from %s\n"),
@@ -732,6 +745,7 @@ static void update_user (void)
Prog, (unsigned long)user_id, sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user entries",
@@ -1079,8 +1093,10 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif /* SHADOWGRP */
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
/*
* Start with a quick check to see if the user exists.

62
src/usermod.c
View File

@@ -63,7 +63,9 @@
#include "sgroupio.h"
#endif
#include "shadowio.h"
#ifdef ENABLE_SUBIDS
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif
@@ -87,9 +89,13 @@
/* #define E_NOSPACE 11 insufficient space to move home dir */
#define E_HOMEDIR 12 /* unable to complete home dir move */
#define E_SE_UPDATE 13 /* can't update SELinux user mapping */
#ifdef ENABLE_SUBIDS
#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
#endif /* ENABLE_SUBIDS */
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
/*
* Global variables
*/
@@ -135,12 +141,14 @@ static bool
#ifdef WITH_SELINUX
Zflg = false, /* new selinux user */
#endif
uflg = false, /* specify new user ID */
Uflg = false, /* unlock the password */
#ifdef ENABLE_SUBIDS
vflg = false, /* add subordinate uids */
Vflg = false, /* delete subordinate uids */
wflg = false, /* add subordinate gids */
Wflg = false; /* delete subordinate gids */
Wflg = false, /* delete subordinate gids */
#endif /* ENABLE_SUBIDS */
uflg = false, /* specify new user ID */
Uflg = false; /* unlock the password */
static bool is_shadow_pwd;
@@ -148,8 +156,10 @@ static bool is_shadow_pwd;
static bool is_shadow_grp;
#endif
#ifdef ENABLE_SUBIDS
static bool is_sub_uid = false;
static bool is_sub_gid = false;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool spw_locked = false;
@@ -157,8 +167,10 @@ static bool gr_locked = false;
#ifdef SHADOWGRP
static bool sgr_locked = false;
#endif
#ifdef ENABLE_SUBIDS
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
#endif /* ENABLE_SUBIDS */
/* local function prototypes */
@@ -314,6 +326,7 @@ static int get_groups (char *list)
return 0;
}
#ifdef ENABLE_SUBIDS
struct ulong_range
{
unsigned long first;
@@ -376,6 +389,7 @@ static int prepend_range(const char *str, struct ulong_range_list_entry **head)
*head = entry;
return 1;
}
#endif /* ENABLE_SUBIDS */
/*
* usage - display usage message and exit
@@ -409,10 +423,12 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
(void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
(void) fputs (_(" -U, --unlock unlock the user account\n"), usageout);
#ifdef ENABLE_SUBIDS
(void) fputs (_(" -v, --add-subuids FIRST-LAST add range of subordinate uids\n"), usageout);
(void) fputs (_(" -V, --del-subuids FIRST-LAST remove range of subordinate uids\n"), usageout);
(void) fputs (_(" -w, --add-subgids FIRST-LAST add range of subordinate gids\n"), usageout);
(void) fputs (_(" -W, --del-subgids FIRST-LAST remove range of subordinate gids\n"), usageout);
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
(void) fputs (_(" -Z, --selinux-user SEUSER new SELinux user mapping for the user account\n"), usageout);
#endif /* WITH_SELINUX */
@@ -669,6 +685,7 @@ static /*@noreturn@*/void fail_exit (int code)
/* continue */
}
}
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
@@ -683,6 +700,7 @@ static /*@noreturn@*/void fail_exit (int code)
/* continue */
}
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -982,22 +1000,26 @@ static void process_flags (int argc, char **argv)
{"shell", required_argument, NULL, 's'},
{"uid", required_argument, NULL, 'u'},
{"unlock", no_argument, NULL, 'U'},
#ifdef ENABLE_SUBIDS
{"add-subuids", required_argument, NULL, 'v'},
{"del-subuids", required_argument, NULL, 'V'},
{"add-subgids", required_argument, NULL, 'w'},
{"del-subgids", required_argument, NULL, 'W'},
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
{"selinux-user", required_argument, NULL, 'Z'},
#endif /* WITH_SELINUX */
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
"ac:d:e:f:g:G:hl:Lmop:R:s:u:U"
#ifdef ENABLE_SUBIDS
"v:w:V:W:"
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
"ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:v:w:V:W:",
#else /* !WITH_SELINUX */
"ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:w:V:W:",
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
"Z:"
#endif /* WITH_SELINUX */
, long_options, NULL)) != -1) {
switch (c) {
case 'a':
aflg = true;
@@ -1115,6 +1137,7 @@ static void process_flags (int argc, char **argv)
case 'U':
Uflg = true;
break;
#ifdef ENABLE_SUBIDS
case 'v':
if (prepend_range (optarg, &add_sub_uids) == 0) {
fprintf (stderr,
@@ -1151,6 +1174,7 @@ static void process_flags (int argc, char **argv)
}
Wflg = true;
break;
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
case 'Z':
if (is_selinux_enabled () > 0) {
@@ -1303,7 +1327,9 @@ static void process_flags (int argc, char **argv)
if (!(Uflg || uflg || sflg || pflg || mflg || Lflg ||
lflg || Gflg || gflg || fflg || eflg || dflg || cflg
#ifdef ENABLE_SUBIDS
|| vflg || Vflg || wflg || Wflg
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
|| Zflg
#endif /* WITH_SELINUX */
@@ -1435,6 +1461,7 @@ static void close_files (void)
sgr_locked = false;
#endif
#ifdef ENABLE_SUBIDS
if (vflg || Vflg) {
if (!is_sub_uid || (sub_uid_close () == 0)) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
@@ -1461,6 +1488,7 @@ static void close_files (void)
}
sub_gid_locked = false;
}
#endif /* ENABLE_SUBIDS */
/*
* Close the DBM and/or flat files
@@ -1541,6 +1569,7 @@ static void open_files (void)
}
#endif
}
#ifdef ENABLE_SUBIDS
if (vflg || Vflg) {
if (!is_sub_uid || (sub_uid_lock () == 0)) {
fprintf (stderr,
@@ -1571,6 +1600,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -1672,6 +1702,7 @@ static void usr_update (void)
fail_exit (E_PW_UPDATE);
}
}
#ifdef ENABLE_SUBIDS
if (Vflg) {
struct ulong_range_list_entry *ptr;
for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
@@ -1724,6 +1755,7 @@ static void usr_update (void)
}
}
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -2059,8 +2091,10 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
process_flags (argc, argv);
@@ -2068,7 +2102,11 @@ int main (int argc, char **argv)
* The home directory, the username and the user's UID should not
* be changed while the user is logged in.
*/
if ( (uflg || lflg || dflg || Vflg || Wflg)
if ( (uflg || lflg || dflg
#ifdef ENABLE_SUBIDS
|| Vflg || Wflg
#endif /* ENABLE_SUBIDS */
)
&& (user_busy (user_name, user_id) != 0)) {
exit (E_USER_BUSY);
}
@@ -2121,7 +2159,11 @@ int main (int argc, char **argv)
*/
open_files ();
if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
|| sflg || uflg || Uflg || vflg || Vflg || wflg || Wflg) {
|| sflg || uflg || Uflg
#ifdef ENABLE_SUBIDS
|| vflg || Vflg || wflg || Wflg
#endif /* ENABLE_SUBIDS */
) {
usr_update ();
}
if (Gflg || lflg) {