Allow supplementary groups to be added via config file
Allow supplementary groups to be set via the /etc/default/useradd config file. Allowing an administrator to set additonal groups via the GROUPS configurable and control the default behaviour of useradd.
This commit is contained in:
parent
e0524e813a
commit
e8d2bc8d8b
@ -263,7 +263,9 @@
|
||||
intervening whitespace. The groups are subject to the same
|
||||
restrictions as the group given with the <option>-g</option>
|
||||
option. The default is for the user to belong only to the
|
||||
initial group.
|
||||
initial group. In addition to passing in the -G flag, you can
|
||||
add the option <option>GROUPS</option> to the file <filename>/etc/default/useradd</filename>
|
||||
which in turn will add all users to those supplementary groups.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -80,6 +80,7 @@ const char *Prog;
|
||||
* These defaults are used if there is no defaults file.
|
||||
*/
|
||||
static gid_t def_group = 1000;
|
||||
static const char *def_groups = "";
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
static const char *def_shell = "/bin/bash";
|
||||
@ -183,6 +184,7 @@ static bool home_added = false;
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
#define DGROUP "GROUP="
|
||||
#define DGROUPS "GROUPS="
|
||||
#define DHOME "HOME="
|
||||
#define DSHELL "SHELL="
|
||||
#define DINACT "INACTIVE="
|
||||
@ -399,6 +401,17 @@ static void get_defaults (void)
|
||||
}
|
||||
}
|
||||
|
||||
if (MATCH (buf, DGROUPS)) {
|
||||
if (get_groups (cp) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: the '%s' configuraton in %s has an invalid group, ignoring the bad group\n"),
|
||||
Prog, DGROUPS, default_file);
|
||||
}
|
||||
if (user_groups[0] != NULL) {
|
||||
do_grp_update = true;
|
||||
def_groups = xstrdup (cp);
|
||||
}
|
||||
}
|
||||
/*
|
||||
* Default HOME filesystem
|
||||
*/
|
||||
@ -497,6 +510,7 @@ static void get_defaults (void)
|
||||
static void show_defaults (void)
|
||||
{
|
||||
printf ("GROUP=%u\n", (unsigned int) def_group);
|
||||
printf ("GROUPS=%s\n", def_groups);
|
||||
printf ("HOME=%s\n", def_home);
|
||||
printf ("INACTIVE=%ld\n", def_inactive);
|
||||
printf ("EXPIRE=%s\n", def_expire);
|
||||
@ -525,6 +539,7 @@ static int set_defaults (void)
|
||||
int ofd;
|
||||
int wlen;
|
||||
bool out_group = false;
|
||||
bool out_groups = false;
|
||||
bool out_home = false;
|
||||
bool out_inactive = false;
|
||||
bool out_expire = false;
|
||||
@ -628,6 +643,9 @@ static int set_defaults (void)
|
||||
if (!out_group && MATCH (buf, DGROUP)) {
|
||||
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
|
||||
out_group = true;
|
||||
} else if (!out_groups && MATCH (buf, DGROUPS)) {
|
||||
fprintf (ofp, DGROUPS "%s\n", def_groups);
|
||||
out_groups = true;
|
||||
} else if (!out_home && MATCH (buf, DHOME)) {
|
||||
fprintf (ofp, DHOME "%s\n", def_home);
|
||||
out_home = true;
|
||||
@ -668,6 +686,8 @@ static int set_defaults (void)
|
||||
*/
|
||||
if (!out_group)
|
||||
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
|
||||
if (!out_groups)
|
||||
fprintf (ofp, DGROUPS "%s\n", def_groups);
|
||||
if (!out_home)
|
||||
fprintf (ofp, DHOME "%s\n", def_home);
|
||||
if (!out_inactive)
|
||||
|
@ -0,0 +1,8 @@
|
||||
# no testsuite password
|
||||
# root password: rootF00barbaz
|
||||
# myuser password: myuserF00barbaz
|
||||
|
||||
user foo, in group bin
|
||||
user foo, in group adm
|
||||
user foo, in group man
|
||||
user foo, in group cdrom
|
@ -0,0 +1,40 @@
|
||||
# Default values for useradd(8)
|
||||
#
|
||||
# The SHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
# Similar to DHSELL in adduser. However, we use "sh" here because
|
||||
# useradd is a low level utility and should be as general
|
||||
# as possible
|
||||
SHELL=/bin/foobar
|
||||
#
|
||||
# The default group for users
|
||||
# 100=users on Debian systems
|
||||
# Same as USERS_GID in adduser
|
||||
# This argument is used when the -n flag is specified.
|
||||
# The default behavior (when -n and -g are not specified) is to create a
|
||||
# primary user group with the same name as the user being added to the
|
||||
# system.
|
||||
GROUP=10
|
||||
#
|
||||
# Addional supplementary groups for users
|
||||
GROUPS=bin,adm,man,cdrom
|
||||
#
|
||||
# The default home directory. Same as DHOME for adduser
|
||||
#
|
||||
HOME=/tmp
|
||||
#
|
||||
# The number of days after a password expires until the account
|
||||
# is permanently disabled
|
||||
INACTIVE=12
|
||||
#
|
||||
# The default expire date
|
||||
EXPIRE=2007-12-02
|
||||
#
|
||||
# The SKEL variable specifies the directory containing "skeletal" user
|
||||
# files; in other words, files such as a sample .profile that will be
|
||||
# copied to the new user's home directory when it is created.
|
||||
# SKEL=/etc/skel
|
||||
#
|
||||
# Defines whether the mail spool should be created while
|
||||
# creating the account
|
||||
# CREATE_MAIL_SPOOL=yes
|
@ -0,0 +1,41 @@
|
||||
root:x:0:
|
||||
daemon:x:1:
|
||||
bin:x:2:
|
||||
sys:x:3:
|
||||
adm:x:4:
|
||||
tty:x:5:
|
||||
disk:x:6:
|
||||
lp:x:7:
|
||||
mail:x:8:
|
||||
news:x:9:
|
||||
uucp:x:10:
|
||||
man:x:12:
|
||||
proxy:x:13:
|
||||
kmem:x:15:
|
||||
dialout:x:20:
|
||||
fax:x:21:
|
||||
voice:x:22:
|
||||
cdrom:x:24:
|
||||
floppy:x:25:
|
||||
tape:x:26:
|
||||
sudo:x:27:
|
||||
audio:x:29:
|
||||
dip:x:30:
|
||||
www-data:x:33:
|
||||
backup:x:34:
|
||||
operator:x:37:
|
||||
list:x:38:
|
||||
irc:x:39:
|
||||
src:x:40:
|
||||
gnats:x:41:
|
||||
shadow:x:42:
|
||||
utmp:x:43:
|
||||
video:x:44:
|
||||
sasl:x:45:
|
||||
plugdev:x:46:
|
||||
staff:x:50:
|
||||
games:x:60:
|
||||
users:x:100:
|
||||
nogroup:x:65534:
|
||||
crontab:x:101:
|
||||
Debian-exim:x:102:
|
@ -0,0 +1,42 @@
|
||||
root:x:0:
|
||||
daemon:x:1:
|
||||
bin:x:2:foo
|
||||
sys:x:3:
|
||||
adm:x:4:foo
|
||||
tty:x:5:
|
||||
disk:x:6:
|
||||
lp:x:7:
|
||||
mail:x:8:
|
||||
news:x:9:
|
||||
uucp:x:10:
|
||||
man:x:12:foo
|
||||
proxy:x:13:
|
||||
kmem:x:15:
|
||||
dialout:x:20:
|
||||
fax:x:21:
|
||||
voice:x:22:
|
||||
cdrom:x:24:foo
|
||||
floppy:x:25:
|
||||
tape:x:26:
|
||||
sudo:x:27:
|
||||
audio:x:29:
|
||||
dip:x:30:
|
||||
www-data:x:33:
|
||||
backup:x:34:
|
||||
operator:x:37:
|
||||
list:x:38:
|
||||
irc:x:39:
|
||||
src:x:40:
|
||||
gnats:x:41:
|
||||
shadow:x:42:
|
||||
utmp:x:43:
|
||||
video:x:44:
|
||||
sasl:x:45:
|
||||
plugdev:x:46:
|
||||
staff:x:50:
|
||||
games:x:60:
|
||||
users:x:100:
|
||||
nogroup:x:65534:
|
||||
crontab:x:101:
|
||||
Debian-exim:x:102:
|
||||
foo:x:1000:
|
31
tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
Executable file
31
tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
cd "$(dirname $0)"
|
||||
|
||||
. ../../../common/config.sh
|
||||
. ../../../common/log.sh
|
||||
|
||||
log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
|
||||
|
||||
save_config
|
||||
|
||||
# restore the files on exit
|
||||
trap 'log_status "$0" "FAILURE"; restore_config' 0
|
||||
|
||||
change_config
|
||||
|
||||
printf "Create user foo, with group associations with bin,adm,man,cdrom..."
|
||||
useradd foo
|
||||
printf "OK\n"
|
||||
|
||||
printf "Check the group file..."
|
||||
../../../common/compare_file.pl data/group /etc/group
|
||||
printf "OK\n"
|
||||
|
||||
|
||||
log_status "$0" "SUCCESS"
|
||||
restore_config
|
||||
trap '' 0
|
||||
|
Loading…
x
Reference in New Issue
Block a user