2 * Copyright (c) 1991 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2000 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2009, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45 #ifdef ACCT_TOOLS_SETUID
49 #endif /* ACCT_TOOLS_SETUID */
53 #include <sys/types.h>
61 #include "prototypes.h"
70 #define SKEL_DIR "/etc/skel"
72 #ifndef USER_DEFAULTS_FILE
73 #define USER_DEFAULTS_FILE "/etc/default/useradd"
74 #define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
77 * Needed for MkLinux DR1/2/2.1 - J.
80 #define LASTLOG_FILE "/var/log/lastlog"
88 * These defaults are used if there is no defaults file.
90 static gid_t def_group = 100;
91 static const char *def_gname = "other";
92 static const char *def_home = "/home";
93 static const char *def_shell = "";
94 static const char *def_template = SKEL_DIR;
95 static const char *def_create_mail_spool = "no";
97 static long def_inactive = -1;
98 static const char *def_expire = "";
100 static char def_file[] = USER_DEFAULTS_FILE;
102 #define VALID(s) (strcspn (s, ":\n") == strlen (s))
104 static const char *user_name = "";
105 static const char *user_pass = "!";
106 static uid_t user_id;
107 static gid_t user_gid;
108 static const char *user_comment = "";
109 static const char *user_home = "";
110 static const char *user_shell = "";
111 static const char *create_mail_spool = "";
113 static const char *user_selinux = "";
116 static long user_expire = -1;
117 static bool is_shadow_pwd;
120 static bool is_shadow_grp;
121 static bool sgr_locked = false;
123 static bool pw_locked = false;
124 static bool gr_locked = false;
125 static bool spw_locked = false;
126 static char **user_groups; /* NULL-terminated list */
127 static long sys_ngroups;
128 static bool do_grp_update = false; /* group files need to be updated */
131 bflg = false, /* new default root of home directory */
132 cflg = false, /* comment (GECOS) field for new account */
133 dflg = false, /* home directory for new account */
134 Dflg = false, /* set/show new user default values */
135 eflg = false, /* days since 1970-01-01 when account is locked */
136 fflg = false, /* days until account with expired password is locked */
137 gflg = false, /* primary group ID for new account */
138 Gflg = false, /* secondary group set for new account */
139 kflg = false, /* specify a directory to fill new user directory */
140 lflg = false, /* do not add user to lastlog/faillog databases */
141 mflg = false, /* create user's home directory if it doesn't exist */
142 Mflg = false, /* do not create user's home directory even if CREATE_HOME is set */
143 Nflg = false, /* do not create a group having the same name as the user, but add the user to def_group (or the group specified with -g) */
144 oflg = false, /* permit non-unique user ID to be specified with -u */
145 rflg = false, /* create a system account */
146 sflg = false, /* shell program for new account */
147 uflg = false, /* specify user ID for new account */
148 Uflg = false, /* create a group having the same name as the user */
149 Zflg = false; /* new selinux user */
151 static bool home_added = false;
157 #define E_SUCCESS 0 /* success */
158 #define E_PW_UPDATE 1 /* can't update password file */
159 #define E_USAGE 2 /* invalid command syntax */
160 #define E_BAD_ARG 3 /* invalid argument to option */
161 #define E_UID_IN_USE 4 /* UID already in use (and no -o) */
162 #define E_NOTFOUND 6 /* specified group doesn't exist */
163 #define E_NAME_IN_USE 9 /* username already in use */
164 #define E_GRP_UPDATE 10 /* can't update group file */
165 #define E_HOMEDIR 12 /* can't create home directory */
166 #define E_MAIL_SPOOL 13 /* can't create mail spool */
168 #define DGROUP "GROUP="
169 #define DHOME "HOME="
170 #define DSHELL "SHELL="
171 #define DINACT "INACTIVE="
172 #define DEXPIRE "EXPIRE="
173 #define DSKEL "SKEL="
174 #define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
176 /* local function prototypes */
177 static void fail_exit (int);
178 static void get_defaults (void);
179 static void show_defaults (void);
180 static int set_defaults (void);
181 static int get_groups (char *);
182 static void usage (int status);
183 static void new_pwent (struct passwd *);
185 static void selinux_update_mapping (void);
188 static long scale_age (long);
189 static void new_spent (struct spwd *);
190 static void grp_update (void);
192 static void process_flags (int argc, char **argv);
193 static void close_files (void);
194 static void open_files (void);
195 static void faillog_reset (uid_t);
196 static void lastlog_reset (uid_t);
197 static void usr_update (void);
198 static void create_home (void);
199 static void create_mail (void);
202 * fail_exit - undo as much as possible
204 static void fail_exit (int code)
211 if (spw_unlock () == 0) {
212 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
213 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
215 audit_logger (AUDIT_ADD_USER, Prog,
216 "unlocking shadow file",
217 user_name, AUDIT_NO_ID,
218 SHADOW_AUDIT_FAILURE);
224 if (pw_unlock () == 0) {
225 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
226 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
228 audit_logger (AUDIT_ADD_USER, Prog,
229 "unlocking passwd file",
230 user_name, AUDIT_NO_ID,
231 SHADOW_AUDIT_FAILURE);
237 if (gr_unlock () == 0) {
238 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
239 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
241 audit_logger (AUDIT_ADD_USER, Prog,
242 "unlocking group file",
243 user_name, AUDIT_NO_ID,
244 SHADOW_AUDIT_FAILURE);
251 if (sgr_unlock () == 0) {
252 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
253 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
255 audit_logger (AUDIT_ADD_USER, Prog,
256 "unlocking gshadow file",
257 user_name, AUDIT_NO_ID,
258 SHADOW_AUDIT_FAILURE);
266 audit_logger (AUDIT_ADD_USER, Prog,
268 user_name, AUDIT_NO_ID,
269 SHADOW_AUDIT_FAILURE);
271 SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
275 #define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0)
278 * get_defaults - read the defaults file
280 * get_defaults() reads the defaults file for this command. It sets the
281 * various values from the file, or uses built-in default values if the
282 * file does not exist.
284 static void get_defaults (void)
291 * Open the defaults file for reading.
294 fp = fopen (def_file, "r");
300 * Read the file a line at a time. Only the lines that have relevant
301 * values are used, everything else can be ignored.
303 while (fgets (buf, (int) sizeof buf, fp) == buf) {
304 cp = strrchr (buf, '\n');
309 cp = strchr (buf, '=');
317 * Primary GROUP identifier
319 if (MATCH (buf, DGROUP)) {
320 const struct group *grp = getgr_nam_gid (cp);
323 _("%s: group '%s' does not exist\n"),
326 _("%s: the %s configuration in %s will be ignored\n"),
327 Prog, DGROUP, def_file);
329 def_group = grp->gr_gid;
330 def_gname = xstrdup (grp->gr_name);
335 * Default HOME filesystem
337 else if (MATCH (buf, DHOME)) {
338 def_home = xstrdup (cp);
342 * Default Login Shell command
344 else if (MATCH (buf, DSHELL)) {
345 def_shell = xstrdup (cp);
349 * Default Password Inactive value
351 else if (MATCH (buf, DINACT)) {
352 if ( (getlong (cp, &def_inactive) == 0)
353 || (def_inactive < -1)) {
355 _("%s: invalid numeric argument '%s'\n"),
358 _("%s: the %s configuration in %s will be ignored\n"),
359 Prog, DINACT, def_file);
365 * Default account expiration date
367 else if (MATCH (buf, DEXPIRE)) {
368 def_expire = xstrdup (cp);
372 * Default Skeleton information
374 else if (MATCH (buf, DSKEL)) {
376 cp = SKEL_DIR; /* XXX warning: const */
379 def_template = xstrdup (cp);
383 * Create by default user mail spool or not ?
385 else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
387 cp = DCREATE_MAIL_SPOOL; /* XXX warning: const */
390 def_create_mail_spool = xstrdup (cp);
397 * show_defaults - show the contents of the defaults file
399 * show_defaults() displays the values that are used from the default
400 * file and the built-in values.
402 static void show_defaults (void)
404 printf ("GROUP=%u\n", (unsigned int) def_group);
405 printf ("HOME=%s\n", def_home);
406 printf ("INACTIVE=%ld\n", def_inactive);
407 printf ("EXPIRE=%s\n", def_expire);
408 printf ("SHELL=%s\n", def_shell);
409 printf ("SKEL=%s\n", def_template);
410 printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
414 * set_defaults - write new defaults file
416 * set_defaults() re-writes the defaults file using the values that
417 * are currently set. Duplicated lines are pruned, missing lines are
418 * added, and unrecognized lines are copied as is.
420 static int set_defaults (void)
425 static char new_file[] = NEW_USER_FILE;
429 bool out_group = false;
430 bool out_home = false;
431 bool out_inactive = false;
432 bool out_expire = false;
433 bool out_shell = false;
434 bool out_skel = false;
435 bool out_create_mail_spool = false;
438 * Create a temporary file to copy the new output to.
440 ofd = mkstemp (new_file);
443 _("%s: cannot create new defaults file\n"),
448 ofp = fdopen (ofd, "w");
451 _("%s: cannot open new defaults file\n"),
457 * Open the existing defaults file and copy the lines to the
458 * temporary file, using any new values. Each line is checked
459 * to insure that it is not output more than once.
461 ifp = fopen (def_file, "r");
463 fprintf (ofp, "# useradd defaults file\n");
467 while (fgets (buf, (int) sizeof buf, ifp) == buf) {
468 cp = strrchr (buf, '\n');
472 /* A line which does not end with \n is only valid
473 * at the end of the file.
475 if (feof (ifp) == 0) {
477 _("%s: line too long in %s: %s..."),
478 Prog, def_file, buf);
483 if (!out_group && MATCH (buf, DGROUP)) {
484 fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
486 } else if (!out_home && MATCH (buf, DHOME)) {
487 fprintf (ofp, DHOME "%s\n", def_home);
489 } else if (!out_inactive && MATCH (buf, DINACT)) {
490 fprintf (ofp, DINACT "%ld\n", def_inactive);
492 } else if (!out_expire && MATCH (buf, DEXPIRE)) {
493 fprintf (ofp, DEXPIRE "%s\n", def_expire);
495 } else if (!out_shell && MATCH (buf, DSHELL)) {
496 fprintf (ofp, DSHELL "%s\n", def_shell);
498 } else if (!out_skel && MATCH (buf, DSKEL)) {
499 fprintf (ofp, DSKEL "%s\n", def_template);
501 } else if (!out_create_mail_spool
502 && MATCH (buf, DCREATE_MAIL_SPOOL)) {
504 DCREATE_MAIL_SPOOL "%s\n",
505 def_create_mail_spool);
506 out_create_mail_spool = true;
508 fprintf (ofp, "%s\n", buf);
514 * Check each line to insure that every line was output. This
515 * causes new values to be added to a file which did not previously
516 * have an entry for that value.
519 fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
521 fprintf (ofp, DHOME "%s\n", def_home);
523 fprintf (ofp, DINACT "%ld\n", def_inactive);
525 fprintf (ofp, DEXPIRE "%s\n", def_expire);
527 fprintf (ofp, DSHELL "%s\n", def_shell);
529 fprintf (ofp, DSKEL "%s\n", def_template);
531 if (!out_create_mail_spool)
532 fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
535 * Flush and close the file. Check for errors to make certain
536 * the new file is intact.
539 if ( (ferror (ofp) != 0)
540 || (fsync (fileno (ofp)) != 0)
541 || (fclose (ofp) != 0)) {
547 * Rename the current default file to its backup name.
549 wlen = snprintf (buf, sizeof buf, "%s-", def_file);
550 assert (wlen < (int) sizeof buf);
551 if ((rename (def_file, buf) != 0) && (ENOENT != errno)) {
554 _("%s: rename: %s: %s"),
555 Prog, def_file, strerror (err));
561 * Rename the new default file to its correct name.
563 if (rename (new_file, def_file) != 0) {
566 _("%s: rename: %s: %s"),
567 Prog, new_file, strerror (err));
571 audit_logger (AUDIT_USYS_CONFIG, Prog,
572 "changing useradd defaults",
574 SHADOW_AUDIT_SUCCESS);
577 "useradd defaults: GROUP=%u, HOME=%s, SHELL=%s, INACTIVE=%ld, "
578 "EXPIRE=%s, SKEL=%s, CREATE_MAIL_SPOOL=%s",
579 (unsigned int) def_group, def_home, def_shell,
580 def_inactive, def_expire, def_template,
581 def_create_mail_spool));
586 * get_groups - convert a list of group names to an array of group IDs
588 * get_groups() takes a comma-separated list of group names and
589 * converts it to a NULL-terminated array. Any unknown group
590 * names are reported as errors.
592 static int get_groups (char *list)
595 const struct group *grp;
604 * So long as there is some data to be converted, strip off
605 * each name and look it up. A mix of numerical and string
606 * values for group identifiers is permitted.
610 * Strip off a single name from the list
612 cp = strchr (list, ',');
618 * Names starting with digits are treated as numerical
619 * GID values, otherwise the string is looked up as is.
621 grp = getgr_nam_gid (list);
624 * There must be a match, either by GID value or by
629 _("%s: group '%s' does not exist\n"),
636 * If the group doesn't exist, don't dump core...
637 * Instead, try the next one. --marekm
645 * Don't add this group if they are an NIS group. Tell
646 * the user to go to the server for this group.
650 _("%s: group '%s' is a NIS group.\n"),
656 if (ngroups == sys_ngroups) {
658 _("%s: too many groups specified (max %d).\n"),
664 * Add the group name to the user's list of groups.
666 user_groups[ngroups++] = xstrdup (grp->gr_name);
667 } while (NULL != list);
669 user_groups[ngroups] = (char *) 0;
672 * Any errors in finding group names are fatal
682 * usage - display usage message and exit
684 static void usage (int status)
686 FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
687 (void) fprintf (usageout,
688 _("Usage: %s [options] LOGIN\n"
692 (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
693 " new account\n"), usageout);
694 (void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
695 (void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
696 (void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
697 (void) fputs (_(" -e, --expiredate EXPIRE_DATE expiration date of the new account\n"), usageout);
698 (void) fputs (_(" -f, --inactive INACTIVE password inactivity period of the new account\n"), usageout);
699 (void) fputs (_(" -g, --gid GROUP name or ID of the primary group of the new\n"
700 " account\n"), usageout);
701 (void) fputs (_(" -G, --groups GROUPS list of supplementary groups of the new\n"
702 " account\n"), usageout);
703 (void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
704 (void) fputs (_(" -k, --skel SKEL_DIR use this alternative skeleton directory\n"), usageout);
705 (void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout);
706 (void) fputs (_(" -l, --no-log-init do not add the user to the lastlog and\n"
707 " faillog databases\n"), usageout);
708 (void) fputs (_(" -m, --create-home create the user's home directory\n"), usageout);
709 (void) fputs (_(" -M, --no-create-home do not create the user's home directory\n"), usageout);
710 (void) fputs (_(" -N, --no-user-group do not create a group with the same name as\n"
711 " the user\n"), usageout);
712 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
713 " (non-unique) UID\n"), usageout);
714 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
715 (void) fputs (_(" -r, --system create a system account\n"), usageout);
716 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
717 (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout);
718 (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout);
720 (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout);
722 (void) fputs ("\n", usageout);
727 * new_pwent - initialize the values in a password file entry
729 * new_pwent() takes all of the values that have been entered and
730 * fills in a (struct passwd) with them.
732 static void new_pwent (struct passwd *pwent)
734 memzero (pwent, sizeof *pwent);
735 pwent->pw_name = (char *) user_name;
737 pwent->pw_passwd = (char *) SHADOW_PASSWD_STRING;
739 pwent->pw_passwd = (char *) user_pass;
742 pwent->pw_uid = user_id;
743 pwent->pw_gid = user_gid;
744 pwent->pw_gecos = (char *) user_comment;
745 pwent->pw_dir = (char *) user_home;
746 pwent->pw_shell = (char *) user_shell;
749 static long scale_age (long x)
755 return x * (DAY / SCALE);
759 * new_spent - initialize the values in a shadow password file entry
761 * new_spent() takes all of the values that have been entered and
762 * fills in a (struct spwd) with them.
764 static void new_spent (struct spwd *spent)
766 memzero (spent, sizeof *spent);
767 spent->sp_namp = (char *) user_name;
768 spent->sp_pwdp = (char *) user_pass;
769 spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
770 if (0 == spent->sp_lstchg) {
771 /* Better disable aging than requiring a password change */
772 spent->sp_lstchg = -1;
775 spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
776 spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
777 spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
778 spent->sp_inact = scale_age (def_inactive);
779 spent->sp_expire = scale_age (user_expire);
781 spent->sp_min = scale_age (-1);
782 spent->sp_max = scale_age (-1);
783 spent->sp_warn = scale_age (-1);
784 spent->sp_inact = scale_age (-1);
785 spent->sp_expire = scale_age (-1);
787 spent->sp_flag = SHADOW_SP_FLAG_UNSET;
791 * grp_update - add user to secondary group set
793 * grp_update() takes the secondary group set given in user_groups
794 * and adds the user to each group given by that set.
796 * The group files are opened and locked in open_files().
798 * close_files() should be called afterwards to commit the changes
799 * and unlocking the group files.
801 static void grp_update (void)
803 const struct group *grp;
807 const struct sgrp *sgrp;
812 * Scan through the entire group file looking for the groups that
813 * the user is a member of.
815 for (gr_rewind (), grp = gr_next (); NULL != grp; grp = gr_next ()) {
818 * See if the user specified this group as one of their
821 if (!is_on_list (user_groups, grp->gr_name)) {
826 * Make a copy - gr_update() will free() everything
827 * from the old entry, and we need it later.
829 ngrp = __gr_dup (grp);
832 _("%s: Out of memory. Cannot update %s.\n"),
834 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
836 audit_logger (AUDIT_ADD_USER, Prog,
837 "adding user to group",
838 user_name, AUDIT_NO_ID,
839 SHADOW_AUDIT_FAILURE);
841 fail_exit (E_GRP_UPDATE); /* XXX */
845 * Add the username to the list of group members and
846 * update the group entry to reflect the change.
848 ngrp->gr_mem = add_list (ngrp->gr_mem, user_name);
849 if (gr_update (ngrp) == 0) {
851 _("%s: failed to prepare the new %s entry '%s'\n"),
852 Prog, gr_dbname (), ngrp->gr_name);
853 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
855 audit_logger (AUDIT_ADD_USER, Prog,
856 "adding user to group",
857 user_name, AUDIT_NO_ID,
858 SHADOW_AUDIT_FAILURE);
860 fail_exit (E_GRP_UPDATE);
863 audit_logger (AUDIT_ADD_USER, Prog,
864 "adding user to group",
865 user_name, AUDIT_NO_ID,
866 SHADOW_AUDIT_SUCCESS);
869 "add '%s' to group '%s'",
870 user_name, ngrp->gr_name));
878 * Scan through the entire shadow group file looking for the groups
879 * that the user is a member of. The administrative list isn't
882 for (sgr_rewind (), sgrp = sgr_next (); NULL != sgrp; sgrp = sgr_next ()) {
885 * See if the user specified this group as one of their
888 if (gr_locate (sgrp->sg_name) == NULL) {
892 if (!is_on_list (user_groups, sgrp->sg_name)) {
897 * Make a copy - sgr_update() will free() everything
898 * from the old entry, and we need it later.
900 nsgrp = __sgr_dup (sgrp);
903 _("%s: Out of memory. Cannot update %s.\n"),
904 Prog, sgr_dbname ());
905 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
907 audit_logger (AUDIT_ADD_USER, Prog,
908 "adding user to shadow group",
909 user_name, AUDIT_NO_ID,
910 SHADOW_AUDIT_FAILURE);
912 fail_exit (E_GRP_UPDATE); /* XXX */
916 * Add the username to the list of group members and
917 * update the group entry to reflect the change.
919 nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name);
920 if (sgr_update (nsgrp) == 0) {
922 _("%s: failed to prepare the new %s entry '%s'\n"),
923 Prog, sgr_dbname (), nsgrp->sg_name);
924 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
926 audit_logger (AUDIT_ADD_USER, Prog,
927 "adding user to shadow group",
928 user_name, AUDIT_NO_ID,
929 SHADOW_AUDIT_FAILURE);
931 fail_exit (E_GRP_UPDATE);
934 audit_logger (AUDIT_ADD_USER, Prog,
935 "adding user to shadow group",
936 user_name, AUDIT_NO_ID,
937 SHADOW_AUDIT_SUCCESS);
940 "add '%s' to shadow group '%s'",
941 user_name, nsgrp->sg_name));
943 #endif /* SHADOWGRP */
947 * process_flags - perform command line argument setting
949 * process_flags() interprets the command line arguments and sets
950 * the values that the user will be created with accordingly. The
951 * values are checked for sanity.
953 static void process_flags (int argc, char **argv)
955 const struct group *grp;
956 bool anyflag = false;
961 * Parse the command line options.
964 static struct option long_options[] = {
965 {"base-dir", required_argument, NULL, 'b'},
966 {"comment", required_argument, NULL, 'c'},
967 {"home-dir", required_argument, NULL, 'd'},
968 {"defaults", no_argument, NULL, 'D'},
969 {"expiredate", required_argument, NULL, 'e'},
970 {"inactive", required_argument, NULL, 'f'},
971 {"gid", required_argument, NULL, 'g'},
972 {"groups", required_argument, NULL, 'G'},
973 {"help", no_argument, NULL, 'h'},
974 {"skel", required_argument, NULL, 'k'},
975 {"key", required_argument, NULL, 'K'},
976 {"create-home", no_argument, NULL, 'm'},
977 {"no-create-home", no_argument, NULL, 'M'},
978 {"no-log-init", no_argument, NULL, 'l'},
979 {"no-user-group", no_argument, NULL, 'N'},
980 {"non-unique", no_argument, NULL, 'o'},
981 {"password", required_argument, NULL, 'p'},
982 {"system", no_argument, NULL, 'r'},
983 {"shell", required_argument, NULL, 's'},
985 {"selinux-user", required_argument, NULL, 'Z'},
987 {"uid", required_argument, NULL, 'u'},
988 {"user-group", no_argument, NULL, 'U'},
989 {NULL, 0, NULL, '\0'}
991 while ((c = getopt_long (argc, argv,
993 "b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:UZ:",
995 "b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:U",
997 long_options, NULL)) != -1) {
1000 if ( ( !VALID (optarg) )
1001 || ( optarg[0] != '/' )) {
1003 _("%s: invalid base directory '%s'\n"),
1011 if (!VALID (optarg)) {
1013 _("%s: invalid comment '%s'\n"),
1017 user_comment = optarg;
1021 if ( ( !VALID (optarg) )
1022 || ( optarg[0] != '/' )) {
1024 _("%s: invalid home directory '%s'\n"),
1038 if ('\0' != *optarg) {
1039 user_expire = strtoday (optarg);
1040 if (user_expire == -1) {
1042 _("%s: invalid date '%s'\n"),
1051 * -e "" is allowed - it's a no-op without /etc/shadow
1053 if (('\0' != *optarg) && !is_shadow_pwd) {
1055 _("%s: shadow passwords required for -e\n"),
1060 def_expire = optarg;
1065 if ( (getlong (optarg, &def_inactive) == 0)
1066 || (def_inactive < -1)) {
1068 _("%s: invalid numeric argument '%s'\n"),
1074 * it's a no-op without /etc/shadow
1076 if ((-1 != def_inactive) && !is_shadow_pwd) {
1078 _("%s: shadow passwords required for -f\n"),
1085 grp = getgr_nam_gid (optarg);
1088 _("%s: group '%s' does not exist\n"),
1093 def_group = grp->gr_gid;
1096 user_gid = grp->gr_gid;
1101 if (get_groups (optarg) != 0) {
1104 if (NULL != user_groups[0]) {
1105 do_grp_update = true;
1113 def_template = optarg;
1118 * override login.defs defaults (-K name=value)
1119 * example: -K UID_MIN=100 -K UID_MAX=499
1120 * note: -K UID_MIN=10,UID_MAX=499 doesn't work yet
1122 cp = strchr (optarg, '=');
1125 _("%s: -K requires KEY=VALUE\n"),
1129 /* terminate name, point to value */
1132 if (putdef_str (optarg, cp) < 0) {
1151 case 'p': /* set encrypted password */
1152 if (!VALID (optarg)) {
1154 _("%s: invalid field '%s'\n"),
1164 if ( ( !VALID (optarg) )
1165 || ( ('\0' != optarg[0])
1166 && ('/' != optarg[0])
1167 && ('*' != optarg[0]) )) {
1169 _("%s: invalid shell '%s'\n"),
1173 user_shell = optarg;
1178 if ( (get_uid (optarg, &user_id) == 0)
1179 || (user_id == (gid_t)-1)) {
1181 _("%s: invalid user ID '%s'\n"),
1192 if (is_selinux_enabled () > 0) {
1193 user_selinux = optarg;
1197 _("%s: -Z requires SELinux enabled kernel\n"),
1211 if (!gflg && !Nflg && !Uflg) {
1212 /* Get the settings from login.defs */
1213 Uflg = getdef_bool ("USERGROUPS_ENAB");
1217 * Certain options are only valid in combination with others.
1218 * Check it here so that they can be specified in any order.
1220 if (oflg && !uflg) {
1222 _("%s: %s flag is only allowed with the %s flag\n"),
1226 if (kflg && !mflg) {
1228 _("%s: %s flag is only allowed with the %s flag\n"),
1234 _("%s: options %s and %s conflict\n"),
1240 _("%s: options %s and %s conflict\n"),
1246 _("%s: options %s and %s conflict\n"),
1252 * Either -D or username is required. Defaults can be set with -D
1253 * for the -b, -e, -f, -g, -s options only.
1256 if (optind != argc) {
1260 if (uflg || oflg || Gflg || dflg || cflg || mflg) {
1264 if (optind != argc - 1) {
1268 user_name = argv[optind];
1269 if (!is_valid_user_name (user_name)) {
1271 _("%s: invalid user name '%s'\n"),
1274 audit_logger (AUDIT_ADD_USER, Prog,
1276 user_name, AUDIT_NO_ID,
1277 SHADOW_AUDIT_FAILURE);
1283 size_t len = strlen (def_home) + strlen (user_name) + 2;
1287 wlen = snprintf (uh, len, "%s/%s", def_home, user_name);
1288 assert (wlen == (int) len -1);
1295 user_expire = strtoday (def_expire);
1299 user_gid = def_group;
1303 user_shell = def_shell;
1306 create_mail_spool = def_create_mail_spool;
1309 /* for system accounts defaults are ignored and we
1310 * do not create a home dir */
1311 if (getdef_bool("CREATE_HOME")) {
1317 /* absolutely sure that we do not create home dirs */
1323 * close_files - close all of the files that were opened
1325 * close_files() closes all of the files that were opened for this
1326 * new user. This causes any modified entries to be written out.
1328 static void close_files (void)
1330 if (pw_close () == 0) {
1331 fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
1332 SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
1333 fail_exit (E_PW_UPDATE);
1335 if (is_shadow_pwd && (spw_close () == 0)) {
1337 _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
1338 SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
1339 fail_exit (E_PW_UPDATE);
1341 if (do_grp_update) {
1342 if (gr_close () == 0) {
1344 _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
1345 SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
1346 fail_exit (E_GRP_UPDATE);
1349 if (is_shadow_grp && (sgr_close () == 0)) {
1351 _("%s: failure while writing changes to %s\n"),
1352 Prog, sgr_dbname ());
1353 SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
1354 fail_exit (E_GRP_UPDATE);
1358 if (is_shadow_pwd) {
1359 if (spw_unlock () == 0) {
1360 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
1361 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
1363 audit_logger (AUDIT_ADD_USER, Prog,
1364 "unlocking shadow file",
1365 user_name, AUDIT_NO_ID,
1366 SHADOW_AUDIT_FAILURE);
1372 if (pw_unlock () == 0) {
1373 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
1374 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
1376 audit_logger (AUDIT_ADD_USER, Prog,
1377 "unlocking passwd file",
1378 user_name, AUDIT_NO_ID,
1379 SHADOW_AUDIT_FAILURE);
1384 if (gr_unlock () == 0) {
1385 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
1386 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
1388 audit_logger (AUDIT_ADD_USER, Prog,
1389 "unlocking group file",
1390 user_name, AUDIT_NO_ID,
1391 SHADOW_AUDIT_FAILURE);
1397 if (is_shadow_grp) {
1398 if (sgr_unlock () == 0) {
1399 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
1400 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
1402 audit_logger (AUDIT_ADD_USER, Prog,
1403 "unlocking gshadow file",
1404 user_name, AUDIT_NO_ID,
1405 SHADOW_AUDIT_FAILURE);
1415 * open_files - lock and open the password files
1417 * open_files() opens the two password files.
1419 static void open_files (void)
1421 if (pw_lock () == 0) {
1423 _("%s: cannot lock %s; try again later.\n"),
1424 Prog, pw_dbname ());
1428 if (pw_open (O_RDWR) == 0) {
1429 fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
1430 fail_exit (E_PW_UPDATE);
1432 if (is_shadow_pwd) {
1433 if (spw_lock () == 0) {
1435 _("%s: cannot lock %s; try again later.\n"),
1436 Prog, spw_dbname ());
1437 fail_exit (E_PW_UPDATE);
1440 if (spw_open (O_RDWR) == 0) {
1442 _("%s: cannot open %s\n"),
1443 Prog, spw_dbname ());
1444 fail_exit (E_PW_UPDATE);
1449 * Lock and open the group file.
1451 if (gr_lock () == 0) {
1453 _("%s: cannot lock %s; try again later.\n"),
1454 Prog, gr_dbname ());
1455 fail_exit (E_GRP_UPDATE);
1458 if (gr_open (O_RDWR) == 0) {
1459 fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
1460 fail_exit (E_GRP_UPDATE);
1463 if (is_shadow_grp) {
1464 if (sgr_lock () == 0) {
1466 _("%s: cannot lock %s; try again later.\n"),
1467 Prog, sgr_dbname ());
1468 fail_exit (E_GRP_UPDATE);
1471 if (sgr_open (O_RDWR) == 0) {
1473 _("%s: cannot open %s\n"),
1474 Prog, sgr_dbname ());
1475 fail_exit (E_GRP_UPDATE);
1481 static char *empty_list = NULL;
1484 * new_grent - initialize the values in a group file entry
1486 * new_grent() takes all of the values that have been entered and fills
1487 * in a (struct group) with them.
1490 static void new_grent (struct group *grent)
1492 memzero (grent, sizeof *grent);
1493 grent->gr_name = (char *) user_name;
1494 grent->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
1495 grent->gr_gid = user_gid;
1496 grent->gr_mem = &empty_list;
1501 * new_sgent - initialize the values in a shadow group file entry
1503 * new_sgent() takes all of the values that have been entered and fills
1504 * in a (struct sgrp) with them.
1507 static void new_sgent (struct sgrp *sgent)
1509 memzero (sgent, sizeof *sgent);
1510 sgent->sg_name = (char *) user_name;
1511 sgent->sg_passwd = "!"; /* XXX warning: const */
1512 sgent->sg_adm = &empty_list;
1513 sgent->sg_mem = &empty_list;
1515 #endif /* SHADOWGRP */
1519 * grp_add - add new group file entries
1521 * grp_add() writes the new records to the group files.
1524 static void grp_add (void)
1530 #endif /* SHADOWGRP */
1533 * Create the initial entries for this new group.
1538 #endif /* SHADOWGRP */
1541 * Write out the new group file entry.
1543 if (gr_update (&grp) == 0) {
1545 _("%s: failed to prepare the new %s entry '%s'\n"),
1546 Prog, gr_dbname (), grp.gr_name);
1548 audit_logger (AUDIT_ADD_GROUP, Prog,
1550 grp.gr_name, AUDIT_NO_ID,
1551 SHADOW_AUDIT_FAILURE);
1553 fail_exit (E_GRP_UPDATE);
1557 * Write out the new shadow group entries as well.
1559 if (is_shadow_grp && (sgr_update (&sgrp) == 0)) {
1561 _("%s: failed to prepare the new %s entry '%s'\n"),
1562 Prog, sgr_dbname (), sgrp.sg_name);
1564 audit_logger (AUDIT_ADD_GROUP, Prog,
1566 grp.gr_name, AUDIT_NO_ID,
1567 SHADOW_AUDIT_FAILURE);
1569 fail_exit (E_GRP_UPDATE);
1571 #endif /* SHADOWGRP */
1572 SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
1574 audit_logger (AUDIT_ADD_GROUP, Prog,
1576 grp.gr_name, AUDIT_NO_ID,
1577 SHADOW_AUDIT_SUCCESS);
1579 do_grp_update = true;
1582 static void faillog_reset (uid_t uid)
1586 off_t offset_uid = (off_t) (sizeof fl) * uid;
1588 if (access (FAILLOG_FILE, F_OK) != 0) {
1592 memzero (&fl, sizeof (fl));
1594 fd = open (FAILLOG_FILE, O_RDWR);
1596 || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1597 || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
1598 || (fsync (fd) != 0)
1599 || (close (fd) != 0)) {
1601 _("%s: failed to reset the faillog entry of UID %lu: %s\n"),
1602 Prog, (unsigned long) uid, strerror (errno));
1603 SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid));
1608 static void lastlog_reset (uid_t uid)
1612 off_t offset_uid = (off_t) (sizeof ll) * uid;
1614 if (access (LASTLOG_FILE, F_OK) != 0) {
1618 memzero (&ll, sizeof (ll));
1620 fd = open (LASTLOG_FILE, O_RDWR);
1622 || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1623 || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
1624 || (fsync (fd) != 0)
1625 || (close (fd) != 0)) {
1627 _("%s: failed to reset the lastlog entry of UID %lu: %s\n"),
1628 Prog, (unsigned long) uid, strerror (errno));
1629 SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid));
1635 * usr_update - create the user entries
1637 * usr_update() creates the password file entries for this user
1638 * and will update the group entries if required.
1640 static void usr_update (void)
1642 struct passwd pwent;
1646 * Fill in the password structure with any new fields, making
1647 * copies of strings.
1653 * Create a syslog entry. We need to do this now in case anything
1654 * happens so we know what we were trying to accomplish.
1657 "new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s",
1658 user_name, (unsigned int) user_id,
1659 (unsigned int) user_gid, user_home, user_shell));
1662 * Initialize faillog and lastlog entries for this UID in case
1663 * it belongs to a previously deleted user. We do it only if
1664 * no user with this UID exists yet (entries for shared UIDs
1665 * are left unchanged). --marekm
1667 /* local, no need for xgetpwuid */
1668 if ((!lflg) && (getpwuid (user_id) == NULL)) {
1669 faillog_reset (user_id);
1670 lastlog_reset (user_id);
1674 * Put the new (struct passwd) in the table.
1676 if (pw_update (&pwent) == 0) {
1678 _("%s: failed to prepare the new %s entry '%s'\n"),
1679 Prog, pw_dbname (), pwent.pw_name);
1680 fail_exit (E_PW_UPDATE);
1684 * Put the new (struct spwd) in the table.
1686 if (is_shadow_pwd && (spw_update (&spent) == 0)) {
1688 _("%s: failed to prepare the new %s entry '%s'\n"),
1689 Prog, spw_dbname (), spent.sp_namp);
1691 audit_logger (AUDIT_ADD_USER, Prog,
1692 "adding shadow password",
1693 user_name, (unsigned int) user_id,
1694 SHADOW_AUDIT_FAILURE);
1696 fail_exit (E_PW_UPDATE);
1699 audit_logger (AUDIT_ADD_USER, Prog,
1701 user_name, (unsigned int) user_id,
1702 SHADOW_AUDIT_SUCCESS);
1706 * Do any group file updates for this user.
1708 if (do_grp_update) {
1714 static void selinux_update_mapping (void) {
1715 if (is_selinux_enabled () <= 0) return;
1717 if (*user_selinux) { /* must be done after passwd write() */
1718 const char *argv[7];
1719 argv[0] = "/usr/sbin/semanage";
1723 argv[4] = user_selinux;
1724 argv[5] = user_name;
1726 if (safe_system (argv[0], argv, NULL, 0)) {
1728 _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
1729 Prog, user_name, user_selinux);
1731 audit_logger (AUDIT_ADD_USER, Prog,
1732 "adding SELinux user mapping",
1733 user_name, (unsigned int) user_id, 0);
1740 * create_home - create the user's home directory
1742 * create_home() creates the user's home directory if it does not
1743 * already exist. It will be created mode 755 owned by the user
1744 * with the user's default group.
1746 static void create_home (void)
1748 if (access (user_home, F_OK) != 0) {
1750 selinux_file_context (user_home);
1752 /* XXX - create missing parent directories. --marekm */
1753 if (mkdir (user_home, 0) != 0) {
1755 _("%s: cannot create directory %s\n"),
1758 audit_logger (AUDIT_ADD_USER, Prog,
1759 "adding home directory",
1760 user_name, (unsigned int) user_id,
1761 SHADOW_AUDIT_FAILURE);
1763 fail_exit (E_HOMEDIR);
1765 chown (user_home, user_id, user_gid);
1767 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1770 audit_logger (AUDIT_ADD_USER, Prog,
1771 "adding home directory",
1772 user_name, (unsigned int) user_id,
1773 SHADOW_AUDIT_SUCCESS);
1776 /* Reset SELinux to create files with default contexts */
1777 setfscreatecon (NULL);
1783 * create_mail - create the user's mail spool
1785 * create_mail() creates the user's mail spool if it does not already
1786 * exist. It will be created mode 660 owned by the user and group
1789 static void create_mail (void)
1797 if (strcasecmp (create_mail_spool, "yes") == 0) {
1798 spool = getdef_str ("MAIL_DIR");
1799 if (NULL == spool) {
1800 spool = "/var/mail";
1802 file = alloca (strlen (spool) + strlen (user_name) + 2);
1803 sprintf (file, "%s/%s", spool, user_name);
1804 fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
1806 perror (_("Creating mailbox file"));
1810 gr = getgrnam ("mail"); /* local, no need for xgetgrnam */
1812 fputs (_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"),
1821 if ( (fchown (fd, user_id, gid) != 0)
1822 || (fchmod (fd, mode) != 0)) {
1823 perror (_("Setting mailbox file permissions"));
1832 * main - useradd command
1834 int main (int argc, char **argv)
1836 #ifdef ACCT_TOOLS_SETUID
1838 pam_handle_t *pamh = NULL;
1840 #endif /* USE_PAM */
1841 #endif /* ACCT_TOOLS_SETUID */
1848 * Get my name so that I can use it to report errors.
1850 Prog = Basename (argv[0]);
1852 (void) setlocale (LC_ALL, "");
1853 (void) bindtextdomain (PACKAGE, LOCALEDIR);
1854 (void) textdomain (PACKAGE);
1856 OPENLOG ("useradd");
1858 sys_ngroups = sysconf (_SC_NGROUPS_MAX);
1859 user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
1861 * Initialize the list to be empty
1863 user_groups[0] = (char *) 0;
1866 is_shadow_pwd = spw_file_present ();
1868 is_shadow_grp = sgr_file_present ();
1873 process_flags (argc, argv);
1875 #ifdef ACCT_TOOLS_SETUID
1878 struct passwd *pampw;
1879 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
1880 if (pampw == NULL) {
1882 _("%s: Cannot determine your user name.\n"),
1887 retval = pam_start ("useradd", pampw->pw_name, &conv, &pamh);
1890 if (PAM_SUCCESS == retval) {
1891 retval = pam_authenticate (pamh, 0);
1894 if (PAM_SUCCESS == retval) {
1895 retval = pam_acct_mgmt (pamh, 0);
1899 (void) pam_end (pamh, retval);
1901 if (PAM_SUCCESS != retval) {
1902 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
1905 #endif /* USE_PAM */
1906 #endif /* ACCT_TOOLS_SETUID */
1909 * See if we are messing with the defaults file, or creating
1913 if (gflg || bflg || fflg || eflg || sflg) {
1914 exit ((set_defaults () != 0) ? 1 : 0);
1922 * Start with a quick check to see if the user exists.
1924 if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
1925 fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
1927 audit_logger (AUDIT_ADD_USER, Prog,
1929 user_name, AUDIT_NO_ID,
1930 SHADOW_AUDIT_FAILURE);
1932 fail_exit (E_NAME_IN_USE);
1936 * Don't blindly overwrite a group when a user is added...
1937 * If you already have a group username, and want to add the user
1938 * to that group, use useradd -g username username.
1942 /* local, no need for xgetgrnam */
1943 if (getgrnam (user_name) != NULL) {
1945 _("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
1948 audit_logger (AUDIT_ADD_USER, Prog,
1950 user_name, AUDIT_NO_ID,
1951 SHADOW_AUDIT_FAILURE);
1953 fail_exit (E_NAME_IN_USE);
1958 * Do the hard stuff:
1960 * - create the user entries,
1961 * - create the home directory,
1962 * - create user mail spool,
1963 * - flush nscd caches for passwd and group services,
1964 * - then close and update the files.
1969 /* first, seek for a valid uid to use for this user.
1970 * We do this because later we can use the uid we found as
1971 * gid too ... --gafton */
1973 if (find_new_uid (rflg, &user_id, NULL) < 0) {
1974 fprintf (stderr, _("%s: can't create user\n"), Prog);
1975 fail_exit (E_UID_IN_USE);
1978 if (getpwuid (user_id) != NULL) {
1980 _("%s: UID %lu is not unique\n"),
1981 Prog, (unsigned long) user_id);
1983 audit_logger (AUDIT_ADD_USER, Prog,
1985 user_name, (unsigned int) user_id,
1986 SHADOW_AUDIT_FAILURE);
1988 fail_exit (E_UID_IN_USE);
1993 /* do we have to add a group for that user? This is why we need to
1994 * open the group files in the open_files() function --gafton */
1996 if (find_new_gid (rflg, &user_gid, &user_id) < 0) {
1998 _("%s: can't create group\n"),
2010 copy_tree (def_template, user_home, user_id, user_gid);
2013 _("%s: warning: the home directory already exists.\n"
2014 "Not copying any file from skel directory into it.\n"),
2020 /* Do not create mail directory for system accounts */
2028 selinux_update_mapping ();
2031 nscd_flush_cache ("passwd");
2032 nscd_flush_cache ("group");