2 * Copyright 1991 - 1994, Julianne Frances Haugh
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 RCSID(PKG_VER "$Id: useradd.c,v 1.18 2000/09/02 18:40:44 marekm Exp $")
35 #include "prototypes.h"
38 #include <sys/types.h>
57 #define SKEL_DIR "/etc/skel"
60 #ifndef USER_DEFAULTS_FILE
61 #define USER_DEFAULTS_FILE "/etc/default/useradd"
62 #define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
66 * Needed for MkLinux DR1/2/2.1 - J.
69 #define LASTLOG_FILE "/var/log/lastlog"
73 * These defaults are used if there is no defaults file.
75 static gid_t def_group = 100;
76 static const char *def_gname = "other";
77 static const char *def_home = "/home";
78 static const char *def_shell = "";
79 static const char *def_template = SKEL_DIR;
81 static long def_inactive = -1;
82 static const char *def_expire = "";
85 static char def_file[] = USER_DEFAULTS_FILE;
87 #define VALID(s) (strcspn (s, ":\n") == strlen (s))
89 static const char *user_name = "";
90 static const char *user_pass = "!";
92 static gid_t user_gid;
93 static const char *user_comment = "";
94 static const char *user_home = "";
95 static const char *user_shell = "";
97 static long user_expire = -1;
98 static int is_shadow_pwd;
101 static int is_shadow_grp;
103 static char *user_groups[NGROUPS_MAX+1]; /* NULL-terminated list */
104 static int do_grp_update = 0; /* group files need to be updated */
109 uflg = 0, /* specify user ID for new account */
110 oflg = 0, /* permit non-unique user ID to be specified with -u */
111 gflg = 0, /* primary group ID for new account */
112 Gflg = 0, /* secondary group set for new account */
113 dflg = 0, /* home directory for new account */
114 bflg = 0, /* new default root of home directory */
115 sflg = 0, /* shell program for new account */
116 cflg = 0, /* comment (GECOS) field for new account */
117 mflg = 0, /* create user's home directory if it doesn't exist */
118 kflg = 0, /* specify a directory to fill new user directory */
119 fflg = 0, /* days until account with expired password is locked */
120 eflg = 0, /* days since 1970-01-01 when account is locked */
121 Dflg = 0; /* set/show new user default values */
124 static int Aflg = 0; /* specify authentication method for user */
125 static char user_auth[1024];
126 static char *auth_arg;
133 extern int pw_dbm_mode;
135 extern int sp_dbm_mode;
137 extern int gr_dbm_mode;
139 extern int sg_dbm_mode;
143 static int home_added;
146 static int pw_dbm_added;
147 static int gr_dbm_added;
149 static int sp_dbm_added;
152 static int sg_dbm_added;
159 #include "sgroupio.h"
165 #include "shadowio.h"
173 #define E_SUCCESS 0 /* success */
174 #define E_PW_UPDATE 1 /* can't update password file */
175 #define E_USAGE 2 /* bad command syntax */
176 #define E_BAD_ARG 3 /* invalid argument to option */
177 #define E_UID_IN_USE 4 /* uid already in use (and no -o) */
178 #define E_NOTFOUND 6 /* specified group doesn't exist */
179 #define E_NAME_IN_USE 9 /* username already in use */
180 #define E_GRP_UPDATE 10 /* can't update group file */
181 #define E_HOMEDIR 12 /* can't create home directory */
184 #define DGROUP "defgroup="
185 #define HOME "defparent="
186 #define SHELL "defshell="
187 #define INACT "definact="
188 #define EXPIRE "defexpire="
189 #define SKEL "defskel="
191 #define DGROUP "GROUP="
193 #define SHELL "SHELL="
194 #define INACT "INACTIVE="
195 #define EXPIRE "EXPIRE="
199 /* local function prototypes */
200 static void fail_exit(int);
201 static struct group *getgr_nam_gid(const char *);
202 static long get_number(const char *);
203 static void get_defaults(void);
204 static void show_defaults(void);
205 static int set_defaults(void);
206 static int get_groups(char *);
207 static void usage(void);
208 static void new_pwent(struct passwd *);
210 static long scale_age(long);
211 static void new_spent(struct spwd *);
213 static void grp_update(void);
214 static void find_new_uid(void);
216 static void convert_auth(char *, const char *);
217 static int valid_auth(const char *);
219 static void process_flags(int argc, char **argv);
220 static void close_files(void);
221 static void open_files(void);
222 static void faillog_reset(uid_t);
223 static void lastlog_reset(uid_t);
224 static void usr_update(void);
225 static void create_home(void);
228 * fail_exit - undo as much as possible
238 pwent.pw_name = user_name;
239 pwent.pw_uid = user_id;
240 pw_dbm_remove(&pwent);
243 fprintf(stderr, _("%s: rebuild the group database\n"), Prog);
246 sp_dbm_remove(user_name);
250 fprintf(stderr, _("%s: rebuild the shadow group database\n"),
257 SYSLOG((LOG_INFO, "failed adding user `%s', data deleted\n",
263 static struct group *
264 getgr_nam_gid(const char *name)
269 gid = strtol(name, &ep, 10);
270 if (*name != '\0' && *ep == '\0') /* valid numeric gid */
271 return getgrgid(gid);
273 return getgrnam(name);
278 get_number(const char *cp)
283 val = strtol(cp, &ep, 10);
284 if (*cp != '\0' && *ep == '\0') /* valid number */
287 fprintf(stderr, _("%s: invalid numeric argument `%s'\n"), Prog, cp);
291 #define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0)
294 * get_defaults - read the defaults file
296 * get_defaults() reads the defaults file for this command. It sets
297 * the various values from the file, or uses built-in default values
298 * if the file does not exist.
307 const struct group *grp;
311 * Open the defaults file for reading.
314 if (!(fp = fopen(def_file, "r")))
318 * Read the file a line at a time. Only the lines that have
319 * relevant values are used, everything else can be ignored.
322 while (fgets(buf, sizeof buf, fp)) {
323 if ((cp = strrchr (buf, '\n')))
326 if (!(cp = strchr(buf, '=')))
332 * Primary GROUP identifier
335 if (MATCH(buf, DGROUP)) {
336 val = strtol(cp, &ep, 10);
337 if (*cp != '\0' && *ep == '\0') { /* valid number */
339 if ((grp = getgrgid(def_group))) {
340 def_gname = xstrdup(grp->gr_name);
343 _("%s: unknown gid %s\n"),
346 } else if ((grp = getgrnam(cp))) {
347 def_group = grp->gr_gid;
348 def_gname = xstrdup(cp);
350 fprintf(stderr, _("%s: unknown group %s\n"),
356 * Default HOME filesystem
359 else if (MATCH(buf, HOME)) {
360 def_home = xstrdup(cp);
364 * Default Login Shell command
367 else if (MATCH(buf, SHELL)) {
368 def_shell = xstrdup(cp);
373 * Default Password Inactive value
376 else if (MATCH(buf, INACT)) {
377 val = strtol(cp, &ep, 10);
378 if (*cp != '\0' && *ep == '\0') /* valid number */
385 * Default account expiration date
388 else if (MATCH(buf, EXPIRE)) {
389 def_expire = xstrdup(cp);
394 * Default Skeleton information
397 else if (MATCH(buf, SKEL)) {
399 cp = SKEL_DIR; /* XXX warning: const */
401 def_template = xstrdup(cp);
408 * show_defaults - show the contents of the defaults file
410 * show_defaults() displays the values that are used from the default
411 * file and the built-in values.
418 printf(_("group=%s,%ld basedir=%s skel=%s\n"),
419 def_gname, (long) def_group, def_home, def_template);
421 printf(_("shell=%s "), def_shell);
423 printf(_("inactive=%ld expire=%s"), def_inactive, def_expire);
427 printf(_("GROUP=%ld\n"), (long) def_group);
428 printf(_("HOME=%s\n"), def_home);
430 printf(_("INACTIVE=%ld\n"), def_inactive);
431 printf(_("EXPIRE=%s\n"), def_expire);
433 printf(_("SHELL=%s\n"), def_shell);
434 printf(_("SKEL=%s\n"), def_template);
439 * set_defaults - write new defaults file
441 * set_defaults() re-writes the defaults file using the values that
442 * are currently set. Duplicated lines are pruned, missing lines are
443 * added, and unrecognized lines are copied as is.
452 static char new_file[] = NEW_USER_FILE;
456 int out_inactive = 0;
465 * Create a temporary file to copy the new output to.
469 if (!(ofp = fopen (new_file, "w"))) {
470 fprintf(stderr, _("%s: cannot create new defaults file\n"),
476 * Open the existing defaults file and copy the lines to the
477 * temporary file, using any new values. Each line is checked
478 * to insure that it is not output more than once.
481 if (!(ifp = fopen(def_file, "r"))) {
482 fprintf(ofp, "# useradd defaults file\n");
486 while (fgets(buf, sizeof buf, ifp)) {
487 if ((cp = strrchr(buf, '\n')))
490 if (!out_group && MATCH(buf, DGROUP)) {
491 fprintf(ofp, DGROUP "%d\n", (int) def_group);
495 else if (!out_gname && MATCH(buf, "defgname=")) {
496 fprintf(ofp, "defgname=%s\n", def_gname);
500 else if (!out_home && MATCH(buf, HOME)) {
501 fprintf(ofp, HOME "%s\n", def_home);
504 } else if (!out_inactive && MATCH(buf, INACT)) {
505 fprintf(ofp, INACT "%ld\n", def_inactive);
507 } else if (!out_expire && MATCH(buf, EXPIRE)) {
508 fprintf(ofp, EXPIRE "%s\n", def_expire);
512 else if (!out_shell && MATCH(buf, SHELL)) {
513 fprintf(ofp, SHELL "%s\n", def_shell);
516 else if (!out_skel && MATCH(buf, SKEL)) {
517 fprintf(ofp, SKEL "%s\n", def_template);
521 fprintf(ofp, "%s\n", buf);
527 * Check each line to insure that every line was output. This
528 * causes new values to be added to a file which did not previously
529 * have an entry for that value.
533 fprintf(ofp, DGROUP "%d\n", (int) def_group);
535 fprintf(ofp, HOME "%s\n", def_home);
538 fprintf(ofp, INACT "%ld\n", def_inactive);
540 fprintf(ofp, EXPIRE "%s\n", def_expire);
543 fprintf(ofp, SHELL "%s\n", def_shell);
545 fprintf(ofp, SKEL "%s\n", def_template);
548 * Flush and close the file. Check for errors to make certain
549 * the new file is intact.
553 if (ferror(ofp) || fclose(ofp)) {
559 * Rename the current default file to its backup name.
562 snprintf(buf, sizeof buf, "%s-", def_file);
563 if (rename(def_file, buf) && errno != ENOENT) {
564 snprintf(buf, sizeof buf, _("%s: rename: %s"), Prog, def_file);
571 * Rename the new default file to its correct name.
574 if (rename(new_file, def_file)) {
575 snprintf(buf, sizeof buf, _("%s: rename: %s"), Prog, new_file);
581 "defaults: group=%d, home=%s, inactive=%ld, expire=%s\n",
582 (int) def_group, def_home, def_inactive, def_expire));
584 SYSLOG((LOG_INFO, "defaults: group=%d, home=%s\n",
585 (int) def_group, def_home));
591 * get_groups - convert a list of group names to an array of group IDs
593 * get_groups() takes a comma-separated list of group names and
594 * converts it to a NULL-terminated array. Any unknown group
595 * names are reported as errors.
599 get_groups(char *list)
602 const struct group *grp;
607 * Initialize the list to be empty
610 user_groups[0] = (char *) 0;
616 * So long as there is some data to be converted, strip off
617 * each name and look it up. A mix of numerical and string
618 * values for group identifiers is permitted.
623 * Strip off a single name from the list
626 if ((cp = strchr (list, ',')))
630 * Names starting with digits are treated as numerical
631 * GID values, otherwise the string is looked up as is.
634 grp = getgr_nam_gid(list);
637 * There must be a match, either by GID value or by
642 fprintf(stderr, _("%s: unknown group %s\n"),
649 * If the group doesn't exist, don't dump core...
650 * Instead, try the next one. --marekm
657 * Don't add this group if they are an NIS group. Tell
658 * the user to go to the server for this group.
662 fprintf(stderr, _("%s: group `%s' is a NIS group.\n"),
668 if (ngroups == NGROUPS_MAX) {
670 _("%s: too many groups specified (max %d).\n"),
676 * Add the group name to the user's list of groups.
679 user_groups[ngroups++] = xstrdup(grp->gr_name);
682 user_groups[ngroups] = (char *) 0;
685 * Any errors in finding group names are fatal
695 * usage - display usage message and exit
702 _("usage: %s\t[-u uid [-o]] [-g group] [-G group,...] \n"),
705 _("\t\t[-d home] [-s shell] [-c comment] [-m [-k template]]\n"));
706 fprintf(stderr, "\t\t");
708 fprintf(stderr, _("[-f inactive] [-e expire ] "));
711 fprintf(stderr, _("[-A program] "));
713 fprintf(stderr, _("[-p passwd] name\n"));
715 fprintf(stderr, _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
718 fprintf(stderr, _("\t\t[-f inactive] [-e expire ]\n"));
725 * new_pwent - initialize the values in a password file entry
727 * new_pwent() takes all of the values that have been entered and
728 * fills in a (struct passwd) with them.
732 new_pwent(struct passwd *pwent)
734 memzero(pwent, sizeof *pwent);
735 pwent->pw_name = (char *) user_name;
738 pwent->pw_passwd = (char *) SHADOW_PASSWD_STRING;
741 pwent->pw_passwd = (char *) user_pass;
744 pwent->pw_age = (char *) "";
746 pwent->pw_uid = user_id;
747 pwent->pw_gid = user_gid;
748 pwent->pw_gecos = (char *) user_comment;
750 pwent->pw_comment = (char *) "";
755 pwent->pw_dir = (char *) user_home;
756 pwent->pw_shell = (char *) user_shell;
766 return x * (DAY/SCALE);
770 * new_spent - initialize the values in a shadow password file entry
772 * new_spent() takes all of the values that have been entered and
773 * fills in a (struct spwd) with them.
777 new_spent(struct spwd *spent)
779 memzero(spent, sizeof *spent);
780 spent->sp_namp = (char *) user_name;
781 spent->sp_pwdp = (char *) user_pass;
782 spent->sp_lstchg = time((time_t *) 0) / SCALE;
783 spent->sp_min = scale_age(getdef_num("PASS_MIN_DAYS", -1));
784 spent->sp_max = scale_age(getdef_num("PASS_MAX_DAYS", -1));
785 spent->sp_warn = scale_age(getdef_num("PASS_WARN_AGE", -1));
786 spent->sp_inact = scale_age(def_inactive);
787 spent->sp_expire = scale_age(user_expire);
793 * grp_update - add user to secondary group set
795 * grp_update() takes the secondary group set given in user_groups
796 * and adds the user to each group given by that set.
802 const struct group *grp;
805 const struct sgrp *sgrp;
810 * Lock and open the group file. This will load all of the group
815 fprintf(stderr, _("%s: error locking group file\n"), Prog);
816 fail_exit(E_GRP_UPDATE);
818 if (! gr_open (O_RDWR)) {
819 fprintf(stderr, _("%s: error opening group file\n"), Prog);
820 fail_exit(E_GRP_UPDATE);
823 if (is_shadow_grp && ! sgr_lock ()) {
824 fprintf(stderr, _("%s: error locking shadow group file\n"),
826 fail_exit(E_GRP_UPDATE);
828 if (is_shadow_grp && ! sgr_open (O_RDWR)) {
829 fprintf(stderr, _("%s: error opening shadow group file\n"),
831 fail_exit(E_GRP_UPDATE);
836 * Scan through the entire group file looking for the groups that
837 * the user is a member of.
840 for (gr_rewind (), grp = gr_next ();grp;grp = gr_next ()) {
843 * See if the user specified this group as one of their
847 if (!is_on_list(user_groups, grp->gr_name))
851 * Make a copy - gr_update() will free() everything
852 * from the old entry, and we need it later.
855 ngrp = __gr_dup(grp);
857 fail_exit(E_GRP_UPDATE); /* XXX */
861 * Add the username to the list of group members and
862 * update the group entry to reflect the change.
865 ngrp->gr_mem = add_list (ngrp->gr_mem, user_name);
866 if (!gr_update(ngrp)) {
867 fprintf(stderr, "%s: error adding new group entry\n",
869 fail_exit(E_GRP_UPDATE);
873 * Update the DBM group file with the new entry as well.
876 if (!gr_dbm_update(ngrp)) {
877 fprintf(stderr, "%s: cannot add new dbm group entry\n",
879 fail_exit(E_GRP_UPDATE);
883 SYSLOG((LOG_INFO, "add `%s' to group `%s'\n",
884 user_name, ngrp->gr_name));
895 * Scan through the entire shadow group file looking for the groups
896 * that the user is a member of. The administrative list isn't
900 for (sgr_rewind (), sgrp = sgr_next ();sgrp;sgrp = sgr_next ()) {
903 * See if the user specified this group as one of their
907 if (!gr_locate(sgrp->sg_name))
910 if (!is_on_list(user_groups, sgrp->sg_name))
914 * Make a copy - sgr_update() will free() everything
915 * from the old entry, and we need it later.
918 nsgrp = __sgr_dup(sgrp);
920 fail_exit(E_GRP_UPDATE); /* XXX */
924 * Add the username to the list of group members and
925 * update the group entry to reflect the change.
928 nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name);
929 if (!sgr_update(nsgrp)) {
931 _("%s: error adding new group entry\n"),
933 fail_exit(E_GRP_UPDATE);
937 * Update the DBM group file with the new entry as well.
940 if (!sg_dbm_update(nsgrp)) {
942 _("%s: cannot add new dbm group entry\n"),
944 fail_exit(E_GRP_UPDATE);
948 SYSLOG((LOG_INFO, "add `%s' to shadow group `%s'\n",
949 user_name, nsgrp->sg_name));
954 #endif /* SHADOWGRP */
958 * find_new_uid - find the next available UID
960 * find_new_uid() locates the next highest unused UID in the password
961 * file, or checks the given user ID against the existing ones for
968 const struct passwd *pwd;
969 uid_t uid_min, uid_max;
971 uid_min = getdef_num("UID_MIN", 100);
972 uid_max = getdef_num("UID_MAX", 60000);
975 * Start with some UID value if the user didn't provide us with
983 * Search the entire password file, either looking for this
984 * UID (if the user specified one with -u) or looking for the
985 * largest unused value.
990 while ((pwd = pw_next())) {
991 #else /* using getpwent() we can check against NIS users etc. */
993 while ((pwd = getpwent())) {
995 if (strcmp(user_name, pwd->pw_name) == 0) {
996 fprintf(stderr, _("%s: name %s is not unique\n"),
1000 if (uflg && user_id == pwd->pw_uid) {
1001 fprintf(stderr, _("%s: uid %d is not unique\n"),
1002 Prog, (int) user_id);
1005 if (! uflg && pwd->pw_uid >= user_id) {
1006 if (pwd->pw_uid > uid_max)
1008 user_id = pwd->pw_uid + 1;
1012 * If a user with uid equal to UID_MAX exists, the above algorithm
1013 * will give us UID_MAX+1 even if not unique. Search for the first
1014 * free uid starting with UID_MIN (it's O(n*n) but can be avoided
1015 * by not having users with uid equal to UID_MAX). --marekm
1017 if (!uflg && user_id == uid_max + 1) {
1018 for (user_id = uid_min; user_id < uid_max; user_id++) {
1021 while ((pwd = pw_next()) && pwd->pw_uid != user_id)
1026 if (!getpwuid(user_id))
1030 if (user_id == uid_max) {
1031 fprintf(stderr, _("%s: can't get unique uid\n"),
1033 fail_exit(E_UID_IN_USE);
1040 * convert_auth - convert the argument list to a authentication list
1044 convert_auth(char *auths, const char *list)
1050 * Copy each method. DEFAULT is replaced by an encrypted string
1051 * if one can be found in the current authentication list.
1056 for (cp = buf; cp; cp = end) {
1060 if ((end = strchr(cp, ',')))
1063 if (strcmp(cp, "DEFAULT") == 0) {
1064 strcat(auths, user_pass);
1073 * valid_auth - check authentication list for validity
1077 valid_auth(const char *methods)
1081 int default_cnt = 0;
1084 * Cursory checks, length and illegal characters
1087 if ((int) strlen (methods) > 256)
1090 if (! VALID (methods))
1094 * Pick each method apart and check it.
1097 strcpy (buf, methods);
1098 for (cp = buf;cp;cp = end) {
1099 if ((end = strchr (cp, ',')))
1102 if (strcmp (cp, "DEFAULT") == 0) {
1103 if (default_cnt++ > 0)
1109 #endif /* AUTH_METHODS */
1112 * process_flags - perform command line argument setting
1114 * process_flags() interprets the command line arguments and sets
1115 * the values that the user will be created with accordingly. The
1116 * values are checked for sanity.
1120 process_flags(int argc, char **argv)
1122 const struct group *grp;
1128 #define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
1130 #define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
1132 while ((arg = getopt(argc, argv, FLAGS)) != EOF) {
1137 if (! valid_auth (optarg)) {
1139 _("%s: invalid field `%s'\n"),
1151 if (!VALID(optarg) || optarg[0] != '/') {
1153 _("%s: invalid base directory `%s'\n"),
1161 if (!VALID(optarg)) {
1163 _("%s: invalid comment `%s'\n"),
1167 user_comment = optarg;
1171 if (!VALID(optarg) || optarg[0] != '/') {
1173 _("%s: invalid home directory `%s'\n"),
1188 user_expire = strtoday(optarg);
1189 if (user_expire == -1) {
1191 _("%s: invalid date `%s'\n"),
1199 * -e "" is allowed - it's a no-op without /etc/shadow
1201 if (*optarg && !is_shadow_pwd) {
1203 _("%s: shadow passwords required for -e\n"),
1208 def_expire = optarg;
1212 def_inactive = get_number(optarg);
1214 * -f -1 is allowed - it's a no-op without /etc/shadow
1216 if (def_inactive != -1 && !is_shadow_pwd) {
1218 _("%s: shadow passwords required for -f\n"),
1226 grp = getgr_nam_gid(optarg);
1228 fprintf(stderr, _("%s: unknown group %s\n"),
1233 def_group = grp->gr_gid;
1236 user_gid = grp->gr_gid;
1241 if (get_groups(optarg))
1248 def_template = optarg;
1256 * don't create home dir - this is the default,
1257 * ignored for RedHat/PLD adduser compatibility.
1265 * override login.defs defaults (-O name=value)
1266 * example: -O UID_MIN=100 -O UID_MAX=499
1267 * note: -O UID_MIN=10,UID_MAX=499 doesn't work yet
1269 cp = strchr(optarg, '=');
1272 _("%s: -O requires NAME=VALUE\n"),
1276 /* terminate name, point to value */
1278 if (putdef_str(optarg, cp) < 0)
1281 case 'p': /* set encrypted password */
1282 if (!VALID(optarg)) {
1283 fprintf(stderr, _("%s: invalid field `%s'\n"),
1290 if (!VALID(optarg) || (optarg[0] &&
1291 (optarg[0] != '/' && optarg[0] != '*'))) {
1292 fprintf(stderr, _("%s: invalid shell `%s'\n"),
1296 user_shell = optarg;
1301 user_id = get_number(optarg);
1311 * Certain options are only valid in combination with others.
1312 * Check it here so that they can be specified in any order.
1314 if ((oflg && !uflg) || (kflg && !mflg))
1318 * Either -D or username is required. Defaults can be set with -D
1319 * for the -b, -e, -f, -g, -s options only.
1325 if (uflg || oflg || Gflg || dflg || cflg || mflg)
1328 if (optind != argc - 1)
1331 user_name = argv[optind];
1332 if (!check_user_name(user_name)) {
1333 fprintf(stderr, _("%s: invalid user name `%s'\n"),
1340 uh = xmalloc(strlen(def_home) + strlen(user_name) + 2);
1341 sprintf(uh, "%s/%s", def_home, user_name);
1348 user_expire = strtoday(def_expire);
1352 user_gid = def_group;
1355 user_shell = def_shell;
1359 * close_files - close all of the files that were opened
1361 * close_files() closes all of the files that were opened for this
1362 * new user. This causes any modified entries to be written out.
1369 fprintf(stderr, _("%s: cannot rewrite password file\n"), Prog);
1370 fail_exit(E_PW_UPDATE);
1373 if (is_shadow_pwd && !spw_close()) {
1374 fprintf(stderr, _("%s: cannot rewrite shadow password file\n"),
1376 fail_exit(E_PW_UPDATE);
1379 if (do_grp_update) {
1381 fprintf(stderr, _("%s: cannot rewrite group file\n"),
1383 fail_exit(E_GRP_UPDATE);
1387 if (is_shadow_grp && !sgr_close()) {
1389 _("%s: cannot rewrite shadow group file\n"),
1391 fail_exit(E_GRP_UPDATE);
1405 * open_files - lock and open the password files
1407 * open_files() opens the two password files.
1414 fprintf(stderr, _("%s: unable to lock password file\n"), Prog);
1417 if (!pw_open(O_RDWR)) {
1418 fprintf(stderr, _("%s: unable to open password file\n"), Prog);
1423 if (is_shadow_pwd && !spw_lock()) {
1424 fprintf(stderr, _("%s: cannot lock shadow password file\n"),
1429 if (is_shadow_pwd && !spw_open(O_RDWR)) {
1430 fprintf(stderr, _("%s: cannot open shadow password file\n"),
1441 faillog_reset(uid_t uid)
1446 fd = open(FAILLOG_FILE, O_RDWR);
1448 memzero(&fl, sizeof(fl));
1449 lseek(fd, (off_t) sizeof(fl) * uid, SEEK_SET);
1450 write(fd, &fl, sizeof(fl));
1456 lastlog_reset(uid_t uid)
1461 fd = open(LASTLOG_FILE, O_RDWR);
1463 memzero(&ll, sizeof(ll));
1464 lseek(fd, (off_t) sizeof(ll) * uid, SEEK_SET);
1465 write(fd, &ll, sizeof(ll));
1471 * usr_update - create the user entries
1473 * usr_update() creates the password file entries for this user
1474 * and will update the group entries if required.
1480 struct passwd pwent;
1490 convert_auth(user_auth, auth_arg);
1491 user_pass = user_auth;
1496 * Fill in the password structure with any new fields, making
1497 * copies of strings.
1506 * Create a syslog entry. We need to do this now in case anything
1507 * happens so we know what we were trying to accomplish.
1512 "new user: name=%s, uid=%d, gid=%d, home=%s, shell=%s, auth=%s\n",
1513 user_name, user_id, user_gid, user_home, user_shell,
1514 Aflg ? auth_arg : "DEFAULT"));
1517 "new user: name=%s, uid=%d, gid=%d, home=%s, shell=%s\n",
1518 user_name, user_id, user_gid, user_home, user_shell));
1523 * Attempt to add the new user to any authentication programs
1524 * which have been requested. Since this is more likely to fail
1525 * than the update of the password file, we do this first.
1528 if (Aflg && pw_auth(user_auth, pwent.pw_name, PW_ADD, (char *) 0)) {
1529 fprintf(stderr, _("%s: error adding authentication method\n"),
1531 fail_exit(E_PW_UPDATE); /* XXX */
1533 #endif /* AUTH_METHODS */
1536 * Initialize faillog and lastlog entries for this UID in case
1537 * it belongs to a previously deleted user. We do it only if
1538 * no user with this UID exists yet (entries for shared UIDs
1539 * are left unchanged). --marekm
1542 if (!getpwuid(user_id)) {
1543 faillog_reset(user_id);
1544 lastlog_reset(user_id);
1548 * Put the new (struct passwd) in the table.
1551 if (! pw_update (&pwent)) {
1552 fprintf(stderr, _("%s: error adding new password entry\n"),
1559 * Update the DBM files. This creates the user before the flat
1560 * files are updated. This is safe before the password field is
1561 * either locked, or set to a valid authentication string.
1564 if (pw_dbm_present()) {
1565 if (!pw_dbm_update(&pwent)) {
1567 _("%s: error updating password dbm entry\n"),
1578 * Put the new (struct spwd) in the table.
1581 if (is_shadow_pwd && !spw_update(&spent)) {
1583 _("%s: error adding new shadow password entry\n"),
1590 * Update the DBM files for the shadow password. This entry is
1591 * output before the entry in the flat file, but this is safe as
1592 * the password is locked or the authentication string has the
1596 if (is_shadow_pwd && sp_dbm_present()) {
1597 if (!sp_dbm_update(&spent)) {
1599 _("%s: error updating shadow passwd dbm entry\n"),
1601 fail_exit(E_PW_UPDATE);
1607 #endif /* SHADOWPWD */
1610 * Do any group file updates for this user.
1618 * create_home - create the user's home directory
1620 * create_home() creates the user's home directory if it does not
1621 * already exist. It will be created mode 755 owned by the user
1622 * with the user's default group.
1628 if (access(user_home, F_OK)) {
1629 /* XXX - create missing parent directories. --marekm */
1630 if (mkdir (user_home, 0)) {
1631 fprintf(stderr, _("%s: cannot create directory %s\n"),
1633 fail_exit(E_HOMEDIR);
1635 chown (user_home, user_id, user_gid);
1637 chmod(user_home, 0777 & ~getdef_num("UMASK", 077));
1639 chmod (user_home, 0755);
1646 * main - useradd command
1650 main(int argc, char **argv)
1653 * Get my name so that I can use it to report errors.
1656 Prog = Basename(argv[0]);
1658 setlocale(LC_ALL, "");
1659 bindtextdomain(PACKAGE, LOCALEDIR);
1660 textdomain(PACKAGE);
1665 is_shadow_pwd = spw_file_present();
1668 is_shadow_grp = sgr_file_present();
1672 * The open routines for the NDBM files don't use read-write
1673 * as the mode, so we have to clue them in.
1677 pw_dbm_mode = O_RDWR;
1679 sp_dbm_mode = O_RDWR;
1681 gr_dbm_mode = O_RDWR;
1683 sg_dbm_mode = O_RDWR;
1688 process_flags(argc, argv);
1691 * See if we are messing with the defaults file, or creating
1696 if (gflg || bflg || fflg || eflg || sflg)
1697 exit (set_defaults () ? 1:0);
1704 * Start with a quick check to see if the user exists.
1707 if (getpwnam(user_name)) {
1708 fprintf(stderr, _("%s: user %s exists\n"), Prog, user_name);
1709 exit(E_NAME_IN_USE);
1713 * Do the hard stuff - open the files, create the user entries,
1714 * create the home directory, then close and update the files.
1723 copy_tree (def_template, user_home, user_id, user_gid);
1724 } else if (getdef_str("CREATE_HOME")) {
1726 * RedHat added the CREATE_HOME option in login.defs in their
1727 * version of shadow-utils (which makes -m the default, with
1728 * new -M option to turn it off). Unfortunately, this
1729 * changes the way useradd works (it can be run by scripts
1730 * expecting some standard behaviour), compared to other
1731 * Unices and other Linux distributions, and also adds a lot
1733 * So we now recognize CREATE_HOME and give a warning here
1734 * (better than "configuration error ... notify administrator"
1735 * errors in every program that reads /etc/login.defs). -MM
1738 _("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),