and newusers.
+2008-02-19 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEWS, etc/login.defs: Set GID_MIN to the same value as UID_MIN
+ by default (1000).
+ * NEWS, etc/login.defs: Added variables SYS_UID_MIN (100),
+ SYS_UID_MAX (999), SYS_GID_MIN (100), SYS_GID_MAX (999) for system
+ accounts.
+ * libmisc/find_new_ids.c: Added support for system accounts in
+ find_new_uid() and find_new_gid().
+ * NEWS, src/newusers.c, src/useradd.c, src/groupadd.c: Added new
+ option -r, --system for system accounts in useradd, groupadd, and
+ newusers.
+
2008-02-18 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/groupmems.c: Fix buffer overflow when adding an user
- general
* Do not translate the messages sent to syslog. This avoids logging
PAM error messages in the users's locale.
+- etc/login.defs
+ * Set GID_MIN to the same value as UID_MIN by default (1000).
+ * Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100),
+ SYS_GID_MAX (999) for system accounts.
- etc/useradd
* /etc/default/useradd now defines HOME as /home to match FHS.
- chage
passwd entry, but no shadow entry.
- groupadd
* New option -p/--password to specify an encrypted password.
+ * New option -r, --system for system accounts.
- groupmems
* Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec.
- groupmod
* Fix support for the NONE crypt method.
* newusers will behave more like useradd regarding the choice of UID or
GID or regarding the validity of user and group names.
+ * New option -r, --system for system accounts.
- passwd
* Make sure that no more than one username argument was provided.
- pwck
but should behave as -D)
* Document the --defaults option, which was already described in the
useradd's Usage information.
+ * New option -r, --system for system accounts.
- usermod
* Keep the access and modification time of files when moving an user's home
directory.
#
UID_MIN 1000
UID_MAX 60000
+# System accounts
+SYS_UID_MIN 100
+SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
-GID_MIN 100
+GID_MIN 1000
GID_MAX 60000
+# System accounts
+SYS_GID_MIN 100
+SYS_GID_MAX 999
#
# Max number of login retries if password is bad
uid_t uid_min, uid_max, user_id;
assert (uid != NULL);
- /* TODO: add support for system users */
- assert (sys_user == 0);
+ if (sys_user == 0) {
uid_min = getdef_unum ("UID_MIN", 1000);
uid_max = getdef_unum ("UID_MAX", 60000);
+ } else {
+ uid_min = getdef_unum ("SYS_UID_MIN", 1);
+ uid_max = getdef_unum ("UID_MIN", 1000) - 1;
+ uid_max = getdef_unum ("SYS_UID_MAX", uid_max);
+ }
if ( (NULL != preferred_uid)
&& (*preferred_uid >= uid_min)
gid_t gid_min, gid_max, group_id;
assert (gid != NULL);
- /* TODO: add support for system groups */
- assert (sys_group == 0);
+ if (sys_group == 0) {
gid_min = getdef_unum ("GID_MIN", 1000);
gid_max = getdef_unum ("GID_MAX", 60000);
+ } else {
+ gid_min = getdef_unum ("SYS_GID_MIN", 1);
+ gid_max = getdef_unum ("GID_MIN", 1000) - 1;
+ gid_max = getdef_unum ("SYS_GID_MAX", gid_max);
+ }
if ( (NULL != preferred_gid)
&& (*preferred_gid >= gid_min)
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
static int gflg = 0; /* ID value for the new group */
static int fflg = 0; /* if group already exists, do nothing and exit(0) */
+static int rflg = 0; /* create a system account */
static int pflg = 0; /* new encrypted password */
#ifdef USE_PAM
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
" -o, --non-unique allow create group with duplicate\n"
" (non-unique) GID\n"
+ " -r, --system create a system account\n"
"\n"), stderr);
exit (E_USAGE);
}
{"key", required_argument, NULL, 'K'},
{"non-unique", required_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"system", no_argument, NULL, 'r'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "fg:hK:o", long_options,
+ getopt_long (argc, argv, "fg:hK:or", long_options,
&option_index)) != -1) {
switch (c) {
case 'f':
pflg++;
group_passwd = optarg;
break;
+ case 'r':
+ rflg++;
+ break;
default:
usage ();
}
open_files ();
if (!gflg) {
- if (find_new_gid (0, &group_id, NULL) < 0) {
+ if (find_new_gid (rflg, &group_id, NULL) < 0) {
fprintf (stderr, _("%s: can't create group\n"), Prog);
fail_exit (E_GID_IN_USE);
}
*/
static char *Prog;
static int cflg = 0;
+static int rflg = 0; /* create a system account */
static int sflg = 0;
static char *crypt_method = NULL;
fprintf (stderr, _("Usage: %s [options] [input]\n"
"\n"
" -c, --crypt-method the crypt method (one of %s)\n"
+ " -r, --system create system accounts\n"
"%s"
"\n"),
Prog,
* already the name of an existing group.
* In both cases, figure out what group ID can be used.
*/
- if (find_new_gid(0, &grent.gr_gid, &uid) < 0) {
+ if (find_new_gid(rflg, &grent.gr_gid, &uid) < 0) {
return -1;
}
}
return -1;
}
} else {
- if (find_new_uid (0, nuid, NULL) < 0) {
+ if (find_new_uid (rflg, nuid, NULL) < 0) {
return -1;
}
}
mflg = 0, /* create user's home directory if it doesn't exist */
nflg = 0, /* create a group having the same name as the user */
oflg = 0, /* permit non-unique user ID to be specified with -u */
+ rflg = 0, /* create a system account */
sflg = 0, /* shell program for new account */
uflg = 0; /* specify user ID for new account */
" (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new user\n"
" account\n"
+ " -r, --system create a system account\n"
" -s, --shell SHELL the login shell for the new user account\n"
" -u, --uid UID force use the UID for the new user account\n"
"\n"), stderr);
spent->sp_namp = (char *) user_name;
spent->sp_pwdp = (char *) user_pass;
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
+ if (!rflg) {
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
spent->sp_inact = scale_age (def_inactive);
spent->sp_expire = scale_age (user_expire);
+ } else {
+ spent->sp_min = scale_age (-1);
+ spent->sp_max = scale_age (-1);
+ spent->sp_warn = scale_age (-1);
+ spent->sp_inact = scale_age (-1);
+ spent->sp_expire = scale_age (-1);
+ }
spent->sp_flag = -1;
}
{"create-home", no_argument, NULL, 'm'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"system", no_argument, NULL, 'r'},
{"shell", required_argument, NULL, 's'},
{"uid", required_argument, NULL, 'u'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:s:u:",
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:rs:u:",
long_options, NULL)) != -1) {
switch (c) {
case 'b':
}
user_pass = optarg;
break;
+ case 'r':
+ rflg++;
+ break;
case 's':
if (!VALID (optarg)
|| (optarg[0]
* We do this because later we can use the uid we found as
* gid too ... --gafton */
if (!uflg) {
- if (find_new_uid (0, &user_id, NULL) < 0) {
+ if (find_new_uid (rflg, &user_id, NULL) < 0) {
fprintf (stderr, _("%s: can't create user\n"), Prog);
fail_exit (E_UID_IN_USE);
}
/* do we have to add a group for that user? This is why we need to
* open the group files in the open_files() function --gafton */
if (!(nflg || gflg)) {
- if (find_new_gid (0, &user_gid, &user_id) < 0) {
+ if (find_new_gid (rflg, &user_gid, &user_id) < 0) {
fprintf (stderr,
_("%s: can't create group\n"),
Prog);
projects / shadow / commitdiff