* NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open

	audit after the potential chroot.

diff --git a/ChangeLog b/ChangeLog
index 1c1b9b06e39190e316411fd86e6f0f44c154c1b3..2f449f74bbdf0059504a1394c308f7c227cfbd0e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
        po/POTFILES.in: Add process_root_flag() to process the --root
        option and chroot so that the chroot config is used and changes
        are applied to the chroot.
+       * NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open
+       audit after the potential chroot.
 
 2011-10-22  Nicolas François  <nicolas.francois@centraliens.net>
 

diff --git a/NEWS b/NEWS
index 46aa63c2fcec8461ec78b2b204a773391265b3cc..8262092562d8106ce732c18b142c31ad03963e94 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -71,6 +71,7 @@ shadow-4.1.4.3 -> shadow-4.1.5                                        UNRELEASED
 - useradd
   * If the skeleton directory contained hardlinked files, copies of the
     hardlink were removed from the skeleton directory.
+  * Add --root option.
 - userdel
   * Check the existence of the user's mail spool before trying to remove
     it. If it does not exist, a warning is issued, but no failure.

diff --git a/man/useradd.8.xml b/man/useradd.8.xml
index 4b4dc2b916cc5d5e7faf9f850fc5dbaf65e5b475..d1d1f1c18973f3852d3df099d83fae52005c4da2 100644 (file)
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
    Copyright (c) 1991 - 1994, Julianne Frances Haugh
-   Copyright (c) 2007 - 2009, Nicolas François
+   Copyright (c) 2007 - 2011, Nicolas François
    All rights reserved.
   
    Redistribution and use in source and binary forms, with or without
@@ -434,6 +434,19 @@
          </para>
        </listitem>
       </varlistentry>
+      <varlistentry>
+       <term>
+         <option>-R</option>, <option>--root</option>
+         <replaceable>CHROOT_DIR</replaceable>
+       </term>
+       <listitem>
+         <para>
+           Apply changes in the <replaceable>CHROOT_DIR</replaceable>
+           directory and use the configuration files from the
+           <replaceable>CHROOT_DIR</replaceable> directory.
+         </para>
+       </listitem>
+      </varlistentry>
       <varlistentry>
        <term>
          <option>-s</option>, <option>--shell</option>

diff --git a/src/useradd.c b/src/useradd.c
index 8d412af1369b08d20fad459b6ae8ffb7e8384afa..43869f00e96d340a0c12f26f3bcbca3cd19912fc 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -724,6 +724,7 @@ static void usage (int status)
                        "                                (non-unique) UID\n"), usageout);
        (void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
        (void) fputs (_("  -r, --system                  create a system account\n"), usageout);
+       (void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
        (void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
        (void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
        (void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
@@ -997,6 +998,7 @@ static void process_flags (int argc, char **argv)
                        {"non-unique", no_argument, NULL, 'o'},
                        {"password", required_argument, NULL, 'p'},
                        {"system", no_argument, NULL, 'r'},
+                       {"root", required_argument, NULL, 'R'},
                        {"shell", required_argument, NULL, 's'},
 #ifdef WITH_SELINUX
                        {"selinux-user", required_argument, NULL, 'Z'},
@@ -1007,9 +1009,9 @@ static void process_flags (int argc, char **argv)
                };
                while ((c = getopt_long (argc, argv,
 #ifdef WITH_SELINUX
-                                        "b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:UZ:",
+                                        "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
 #else
-                                        "b:c:d:De:f:g:G:hk:K:lmMNop:rs:u:U",
+                                        "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
 #endif
                                         long_options, NULL)) != -1) {
                        switch (c) {
@@ -1178,6 +1180,8 @@ static void process_flags (int argc, char **argv)
                        case 'r':
                                rflg = true;
                                break;
+                       case 'R': /* no-op, handled in process_root_flag () */
+                               break;
                        case 's':
                                if (   ( !VALID (optarg) )
                                    || (   ('\0' != optarg[0])
@@ -1869,10 +1873,6 @@ int main (int argc, char **argv)
 #endif                         /* USE_PAM */
 #endif                         /* ACCT_TOOLS_SETUID */
 
-#ifdef WITH_AUDIT
-       audit_help_open ();
-#endif
-
        /*
         * Get my name so that I can use it to report errors.
         */
@@ -1882,7 +1882,12 @@ int main (int argc, char **argv)
        (void) bindtextdomain (PACKAGE, LOCALEDIR);
        (void) textdomain (PACKAGE);
 
+       process_root_flag ("-R", argc, argv);
+
        OPENLOG ("useradd");
+#ifdef WITH_AUDIT
+       audit_help_open ();
+#endif
 
        sys_ngroups = sysconf (_SC_NGROUPS_MAX);
        user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));