diff --git a/usr.sbin/adduser/adduser.8 b/usr.sbin/adduser/adduser.8 index 4669afc2bfe6..ed67e21f9430 100644 --- a/usr.sbin/adduser/adduser.8 +++ b/usr.sbin/adduser/adduser.8 @@ -1,476 +1,482 @@ .\" Copyright (c) 1995-1996 Wolfram Schneider . Berlin. .\" All rights reserved. .\" Copyright (c) 2002-2004 Michael Telahun Makonnen .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 15, 2012 +.Dd April 11, 2024 .Dt ADDUSER 8 .Os .Sh NAME .Nm adduser .Nd command for adding new users .Sh SYNOPSIS .Nm -.Op Fl CDENShq +.Op Fl CDENSZhq .Op Fl G Ar groups .Op Fl L Ar login_class .Op Fl M Ar mode .Op Fl d Ar partition .Op Fl f Ar file .Op Fl g Ar login_group .Op Fl k Ar dotdir .Op Fl m Ar message_file .Op Fl s Ar shell .Op Fl u Ar uid_start .Op Fl w Ar type .Sh DESCRIPTION The .Nm utility is a shell script, implemented around the .Xr pw 8 command, for adding new users. It creates passwd/group entries, a home directory, copies dotfiles and sends the new user a welcome message. +On systems where the parent of home directory is a ZFS dataset, +.Nm +will create the home directory as a ZFS dataset by default, +unless the system administrator specified otherwise. It supports two modes of operation. It may be used interactively at the command line to add one user at a time, or it may be directed to get the list of new users from a file and operate in batch mode without requiring any user interaction. .Sh RESTRICTIONS .Bl -tag -width indent .It username Login name. The user name is restricted to whatever .Xr pw 8 will accept. Generally this means it may contain only lowercase characters or digits but cannot begin with the .Ql - character. Maximum length is 16 characters. The reasons for this limit are historical. Given that people have traditionally wanted to break this limit for aesthetic reasons, it has never been of great importance to break such a basic fundamental parameter in .Ux . You can change .Dv UT_NAMESIZE in .In utmp.h and recompile the world; people have done this and it works, but you will have problems with any precompiled programs, or source that assumes the 8-character name limit, such as NIS. The NIS protocol mandates an 8-character username. If you need a longer login name for e-mail addresses, you can define an alias in .Pa /etc/mail/aliases . .It "full name" This is typically known as the gecos field and usually contains the user's full name. Additionally, it may contain a comma separated list of values such as office number and work and home phones. If the name contains an ampersand it will be replaced by the capitalized login name when displayed by other programs. The .Ql \&: character is not allowed. .It shell Unless the .Fl S argument is supplied only valid shells from the shell database .Pq Pa /etc/shells are allowed. In addition, either the base name or the full path of the shell may be supplied. .It UID Automatically generated or your choice. It must be less than 32000. .It "GID/login group" Automatically generated or your choice. It must be less than 32000. .It password You may choose an empty password, disable the password, use a randomly generated password or specify your own plaintext password, which will be encrypted before being stored in the user database. .El .Sh UNIQUE GROUPS Perhaps you are missing what .Em can be done with this scheme that falls apart with most other schemes. With each user in their own group, they can safely run with a umask of 002 instead of the usual 022 and create files in their home directory without worrying about others being able to change them. .Pp For a shared area you create a separate UID/GID, you place each person that should be able to access this area into that new group. .Pp This model of UID/GID administration allows far greater flexibility than lumping users into groups and having to muck with the umask when working in a shared area. .Pp I have been using this model for almost 10 years and found that it works for most situations, and has never gotten in the way. (Rod Grimes) .Sh CONFIGURATION The .Nm utility reads its configuration information from .Pa /etc/adduser.conf . If this file does not exist, it will use predefined defaults. While this file may be edited by hand, the safer option is to use the .Fl C command line argument. With this argument, .Nm will start interactive input, save the answers to its prompts in .Pa /etc/adduser.conf , and promptly exit without modifying the user database. Options specified on the command line will take precedence over any values saved in this file. .Sh OPTIONS .Bl -tag -width indent .It Fl C Create new configuration file and exit. This option is mutually exclusive with the .Fl f option. .It Fl d Ar partition Home partition. Default partition, under which all user directories will be located. The .Pa /nonexistent partition is considered special. The .Nm script will not create and populate a home directory by that name. Otherwise, by default it attempts to create a home directory. .It Fl D Do not attempt to create the home directory. .It Fl E Disable the account. This option will lock the account by prepending the string .Dq Li *LOCKED* to the password field. The account may be unlocked by the super-user with the .Xr pw 8 command: .Pp .D1 Nm pw Cm unlock Op Ar name | uid .It Fl f Ar file Get the list of accounts to create from .Ar file . If .Ar file is .Dq Fl , then get the list from standard input. If this option is specified, .Nm will operate in batch mode and will not seek any user input. If an error is encountered while processing an account, it will write a message to standard error and move to the next account. The format of the input file is described below. .It Fl g Ar login_group Normally, if no login group is specified, it is assumed to be the same as the username. This option makes .Ar login_group the default. .It Fl G Ar groups Space-separated list of additional groups. This option allows the user to specify additional groups to add users to. The user is a member of these groups in addition to their login group. .It Fl h Print a summary of options and exit. .It Fl k Ar directory Copy files from .Ar directory into the home directory of new users; .Pa dot.foo will be renamed to .Pa .foo . .It Fl L Ar login_class Set default login class. .It Fl m Ar file Send new users a welcome message from .Ar file . Specifying a value of .Cm no for .Ar file causes no message to be sent to new users. Please note that the message file can reference the internal variables of the .Nm script. .It Fl M Ar mode Create the home directory with permissions set to .Ar mode . .It Fl N Do not read the default configuration file. .It Fl q Minimal user feedback. In particular, the random password will not be echoed to standard output. .It Fl s Ar shell Default shell for new users. The .Ar shell argument may be the base name of the shell or the full path. Unless the .Fl S argument is supplied the shell must exist in .Pa /etc/shells or be the special shell .Em nologin to be considered a valid shell. .It Fl S The existence or validity of the specified shell will not be checked. .It Fl u Ar uid Use UIDs from .Ar uid on up. .It Fl w Ar type Password type. The .Nm utility allows the user to specify what type of password to create. The .Ar type argument may have one of the following values: .Bl -tag -width ".Cm random" .It Cm no Disable the password. Instead of an encrypted string, the password field will contain a single .Ql * character. The user may not log in until the super-user manually enables the password. .It Cm none Use an empty string as the password. .It Cm yes Use a user-supplied string as the password. In interactive mode, the user will be prompted for the password. In batch mode, the last (10th) field in the line is assumed to be the password. .It Cm random Generate a random string and use it as a password. The password will be echoed to standard output. In addition, it will be available for inclusion in the message file in the .Va randompass variable. .El +.It Fl Z +Do not attempt to create ZFS home dataset. .El .Sh FORMAT When the .Fl f option is used, the account information must be stored in a specific format. All empty lines or lines beginning with a .Ql # will be ignored. All other lines must contain ten colon .Pq Ql \&: separated fields as described below. Command line options do not take precedence over values in the fields. Only the password field may contain a .Ql \&: character as part of the string. .Pp .Sm off .D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password .Sm on .Bl -tag -width ".Ar password" .It Ar name Login name. This field may not be empty. .It Ar uid Numeric login user ID. If this field is left empty, it will be automatically generated. .It Ar gid Numeric primary group ID. If this field is left empty, a group with the same name as the user name will be created and its GID will be used instead. .It Ar class Login class. This field may be left empty. .It Ar change Password ageing. This field denotes the password change date for the account. The format of this field is the same as the format of the .Fl p argument to .Xr pw 8 . It may be .Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy , where .Ar dd is for the day, .Ar mmm is for the month in numeric or alphabetical format: .Dq Li 10 or .Dq Li Oct , and .Ar yy Ns Op Ar yy is the four or two digit year. To denote a time relative to the current date the format is: .No + Ns Ar n Ns Op Ar mhdwoy , where .Ar n denotes a number, followed by the minutes, hours, days, weeks, months or years after which the password must be changed. This field may be left empty to turn it off. .It Ar expire Account expiration. This field denotes the expiry date of the account. The account may not be used after the specified date. The format of this field is the same as that for password ageing. This field may be left empty to turn it off. .It Ar gecos Full name and other extra information about the user. .It Ar home_dir Home directory. If this field is left empty, it will be automatically created by appending the username to the home partition. The .Pa /nonexistent home directory is considered special and is understood to mean that no home directory is to be created for the user. .It Ar shell Login shell. This field should contain either the base name or the full path to a valid login shell. .It Ar password User password. This field should contain a plaintext string, which will be encrypted before being placed in the user database. If the password type is .Cm yes and this field is empty, it is assumed the account will have an empty password. If the password type is .Cm random and this field is .Em not empty, its contents will be used as a password. This field will be ignored if the .Fl w option is used with a .Cm no or .Cm none argument. Be careful not to terminate this field with a closing .Ql \&: because it will be treated as part of the password. .El .Sh FILES .Bl -tag -width ".Pa /etc/adduser.message" -compact .It Pa /etc/master.passwd user database .It Pa /etc/group group database .It Pa /etc/shells shell database .It Pa /etc/login.conf login classes database .It Pa /etc/adduser.conf configuration file for .Nm .It Pa /etc/adduser.message message file for .Nm .It Pa /usr/share/skel skeletal login directory .It Pa /var/log/adduser logfile for .Nm .El .Sh SEE ALSO .Xr chpass 1 , .Xr passwd 1 , .Xr adduser.conf 5 , .Xr aliases 5 , .Xr group 5 , .Xr login.conf 5 , .Xr passwd 5 , .Xr shells 5 , .Xr pw 8 , .Xr pwd_mkdb 8 , .Xr rmuser 8 , .Xr vipw 8 , .Xr yp 8 .Sh HISTORY The .Nm command appeared in .Fx 2.1 . .Sh AUTHORS .An -nosplit This manual page and the original script, in Perl, was written by .An Wolfram Schneider Aq Mt wosch@FreeBSD.org . The replacement script, written as a Bourne shell script with some enhancements, and the man page modification that came with it were done by .An Mike Makonnen Aq Mt mtm@identd.net . .Sh BUGS In order for .Nm to correctly expand variables such as .Va $username and .Va $randompass in the message sent to new users, it must let the shell evaluate each line of the message file. This means that shell commands can also be embedded in the message file. The .Nm utility attempts to mitigate the possibility of an attacker using this feature by refusing to evaluate the file if it is not owned and writable only by the root user. In addition, shell special characters and operators will have to be escaped when used in the message file. .Pp Also, password ageing and account expiry times are currently settable only in batch mode or when specified in .Pa /etc/adduser.conf . The user should be able to set them in interactive mode as well. diff --git a/usr.sbin/adduser/adduser.conf.5 b/usr.sbin/adduser/adduser.conf.5 index 2d445a2fabbf..09b80f2df021 100644 --- a/usr.sbin/adduser/adduser.conf.5 +++ b/usr.sbin/adduser/adduser.conf.5 @@ -1,219 +1,221 @@ .\" .\" Copyright (c) 2004 Tom Rhodes .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .Dd April 12, 2007 .Dt ADDUSER.CONF 5 .Os .Sh NAME .Nm adduser.conf .Nd .Xr adduser 8 configuration file .Sh DESCRIPTION The .Pa /etc/adduser.conf file is automatically generated by the .Xr adduser 8 utility when invoked with the .Fl C command-line option. It is not meant to be edited by hand. .Pp The .Pa /etc/adduser.conf file is used to pre-set certain configuration options for the .Xr adduser 8 utility. When .Xr adduser 8 is invoked, it will check to see if this file exists, and if so, the configuration will be used or offered as the default settings. The .Nm file offers three types of configuration: .Bl -bullet .It Default settings offered by .Xr adduser 8 . These options are specified in the configuration file and offered as the default during every invocation of the .Xr adduser 8 utility. .It Configuration options which can be set in .Nm , but overridden by passing a flag to .Xr adduser 8 . .It Configuration supported by .Xr adduser 8 but not offered by a flag or during initial invocation. .El .Pp In the first case, these options can be set in .Nm but will still be offered when .Xr adduser 8 is invoked. In the second case, .Xr adduser 8 will read the configuration data unless a flag has been passed to override it. For example, the .Va defaultshell option. In the third case, the configuration will be utilized, but the user will never be prompted to modify the default setting by either a flag or an .Xr adduser 8 prompt. For example, the .Va upwexpire setting. .Pp The following configuration options can be set in .Nm : .Bl -tag -width ".Va defaultgroups" -offset indent .It Va defaultLgroup The default group new users will be added to. .It Va defaultclass The default class to place users in as described in .Xr login.conf 5 . .It Va defaultgroups This option is used to specify what other groups the new account should be added to. .It Va passwdtype May be one of .Cm no , none , random , or .Cm yes , as described in .Xr adduser 8 . As such, the text is not duplicated here and may be read in .Xr adduser 8 . .It Va homeprefix The default home directory prefix, usually .Pa /home . .It Va defaultshell The user's default shell which may be any of the shells listed in .Xr shells 5 . .It Va udotdir Defines the location of the default shell and environment configuration files. .It Va msgfile Location of the default new user message file. This message will be sent to all new users if specified here or at the .Xr adduser 8 prompt. .It Va disableflag The default message enclosed in brackets for the lock account prompt. .It Va upwexpire The default password expiration time. Format of the date is either a .Ux time in decimal, or a date in .Sm off .Ar dd No - Ar mmm No - Ar yy Op Ar yy .Sm on format, where .Ar dd is the day, .Ar mmm is the month in either numeric or alphabetic format, and .Ar yy Ns Op Ar yy is either a two or four digit year. This option also accepts a relative date in the form of .Sm off .Ar n Op Ar m h d w o y .Sm on where .Ar n is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the number of Minutes, Hours, Days, Weeks, Months or Years from the current date at which the expiration time is to be set. .It Va uexpire The default account expire time. The format is similar to the .Va upwexpire option. .It Va ugecos The default information to be held in the GECOS field of .Pa /etc/master.passwd . .It Va uidstart The default user ID setting. This must be a number above 1000 and fewer than 65534. +.It Va Zflag +Do not attempt to create ZFS home dataset. .El .Sh EXAMPLES The following is an example .Nm file created with the .Fl C .Xr adduser 8 flag and modified. .Bd -literal -offset indent # Configuration file for adduser(8). # NOTE: only *some* variables are saved. # Last Modified on Fri Mar 30 14:04:05 EST 2004. defaultLgroup= defaultclass= defaultgroups= passwdtype=yes homeprefix=/home defaultshell=/bin/csh udotdir=/usr/share/skel msgfile=/etc/adduser.msg disableflag= upwexpire=91d # Expire passwords 91 days after creation. .Ed .Sh SEE ALSO .Xr group 5 , .Xr passwd 5 , .Xr adduser 8 , .Xr pw 8 , .Xr rmuser 8 .Sh HISTORY The .Nm manual page first appeared in .Fx 5.3 . .Sh AUTHORS This manual page was written by .An Tom Rhodes Aq Mt trhodes@FreeBSD.org . .Sh BUGS The internal variables documented here may change without notice. Do not rely on them. To modify this file invoke .Xr adduser 8 with the .Fl C option instead. diff --git a/usr.sbin/adduser/adduser.sh b/usr.sbin/adduser/adduser.sh index fef9e293c1ce..0d5a628f8f33 100644 --- a/usr.sbin/adduser/adduser.sh +++ b/usr.sbin/adduser/adduser.sh @@ -1,1060 +1,1197 @@ #!/bin/sh # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Email: Mike Makonnen # # # err msg # Display $msg on stderr, unless we're being quiet. # err() { if [ -z "$quietflag" ]; then echo 1>&2 ${THISCMD}: ERROR: $* fi } # info msg # Display $msg on stdout, unless we're being quiet. # info() { if [ -z "$quietflag" ]; then echo ${THISCMD}: INFO: $* fi } # get_nextuid # Output the value of $_uid if it is available for use. If it # is not, output the value of the next higher uid that is available. # If a uid is not specified, output the first available uid, as indicated # by pw(8). # get_nextuid () { _uid=$1 _nextuid= if [ -z "$_uid" ]; then _nextuid="`${PWCMD} usernext | cut -f1 -d:`" else while : ; do ${PWCMD} usershow $_uid > /dev/null 2>&1 if [ ! "$?" -eq 0 ]; then _nextuid=$_uid break fi _uid=$(($_uid + 1)) done fi echo $_nextuid } # show_usage # Display usage information for this utility. # show_usage() { echo "usage: ${THISCMD} [options]" echo " options may include:" echo " -C save to the configuration file only" echo " -D do not attempt to create the home directory" echo " -E disable this account after creation" echo " -G additional groups to add accounts to" echo " -L login class of the user" echo " -M file permission for home directory" echo " -N do not read configuration file" + echo " -Z do not attempt to create ZFS home dataset" echo " -S a nonexistent shell is not an error" echo " -d home directory" echo " -f file from which input will be received" echo " -g default login group" echo " -h display this usage message" echo " -k path to skeleton home directory" echo " -m user welcome message file" echo " -q absolute minimal user feedback" echo " -s shell" echo " -u uid to start at" echo " -w password type: no, none, yes or random" } # valid_shells # Outputs a list of valid shells from /etc/shells. Only the # basename of the shell is output. # valid_shells() { _prefix= cat ${ETCSHELLS} | while read _path _junk ; do case $_path in \#*|'') ;; *) echo -n "${_prefix}`basename $_path`" _prefix=' ' ;; esac done # /usr/sbin/nologin is a special case [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" } # fullpath_from_shell shell # Given $shell, which is either the full path to a shell or # the basename component of a valid shell, get the # full path to the shell from the /etc/shells file. # fullpath_from_shell() { _shell=$1 [ -z "$_shell" ] && return 1 # /usr/sbin/nologin is a special case; it needs to be handled # before the cat | while loop, since a 'return' from within # a subshell will not terminate the function's execution, and # the path to the nologin shell might be printed out twice. # if [ "$_shell" = "${NOLOGIN}" -o \ "$_shell" = "${NOLOGIN_PATH}" ]; then echo ${NOLOGIN_PATH} return 0; fi cat ${ETCSHELLS} | while read _path _junk ; do case "$_path" in \#*|'') ;; *) if [ "$_path" = "$_shell" -o \ "`basename $_path`" = "$_shell" ]; then echo $_path return 0 fi ;; esac done return 1 } # shell_exists shell # If the given shell is listed in ${ETCSHELLS} or it is # the nologin shell this function will return 0. # Otherwise, it will return 1. If shell is valid but # the path is invalid or it is not executable it # will emit an informational message saying so. # shell_exists() { _sh="$1" _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" if ! eval $_shellchk; then # The nologin shell is not listed in /etc/shells. if [ "$_sh" != "${NOLOGIN_PATH}" ]; then err "Invalid shell ($_sh) for user $username." return 1 fi fi ! [ -x "$_sh" ] && info "The shell ($_sh) does not exist or is not executable." return 0 } # save_config # Save some variables to a configuration file. # Note: not all script variables are saved, only those that # it makes sense to save. # save_config() { echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} echo '' >> ${ADDUSERCONF} echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF} echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} echo "defaultclass=$uclass" >> ${ADDUSERCONF} echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} echo "defaultshell=$ushell" >> ${ADDUSERCONF} echo "udotdir=$udotdir" >> ${ADDUSERCONF} echo "msgfile=$msgfile" >> ${ADDUSERCONF} echo "disableflag=$disableflag" >> ${ADDUSERCONF} echo "uidstart=$uidstart" >> ${ADDUSERCONF} } # add_user # Add a user to the user database. If the user chose to send a welcome # message or lock the account, do so. # add_user() { # Is this a configuration run? If so, don't modify user database. # if [ -n "$configflag" ]; then save_config return fi _uid= _name= _comment= _gecos= _home= _group= _grouplist= _shell= _class= _dotdir= _expire= _pwexpire= _passwd= _upasswd= _passwdmethod= _name="-n '$username'" [ -n "$uuid" ] && _uid='-u "$uuid"' [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' [ -n "$ushell" ] && _shell='-s "$ushell"' [ -n "$uclass" ] && _class='-L "$uclass"' [ -n "$ugecos" ] && _comment='-c "$ugecos"' [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' [ -n "$uexpire" ] && _expire='-e "$uexpire"' [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' if [ -z "$Dflag" -a -n "$uhome" ]; then # The /nonexistent home directory is special. It # means the user has no home directory. if [ "$uhome" = "$NOHOME" ]; then _home='-d "$uhome"' else # Use home directory permissions if specified if [ -n "$uhomeperm" ]; then _home='-m -d "$uhome" -M "$uhomeperm"' else _home='-m -d "$uhome"' fi fi elif [ -n "$Dflag" -a -n "$uhome" ]; then _home='-d "$uhome"' fi case $passwdtype in no) _passwdmethod="-w no" _passwd="-h -" ;; yes) # Note on processing the password: The outer double quotes # make literal everything except ` and \ and $. # The outer single quotes make literal ` and $. # We can ensure the \ isn't treated specially by specifying # the -r switch to the read command used to obtain the input. # _passwdmethod="-w yes" _passwd="-h 0" _upasswd='echo "$upass" |' ;; none) _passwdmethod="-w none" ;; random) _passwdmethod="-w random" ;; esac + # create ZFS dataset before home directory is created with pw + if [ "${Zcreate}" = "yes" ]; then + if [ "${Zencrypt}" = "yes" ]; then + echo "Enter encryption keyphrase for ZFS dataset (${zhome}):" + fi + if [ -n "$BSDINSTALL_CHROOT" ]; then + create_zfs_chrooted_dataset + else + create_zfs_dataset + if [ "$?" -ne 0 ]; then + err "There was an error adding user ($username)." + return 1 + fi + fi + fi + _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" _pwcmd="$_pwcmd $_expire $_pwexpire" if ! _output=`eval $_pwcmd` ; then err "There was an error adding user ($username)." return 1 else info "Successfully added ($username) to the user database." if [ "random" = "$passwdtype" ]; then randompass="$_output" info "Password for ($username) is: $randompass" fi fi if [ -n "$disableflag" ]; then if ${PWCMD} lock $username ; then info "Account ($username) is locked." else info "Account ($username) could NOT be locked." fi fi + # give newly created user permissions to their home zfs dataset + if [ "${Zcreate}" = "yes" ]; then + set_zfs_perms + if [ -n "$BSDINSTALL_CHROOT" ]; then + umount_legacy_zfs + fi + fi + _line= _owner= _perms= if [ -n "$msgflag" ]; then [ -r "$msgfile" ] && { # We're evaluating the contents of an external file. # Let's not open ourselves up for attack. _perms will # be empty if it's writeable only by the owner. _owner # will *NOT* be empty if the file is owned by root. # _dir="`dirname $msgfile`" _file="`basename $msgfile`" _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` if [ -z "$_owner" -o -n "$_perms" ]; then err "The message file ($msgfile) may be writeable only by root." return 1 fi cat "$msgfile" | while read _line ; do eval echo "$_line" done | ${MAILCMD} -s"Welcome" ${username} info "Sent welcome message to ($username)." } fi } # get_user # Reads username of the account from standard input or from a global # variable containing an account line from a file. The username is # required. If this is an interactive session it will prompt in # a loop until a username is entered. If it is batch processing from # a file it will output an error message and return to the caller. # get_user() { _input= # No need to take down user names if this is a configuration saving run. [ -n "$configflag" ] && return while : ; do if [ -z "$fflag" ]; then echo -n "Username: " read _input else _input="`echo "$fileline" | cut -f1 -d:`" fi # There *must* be a username, and it must not exist. If # this is an interactive session give the user an # opportunity to retry. # if [ -z "$_input" ]; then err "You must enter a username!" [ -z "$fflag" ] && continue fi ${PWCMD} usershow $_input > /dev/null 2>&1 if [ "$?" -eq 0 ]; then err "User exists!" [ -z "$fflag" ] && continue fi break done username="$_input" } # get_gecos # Reads extra information about the user. Can be used both in interactive # and batch (from file) mode. # get_gecos() { _input= # No need to take down additional user information for a configuration run. [ -n "$configflag" ] && return if [ -z "$fflag" ]; then echo -n "Full name: " read _input else _input="`echo "$fileline" | cut -f7 -d:`" fi ugecos="$_input" } # get_shell # Get the account's shell. Works in interactive and batch mode. It # accepts either the base name of the shell or the full path. # If an invalid shell is entered it will simply use the default shell. # get_shell() { _input= _fullpath= ushell="$defaultshell" # Make sure the current value of the shell is a valid one if [ -z "$Sflag" ]; then if ! shell_exists $ushell ; then info "Using default shell ${defaultshell}." ushell="$defaultshell" fi fi if [ -z "$fflag" ]; then echo -n "Shell ($shells) [`basename $ushell`]: " read _input else _input="`echo "$fileline" | cut -f9 -d:`" fi if [ -n "$_input" ]; then if [ -n "$Sflag" ]; then ushell="$_input" else _fullpath=`fullpath_from_shell $_input` if [ -n "$_fullpath" ]; then ushell="$_fullpath" else err "Invalid shell ($_input) for user $username." info "Using default shell ${defaultshell}." ushell="$defaultshell" fi fi fi } # get_homedir # Reads the account's home directory. Used both with interactive input # and batch input. # get_homedir() { _input= if [ -z "$fflag" ]; then echo -n "Home directory [${homeprefix}/${username}]: " read _input else _input="`echo "$fileline" | cut -f8 -d:`" fi if [ -n "$_input" ]; then uhome="$_input" # if this is a configuration run, then user input is the home # directory prefix. Otherwise it is understood to # be $prefix/$user # [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" else uhome="${homeprefix}/${username}" fi } # get_homeperm # Reads the account's home directory permissions. # get_homeperm() { uhomeperm=$defaultHomePerm _input= _prompt= if [ -n "$uhomeperm" ]; then _prompt="Home directory permissions [${uhomeperm}]: " else _prompt="Home directory permissions (Leave empty for default): " fi if [ -z "$fflag" ]; then echo -n "$_prompt" read _input fi if [ -n "$_input" ]; then uhomeperm="$_input" fi } +# get_zfs_home +# Determine if homeprefix is located on a ZFS filesystem and if +# so, enable ZFS home dataset creation. +# +get_zfs_home() { + # check if zfs kernel module is loaded before attempting to run zfs to + # prevent loading the kernel module on systems that don't use ZFS + if ! "$KLDSTATCMD" -q -m zfs; then + Zcreate="no" + return + fi + zfs_homeprefix=`${ZFSCMD} list -Ho name "${homeprefix}" 2>/dev/null` + if [ "$?" -ne 0 ]; then + Zcreate="no" + elif [ -z "${zfs_homeprefix}" ]; then + Zcreate="no" + fi + zhome="${zfs_homeprefix}/${username}" +} + # get_uid # Reads a numeric userid in an interactive or batch session. Automatically # allocates one if it is not specified. # get_uid() { uuid=${uidstart} _input= _prompt= if [ -n "$uuid" ]; then uuid=`get_nextuid $uuid` _prompt="Uid [$uuid]: " else _prompt="Uid (Leave empty for default): " fi if [ -z "$fflag" ]; then echo -n "$_prompt" read _input else _input="`echo "$fileline" | cut -f2 -d:`" fi [ -n "$_input" ] && uuid=$_input uuid=`get_nextuid $uuid` uidstart=$uuid } # get_class # Reads login class of account. Can be used in interactive or batch mode. # get_class() { uclass="$defaultclass" _input= _class=${uclass:-"default"} if [ -z "$fflag" ]; then echo -n "Login class [$_class]: " read _input else _input="`echo "$fileline" | cut -f4 -d:`" fi [ -n "$_input" ] && uclass="$_input" } # get_logingroup # Reads user's login group. Can be used in both interactive and batch # modes. The specified value can be a group name or its numeric id. # This routine leaves the field blank if nothing is provided and # a default login group has not been set. The pw(8) command # will then provide a login group with the same name as the username. # get_logingroup() { ulogingroup="$defaultLgroup" _input= if [ -z "$fflag" ]; then echo -n "Login group [${ulogingroup:-$username}]: " read _input else _input="`echo "$fileline" | cut -f3 -d:`" fi # Pw(8) will use the username as login group if it's left empty [ -n "$_input" ] && ulogingroup="$_input" } # get_groups # Read additional groups for the user. It can be used in both interactive # and batch modes. # get_groups() { ugroups="$defaultgroups" _input= _group=${ulogingroup:-"${username}"} if [ -z "$configflag" ]; then [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " else [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " fi read _input [ -n "$_input" ] && ugroups="$_input" } # get_expire_dates # Read expiry information for the account and also for the password. This # routine is used only from batch processing mode. # get_expire_dates() { upwexpire="`echo "$fileline" | cut -f5 -d:`" uexpire="`echo "$fileline" | cut -f6 -d:`" } # get_password # Read the password in batch processing mode. The password field matters # only when the password type is "yes" or "random". If the field is empty and the # password type is "yes", then it assumes the account has an empty passsword # and changes the password type accordingly. If the password type is "random" # and the password field is NOT empty, then it assumes the account will NOT # have a random password and set passwdtype to "yes." # get_password() { # We may temporarily change a password type. Make sure it's changed # back to whatever it was before we process the next account. # [ -n "$savedpwtype" ] && { passwdtype=$savedpwtype savedpwtype= } # There may be a ':' in the password upass=${fileline#*:*:*:*:*:*:*:*:*:} if [ -z "$upass" ]; then case $passwdtype in yes) # if it's empty, assume an empty password passwdtype=none savedpwtype=yes ;; esac else case $passwdtype in random) passwdtype=yes savedpwtype=random ;; esac fi } +# get_zfs_encryption +# Ask user if they want to enable encryption on their ZFS home dataset. +# +get_zfs_encryption() { + _input= + _prompt="Enable ZFS encryption? (yes/no) [${Zencrypt}]: " + while : ; do + echo -n "$_prompt" + read _input + + [ -z "$_input" ] && _input=$Zencrypt + case $_input in + [Nn][Oo]|[Nn]) + Zencrypt="no" + break + ;; + [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) + Zencrypt="yes" + break + ;; + *) + # invalid answer; repeat loop + continue + ;; + esac + done + + if [ "${Zencrypt}" = "yes" ]; then + zfsopt="-o encryption=on -o keylocation=prompt -o keyformat=passphrase" + fi +} + +# create_zfs_chrooted_dataset +# Create ZFS dataset owned by the user that was just added within a bsdinstall chroot +# +create_zfs_chrooted_dataset() { + if ! ${ZFSCMD} create -u ${zfsopt} "${zhome}"; then + err "There was an error creating ZFS dataset (${zhome})." + return 1 + fi + ${ZFSCMD} set mountpoint=legacy "${zhome}" + ${MKDIRCMD} -p "${uhome}" + ${MOUNTCMD} -t zfs "${zhome}" "${uhome}" +} + +# umount_legacy_zfs +# Unmount ZFS home directory created as a legacy mount and switch inheritance +# +umount_legacy_zfs() { + ${UMOUNTCMD} "${uhome}" + ${ZFSCMD} inherit mountpoint "${zhome}" +} + +# create_zfs_dataset +# Create ZFS dataset owned by the user that was just added. +# +create_zfs_dataset() { + if ! ${ZFSCMD} create ${zfsopt} "${zhome}"; then + err "There was an error creating ZFS dataset (${zhome})." + return 1 + else + info "Successfully created ZFS dataset (${zhome})." + fi +} + +# set_zfs_perms +# Give new user ownership of newly created zfs dataset. +# +set_zfs_perms() { + if ! ${ZFSCMD} allow "${username}" create,destroy,mount,snapshot "${zhome}"; then + err "There was an error setting permissions on ZFS dataset (${zhome})." + return 1 + fi +} + # input_from_file # Reads a line of account information from standard input and # adds it to the user database. # input_from_file() { _field= while read -r fileline ; do case "$fileline" in \#*|'') ;; *) get_user || continue get_gecos get_uid get_logingroup get_class get_shell get_homedir + get_zfs_home get_homeperm get_password get_expire_dates ugroups="$defaultgroups" add_user ;; esac done } # input_interactive # Prompts for user information interactively, and commits to # the user database. # input_interactive() { _disable= _pass= _passconfirm= _random="no" _emptypass="no" _usepass="yes" _logingroup_ok="no" _groups_ok="no" _all_ok="yes" _another_user="no" case $passwdtype in none) _emptypass="yes" _usepass="yes" ;; no) _usepass="no" ;; random) _random="yes" ;; esac get_user get_gecos get_uid # The case where group = user is handled elsewhere, so # validate any other groups the user is invited to. until [ "$_logingroup_ok" = yes ]; do get_logingroup _logingroup_ok=yes if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then echo "Group $ulogingroup does not exist!" _logingroup_ok=no fi fi done until [ "$_groups_ok" = yes ]; do get_groups _groups_ok=yes for i in $ugroups; do if [ "$username" != "$i" ]; then if ! ${PWCMD} show group $i > /dev/null 2>&1; then echo "Group $i does not exist!" _groups_ok=no fi fi done done get_class get_shell get_homedir get_homeperm + get_zfs_home + [ "$Zcreate" = "yes" ] && get_zfs_encryption while : ; do echo -n "Use password-based authentication? [$_usepass]: " read _input [ -z "$_input" ] && _input=$_usepass case $_input in [Nn][Oo]|[Nn]) passwdtype="no" ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) while : ; do echo -n "Use an empty password? (yes/no) [$_emptypass]: " read _input [ -n "$_input" ] && _emptypass=$_input case $_emptypass in [Nn][Oo]|[Nn]) echo -n "Use a random password? (yes/no) [$_random]: " read _input [ -n "$_input" ] && _random="$_input" case $_random in [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) passwdtype="random" break ;; esac passwdtype="yes" [ -n "$configflag" ] && break trap 'stty echo; exit' 0 1 2 3 15 stty -echo echo -n "Enter password: " IFS= read -r upass echo'' echo -n "Enter password again: " IFS= read -r _passconfirm echo '' stty echo # if user entered a blank password # explicitly ask again. [ -z "$upass" -a -z "$_passconfirm" ] \ && continue ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) passwdtype="none" break; ;; *) # invalid answer; repeat the loop continue ;; esac if [ "$upass" != "$_passconfirm" ]; then echo "Passwords did not match!" continue fi break done ;; *) # invalid answer; repeat loop continue ;; esac break; done _disable=${disableflag:-"no"} while : ; do echo -n "Lock out the account after creation? [$_disable]: " read _input [ -z "$_input" ] && _input=$_disable case $_input in [Nn][Oo]|[Nn]) disableflag= ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) disableflag=yes ;; *) # invalid answer; repeat loop continue ;; esac break done - + # Display the information we have so far and prompt to # commit it. # _disable=${disableflag:-"no"} - [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username + [ -z "$configflag" ] && printf "%-11s : %s\n" Username $username case $passwdtype in yes) _pass='*****' ;; no) _pass='' ;; none) _pass='' ;; random) _pass='' ;; esac - [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" - [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" - printf "%-10s : %s\n" "Class" "$uclass" - printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" - printf "%-10s : %s\n" "Home" "$uhome" - printf "%-10s : %s\n" "Home Mode" "$uhomeperm" - printf "%-10s : %s\n" "Shell" "$ushell" - printf "%-10s : %s\n" "Locked" "$_disable" + [ -z "$configflag" ] && printf "%-11s : %s\n" "Password" "$_pass" + [ -n "$configflag" ] && printf "%-11s : %s\n" "Pass Type" "$passwdtype" + [ -z "$configflag" ] && printf "%-11s : %s\n" "Full Name" "$ugecos" + [ -z "$configflag" ] && printf "%-11s : %s\n" "Uid" "$uuid" + [ "$Zcreate" = "yes" -a -z "$configflag" ] && printf "%-11s : %s\n" "ZFS dataset" "${zhome}" + [ "$Zencrypt" = "yes" -a -z "$configflag" ] && printf "%-11s : %s\n" "Encrypted" "${Zencrypt}" + printf "%-11s : %s\n" "Class" "$uclass" + printf "%-11s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" + printf "%-11s : %s\n" "Home" "$uhome" + printf "%-11s : %s\n" "Home Mode" "$uhomeperm" + printf "%-11s : %s\n" "Shell" "$ushell" + printf "%-11s : %s\n" "Locked" "$_disable" while : ; do echo -n "OK? (yes/no) [$_all_ok]: " read _input if [ -z "$_input" ]; then _input=$_all_ok fi case $_input in [Nn][Oo]|[Nn]) return 1 ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) add_user ;; *) continue ;; esac break done return 0 } #### END SUBROUTINE DEFINITION #### THISCMD=`/usr/bin/basename $0` DEFAULTSHELL=/bin/sh ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" PWCMD="${PWCMD:-/usr/sbin/pw}" MAILCMD="${MAILCMD:-mail}" ETCSHELLS="${ETCSHELLS:-/etc/shells}" NOHOME="/nonexistent" NOLOGIN="nologin" NOLOGIN_PATH="/usr/sbin/nologin" GREPCMD="/usr/bin/grep" DATECMD="/bin/date" +MKDIRCMD="/bin/mkdir" +MOUNTCMD="/sbin/mount" +UMOUNTCMD="/sbin/umount" +ZFSCMD="/sbin/zfs" +KLDSTATCMD="/sbin/kldstat" # Set default values # username= uuid= uidstart= ugecos= ulogingroup= uclass= uhome= uhomeperm= upass= ushell= udotdir=/usr/share/skel ugroups= uexpire= upwexpire= shells="`valid_shells`" passwdtype="yes" msgfile=/etc/adduser.msg msgflag= quietflag= configflag= fflag= infile= disableflag= Dflag= Sflag= +Zcreate="yes" readconfig="yes" homeprefix="/home" randompass= fileline= savedpwtype= defaultclass= defaultLgroup= defaultgroups= defaultshell="${DEFAULTSHELL}" defaultHomePerm= +zfsopt= +Zencrypt="no" # Make sure the user running this program is root. This isn't a security # measure as much as it is a useful method of reminding the user to # 'su -' before he/she wastes time entering data that won't be saved. # procowner=${procowner:-`/usr/bin/id -u`} if [ "$procowner" != "0" ]; then err 'you must be the super-user (uid 0) to use this utility.' exit 1 fi # Override from our conf file # Quickly go through the commandline line to see if we should read # from our configuration file. The actual parsing of the commandline # arguments happens after we read in our configuration file (commandline # should override configuration file). # for _i in $* ; do if [ "$_i" = "-N" ]; then readconfig= break; fi done if [ -n "$readconfig" ]; then # On a long-lived system, the first time this script is run it # will barf upon reading the configuration file for its perl predecessor. if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 fi fi # Process command-line options # for _switch ; do case $_switch in -L) defaultclass="$2" shift; shift ;; -C) configflag=yes shift ;; -D) Dflag=yes shift ;; -E) disableflag=yes shift ;; -k) udotdir="$2" shift; shift ;; -f) [ "$2" != "-" ] && infile="$2" fflag=yes shift; shift ;; -g) defaultLgroup="$2" shift; shift ;; -G) defaultgroups="$2" shift; shift ;; -h) show_usage exit 0 ;; -d) homeprefix="$2" shift; shift ;; -m) case "$2" in [Nn][Oo]) msgflag= ;; *) msgflag=yes msgfile="$2" ;; esac shift; shift ;; -M) defaultHomePerm=$2 shift; shift ;; -N) readconfig= shift ;; -w) case "$2" in no|none|random|yes) passwdtype=$2 ;; *) show_usage exit 1 ;; esac shift; shift ;; -q) quietflag=yes shift ;; -s) defaultshell="`fullpath_from_shell $2`" shift; shift ;; -S) Sflag=yes shift ;; -u) uidstart=$2 shift; shift ;; + -Z) + Zcreate="no" + shift + ;; esac done # If the -f switch was used, get input from a file. Otherwise, # this is an interactive session. # if [ -n "$fflag" ]; then if [ -z "$infile" ]; then input_from_file elif [ -n "$infile" ]; then if [ -r "$infile" ]; then input_from_file < $infile else err "File ($infile) is unreadable or does not exist." fi fi else input_interactive while : ; do if [ -z "$configflag" ]; then echo -n "Add another user? (yes/no) [$_another_user]: " else echo -n "Re-edit the default configuration? (yes/no) [$_another_user]: " fi read _input if [ -z "$_input" ]; then _input=$_another_user fi case $_input in [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) uidstart=`get_nextuid $uidstart` input_interactive continue ;; [Nn][Oo]|[Nn]) echo "Goodbye!" ;; *) continue ;; esac break done fi