diff --git a/usr.sbin/adduser/adduser.sh b/usr.sbin/adduser/adduser.sh index d1c9e12098f7..9739b2e589fa 100644 --- a/usr.sbin/adduser/adduser.sh +++ b/usr.sbin/adduser/adduser.sh @@ -1,1156 +1,1155 @@ #!/bin/sh # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Email: Mike Makonnen # # # err msg # Display $msg on stderr, unless we're being quiet. # err() { if [ -z "$quietflag" ]; then echo 1>&2 ${THISCMD}: ERROR: $* fi } # info msg # Display $msg on stdout, unless we're being quiet. # info() { if [ -z "$quietflag" ]; then echo ${THISCMD}: INFO: $* fi } # get_nextuid # Output the value of $_uid if it is available for use. If it # is not, output the value of the next higher uid that is available. # If a uid is not specified, output the first available uid, as indicated # by pw(8). # get_nextuid () { local _uid=$1 _nextuid if [ -z "$_uid" ]; then _nextuid="$(${PWCMD} usernext | cut -f1 -d:)" else while : ; do if ! ${PWCMD} usershow $_uid > /dev/null 2>&1; then _nextuid=$_uid break fi _uid=$((_uid + 1)) done fi echo $_nextuid } # show_usage # Display usage information for this utility. # show_usage() { echo "usage: ${THISCMD} [options]" echo " options may include:" echo " -C save to the configuration file only" echo " -D do not attempt to create the home directory" echo " -E disable this account after creation" echo " -G additional groups to add accounts to" echo " -L login class of the user" echo " -M file permission for home directory" echo " -N do not read configuration file" echo " -Z do not attempt to create ZFS home dataset" echo " -S a nonexistent shell is not an error" echo " -d home directory" echo " -f file from which input will be received" echo " -g default login group" echo " -h display this usage message" echo " -k path to skeleton home directory" echo " -m user welcome message file" echo " -q absolute minimal user feedback" echo " -s shell" echo " -u uid to start at" echo " -w password type: no, none, yes or random" } # valid_shells # Outputs a list of valid shells from /etc/shells. Only the # basename of the shell is output. # valid_shells() { local _prefix ${GREPCMD} '^[^#]' ${ETCSHELLS} | while read _path _junk ; do echo -n "${_prefix}${_path##*/}" _prefix=' ' done # /usr/sbin/nologin is a special case [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" } # fullpath_from_shell shell # Given $shell, which is either the full path to a shell or # the basename component of a valid shell, get the # full path to the shell from the /etc/shells file. # fullpath_from_shell() { local _shell=$1 _fullpath if [ -z "$_shell" ]; then return fi # /usr/sbin/nologin is a special case; it needs to be handled # before the grep | while loop, since a 'return' from within # a subshell will not terminate the function's execution, and # the path to the nologin shell might be printed out twice. # if [ "$_shell" = "${NOLOGIN}" ] || [ "$_shell" = "${NOLOGIN_PATH}" ]; then echo ${NOLOGIN_PATH} return fi ${GREPCMD} '^[^#]' ${ETCSHELLS} | while read _path _junk ; do if [ "$_path" = "$_shell" ] || [ "${_path##*/}" = "$_shell" ]; then echo "$_path" break fi done } # shell_exists shell # If the given shell is listed in ${ETCSHELLS} or it is # the nologin shell this function will return 0. # Otherwise, it will return 1. If shell is valid but # the path is invalid or it is not executable it # will emit an informational message saying so. # shell_exists() { local _sh="$1" if [ -z "$(fullpath_from_shell "$_sh")" ] ; then err "Invalid shell ($_sh) for user $username." return 1 fi [ -x "$_sh" ] || info "The shell ($_sh) does not exist or is not executable." return 0 } # save_config # Save some variables to a configuration file. # Note: not all script variables are saved, only those that # it makes sense to save. # save_config() { echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} echo "# Last Modified on $(${DATECMD})." >> ${ADDUSERCONF} echo '' >> ${ADDUSERCONF} echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF} echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} echo "defaultclass=$uclass" >> ${ADDUSERCONF} echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} echo "defaultshell=$ushell" >> ${ADDUSERCONF} echo "udotdir=$udotdir" >> ${ADDUSERCONF} echo "msgfile=$msgfile" >> ${ADDUSERCONF} echo "disableflag=$disableflag" >> ${ADDUSERCONF} echo "uidstart=$uidstart" >> ${ADDUSERCONF} } # add_user # Add a user to the user database. If the user chose to send a welcome # message or lock the account, do so. # add_user() { local _uid _name _comment _gecos _home _group _grouplist _shell _class local _dotdir _expire _pwexpire _passwd _upasswd _passwdmethod # Is this a configuration run? If so, don't modify user database. # if [ -n "$configflag" ]; then save_config return fi _name="-n '$username'" [ -n "$uuid" ] && _uid='-u "$uuid"' [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' [ -n "$ushell" ] && _shell='-s "$ushell"' [ -n "$uclass" ] && _class='-L "$uclass"' [ -n "$ugecos" ] && _comment='-c "$ugecos"' [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' [ -n "$uexpire" ] && _expire='-e "$uexpire"' [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' if [ -z "$Dflag" ] && [ -n "$uhome" ]; then # The /nonexistent home directory is special. It # means the user has no home directory. if [ "$uhome" = "$NOHOME" ]; then _home='-d "$uhome"' else # Use home directory permissions if specified if [ -n "$uhomeperm" ]; then _home='-m -d "$uhome" -M "$uhomeperm"' else _home='-m -d "$uhome"' fi fi elif [ -n "$Dflag" ] && [ -n "$uhome" ]; then _home='-d "$uhome"' fi case $passwdtype in no) _passwdmethod="-w no" _passwd="-h -" ;; yes) # Note on processing the password: The outer double quotes # make literal everything except ` and \ and $. # The outer single quotes make literal ` and $. # We can ensure the \ isn't treated specially by specifying # the -r switch to the read command used to obtain the input. # _passwdmethod="-w yes" _passwd="-h 0" _upasswd='echo "$upass" |' ;; none) _passwdmethod="-w none" ;; random) _passwdmethod="-w random" ;; esac # create ZFS dataset before home directory is created with pw if [ "${Zcreate}" = "yes" ]; then if [ "${Zencrypt}" = "yes" ]; then echo "Enter encryption keyphrase for ZFS dataset (${zhome}):" fi if [ -n "$BSDINSTALL_CHROOT" ]; then create_zfs_chrooted_dataset else if ! create_zfs_dataset; then err "There was an error adding user ($username)." return 1 fi fi fi _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" _pwcmd="$_pwcmd $_expire $_pwexpire" if ! _output=$(eval $_pwcmd) ; then err "There was an error adding user ($username)." return 1 else info "Successfully added ($username) to the user database." if [ "random" = "$passwdtype" ]; then randompass="$_output" info "Password for ($username) is: $randompass" fi fi if [ -n "$disableflag" ]; then if ${PWCMD} lock $username ; then info "Account ($username) is locked." else info "Account ($username) could NOT be locked." fi fi # give newly created user permissions to their home zfs dataset if [ "${Zcreate}" = "yes" ]; then set_zfs_perms if [ -n "$BSDINSTALL_CHROOT" ]; then umount_legacy_zfs fi fi local _line _owner _perms _file _dir if [ -n "$msgflag" ]; then if [ -r "$msgfile" ]; then # We're evaluating the contents of an external file. # Let's not open ourselves up for attack. _perms will # be empty if it's writeable only by the owner. _owner # will *NOT* be empty if the file is owned by root. # _dir="$(dirname "$msgfile")" _file="$(basename "$msgfile")" _perms=$(/usr/bin/find "$_dir" -name "$_file" -perm +07022 -prune) _owner=$(/usr/bin/find "$_dir" -name "$_file" -user 0 -prune) if [ -z "$_owner" ] || [ -n "$_perms" ]; then err "The message file ($msgfile) may be writeable only by root." return 1 fi while read _line ; do eval echo "$_line" done <"$msgfile" | ${MAILCMD} -s"Welcome" ${username} info "Sent welcome message to ($username)." fi fi } # get_user # Reads username of the account from standard input or from a global # variable containing an account line from a file. The username is # required. If this is an interactive session it will prompt in # a loop until a username is entered. If it is batch processing from # a file it will output an error message and return to the caller. # get_user() { local _input # No need to take down user names if this is a configuration saving run. [ -n "$configflag" ] && return while : ; do if [ -z "$fflag" ]; then echo -n "Username: " read _input else _input="$(echo "$fileline" | cut -f1 -d:)" fi # There *must* be a username, and it must not exist. If # this is an interactive session give the user an # opportunity to retry. # if [ -z "$_input" ]; then err "You must enter a username!" [ -z "$fflag" ] && continue fi if ${PWCMD} usershow "$_input" > /dev/null 2>&1; then err "User exists!" [ -z "$fflag" ] && continue fi break done username="$_input" } # get_gecos # Reads extra information about the user. Can be used both in interactive # and batch (from file) mode. # get_gecos() { local _input # No need to take down additional user information for a configuration run. [ -n "$configflag" ] && return if [ -z "$fflag" ]; then echo -n "Full name: " read _input else _input="$(echo "$fileline" | cut -f7 -d:)" fi ugecos="$_input" } # get_shell # Get the account's shell. Works in interactive and batch mode. It # accepts either the base name of the shell or the full path. # If an invalid shell is entered it will simply use the default shell. # get_shell() { local _input _fullpath ushell="$defaultshell" # Make sure the current value of the shell is a valid one if [ -z "$Sflag" ]; then if ! shell_exists $ushell ; then info "Using default shell ${defaultshell}." ushell="$defaultshell" fi fi if [ -z "$fflag" ]; then echo -n "Shell ($shells) [${ushell##*/}]: " read _input else _input="$(echo "$fileline" | cut -f9 -d:)" fi if [ -n "$_input" ]; then if [ -n "$Sflag" ]; then ushell="$_input" else _fullpath=$(fullpath_from_shell "$_input") if [ -n "$_fullpath" ]; then ushell="$_fullpath" else err "Invalid shell ($_input) for user $username." info "Using default shell ${defaultshell}." ushell="$defaultshell" fi fi fi } # get_homedir # Reads the account's home directory. Used both with interactive input # and batch input. # get_homedir() { _input= if [ -z "$fflag" ]; then echo -n "Home directory [${homeprefix}/${username}]: " read _input else _input="$(echo "$fileline" | cut -f8 -d:)" fi if [ -n "$_input" ]; then uhome="$_input" # if this is a configuration run, then user input is the home # directory prefix. Otherwise it is understood to # be $prefix/$user # [ -z "$configflag" ] && homeprefix="$(dirname "$uhome")" || homeprefix="$uhome" else uhome="${homeprefix}/${username}" fi } # get_homeperm # Reads the account's home directory permissions. # get_homeperm() { local _input _prompt uhomeperm=$defaultHomePerm if [ -n "$uhomeperm" ]; then _prompt="Home directory permissions [${uhomeperm}]: " else _prompt="Home directory permissions (Leave empty for default): " fi if [ -z "$fflag" ]; then echo -n "$_prompt" read _input fi if [ -n "$_input" ]; then uhomeperm="$_input" fi } # get_zfs_home # Determine if homeprefix is located on a ZFS filesystem and if # so, enable ZFS home dataset creation. # get_zfs_home() { local _prefix # check if zfs kernel module is loaded before attempting to run zfs to # prevent loading the kernel module on systems that don't use ZFS - if ! "$KLDSTATCMD" -q -m zfs || - Zcreate="no" + if ! "$KLDSTATCMD" -q -m zfs || Zcreate="no"; then return fi if ! _prefix=$(${ZFSCMD} list -Ho name "${homeprefix}" 2>/dev/null) || [ -z "${_prefix}" ]; then Zcreate="no" return fi zhome="${_prefix}/${username}" } # get_uid # Reads a numeric userid in an interactive or batch session. Automatically # allocates one if it is not specified. # get_uid() { local _input _prompt uuid=${uidstart} if [ -n "$uuid" ]; then uuid=$(get_nextuid "$uuid") _prompt="Uid [$uuid]: " else _prompt="Uid (Leave empty for default): " fi if [ -z "$fflag" ]; then echo -n "$_prompt" read _input else _input="$(echo "$fileline" | cut -f2 -d:)" fi [ -n "$_input" ] && uuid=$_input uuid=$(get_nextuid "$uuid") uidstart=$uuid } # get_class # Reads login class of account. Can be used in interactive or batch mode. # get_class() { local _input _uclass uclass="$defaultclass" _class=${uclass:-"default"} if [ -z "$fflag" ]; then echo -n "Login class [$_class]: " read _input else _input="$(echo "$fileline" | cut -f4 -d:)" fi [ -n "$_input" ] && uclass="$_input" } # get_logingroup # Reads user's login group. Can be used in both interactive and batch # modes. The specified value can be a group name or its numeric id. # This routine leaves the field blank if nothing is provided and # a default login group has not been set. The pw(8) command # will then provide a login group with the same name as the username. # get_logingroup() { local _input ulogingroup="$defaultLgroup" if [ -z "$fflag" ]; then echo -n "Login group [${ulogingroup:-$username}]: " read _input else _input="$(echo "$fileline" | cut -f3 -d:)" fi # Pw(8) will use the username as login group if it's left empty [ -n "$_input" ] && ulogingroup="$_input" } # get_groups # Read additional groups for the user. It can be used in both interactive # and batch modes. # get_groups() { local _input _group ugroups="$defaultgroups" _group=${ulogingroup:-"${username}"} if [ -z "$configflag" ]; then [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " else [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " fi read _input [ -n "$_input" ] && ugroups="$_input" } # get_expire_dates # Read expiry information for the account and also for the password. This # routine is used only from batch processing mode. # get_expire_dates() { upwexpire="$(echo "$fileline" | cut -f5 -d:)" uexpire="$(echo "$fileline" | cut -f6 -d:)" } # get_password # Read the password in batch processing mode. The password field matters # only when the password type is "yes" or "random". If the field is empty and the # password type is "yes", then it assumes the account has an empty passsword # and changes the password type accordingly. If the password type is "random" # and the password field is NOT empty, then it assumes the account will NOT # have a random password and set passwdtype to "yes." # get_password() { # We may temporarily change a password type. Make sure it's changed # back to whatever it was before we process the next account. # if [ -n "$savedpwtype" ]; then passwdtype=$savedpwtype savedpwtype= fi # There may be a ':' in the password upass=${fileline#*:*:*:*:*:*:*:*:*:} if [ -z "$upass" ]; then case $passwdtype in yes) # if it's empty, assume an empty password passwdtype=none savedpwtype=yes ;; esac else case $passwdtype in random) passwdtype=yes savedpwtype=random ;; esac fi } # get_zfs_encryption # Ask user if they want to enable encryption on their ZFS home dataset. # get_zfs_encryption() { local _input _prompt _prompt="Enable ZFS encryption? (yes/no) [${Zencrypt}]: " while : ; do echo -n "$_prompt" read _input [ -z "$_input" ] && _input=$Zencrypt case $_input in [Nn][Oo]|[Nn]) Zencrypt="no" break ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) Zencrypt="yes" break ;; *) # invalid answer; repeat loop continue ;; esac done if [ "${Zencrypt}" = "yes" ]; then zfsopt="-o encryption=on -o keylocation=prompt -o keyformat=passphrase" fi } # create_zfs_chrooted_dataset # Create ZFS dataset owned by the user that was just added within a bsdinstall chroot # create_zfs_chrooted_dataset() { if ! ${ZFSCMD} create -u ${zfsopt} "${zhome}"; then err "There was an error creating ZFS dataset (${zhome})." return 1 fi ${ZFSCMD} set mountpoint=legacy "${zhome}" ${MKDIRCMD} -p "${uhome}" ${MOUNTCMD} -t zfs "${zhome}" "${uhome}" } # umount_legacy_zfs # Unmount ZFS home directory created as a legacy mount and switch inheritance # umount_legacy_zfs() { ${UMOUNTCMD} "${uhome}" ${ZFSCMD} inherit mountpoint "${zhome}" } # create_zfs_dataset # Create ZFS dataset owned by the user that was just added. # create_zfs_dataset() { if ! ${ZFSCMD} create ${zfsopt} "${zhome}"; then err "There was an error creating ZFS dataset (${zhome})." return 1 else info "Successfully created ZFS dataset (${zhome})." fi } # set_zfs_perms # Give new user ownership of newly created zfs dataset. # set_zfs_perms() { if ! ${ZFSCMD} allow "${username}" create,destroy,mount,snapshot "${zhome}"; then err "There was an error setting permissions on ZFS dataset (${zhome})." return 1 fi } # input_from_file # Reads a line of account information from standard input and # adds it to the user database. # input_from_file() { local _field while read -r fileline ; do case "$fileline" in \#*|'') ;; *) get_user || continue get_gecos get_uid get_logingroup get_class get_shell get_homedir get_zfs_home get_homeperm get_password get_expire_dates ugroups="$defaultgroups" add_user ;; esac done } # input_interactive # Prompts for user information interactively, and commits to # the user database. # input_interactive() { local _disable _pass _passconfirm _input local _random="no" local _emptypass="no" local _usepass="yes" local _logingroup_ok="no" local _groups_ok="no" local _all_ok="yes" local _another_user="no" case $passwdtype in none) _emptypass="yes" _usepass="yes" ;; no) _usepass="no" ;; random) _random="yes" ;; esac get_user get_gecos get_uid # The case where group = user is handled elsewhere, so # validate any other groups the user is invited to. until [ "$_logingroup_ok" = yes ]; do get_logingroup _logingroup_ok=yes if [ -n "$ulogingroup" ] && [ "$username" != "$ulogingroup" ]; then if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then echo "Group $ulogingroup does not exist!" _logingroup_ok=no fi fi done until [ "$_groups_ok" = yes ]; do get_groups _groups_ok=yes for i in $ugroups; do if [ "$username" != "$i" ]; then if ! ${PWCMD} show group $i > /dev/null 2>&1; then echo "Group $i does not exist!" _groups_ok=no fi fi done done get_class get_shell get_homedir get_homeperm get_zfs_home [ "$Zcreate" = "yes" ] && get_zfs_encryption while : ; do echo -n "Use password-based authentication? [$_usepass]: " read _input [ -z "$_input" ] && _input=$_usepass case $_input in [Nn][Oo]|[Nn]) passwdtype="no" ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) while : ; do echo -n "Use an empty password? (yes/no) [$_emptypass]: " read _input [ -n "$_input" ] && _emptypass=$_input case $_emptypass in [Nn][Oo]|[Nn]) echo -n "Use a random password? (yes/no) [$_random]: " read _input [ -n "$_input" ] && _random="$_input" case $_random in [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) passwdtype="random" break ;; esac passwdtype="yes" [ -n "$configflag" ] && break trap 'stty echo; exit' 0 1 2 3 15 stty -echo echo -n "Enter password: " IFS= read -r upass echo'' echo -n "Enter password again: " IFS= read -r _passconfirm echo '' stty echo # if user entered a blank password # explicitly ask again. [ -z "$upass$_passconfirm" ] && continue ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) passwdtype="none" break; ;; *) # invalid answer; repeat the loop continue ;; esac if [ "$upass" != "$_passconfirm" ]; then echo "Passwords did not match!" continue fi break done ;; *) # invalid answer; repeat loop continue ;; esac break; done _disable=${disableflag:-"no"} while : ; do echo -n "Lock out the account after creation? [$_disable]: " read _input [ -z "$_input" ] && _input=$_disable case $_input in [Nn][Oo]|[Nn]) disableflag= ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) disableflag=yes ;; *) # invalid answer; repeat loop continue ;; esac break done # Display the information we have so far and prompt to # commit it. # _disable=${disableflag:-"no"} [ -z "$configflag" ] && printf "%-11s : %s\n" Username $username case $passwdtype in yes) _pass='*****' ;; no) _pass='' ;; none) _pass='' ;; random) _pass='' ;; esac [ -z "$configflag" ] && printf "%-11s : %s\n" "Password" "$_pass" [ -n "$configflag" ] && printf "%-11s : %s\n" "Pass Type" "$passwdtype" [ -z "$configflag" ] && printf "%-11s : %s\n" "Full Name" "$ugecos" [ -z "$configflag" ] && printf "%-11s : %s\n" "Uid" "$uuid" [ "$Zcreate" = "yes" ] && [ -z "$configflag" ] && printf "%-11s : %s\n" "ZFS dataset" "${zhome}" [ "$Zencrypt" = "yes" ] && [ -z "$configflag" ] && printf "%-11s : %s\n" "Encrypted" "${Zencrypt}" printf "%-11s : %s\n" "Class" "$uclass" printf "%-11s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" printf "%-11s : %s\n" "Home" "$uhome" printf "%-11s : %s\n" "Home Mode" "$uhomeperm" printf "%-11s : %s\n" "Shell" "$ushell" printf "%-11s : %s\n" "Locked" "$_disable" while : ; do echo -n "OK? (yes/no) [$_all_ok]: " read _input if [ -z "$_input" ]; then _input=$_all_ok fi case $_input in [Nn][Oo]|[Nn]) return 1 ;; [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) add_user ;; *) continue ;; esac break done return 0 } #### END SUBROUTINE DEFINITION #### THISCMD=${0##*/} DEFAULTSHELL=/bin/sh ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" PWCMD="${PWCMD:-/usr/sbin/pw}" MAILCMD="${MAILCMD:-mail}" ETCSHELLS="${ETCSHELLS:-/etc/shells}" NOHOME="/nonexistent" NOLOGIN="nologin" NOLOGIN_PATH="/usr/sbin/nologin" GREPCMD="/usr/bin/grep" DATECMD="/bin/date" MKDIRCMD="/bin/mkdir" MOUNTCMD="/sbin/mount" UMOUNTCMD="/sbin/umount" ZFSCMD="/sbin/zfs" KLDSTATCMD="/sbin/kldstat" # Set default values # username= uuid= uidstart= ugecos= ulogingroup= uclass= uhome= uhomeperm= upass= ushell= udotdir=/usr/share/skel ugroups= uexpire= upwexpire= shells="$(valid_shells)" passwdtype="yes" msgfile=/etc/adduser.msg msgflag= quietflag= configflag= fflag= infile= disableflag= Dflag= Sflag= Zcreate="yes" readconfig="yes" homeprefix="/home" randompass= fileline= savedpwtype= defaultclass= defaultLgroup= defaultgroups= defaultshell="${DEFAULTSHELL}" defaultHomePerm= zfsopt= Zencrypt="no" # Make sure the user running this program is root. This isn't a security # measure as much as it is a useful method of reminding the user to # 'su -' before he/she wastes time entering data that won't be saved. # procowner=${procowner:-$(/usr/bin/id -u)} if [ "$procowner" != "0" ]; then err 'you must be the super-user (uid 0) to use this utility.' exit 1 fi # Override from our conf file # Quickly go through the commandline line to see if we should read # from our configuration file. The actual parsing of the commandline # arguments happens after we read in our configuration file (commandline # should override configuration file). # for _i in $* ; do if [ "$_i" = "-N" ]; then readconfig= break; fi done if [ -n "$readconfig" ] && [ -r "${ADDUSERCONF}" ]; then . "${ADDUSERCONF}" fi # Process command-line options # for _switch ; do case $_switch in -L) defaultclass="$2" shift; shift ;; -C) configflag=yes shift ;; -D) Dflag=yes shift ;; -E) disableflag=yes shift ;; -k) udotdir="$2" shift; shift ;; -f) [ "$2" != "-" ] && infile="$2" fflag=yes shift; shift ;; -g) defaultLgroup="$2" shift; shift ;; -G) defaultgroups="$2" shift; shift ;; -h) show_usage exit 0 ;; -d) homeprefix="$2" shift; shift ;; -m) case "$2" in [Nn][Oo]) msgflag= ;; *) msgflag=yes msgfile="$2" ;; esac shift; shift ;; -M) defaultHomePerm=$2 shift; shift ;; -N) readconfig= shift ;; -w) case "$2" in no|none|random|yes) passwdtype=$2 ;; *) show_usage exit 1 ;; esac shift; shift ;; -q) quietflag=yes shift ;; -s) defaultshell="$(fullpath_from_shell $2)" shift; shift ;; -S) Sflag=yes shift ;; -u) uidstart=$2 shift; shift ;; -Z) Zcreate="no" shift ;; esac done # If the -f switch was used, get input from a file. Otherwise, # this is an interactive session. # if [ -n "$fflag" ]; then if [ -z "$infile" ]; then input_from_file elif [ -n "$infile" ]; then if [ -r "$infile" ]; then input_from_file < $infile else err "File ($infile) is unreadable or does not exist." fi fi else input_interactive while : ; do if [ -z "$configflag" ]; then echo -n "Add another user? (yes/no) [$_another_user]: " else echo -n "Re-edit the default configuration? (yes/no) [$_another_user]: " fi read _input if [ -z "$_input" ]; then _input=$_another_user fi case $_input in [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) uidstart=$(get_nextuid $uidstart) input_interactive continue ;; [Nn][Oo]|[Nn]) echo "Goodbye!" ;; *) continue ;; esac break done fi