xref: /freebsd/usr.sbin/adduser/adduser.sh (revision 35a04710d7286aa9538917fd7f8e417dbee95b82) 
1#!/bin/sh
2#
3# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24#
25#       Email: Mike Makonnen <mtm@FreeBSD.Org>
26#
27# $FreeBSD$
28#
29
30# err msg
31#       Display $msg on stderr, unless we're being quiet.
32#
33err() {
34	if [ -z "$quietflag" ]; then
35        	echo 1>&2 ${THISCMD}: ERROR: $*
36	fi
37}
38
39# info msg
40#       Display $msg on stdout, unless we're being quiet.
41#
42info() {
43	if [ -z "$quietflag" ]; then
44        	echo ${THISCMD}: INFO: $*
45	fi
46}
47
48# get_nextuid
49#	Output the value of $_uid if it is available for use. If it
50#	is not, output the value of the next higher uid that is available.
51#	If a uid is not specified, output the first available uid, as indicated
52#	by pw(8).
53#
54get_nextuid () {
55	_uid=$1
56	_nextuid=
57
58	if [ -z "$_uid" ]; then
59		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
60	else
61		while : ; do
62			${PWCMD} usershow $_uid > /dev/null 2>&1
63			if [ ! "$?" -eq 0 ]; then
64				_nextuid=$_uid
65				break
66			fi
67			_uid=$(($_uid + 1))
68		done
69	fi
70	echo $_nextuid
71}
72
73# show_usage
74#	Display usage information for this utility.
75#
76show_usage() {
77	echo "usage: ${THISCMD} [options]"
78	echo "  options may include:"
79	echo "  -C		save to the configuration file only"
80	echo "  -D		do not attempt to create the home directory"
81	echo "  -E		disable this account after creation"
82	echo "  -G		additional groups to add accounts to"
83	echo "  -L		login class of the user"
84	echo "  -N		do not read configuration file"
85	echo "  -S		a nonexistent shell is not an error"
86	echo "  -d		home directory"
87	echo "  -f		file from which input will be received"
88	echo "  -g		default login group"
89	echo "  -h		display this usage message"
90	echo "  -k		path to skeleton home directory"
91	echo "  -m		user welcome message file"
92	echo "  -q		absolute minimal user feedback"
93	echo "  -s		shell"
94	echo "  -u		uid to start at"
95	echo "  -w		password type: no, none, yes or random"
96}
97
98# valid_shells
99#	Outputs a list of valid shells from /etc/shells. Only the
100#	basename of the shell is output.
101#
102valid_shells() {
103	_prefix=
104	cat ${ETCSHELLS} |
105	while read _path _junk ; do
106		case $_path in
107		\#*|'')
108			;;
109		*)
110			echo -n "${_prefix}`basename $_path`"
111			_prefix=' '
112			;;
113		esac
114	done
115
116	# /usr/sbin/nologin is a special case
117	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
118}
119
120# fullpath_from_shell shell
121#	Given $shell, which is either the full path to a shell or
122#	the basename component of a valid shell, get the
123#	full path to the shell from the /etc/shells file.
124#
125fullpath_from_shell() {
126	_shell=$1
127	[ -z "$_shell" ] && return 1
128
129	# /usr/sbin/nologin is a special case; it needs to be handled
130	# before the cat | while loop, since a 'return' from within
131	# a subshell will not terminate the function's execution, and
132	# the path to the nologin shell might be printed out twice.
133	#
134	if [ "$_shell" = "${NOLOGIN}" -o \
135	    "$_shell" = "${NOLOGIN_PATH}" ]; then
136		echo ${NOLOGIN_PATH}
137		return 0;
138	fi
139
140	cat ${ETCSHELLS} |
141	while read _path _junk ; do
142		case "$_path" in
143		\#*|'')
144			;;
145		*)
146			if [ "$_path" = "$_shell" -o \
147			    "`basename $_path`" = "$_shell" ]; then
148				echo $_path
149				return 0
150			fi
151			;;
152		esac
153	done
154
155	return 1
156}
157
158# shell_exists shell
159#	If the given shell is listed in ${ETCSHELLS} or it is
160#	the nologin shell this function will return 0.
161#	Otherwise, it will return 1. If shell is valid but
162#	the path is invalid or it is not executable it
163#	will emit an informational message saying so.
164#
165shell_exists()
166{
167	_sh="$1"
168	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
169
170	if ! eval $_shellchk; then
171		# The nologin shell is not listed in /etc/shells.
172		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
173			err "Invalid shell ($_sh) for user $username."
174			return 1
175		fi
176	fi
177	! [ -x "$_sh" ] &&
178	    info "The shell ($_sh) does not exist or is not executable."
179
180	return 0
181}
182
183# save_config
184#	Save some variables to a configuration file.
185#	Note: not all script variables are saved, only those that
186#	      it makes sense to save.
187#
188save_config() {
189	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
190	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
191	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
192	echo ''				>> ${ADDUSERCONF}
193	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
194	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
195	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
196	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
197	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
198	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
199	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
200	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
201	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
202	echo "uidstart=$uidstart"       >> ${ADDUSERCONF}
203}
204
205# add_user
206#	Add a user to the user database. If the user chose to send a welcome
207#	message or lock the account, do so.
208#
209add_user() {
210
211	# Is this a configuration run? If so, don't modify user database.
212	#
213	if [ -n "$configflag" ]; then
214		save_config
215		return
216	fi
217
218	_uid=
219	_name=
220	_comment=
221	_gecos=
222	_home=
223	_group=
224	_grouplist=
225	_shell=
226	_class=
227	_dotdir=
228	_expire=
229	_pwexpire=
230	_passwd=
231	_upasswd=
232	_passwdmethod=
233
234	_name="-n '$username'"
235	[ -n "$uuid" ] && _uid='-u "$uuid"'
236	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
237	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
238	[ -n "$ushell" ] && _shell='-s "$ushell"'
239	[ -n "$uclass" ] && _class='-L "$uclass"'
240	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
241	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
242	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
243	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
244	if [ -z "$Dflag" -a -n "$uhome" ]; then
245		# The /nonexistent home directory is special. It
246		# means the user has no home directory.
247		if [ "$uhome" = "$NOHOME" ]; then
248			_home='-d "$uhome"'
249		else
250			_home='-m -d "$uhome"'
251		fi
252	elif [ -n "$Dflag" -a -n "$uhome" ]; then
253		_home='-d "$uhome"'
254	fi
255	case $passwdtype in
256	no)
257		_passwdmethod="-w no"
258		_passwd="-h -"
259		;;
260	yes)
261		# Note on processing the password: The outer double quotes
262		# make literal everything except ` and \ and $.
263		# The outer single quotes make literal ` and $.
264		# We can ensure the \ isn't treated specially by specifying
265		# the -r switch to the read command used to obtain the input.
266		#
267		_passwdmethod="-w yes"
268		_passwd="-h 0"
269		_upasswd='echo "$upass" |'
270		;;
271	none)
272		_passwdmethod="-w none"
273		;;
274	random)
275		_passwdmethod="-w random"
276		;;
277	esac
278
279	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
280	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
281	_pwcmd="$_pwcmd $_expire $_pwexpire"
282
283	if ! _output=`eval $_pwcmd` ; then
284		err "There was an error adding user ($username)."
285		return 1
286	else
287		info "Successfully added ($username) to the user database."
288		if [ "random" = "$passwdtype" ]; then
289			randompass="$_output"
290			info "Password for ($username) is: $randompass"
291		fi
292	fi
293
294	if [ -n "$disableflag" ]; then
295		if ${PWCMD} lock $username ; then
296			info "Account ($username) is locked."
297		else
298			info "Account ($username) could NOT be locked."
299		fi
300	fi
301
302	_line=
303	_owner=
304	_perms=
305	if [ -n "$msgflag" ]; then
306		[ -r "$msgfile" ] && {
307			# We're evaluating the contents of an external file.
308			# Let's not open ourselves up for attack. _perms will
309			# be empty if it's writeable only by the owner. _owner
310			# will *NOT* be empty if the file is owned by root.
311			#
312			_dir="`dirname $msgfile`"
313			_file="`basename $msgfile`"
314			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
315			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
316			if [ -z "$_owner" -o -n "$_perms" ]; then
317				err "The message file ($msgfile) may be writeable only by root."
318				return 1
319			fi
320			cat "$msgfile" |
321			while read _line ; do
322				eval echo "$_line"
323			done | ${MAILCMD} -s"Welcome" ${username}
324			info "Sent welcome message to ($username)."
325		}
326	fi
327}
328
329# get_user
330#	Reads username of the account from standard input or from a global
331#	variable containing an account line from a file. The username is
332#	required. If this is an interactive session it will prompt in
333#	a loop until a username is entered. If it is batch processing from
334#	a file it will output an error message and return to the caller.
335#
336get_user() {
337	_input=
338
339	# No need to take down user names if this is a configuration saving run.
340	[ -n "$configflag" ] && return
341
342	while : ; do
343		if [ -z "$fflag" ]; then
344			echo -n "Username: "
345			read _input
346		else
347			_input="`echo "$fileline" | cut -f1 -d:`"
348		fi
349
350		# There *must* be a username, and it must not exist. If
351		# this is an interactive session give the user an
352		# opportunity to retry.
353		#
354		if [ -z "$_input" ]; then
355			err "You must enter a username!"
356			[ -z "$fflag" ] && continue
357		fi
358		${PWCMD} usershow $_input > /dev/null 2>&1
359		if [ "$?" -eq 0 ]; then
360			err "User exists!"
361			[ -z "$fflag" ] && continue
362		fi
363		break
364	done
365	username="$_input"
366}
367
368# get_gecos
369#	Reads extra information about the user. Can be used both in interactive
370#	and batch (from file) mode.
371#
372get_gecos() {
373	_input=
374
375	# No need to take down additional user information for a configuration run.
376	[ -n "$configflag" ] && return
377
378	if [ -z "$fflag" ]; then
379		echo -n "Full name: "
380		read _input
381	else
382		_input="`echo "$fileline" | cut -f7 -d:`"
383	fi
384	ugecos="$_input"
385}
386
387# get_shell
388#	Get the account's shell. Works in interactive and batch mode. It
389#	accepts either the base name of the shell or the full path.
390#	If an invalid shell is entered it will simply use the default shell.
391#
392get_shell() {
393	_input=
394	_fullpath=
395	ushell="$defaultshell"
396
397	# Make sure the current value of the shell is a valid one
398	if [ -z "$Sflag" ]; then
399		if ! shell_exists $ushell ; then
400			info "Using default shell ${defaultshell}."
401			ushell="$defaultshell"
402		fi
403	fi
404
405	if [ -z "$fflag" ]; then
406		echo -n "Shell ($shells) [`basename $ushell`]: "
407		read _input
408	else
409		_input="`echo "$fileline" | cut -f9 -d:`"
410	fi
411	if [ -n "$_input" ]; then
412		if [ -n "$Sflag" ]; then
413			ushell="$_input"
414		else
415			_fullpath=`fullpath_from_shell $_input`
416			if [ -n "$_fullpath" ]; then
417				ushell="$_fullpath"
418			else
419				err "Invalid shell ($_input) for user $username."
420				info "Using default shell ${defaultshell}."
421				ushell="$defaultshell"
422			fi
423		fi
424	fi
425}
426
427# get_homedir
428#	Reads the account's home directory. Used both with interactive input
429#	and batch input.
430#
431get_homedir() {
432	_input=
433	if [ -z "$fflag" ]; then
434		echo -n "Home directory [${homeprefix}/${username}]: "
435		read _input
436	else
437		_input="`echo "$fileline" | cut -f8 -d:`"
438	fi
439
440	if [ -n "$_input" ]; then
441		uhome="$_input"
442		# if this is a configuration run, then user input is the home
443		# directory prefix. Otherwise it is understood to
444		# be $prefix/$user
445		#
446		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
447	else
448		uhome="${homeprefix}/${username}"
449	fi
450}
451
452# get_uid
453#	Reads a numeric userid in an interactive or batch session. Automatically
454#	allocates one if it is not specified.
455#
456get_uid() {
457	uuid=${uidstart}
458	_input=
459	_prompt=
460
461	if [ -n "$uuid" ]; then
462		_prompt="Uid [$uuid]: "
463	else
464		_prompt="Uid (Leave empty for default): "
465	fi
466	if [ -z "$fflag" ]; then
467		echo -n "$_prompt"
468		read _input
469	else
470		_input="`echo "$fileline" | cut -f2 -d:`"
471	fi
472
473	[ -n "$_input" ] && uuid=$_input
474	uuid=`get_nextuid $uuid`
475	uidstart=$uuid
476}
477
478# get_class
479#	Reads login class of account. Can be used in interactive or batch mode.
480#
481get_class() {
482	uclass="$defaultclass"
483	_input=
484	_class=${uclass:-"default"}
485
486	if [ -z "$fflag" ]; then
487		echo -n "Login class [$_class]: "
488		read _input
489	else
490		_input="`echo "$fileline" | cut -f4 -d:`"
491	fi
492
493	[ -n "$_input" ] && uclass="$_input"
494}
495
496# get_logingroup
497#	Reads user's login group. Can be used in both interactive and batch
498#	modes. The specified value can be a group name or its numeric id.
499#	This routine leaves the field blank if nothing is provided and
500#	a default login group has not been set. The pw(8) command
501#	will then provide a login group with the same name as the username.
502#
503get_logingroup() {
504	ulogingroup="$defaultLgroup"
505	_input=
506
507	if [ -z "$fflag" ]; then
508		echo -n "Login group [${ulogingroup:-$username}]: "
509		read _input
510	else
511		_input="`echo "$fileline" | cut -f3 -d:`"
512	fi
513
514	# Pw(8) will use the username as login group if it's left empty
515	[ -n "$_input" ] && ulogingroup="$_input"
516}
517
518# get_groups
519#	Read additional groups for the user. It can be used in both interactive
520#	and batch modes.
521#
522get_groups() {
523	ugroups="$defaultgroups"
524	_input=
525	_group=${ulogingroup:-"${username}"}
526
527	if [ -z "$configflag" ]; then
528		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
529		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
530	else
531		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
532	fi
533	read _input
534
535	[ -n "$_input" ] && ugroups="$_input"
536}
537
538# get_expire_dates
539#	Read expiry information for the account and also for the password. This
540#	routine is used only from batch processing mode.
541#
542get_expire_dates() {
543	upwexpire="`echo "$fileline" | cut -f5 -d:`"
544	uexpire="`echo "$fileline" | cut -f6 -d:`"
545}
546
547# get_password
548#	Read the password in batch processing mode. The password field matters
549#	only when the password type is "yes" or "random". If the field is empty and the
550#	password type is "yes", then it assumes the account has an empty passsword
551#	and changes the password type accordingly. If the password type is "random"
552#	and the password field is NOT empty, then it assumes the account will NOT
553#	have a random password and set passwdtype to "yes."
554#
555get_password() {
556	# We may temporarily change a password type. Make sure it's changed
557	# back to whatever it was before we process the next account.
558	#
559	[ -n "$savedpwtype" ] && {
560		passwdtype=$savedpwtype
561		savedpwtype=
562	}
563
564	# There may be a ':' in the password
565	upass=${fileline#*:*:*:*:*:*:*:*:*:}
566
567	if [ -z "$upass" ]; then
568		case $passwdtype in
569		yes)
570			# if it's empty, assume an empty password
571			passwdtype=none
572			savedpwtype=yes
573			;;
574		esac
575	else
576		case $passwdtype in
577		random)
578			passwdtype=yes
579			savedpwtype=random
580			;;
581		esac
582	fi
583}
584
585# input_from_file
586#	Reads a line of account information from standard input and
587#	adds it to the user database.
588#
589input_from_file() {
590	_field=
591
592	while read -r fileline ; do
593		case "$fileline" in
594		\#*|'')
595			;;
596		*)
597			get_user || continue
598			get_gecos
599			get_uid
600			get_logingroup
601			get_class
602			get_shell
603			get_homedir
604			get_password
605			get_expire_dates
606			ugroups="$defaultgroups"
607
608			add_user
609			;;
610		esac
611	done
612}
613
614# input_interactive
615#	Prompts for user information interactively, and commits to
616#	the user database.
617#
618input_interactive() {
619
620	_disable=
621	_pass=
622	_passconfirm=
623	_random="no"
624	_emptypass="no"
625	_usepass="yes"
626	_logingroup_ok="no"
627	_groups_ok="no"
628	case $passwdtype in
629	none)
630		_emptypass="yes"
631		_usepass="yes"
632		;;
633	no)
634		_usepass="no"
635		;;
636	random)
637		_random="yes"
638		;;
639	esac
640
641	get_user
642	get_gecos
643	get_uid
644
645	# The case where group = user is handled elsewhere, so
646	# validate any other groups the user is invited to.
647	until [ "$_logingroup_ok" = yes ]; do
648		get_logingroup
649		_logingroup_ok=yes
650		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
651			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
652				echo "Group $ulogingroup does not exist!"
653				_logingroup_ok=no
654			fi
655		fi
656	done
657	until [ "$_groups_ok" = yes ]; do
658		get_groups
659		_groups_ok=yes
660		for i in $ugroups; do
661			if [ "$username" != "$i" ]; then
662				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
663					echo "Group $i does not exist!"
664					_groups_ok=no
665				fi
666			fi
667		done
668	done
669
670	get_class
671	get_shell
672	get_homedir
673
674	while : ; do
675		echo -n "Use password-based authentication? [$_usepass]: "
676		read _input
677		[ -z "$_input" ] && _input=$_usepass
678		case $_input in
679		[Nn][Oo]|[Nn])
680			passwdtype="no"
681			;;
682		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
683			while : ; do
684				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
685				read _input
686				[ -n "$_input" ] && _emptypass=$_input
687				case $_emptypass in
688				[Nn][Oo]|[Nn])
689					echo -n "Use a random password? (yes/no) [$_random]: "
690					read _input
691					[ -n "$_input" ] && _random="$_input"
692					case $_random in
693					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
694						passwdtype="random"
695						break
696						;;
697					esac
698					passwdtype="yes"
699					[ -n "$configflag" ] && break
700					trap 'stty echo; exit' 0 1 2 3 15
701					stty -echo
702					echo -n "Enter password: "
703					read -r upass
704					echo''
705					echo -n "Enter password again: "
706					read -r _passconfirm
707					echo ''
708					stty echo
709					# if user entered a blank password
710					# explicitly ask again.
711					[ -z "$upass" -a -z "$_passconfirm" ] \
712					    && continue
713					;;
714				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
715					passwdtype="none"
716					break;
717					;;
718				*)
719					# invalid answer; repeat the loop
720					continue
721					;;
722				esac
723				if [ "$upass" != "$_passconfirm" ]; then
724					echo "Passwords did not match!"
725					continue
726				fi
727				break
728			done
729			;;
730		*)
731			# invalid answer; repeat loop
732			continue
733			;;
734		esac
735		break;
736	done
737	_disable=${disableflag:-"no"}
738	while : ; do
739		echo -n "Lock out the account after creation? [$_disable]: "
740		read _input
741		[ -z "$_input" ] && _input=$_disable
742		case $_input in
743		[Nn][Oo]|[Nn])
744			disableflag=
745			;;
746		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
747			disableflag=yes
748			;;
749		*)
750			# invalid answer; repeat loop
751			continue
752			;;
753		esac
754		break
755	done
756
757	# Display the information we have so far and prompt to
758	# commit it.
759	#
760	_disable=${disableflag:-"no"}
761	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
762	case $passwdtype in
763	yes)
764		_pass='*****'
765		;;
766	no)
767		_pass='<disabled>'
768		;;
769	none)
770		_pass='<blank>'
771		;;
772	random)
773		_pass='<random>'
774		;;
775	esac
776	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
777	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
778	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
779	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
780	printf "%-10s : %s\n" "Class" "$uclass"
781	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
782	printf "%-10s : %s\n" "Home" "$uhome"
783	printf "%-10s : %s\n" "Shell" "$ushell"
784	printf "%-10s : %s\n" "Locked" "$_disable"
785	while : ; do
786		echo -n "OK? (yes/no): "
787		read _input
788		case $_input in
789		[Nn][Oo]|[Nn])
790			return 1
791			;;
792		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
793			add_user
794			;;
795		*)
796			continue
797			;;
798		esac
799		break
800	done
801	return 0
802}
803
804#### END SUBROUTINE DEFINITION ####
805
806THISCMD=`/usr/bin/basename $0`
807DEFAULTSHELL=/bin/sh
808ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
809PWCMD="${PWCMD:-/usr/sbin/pw}"
810MAILCMD="${MAILCMD:-mail}"
811ETCSHELLS="${ETCSHELLS:-/etc/shells}"
812NOHOME="/nonexistent"
813NOLOGIN="nologin"
814NOLOGIN_PATH="/usr/sbin/nologin"
815GREPCMD="/usr/bin/grep"
816DATECMD="/bin/date"
817
818# Set default values
819#
820username=
821uuid=
822uidstart=
823ugecos=
824ulogingroup=
825uclass=
826uhome=
827upass=
828ushell=
829udotdir=/usr/share/skel
830ugroups=
831uexpire=
832upwexpire=
833shells="`valid_shells`"
834passwdtype="yes"
835msgfile=/etc/adduser.msg
836msgflag=
837quietflag=
838configflag=
839fflag=
840infile=
841disableflag=
842Dflag=
843Sflag=
844readconfig="yes"
845homeprefix="/home"
846randompass=
847fileline=
848savedpwtype=
849defaultclass=
850defaultLgroup=
851defaultgroups=
852defaultshell="${DEFAULTSHELL}"
853
854# Make sure the user running this program is root. This isn't a security
855# measure as much as it is a usefull method of reminding the user to
856# 'su -' before he/she wastes time entering data that won't be saved.
857#
858procowner=${procowner:-`/usr/bin/id -u`}
859if [ "$procowner" != "0" ]; then
860	err 'you must be the super-user (uid 0) to use this utility.'
861	exit 1
862fi
863
864# Overide from our conf file
865# Quickly go through the commandline line to see if we should read
866# from our configuration file. The actual parsing of the commandline
867# arguments happens after we read in our configuration file (commandline
868# should override configuration file).
869#
870for _i in $* ; do
871	if [ "$_i" = "-N" ]; then
872		readconfig=
873		break;
874	fi
875done
876if [ -n "$readconfig" ]; then
877	# On a long-lived system, the first time this script is run it
878	# will barf upon reading the configuration file for its perl predecessor.
879	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
880		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
881	fi
882fi
883
884# Proccess command-line options
885#
886for _switch ; do
887	case $_switch in
888	-L)
889		defaultclass="$2"
890		shift; shift
891		;;
892	-C)
893		configflag=yes
894		shift
895		;;
896	-D)
897		Dflag=yes
898		shift
899		;;
900	-E)
901		disableflag=yes
902		shift
903		;;
904	-k)
905		udotdir="$2"
906		shift; shift
907		;;
908	-f)
909		[ "$2" != "-" ] && infile="$2"
910		fflag=yes
911		shift; shift
912		;;
913	-g)
914		defaultLgroup="$2"
915		shift; shift
916		;;
917	-G)
918		defaultgroups="$2"
919		shift; shift
920		;;
921	-h)
922		show_usage
923		exit 0
924		;;
925	-d)
926		homeprefix="$2"
927		shift; shift
928		;;
929	-m)
930		case "$2" in
931		[Nn][Oo])
932			msgflag=
933			;;
934		*)
935			msgflag=yes
936			msgfile="$2"
937			;;
938		esac
939		shift; shift
940		;;
941	-N)
942		readconfig=
943		shift
944		;;
945	-w)
946		case "$2" in
947		no|none|random|yes)
948			passwdtype=$2
949			;;
950		*)
951			show_usage
952			exit 1
953			;;
954		esac
955		shift; shift
956		;;
957	-q)
958		quietflag=yes
959		shift
960		;;
961	-s)
962		defaultshell="`fullpath_from_shell $2`"
963		shift; shift
964		;;
965	-S)
966		Sflag=yes
967		shift
968		;;
969	-u)
970		uidstart=$2
971		shift; shift
972		;;
973	esac
974done
975
976# If the -f switch was used, get input from a file. Otherwise,
977# this is an interactive session.
978#
979if [ -n "$fflag" ]; then
980	if [ -z "$infile" ]; then
981		input_from_file
982	elif [ -n "$infile" ]; then
983		if [ -r "$infile" ]; then
984			input_from_file < $infile
985		else
986			err "File ($infile) is unreadable or does not exist."
987		fi
988	fi
989else
990	input_interactive
991	while : ; do
992		if [ -z "$configflag" ]; then
993			echo -n "Add another user? (yes/no): "
994		else
995			echo -n "Re-edit the default configuration? (yes/no): "
996		fi
997		read _input
998		case $_input in
999		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
1000			uidstart=`get_nextuid $uidstart`
1001			input_interactive
1002			continue
1003			;;
1004		[Nn][Oo]|[Nn])
1005			echo "Goodbye!"
1006			;;
1007		*)
1008			continue
1009			;;
1010		esac
1011		break
1012	done
1013fi
1014