xref: /freebsd/usr.sbin/adduser/adduser.sh (revision bfe691b2f75de2224c7ceb304ebcdef2b42d4179) 
1#!/bin/sh
2#
3# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved.
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24#
25#       Email: Mike Makonnen <mtm@FreeBSD.Org>
26#
27# $FreeBSD$
28#
29
30# err msg
31#       Display $msg on stderr, unless we're being quiet.
32#
33err() {
34	if [ -z "$quietflag" ]; then
35        	echo 1>&2 ${THISCMD}: ERROR: $*
36	fi
37}
38
39# info msg
40#       Display $msg on stdout, unless we're being quiet.
41#
42info() {
43	if [ -z "$quietflag" ]; then
44        	echo ${THISCMD}: INFO: $*
45	fi
46}
47
48# get_nextuid
49#	Output the value of $_uid if it is available for use. If it
50#	is not, output the value of the next higher uid that is available.
51#	If a uid is not specified, output the first available uid, as indicated
52#	by pw(8).
53#
54get_nextuid () {
55	_uid=$1
56	_nextuid=
57
58	if [ -z "$_uid" ]; then
59		_nextuid="`${PWCMD} usernext | cut -f1 -d:`"
60	else
61		while : ; do
62			${PWCMD} usershow $_uid > /dev/null 2>&1
63			if [ ! "$?" -eq 0 ]; then
64				_nextuid=$_uid
65				break
66			fi
67			_uid=$(($_uid + 1))
68		done
69	fi
70	echo $_nextuid
71}
72
73# show_usage
74#	Display usage information for this utility.
75#
76show_usage() {
77	echo "usage: ${THISCMD} [options]"
78	echo "  options may include:"
79	echo "  -C		save to the configuration file only"
80	echo "  -D		do not attempt to create the home directory"
81	echo "  -E		disable this account after creation"
82	echo "  -G		additional groups to add accounts to"
83	echo "  -L		login class of the user"
84	echo "  -N		do not read configuration file"
85	echo "  -S		a nonexistent shell is not an error"
86	echo "  -d		home directory"
87	echo "  -f		file from which input will be received"
88	echo "  -g		default login group"
89	echo "  -h		display this usage message"
90	echo "  -k		path to skeleton home directory"
91	echo "  -m		user welcome message file"
92	echo "  -q		absolute minimal user feedback"
93	echo "  -s		shell"
94	echo "  -u		uid to start at"
95	echo "  -w		password type: no, none, yes or random"
96}
97
98# valid_shells
99#	Outputs a list of valid shells from /etc/shells. Only the
100#	basename of the shell is output.
101#
102valid_shells() {
103	_prefix=
104	cat ${ETCSHELLS} |
105	while read _path _junk ; do
106		case $_path in
107		\#*|'')
108			;;
109		*)
110			echo -n "${_prefix}`basename $_path`"
111			_prefix=' '
112			;;
113		esac
114	done
115
116	# /usr/sbin/nologin is a special case
117	[ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}"
118}
119
120# fullpath_from_shell shell
121#	Given $shell, which is either the full path to a shell or
122#	the basename component of a valid shell, get the
123#	full path to the shell from the /etc/shells file.
124#
125fullpath_from_shell() {
126	_shell=$1
127	[ -z "$_shell" ] && return 1
128
129	# /usr/sbin/nologin is a special case; it needs to be handled
130	# before the cat | while loop, since a 'return' from within
131	# a subshell will not terminate the function's execution, and
132	# the path to the nologin shell might be printed out twice.
133	#
134	if [ "$_shell" = "${NOLOGIN}" -o \
135	    "$_shell" = "${NOLOGIN_PATH}" ]; then
136		echo ${NOLOGIN_PATH}
137		return 0;
138	fi
139
140	cat ${ETCSHELLS} |
141	while read _path _junk ; do
142		case "$_path" in
143		\#*|'')
144			;;
145		*)
146			if [ "$_path" = "$_shell" -o \
147			    "`basename $_path`" = "$_shell" ]; then
148				echo $_path
149				return 0
150			fi
151			;;
152		esac
153	done
154
155	return 1
156}
157
158# shell_exists shell
159#	If the given shell is listed in ${ETCSHELLS} or it is
160#	the nologin shell this function will return 0.
161#	Otherwise, it will return 1. If shell is valid but
162#	the path is invalid or it is not executable it
163#	will emit an informational message saying so.
164#
165shell_exists()
166{
167	_sh="$1"
168	_shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1"
169
170	if ! eval $_shellchk; then
171		# The nologin shell is not listed in /etc/shells.
172		if [ "$_sh" != "${NOLOGIN_PATH}" ]; then
173			err "Invalid shell ($_sh) for user $username."
174			return 1
175		fi
176	fi
177	! [ -x "$_sh" ] &&
178	    info "The shell ($_sh) does not exist or is not executable."
179
180	return 0
181}
182
183# save_config
184#	Save some variables to a configuration file.
185#	Note: not all script variables are saved, only those that
186#	      it makes sense to save.
187#
188save_config() {
189	echo "# Configuration file for adduser(8)."     >  ${ADDUSERCONF}
190	echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF}
191	echo "# Last Modified on `${DATECMD}`."		>> ${ADDUSERCONF}
192	echo ''				>> ${ADDUSERCONF}
193	echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF}
194	echo "defaultclass=$uclass"	>> ${ADDUSERCONF}
195	echo "defaultgroups=$ugroups"	>> ${ADDUSERCONF}
196	echo "passwdtype=$passwdtype" 	>> ${ADDUSERCONF}
197	echo "homeprefix=$homeprefix" 	>> ${ADDUSERCONF}
198	echo "defaultshell=$ushell"	>> ${ADDUSERCONF}
199	echo "udotdir=$udotdir"		>> ${ADDUSERCONF}
200	echo "msgfile=$msgfile"		>> ${ADDUSERCONF}
201	echo "disableflag=$disableflag" >> ${ADDUSERCONF}
202}
203
204# add_user
205#	Add a user to the user database. If the user chose to send a welcome
206#	message or lock the account, do so.
207#
208add_user() {
209
210	# Is this a configuration run? If so, don't modify user database.
211	#
212	if [ -n "$configflag" ]; then
213		save_config
214		return
215	fi
216
217	_uid=
218	_name=
219	_comment=
220	_gecos=
221	_home=
222	_group=
223	_grouplist=
224	_shell=
225	_class=
226	_dotdir=
227	_expire=
228	_pwexpire=
229	_passwd=
230	_upasswd=
231	_passwdmethod=
232
233	_name="-n '$username'"
234	[ -n "$uuid" ] && _uid='-u "$uuid"'
235	[ -n "$ulogingroup" ] && _group='-g "$ulogingroup"'
236	[ -n "$ugroups" ] && _grouplist='-G "$ugroups"'
237	[ -n "$ushell" ] && _shell='-s "$ushell"'
238	[ -n "$uclass" ] && _class='-L "$uclass"'
239	[ -n "$ugecos" ] && _comment='-c "$ugecos"'
240	[ -n "$udotdir" ] && _dotdir='-k "$udotdir"'
241	[ -n "$uexpire" ] && _expire='-e "$uexpire"'
242	[ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"'
243	if [ -z "$Dflag" -a -n "$uhome" ]; then
244		# The /nonexistent home directory is special. It
245		# means the user has no home directory.
246		if [ "$uhome" = "$NOHOME" ]; then
247			_home='-d "$uhome"'
248		else
249			_home='-m -d "$uhome"'
250		fi
251	elif [ -n "$Dflag" -a -n "$uhome" ]; then
252		_home='-d "$uhome"'
253	fi
254	case $passwdtype in
255	no)
256		_passwdmethod="-w no"
257		_passwd="-h -"
258		;;
259	yes)
260		# Note on processing the password: The outer double quotes
261		# make literal everything except ` and \ and $.
262		# The outer single quotes make literal ` and $.
263		# We can ensure the \ isn't treated specially by specifying
264		# the -r switch to the read command used to obtain the input.
265		#
266		_passwdmethod="-w yes"
267		_passwd="-h 0"
268		_upasswd='echo "$upass" |'
269		;;
270	none)
271		_passwdmethod="-w none"
272		;;
273	random)
274		_passwdmethod="-w random"
275		;;
276	esac
277
278	_pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment"
279	_pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd"
280	_pwcmd="$_pwcmd $_expire $_pwexpire"
281
282	if ! _output=`eval $_pwcmd` ; then
283		err "There was an error adding user ($username)."
284		return 1
285	else
286		info "Successfully added ($username) to the user database."
287		if [ "random" = "$passwdtype" ]; then
288			randompass="$_output"
289			info "Password for ($username) is: $randompass"
290		fi
291	fi
292
293	if [ -n "$disableflag" ]; then
294		if ${PWCMD} lock $username ; then
295			info "Account ($username) is locked."
296		else
297			info "Account ($username) could NOT be locked."
298		fi
299	fi
300
301	_line=
302	_owner=
303	_perms=
304	if [ -n "$msgflag" ]; then
305		[ -r "$msgfile" ] && {
306			# We're evaluating the contents of an external file.
307			# Let's not open ourselves up for attack. _perms will
308			# be empty if it's writeable only by the owner. _owner
309			# will *NOT* be empty if the file is owned by root.
310			#
311			_dir="`dirname $msgfile`"
312			_file="`basename $msgfile`"
313			_perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune`
314			_owner=`/usr/bin/find $_dir -name $_file -user 0 -prune`
315			if [ -z "$_owner" -o -n "$_perms" ]; then
316				err "The message file ($msgfile) may be writeable only by root."
317				return 1
318			fi
319			cat "$msgfile" |
320			while read _line ; do
321				eval echo "$_line"
322			done | ${MAILCMD} -s"Welcome" ${username}
323			info "Sent welcome message to ($username)."
324		}
325	fi
326}
327
328# get_user
329#	Reads username of the account from standard input or from a global
330#	variable containing an account line from a file. The username is
331#	required. If this is an interactive session it will prompt in
332#	a loop until a username is entered. If it is batch processing from
333#	a file it will output an error message and return to the caller.
334#
335get_user() {
336	_input=
337
338	# No need to take down user names if this is a configuration saving run.
339	[ -n "$configflag" ] && return
340
341	while : ; do
342		if [ -z "$fflag" ]; then
343			echo -n "Username: "
344			read _input
345		else
346			_input="`echo "$fileline" | cut -f1 -d:`"
347		fi
348
349		# There *must* be a username, and it must not exist. If
350		# this is an interactive session give the user an
351		# opportunity to retry.
352		#
353		if [ -z "$_input" ]; then
354			err "You must enter a username!"
355			[ -z "$fflag" ] && continue
356		fi
357		${PWCMD} usershow $_input > /dev/null 2>&1
358		if [ "$?" -eq 0 ]; then
359			err "User exists!"
360			[ -z "$fflag" ] && continue
361		fi
362		break
363	done
364	username="$_input"
365}
366
367# get_gecos
368#	Reads extra information about the user. Can be used both in interactive
369#	and batch (from file) mode.
370#
371get_gecos() {
372	_input=
373
374	# No need to take down additional user information for a configuration run.
375	[ -n "$configflag" ] && return
376
377	if [ -z "$fflag" ]; then
378		echo -n "Full name: "
379		read _input
380	else
381		_input="`echo "$fileline" | cut -f7 -d:`"
382	fi
383	ugecos="$_input"
384}
385
386# get_shell
387#	Get the account's shell. Works in interactive and batch mode. It
388#	accepts either the base name of the shell or the full path.
389#	If an invalid shell is entered it will simply use the default shell.
390#
391get_shell() {
392	_input=
393	_fullpath=
394	ushell="$defaultshell"
395
396	# Make sure the current value of the shell is a valid one
397	if [ -z "$Sflag" ]; then
398		if ! shell_exists $ushell ; then
399			info "Using default shell ${defaultshell}."
400			ushell="$defaultshell"
401		fi
402	fi
403
404	if [ -z "$fflag" ]; then
405		echo -n "Shell ($shells) [`basename $ushell`]: "
406		read _input
407	else
408		_input="`echo "$fileline" | cut -f9 -d:`"
409	fi
410	if [ -n "$_input" ]; then
411		if [ -n "$Sflag" ]; then
412			ushell="$_input"
413		else
414			_fullpath=`fullpath_from_shell $_input`
415			if [ -n "$_fullpath" ]; then
416				ushell="$_fullpath"
417			else
418				err "Invalid shell ($_input) for user $username."
419				info "Using default shell ${defaultshell}."
420				ushell="$defaultshell"
421			fi
422		fi
423	fi
424}
425
426# get_homedir
427#	Reads the account's home directory. Used both with interactive input
428#	and batch input.
429#
430get_homedir() {
431	_input=
432	if [ -z "$fflag" ]; then
433		echo -n "Home directory [${homeprefix}/${username}]: "
434		read _input
435	else
436		_input="`echo "$fileline" | cut -f8 -d:`"
437	fi
438
439	if [ -n "$_input" ]; then
440		uhome="$_input"
441		# if this is a configuration run, then user input is the home
442		# directory prefix. Otherwise it is understood to
443		# be $prefix/$user
444		#
445		[ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome"
446	else
447		uhome="${homeprefix}/${username}"
448	fi
449}
450
451# get_uid
452#	Reads a numeric userid in an interactive or batch session. Automatically
453#	allocates one if it is not specified.
454#
455get_uid() {
456	if [ -z "$uuid" ]; then
457		uuid=${uidstart}
458	fi
459
460	_input=
461	_prompt=
462
463	# No need to take down uids for a configuration saving run.
464	[ -n "$configflag" ] && return
465
466	if [ -n "$uuid" ]; then
467		_prompt="Uid [$uuid]: "
468	else
469		_prompt="Uid (Leave empty for default): "
470	fi
471	if [ -z "$fflag" ]; then
472		echo -n "$_prompt"
473		read _input
474	else
475		_input="`echo "$fileline" | cut -f2 -d:`"
476	fi
477
478	[ -n "$_input" ] && uuid=$_input
479	uuid=`get_nextuid $uuid`
480	uidstart=$uuid
481}
482
483# get_class
484#	Reads login class of account. Can be used in interactive or batch mode.
485#
486get_class() {
487	uclass="$defaultclass"
488	_input=
489	_class=${uclass:-"default"}
490
491	if [ -z "$fflag" ]; then
492		echo -n "Login class [$_class]: "
493		read _input
494	else
495		_input="`echo "$fileline" | cut -f4 -d:`"
496	fi
497
498	[ -n "$_input" ] && uclass="$_input"
499}
500
501# get_logingroup
502#	Reads user's login group. Can be used in both interactive and batch
503#	modes. The specified value can be a group name or its numeric id.
504#	This routine leaves the field blank if nothing is provided and
505#	a default login group has not been set. The pw(8) command
506#	will then provide a login group with the same name as the username.
507#
508get_logingroup() {
509	ulogingroup="$defaultLgroup"
510	_input=
511
512	if [ -z "$fflag" ]; then
513		echo -n "Login group [${ulogingroup:-$username}]: "
514		read _input
515	else
516		_input="`echo "$fileline" | cut -f3 -d:`"
517	fi
518
519	# Pw(8) will use the username as login group if it's left empty
520	[ -n "$_input" ] && ulogingroup="$_input"
521}
522
523# get_groups
524#	Read additional groups for the user. It can be used in both interactive
525#	and batch modes.
526#
527get_groups() {
528	ugroups="$defaultgroups"
529	_input=
530	_group=${ulogingroup:-"${username}"}
531
532	if [ -z "$configflag" ]; then
533		[ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username"
534		[ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: "
535	else
536		[ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: "
537	fi
538	read _input
539
540	[ -n "$_input" ] && ugroups="$_input"
541}
542
543# get_expire_dates
544#	Read expiry information for the account and also for the password. This
545#	routine is used only from batch processing mode.
546#
547get_expire_dates() {
548	upwexpire="`echo "$fileline" | cut -f5 -d:`"
549	uexpire="`echo "$fileline" | cut -f6 -d:`"
550}
551
552# get_password
553#	Read the password in batch processing mode. The password field matters
554#	only when the password type is "yes" or "random". If the field is empty and the
555#	password type is "yes", then it assumes the account has an empty passsword
556#	and changes the password type accordingly. If the password type is "random"
557#	and the password field is NOT empty, then it assumes the account will NOT
558#	have a random password and set passwdtype to "yes."
559#
560get_password() {
561	# We may temporarily change a password type. Make sure it's changed
562	# back to whatever it was before we process the next account.
563	#
564	[ -n "$savedpwtype" ] && {
565		passwdtype=$savedpwtype
566		savedpwtype=
567	}
568
569	# There may be a ':' in the password
570	upass=${fileline#*:*:*:*:*:*:*:*:*:}
571
572	if [ -z "$upass" ]; then
573		case $passwdtype in
574		yes)
575			# if it's empty, assume an empty password
576			passwdtype=none
577			savedpwtype=yes
578			;;
579		esac
580	else
581		case $passwdtype in
582		random)
583			passwdtype=yes
584			savedpwtype=random
585			;;
586		esac
587	fi
588}
589
590# input_from_file
591#	Reads a line of account information from standard input and
592#	adds it to the user database.
593#
594input_from_file() {
595	_field=
596
597	while read -r fileline ; do
598		case "$fileline" in
599		\#*|'')
600			;;
601		esac
602
603		get_user || continue
604		get_gecos
605		get_uid
606		get_logingroup
607		get_class
608		get_shell
609		get_homedir
610		get_password
611		get_expire_dates
612
613		add_user
614	done
615}
616
617# input_interactive
618#	Prompts for user information interactively, and commits to
619#	the user database.
620#
621input_interactive() {
622
623	_disable=
624	_pass=
625	_passconfirm=
626	_random="no"
627	_emptypass="no"
628	_usepass="yes"
629	_logingroup_ok="no"
630	_groups_ok="no"
631	case $passwdtype in
632	none)
633		_emptypass="yes"
634		_usepass="yes"
635		;;
636	no)
637		_usepass="no"
638		;;
639	random)
640		_random="yes"
641		;;
642	esac
643
644	get_user
645	get_gecos
646	get_uid
647
648	# The case where group = user is handled elsewhere, so
649	# validate any other groups the user is invited to.
650	until [ "$_logingroup_ok" = yes ]; do
651		get_logingroup
652		_logingroup_ok=yes
653		if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then
654			if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then
655				echo "Group $ulogingroup does not exist!"
656				_logingroup_ok=no
657			fi
658		fi
659	done
660	until [ "$_groups_ok" = yes ]; do
661		get_groups
662		_groups_ok=yes
663		for i in $ugroups; do
664			if [ "$username" != "$i" ]; then
665				if ! ${PWCMD} show group $i > /dev/null 2>&1; then
666					echo "Group $i does not exist!"
667					_groups_ok=no
668				fi
669			fi
670		done
671	done
672
673	get_class
674	get_shell
675	get_homedir
676
677	while : ; do
678		echo -n "Use password-based authentication? [$_usepass]: "
679		read _input
680		[ -z "$_input" ] && _input=$_usepass
681		case $_input in
682		[Nn][Oo]|[Nn])
683			passwdtype="no"
684			;;
685		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
686			while : ; do
687				echo -n "Use an empty password? (yes/no) [$_emptypass]: "
688				read _input
689				[ -n "$_input" ] && _emptypass=$_input
690				case $_emptypass in
691				[Nn][Oo]|[Nn])
692					echo -n "Use a random password? (yes/no) [$_random]: "
693					read _input
694					[ -n "$_input" ] && _random="$_input"
695					case $_random in
696					[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
697						passwdtype="random"
698						break
699						;;
700					esac
701					passwdtype="yes"
702					[ -n "$configflag" ] && break
703					trap 'stty echo; exit' 0 1 2 3 15
704					stty -echo
705					echo -n "Enter password: "
706					read -r upass
707					echo''
708					echo -n "Enter password again: "
709					read -r _passconfirm
710					echo ''
711					stty echo
712					# if user entered a blank password
713					# explicitly ask again.
714					[ -z "$upass" -a -z "$_passconfirm" ] \
715					    && continue
716					;;
717				[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
718					passwdtype="none"
719					break;
720					;;
721				*)
722					# invalid answer; repeat the loop
723					continue
724					;;
725				esac
726				if [ "$upass" != "$_passconfirm" ]; then
727					echo "Passwords did not match!"
728					continue
729				fi
730				break
731			done
732			;;
733		*)
734			# invalid answer; repeat loop
735			continue
736			;;
737		esac
738		break;
739	done
740	_disable=${disableflag:-"no"}
741	while : ; do
742		echo -n "Lock out the account after creation? [$_disable]: "
743		read _input
744		[ -z "$_input" ] && _input=$_disable
745		case $_input in
746		[Nn][Oo]|[Nn])
747			disableflag=
748			;;
749		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
750			disableflag=yes
751			;;
752		*)
753			# invalid answer; repeat loop
754			continue
755			;;
756		esac
757		break
758	done
759
760	# Display the information we have so far and prompt to
761	# commit it.
762	#
763	_disable=${disableflag:-"no"}
764	[ -z "$configflag" ] && printf "%-10s : %s\n" Username $username
765	case $passwdtype in
766	yes)
767		_pass='*****'
768		;;
769	no)
770		_pass='<disabled>'
771		;;
772	none)
773		_pass='<blank>'
774		;;
775	random)
776		_pass='<random>'
777		;;
778	esac
779	[ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass"
780	[ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype"
781	[ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos"
782	[ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid"
783	printf "%-10s : %s\n" "Class" "$uclass"
784	printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups"
785	printf "%-10s : %s\n" "Home" "$uhome"
786	printf "%-10s : %s\n" "Shell" "$ushell"
787	printf "%-10s : %s\n" "Locked" "$_disable"
788	while : ; do
789		echo -n "OK? (yes/no): "
790		read _input
791		case $_input in
792		[Nn][Oo]|[Nn])
793			return 1
794			;;
795		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
796			add_user
797			;;
798		*)
799			continue
800			;;
801		esac
802		break
803	done
804	return 0
805}
806
807#### END SUBROUTINE DEFINITION ####
808
809THISCMD=`/usr/bin/basename $0`
810DEFAULTSHELL=/bin/sh
811ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}"
812PWCMD="${PWCMD:-/usr/sbin/pw}"
813MAILCMD="${MAILCMD:-mail}"
814ETCSHELLS="${ETCSHELLS:-/etc/shells}"
815NOHOME="/nonexistent"
816NOLOGIN="nologin"
817NOLOGIN_PATH="/usr/sbin/nologin"
818GREPCMD="/usr/bin/grep"
819DATECMD="/bin/date"
820
821# Set default values
822#
823username=
824uuid=
825uidstart=
826ugecos=
827ulogingroup=
828uclass=
829uhome=
830upass=
831ushell=
832udotdir=/usr/share/skel
833ugroups=
834uexpire=
835upwexpire=
836shells="`valid_shells`"
837passwdtype="yes"
838msgfile=/etc/adduser.msg
839msgflag=
840quietflag=
841configflag=
842fflag=
843infile=
844disableflag=
845Dflag=
846Sflag=
847readconfig="yes"
848homeprefix="/home"
849randompass=
850fileline=
851savedpwtype=
852defaultclass=
853defaultLgroup=
854defaultgroups=
855defaultshell="${DEFAULTSHELL}"
856
857# Make sure the user running this program is root. This isn't a security
858# measure as much as it is a usefull method of reminding the user to
859# 'su -' before he/she wastes time entering data that won't be saved.
860#
861procowner=${procowner:-`/usr/bin/id -u`}
862if [ "$procowner" != "0" ]; then
863	err 'you must be the super-user (uid 0) to use this utility.'
864	exit 1
865fi
866
867# Overide from our conf file
868# Quickly go through the commandline line to see if we should read
869# from our configuration file. The actual parsing of the commandline
870# arguments happens after we read in our configuration file (commandline
871# should override configuration file).
872#
873for _i in $* ; do
874	if [ "$_i" = "-N" ]; then
875		readconfig=
876		break;
877	fi
878done
879if [ -n "$readconfig" ]; then
880	# On a long-lived system, the first time this script is run it
881	# will barf upon reading the configuration file for its perl predecessor.
882	if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then
883		[ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1
884	fi
885fi
886
887# Proccess command-line options
888#
889for _switch ; do
890	case $_switch in
891	-L)
892		defaultclass="$2"
893		shift; shift
894		;;
895	-C)
896		configflag=yes
897		shift
898		;;
899	-D)
900		Dflag=yes
901		shift
902		;;
903	-E)
904		disableflag=yes
905		shift
906		;;
907	-k)
908		udotdir="$2"
909		shift; shift
910		;;
911	-f)
912		[ "$2" != "-" ] && infile="$2"
913		fflag=yes
914		shift; shift
915		;;
916	-g)
917		defaultLgroup="$2"
918		shift; shift
919		;;
920	-G)
921		defaultgroups="$2"
922		shift; shift
923		;;
924	-h)
925		show_usage
926		exit 0
927		;;
928	-d)
929		homeprefix="$2"
930		shift; shift
931		;;
932	-m)
933		case "$2" in
934		[Nn][Oo])
935			msgflag=
936			;;
937		*)
938			msgflag=yes
939			msgfile="$2"
940			;;
941		esac
942		shift; shift
943		;;
944	-N)
945		readconfig=
946		shift
947		;;
948	-w)
949		case "$2" in
950		no|none|random|yes)
951			passwdtype=$2
952			;;
953		*)
954			show_usage
955			exit 1
956			;;
957		esac
958		shift; shift
959		;;
960	-q)
961		quietflag=yes
962		shift
963		;;
964	-s)
965		defaultshell="`fullpath_from_shell $2`"
966		shift; shift
967		;;
968	-S)
969		Sflag=yes
970		shift
971		;;
972	-u)
973		uidstart=$2
974		shift; shift
975		;;
976	esac
977done
978
979# If the -f switch was used, get input from a file. Otherwise,
980# this is an interactive session.
981#
982if [ -n "$fflag" ]; then
983	if [ -z "$infile" ]; then
984		input_from_file
985	elif [ -n "$infile" ]; then
986		if [ -r "$infile" ]; then
987			input_from_file < $infile
988		else
989			err "File ($infile) is unreadable or does not exist."
990		fi
991	fi
992else
993	input_interactive
994	while : ; do
995		if [ -z "$configflag" ]; then
996			echo -n "Add another user? (yes/no): "
997		else
998			echo -n "Re-edit the default configuration? (yes/no): "
999		fi
1000		read _input
1001		case $_input in
1002		[Yy][Ee][Ss]|[Yy][Ee]|[Yy])
1003			uidstart=`get_nextuid $uidstart`
1004			input_interactive
1005			continue
1006			;;
1007		[Nn][Oo]|[Nn])
1008			echo "Goodbye!"
1009			;;
1010		*)
1011			continue
1012			;;
1013		esac
1014		break
1015	done
1016fi
1017