1#!/bin/sh 2# 3# SPDX-License-Identifier: BSD-2-Clause-FreeBSD 4# 5# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26# 27# Email: Mike Makonnen <mtm@FreeBSD.Org> 28# 29# $FreeBSD$ 30# 31 32# err msg 33# Display $msg on stderr, unless we're being quiet. 34# 35err() { 36 if [ -z "$quietflag" ]; then 37 echo 1>&2 ${THISCMD}: ERROR: $* 38 fi 39} 40 41# info msg 42# Display $msg on stdout, unless we're being quiet. 43# 44info() { 45 if [ -z "$quietflag" ]; then 46 echo ${THISCMD}: INFO: $* 47 fi 48} 49 50# get_nextuid 51# Output the value of $_uid if it is available for use. If it 52# is not, output the value of the next higher uid that is available. 53# If a uid is not specified, output the first available uid, as indicated 54# by pw(8). 55# 56get_nextuid () { 57 _uid=$1 58 _nextuid= 59 60 if [ -z "$_uid" ]; then 61 _nextuid="`${PWCMD} usernext | cut -f1 -d:`" 62 else 63 while : ; do 64 ${PWCMD} usershow $_uid > /dev/null 2>&1 65 if [ ! "$?" -eq 0 ]; then 66 _nextuid=$_uid 67 break 68 fi 69 _uid=$(($_uid + 1)) 70 done 71 fi 72 echo $_nextuid 73} 74 75# show_usage 76# Display usage information for this utility. 77# 78show_usage() { 79 echo "usage: ${THISCMD} [options]" 80 echo " options may include:" 81 echo " -C save to the configuration file only" 82 echo " -D do not attempt to create the home directory" 83 echo " -E disable this account after creation" 84 echo " -G additional groups to add accounts to" 85 echo " -L login class of the user" 86 echo " -M file permission for home directory" 87 echo " -N do not read configuration file" 88 echo " -S a nonexistent shell is not an error" 89 echo " -d home directory" 90 echo " -f file from which input will be received" 91 echo " -g default login group" 92 echo " -h display this usage message" 93 echo " -k path to skeleton home directory" 94 echo " -m user welcome message file" 95 echo " -q absolute minimal user feedback" 96 echo " -s shell" 97 echo " -u uid to start at" 98 echo " -w password type: no, none, yes or random" 99} 100 101# valid_shells 102# Outputs a list of valid shells from /etc/shells. Only the 103# basename of the shell is output. 104# 105valid_shells() { 106 _prefix= 107 cat ${ETCSHELLS} | 108 while read _path _junk ; do 109 case $_path in 110 \#*|'') 111 ;; 112 *) 113 echo -n "${_prefix}`basename $_path`" 114 _prefix=' ' 115 ;; 116 esac 117 done 118 119 # /usr/sbin/nologin is a special case 120 [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" 121} 122 123# fullpath_from_shell shell 124# Given $shell, which is either the full path to a shell or 125# the basename component of a valid shell, get the 126# full path to the shell from the /etc/shells file. 127# 128fullpath_from_shell() { 129 _shell=$1 130 [ -z "$_shell" ] && return 1 131 132 # /usr/sbin/nologin is a special case; it needs to be handled 133 # before the cat | while loop, since a 'return' from within 134 # a subshell will not terminate the function's execution, and 135 # the path to the nologin shell might be printed out twice. 136 # 137 if [ "$_shell" = "${NOLOGIN}" -o \ 138 "$_shell" = "${NOLOGIN_PATH}" ]; then 139 echo ${NOLOGIN_PATH} 140 return 0; 141 fi 142 143 cat ${ETCSHELLS} | 144 while read _path _junk ; do 145 case "$_path" in 146 \#*|'') 147 ;; 148 *) 149 if [ "$_path" = "$_shell" -o \ 150 "`basename $_path`" = "$_shell" ]; then 151 echo $_path 152 return 0 153 fi 154 ;; 155 esac 156 done 157 158 return 1 159} 160 161# shell_exists shell 162# If the given shell is listed in ${ETCSHELLS} or it is 163# the nologin shell this function will return 0. 164# Otherwise, it will return 1. If shell is valid but 165# the path is invalid or it is not executable it 166# will emit an informational message saying so. 167# 168shell_exists() { 169 _sh="$1" 170 _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" 171 172 if ! eval $_shellchk; then 173 # The nologin shell is not listed in /etc/shells. 174 if [ "$_sh" != "${NOLOGIN_PATH}" ]; then 175 err "Invalid shell ($_sh) for user $username." 176 return 1 177 fi 178 fi 179 ! [ -x "$_sh" ] && 180 info "The shell ($_sh) does not exist or is not executable." 181 182 return 0 183} 184 185# save_config 186# Save some variables to a configuration file. 187# Note: not all script variables are saved, only those that 188# it makes sense to save. 189# 190save_config() { 191 echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} 192 echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} 193 echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} 194 echo '' >> ${ADDUSERCONF} 195 echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF} 196 echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} 197 echo "defaultclass=$uclass" >> ${ADDUSERCONF} 198 echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} 199 echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} 200 echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} 201 echo "defaultshell=$ushell" >> ${ADDUSERCONF} 202 echo "udotdir=$udotdir" >> ${ADDUSERCONF} 203 echo "msgfile=$msgfile" >> ${ADDUSERCONF} 204 echo "disableflag=$disableflag" >> ${ADDUSERCONF} 205 echo "uidstart=$uidstart" >> ${ADDUSERCONF} 206} 207 208# add_user 209# Add a user to the user database. If the user chose to send a welcome 210# message or lock the account, do so. 211# 212add_user() { 213 214 # Is this a configuration run? If so, don't modify user database. 215 # 216 if [ -n "$configflag" ]; then 217 save_config 218 return 219 fi 220 221 _uid= 222 _name= 223 _comment= 224 _gecos= 225 _home= 226 _group= 227 _grouplist= 228 _shell= 229 _class= 230 _dotdir= 231 _expire= 232 _pwexpire= 233 _passwd= 234 _upasswd= 235 _passwdmethod= 236 237 _name="-n '$username'" 238 [ -n "$uuid" ] && _uid='-u "$uuid"' 239 [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' 240 [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' 241 [ -n "$ushell" ] && _shell='-s "$ushell"' 242 [ -n "$uclass" ] && _class='-L "$uclass"' 243 [ -n "$ugecos" ] && _comment='-c "$ugecos"' 244 [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' 245 [ -n "$uexpire" ] && _expire='-e "$uexpire"' 246 [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' 247 if [ -z "$Dflag" -a -n "$uhome" ]; then 248 # The /nonexistent home directory is special. It 249 # means the user has no home directory. 250 if [ "$uhome" = "$NOHOME" ]; then 251 _home='-d "$uhome"' 252 else 253 # Use home directory permissions if specified 254 if [ -n "$uhomeperm" ]; then 255 _home='-m -d "$uhome" -M "$uhomeperm"' 256 else 257 _home='-m -d "$uhome"' 258 fi 259 fi 260 elif [ -n "$Dflag" -a -n "$uhome" ]; then 261 _home='-d "$uhome"' 262 fi 263 case $passwdtype in 264 no) 265 _passwdmethod="-w no" 266 _passwd="-h -" 267 ;; 268 yes) 269 # Note on processing the password: The outer double quotes 270 # make literal everything except ` and \ and $. 271 # The outer single quotes make literal ` and $. 272 # We can ensure the \ isn't treated specially by specifying 273 # the -r switch to the read command used to obtain the input. 274 # 275 _passwdmethod="-w yes" 276 _passwd="-h 0" 277 _upasswd='echo "$upass" |' 278 ;; 279 none) 280 _passwdmethod="-w none" 281 ;; 282 random) 283 _passwdmethod="-w random" 284 ;; 285 esac 286 287 _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" 288 _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" 289 _pwcmd="$_pwcmd $_expire $_pwexpire" 290 291 if ! _output=`eval $_pwcmd` ; then 292 err "There was an error adding user ($username)." 293 return 1 294 else 295 info "Successfully added ($username) to the user database." 296 if [ "random" = "$passwdtype" ]; then 297 randompass="$_output" 298 info "Password for ($username) is: $randompass" 299 fi 300 fi 301 302 if [ -n "$disableflag" ]; then 303 if ${PWCMD} lock $username ; then 304 info "Account ($username) is locked." 305 else 306 info "Account ($username) could NOT be locked." 307 fi 308 fi 309 310 _line= 311 _owner= 312 _perms= 313 if [ -n "$msgflag" ]; then 314 [ -r "$msgfile" ] && { 315 # We're evaluating the contents of an external file. 316 # Let's not open ourselves up for attack. _perms will 317 # be empty if it's writeable only by the owner. _owner 318 # will *NOT* be empty if the file is owned by root. 319 # 320 _dir="`dirname $msgfile`" 321 _file="`basename $msgfile`" 322 _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` 323 _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` 324 if [ -z "$_owner" -o -n "$_perms" ]; then 325 err "The message file ($msgfile) may be writeable only by root." 326 return 1 327 fi 328 cat "$msgfile" | 329 while read _line ; do 330 eval echo "$_line" 331 done | ${MAILCMD} -s"Welcome" ${username} 332 info "Sent welcome message to ($username)." 333 } 334 fi 335} 336 337# get_user 338# Reads username of the account from standard input or from a global 339# variable containing an account line from a file. The username is 340# required. If this is an interactive session it will prompt in 341# a loop until a username is entered. If it is batch processing from 342# a file it will output an error message and return to the caller. 343# 344get_user() { 345 _input= 346 347 # No need to take down user names if this is a configuration saving run. 348 [ -n "$configflag" ] && return 349 350 while : ; do 351 if [ -z "$fflag" ]; then 352 echo -n "Username: " 353 read _input 354 else 355 _input="`echo "$fileline" | cut -f1 -d:`" 356 fi 357 358 # There *must* be a username, and it must not exist. If 359 # this is an interactive session give the user an 360 # opportunity to retry. 361 # 362 if [ -z "$_input" ]; then 363 err "You must enter a username!" 364 [ -z "$fflag" ] && continue 365 fi 366 ${PWCMD} usershow $_input > /dev/null 2>&1 367 if [ "$?" -eq 0 ]; then 368 err "User exists!" 369 [ -z "$fflag" ] && continue 370 fi 371 break 372 done 373 username="$_input" 374} 375 376# get_gecos 377# Reads extra information about the user. Can be used both in interactive 378# and batch (from file) mode. 379# 380get_gecos() { 381 _input= 382 383 # No need to take down additional user information for a configuration run. 384 [ -n "$configflag" ] && return 385 386 if [ -z "$fflag" ]; then 387 echo -n "Full name: " 388 read _input 389 else 390 _input="`echo "$fileline" | cut -f7 -d:`" 391 fi 392 ugecos="$_input" 393} 394 395# get_shell 396# Get the account's shell. Works in interactive and batch mode. It 397# accepts either the base name of the shell or the full path. 398# If an invalid shell is entered it will simply use the default shell. 399# 400get_shell() { 401 _input= 402 _fullpath= 403 ushell="$defaultshell" 404 405 # Make sure the current value of the shell is a valid one 406 if [ -z "$Sflag" ]; then 407 if ! shell_exists $ushell ; then 408 info "Using default shell ${defaultshell}." 409 ushell="$defaultshell" 410 fi 411 fi 412 413 if [ -z "$fflag" ]; then 414 echo -n "Shell ($shells) [`basename $ushell`]: " 415 read _input 416 else 417 _input="`echo "$fileline" | cut -f9 -d:`" 418 fi 419 if [ -n "$_input" ]; then 420 if [ -n "$Sflag" ]; then 421 ushell="$_input" 422 else 423 _fullpath=`fullpath_from_shell $_input` 424 if [ -n "$_fullpath" ]; then 425 ushell="$_fullpath" 426 else 427 err "Invalid shell ($_input) for user $username." 428 info "Using default shell ${defaultshell}." 429 ushell="$defaultshell" 430 fi 431 fi 432 fi 433} 434 435# get_homedir 436# Reads the account's home directory. Used both with interactive input 437# and batch input. 438# 439get_homedir() { 440 _input= 441 if [ -z "$fflag" ]; then 442 echo -n "Home directory [${homeprefix}/${username}]: " 443 read _input 444 else 445 _input="`echo "$fileline" | cut -f8 -d:`" 446 fi 447 448 if [ -n "$_input" ]; then 449 uhome="$_input" 450 # if this is a configuration run, then user input is the home 451 # directory prefix. Otherwise it is understood to 452 # be $prefix/$user 453 # 454 [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" 455 else 456 uhome="${homeprefix}/${username}" 457 fi 458} 459 460# get_homeperm 461# Reads the account's home directory permissions. 462# 463get_homeperm() { 464 uhomeperm=$defaultHomePerm 465 _input= 466 _prompt= 467 468 if [ -n "$uhomeperm" ]; then 469 _prompt="Home directory permissions [${uhomeperm}]: " 470 else 471 _prompt="Home directory permissions (Leave empty for default): " 472 fi 473 if [ -z "$fflag" ]; then 474 echo -n "$_prompt" 475 read _input 476 fi 477 478 if [ -n "$_input" ]; then 479 uhomeperm="$_input" 480 fi 481} 482 483# get_uid 484# Reads a numeric userid in an interactive or batch session. Automatically 485# allocates one if it is not specified. 486# 487get_uid() { 488 uuid=${uidstart} 489 _input= 490 _prompt= 491 492 if [ -n "$uuid" ]; then 493 uuid=`get_nextuid $uuid` 494 _prompt="Uid [$uuid]: " 495 else 496 _prompt="Uid (Leave empty for default): " 497 fi 498 if [ -z "$fflag" ]; then 499 echo -n "$_prompt" 500 read _input 501 else 502 _input="`echo "$fileline" | cut -f2 -d:`" 503 fi 504 505 [ -n "$_input" ] && uuid=$_input 506 uuid=`get_nextuid $uuid` 507 uidstart=$uuid 508} 509 510# get_class 511# Reads login class of account. Can be used in interactive or batch mode. 512# 513get_class() { 514 uclass="$defaultclass" 515 _input= 516 _class=${uclass:-"default"} 517 518 if [ -z "$fflag" ]; then 519 echo -n "Login class [$_class]: " 520 read _input 521 else 522 _input="`echo "$fileline" | cut -f4 -d:`" 523 fi 524 525 [ -n "$_input" ] && uclass="$_input" 526} 527 528# get_logingroup 529# Reads user's login group. Can be used in both interactive and batch 530# modes. The specified value can be a group name or its numeric id. 531# This routine leaves the field blank if nothing is provided and 532# a default login group has not been set. The pw(8) command 533# will then provide a login group with the same name as the username. 534# 535get_logingroup() { 536 ulogingroup="$defaultLgroup" 537 _input= 538 539 if [ -z "$fflag" ]; then 540 echo -n "Login group [${ulogingroup:-$username}]: " 541 read _input 542 else 543 _input="`echo "$fileline" | cut -f3 -d:`" 544 fi 545 546 # Pw(8) will use the username as login group if it's left empty 547 [ -n "$_input" ] && ulogingroup="$_input" 548} 549 550# get_groups 551# Read additional groups for the user. It can be used in both interactive 552# and batch modes. 553# 554get_groups() { 555 ugroups="$defaultgroups" 556 _input= 557 _group=${ulogingroup:-"${username}"} 558 559 if [ -z "$configflag" ]; then 560 [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" 561 [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " 562 else 563 [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " 564 fi 565 read _input 566 567 [ -n "$_input" ] && ugroups="$_input" 568} 569 570# get_expire_dates 571# Read expiry information for the account and also for the password. This 572# routine is used only from batch processing mode. 573# 574get_expire_dates() { 575 upwexpire="`echo "$fileline" | cut -f5 -d:`" 576 uexpire="`echo "$fileline" | cut -f6 -d:`" 577} 578 579# get_password 580# Read the password in batch processing mode. The password field matters 581# only when the password type is "yes" or "random". If the field is empty and the 582# password type is "yes", then it assumes the account has an empty passsword 583# and changes the password type accordingly. If the password type is "random" 584# and the password field is NOT empty, then it assumes the account will NOT 585# have a random password and set passwdtype to "yes." 586# 587get_password() { 588 # We may temporarily change a password type. Make sure it's changed 589 # back to whatever it was before we process the next account. 590 # 591 [ -n "$savedpwtype" ] && { 592 passwdtype=$savedpwtype 593 savedpwtype= 594 } 595 596 # There may be a ':' in the password 597 upass=${fileline#*:*:*:*:*:*:*:*:*:} 598 599 if [ -z "$upass" ]; then 600 case $passwdtype in 601 yes) 602 # if it's empty, assume an empty password 603 passwdtype=none 604 savedpwtype=yes 605 ;; 606 esac 607 else 608 case $passwdtype in 609 random) 610 passwdtype=yes 611 savedpwtype=random 612 ;; 613 esac 614 fi 615} 616 617# input_from_file 618# Reads a line of account information from standard input and 619# adds it to the user database. 620# 621input_from_file() { 622 _field= 623 624 while read -r fileline ; do 625 case "$fileline" in 626 \#*|'') 627 ;; 628 *) 629 get_user || continue 630 get_gecos 631 get_uid 632 get_logingroup 633 get_class 634 get_shell 635 get_homedir 636 get_homeperm 637 get_password 638 get_expire_dates 639 ugroups="$defaultgroups" 640 641 add_user 642 ;; 643 esac 644 done 645} 646 647# input_interactive 648# Prompts for user information interactively, and commits to 649# the user database. 650# 651input_interactive() { 652 _disable= 653 _pass= 654 _passconfirm= 655 _random="no" 656 _emptypass="no" 657 _usepass="yes" 658 _logingroup_ok="no" 659 _groups_ok="no" 660 case $passwdtype in 661 none) 662 _emptypass="yes" 663 _usepass="yes" 664 ;; 665 no) 666 _usepass="no" 667 ;; 668 random) 669 _random="yes" 670 ;; 671 esac 672 673 get_user 674 get_gecos 675 get_uid 676 677 # The case where group = user is handled elsewhere, so 678 # validate any other groups the user is invited to. 679 until [ "$_logingroup_ok" = yes ]; do 680 get_logingroup 681 _logingroup_ok=yes 682 if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then 683 if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then 684 echo "Group $ulogingroup does not exist!" 685 _logingroup_ok=no 686 fi 687 fi 688 done 689 until [ "$_groups_ok" = yes ]; do 690 get_groups 691 _groups_ok=yes 692 for i in $ugroups; do 693 if [ "$username" != "$i" ]; then 694 if ! ${PWCMD} show group $i > /dev/null 2>&1; then 695 echo "Group $i does not exist!" 696 _groups_ok=no 697 fi 698 fi 699 done 700 done 701 702 get_class 703 get_shell 704 get_homedir 705 get_homeperm 706 707 while : ; do 708 echo -n "Use password-based authentication? [$_usepass]: " 709 read _input 710 [ -z "$_input" ] && _input=$_usepass 711 case $_input in 712 [Nn][Oo]|[Nn]) 713 passwdtype="no" 714 ;; 715 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 716 while : ; do 717 echo -n "Use an empty password? (yes/no) [$_emptypass]: " 718 read _input 719 [ -n "$_input" ] && _emptypass=$_input 720 case $_emptypass in 721 [Nn][Oo]|[Nn]) 722 echo -n "Use a random password? (yes/no) [$_random]: " 723 read _input 724 [ -n "$_input" ] && _random="$_input" 725 case $_random in 726 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 727 passwdtype="random" 728 break 729 ;; 730 esac 731 passwdtype="yes" 732 [ -n "$configflag" ] && break 733 trap 'stty echo; exit' 0 1 2 3 15 734 stty -echo 735 echo -n "Enter password: " 736 read -r upass 737 echo'' 738 echo -n "Enter password again: " 739 read -r _passconfirm 740 echo '' 741 stty echo 742 # if user entered a blank password 743 # explicitly ask again. 744 [ -z "$upass" -a -z "$_passconfirm" ] \ 745 && continue 746 ;; 747 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 748 passwdtype="none" 749 break; 750 ;; 751 *) 752 # invalid answer; repeat the loop 753 continue 754 ;; 755 esac 756 if [ "$upass" != "$_passconfirm" ]; then 757 echo "Passwords did not match!" 758 continue 759 fi 760 break 761 done 762 ;; 763 *) 764 # invalid answer; repeat loop 765 continue 766 ;; 767 esac 768 break; 769 done 770 _disable=${disableflag:-"no"} 771 while : ; do 772 echo -n "Lock out the account after creation? [$_disable]: " 773 read _input 774 [ -z "$_input" ] && _input=$_disable 775 case $_input in 776 [Nn][Oo]|[Nn]) 777 disableflag= 778 ;; 779 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 780 disableflag=yes 781 ;; 782 *) 783 # invalid answer; repeat loop 784 continue 785 ;; 786 esac 787 break 788 done 789 790 # Display the information we have so far and prompt to 791 # commit it. 792 # 793 _disable=${disableflag:-"no"} 794 [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username 795 case $passwdtype in 796 yes) 797 _pass='*****' 798 ;; 799 no) 800 _pass='<disabled>' 801 ;; 802 none) 803 _pass='<blank>' 804 ;; 805 random) 806 _pass='<random>' 807 ;; 808 esac 809 [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" 810 [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" 811 [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" 812 [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" 813 printf "%-10s : %s\n" "Class" "$uclass" 814 printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" 815 printf "%-10s : %s\n" "Home" "$uhome" 816 printf "%-10s : %s\n" "Home Mode" "$uhomeperm" 817 printf "%-10s : %s\n" "Shell" "$ushell" 818 printf "%-10s : %s\n" "Locked" "$_disable" 819 while : ; do 820 echo -n "OK? (yes/no): " 821 read _input 822 case $_input in 823 [Nn][Oo]|[Nn]) 824 return 1 825 ;; 826 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 827 add_user 828 ;; 829 *) 830 continue 831 ;; 832 esac 833 break 834 done 835 return 0 836} 837 838#### END SUBROUTINE DEFINITION #### 839 840THISCMD=`/usr/bin/basename $0` 841DEFAULTSHELL=/bin/sh 842ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" 843PWCMD="${PWCMD:-/usr/sbin/pw}" 844MAILCMD="${MAILCMD:-mail}" 845ETCSHELLS="${ETCSHELLS:-/etc/shells}" 846NOHOME="/nonexistent" 847NOLOGIN="nologin" 848NOLOGIN_PATH="/usr/sbin/nologin" 849GREPCMD="/usr/bin/grep" 850DATECMD="/bin/date" 851 852# Set default values 853# 854username= 855uuid= 856uidstart= 857ugecos= 858ulogingroup= 859uclass= 860uhome= 861uhomeperm= 862upass= 863ushell= 864udotdir=/usr/share/skel 865ugroups= 866uexpire= 867upwexpire= 868shells="`valid_shells`" 869passwdtype="yes" 870msgfile=/etc/adduser.msg 871msgflag= 872quietflag= 873configflag= 874fflag= 875infile= 876disableflag= 877Dflag= 878Sflag= 879readconfig="yes" 880homeprefix="/home" 881randompass= 882fileline= 883savedpwtype= 884defaultclass= 885defaultLgroup= 886defaultgroups= 887defaultshell="${DEFAULTSHELL}" 888defaultHomePerm= 889 890# Make sure the user running this program is root. This isn't a security 891# measure as much as it is a useful method of reminding the user to 892# 'su -' before he/she wastes time entering data that won't be saved. 893# 894procowner=${procowner:-`/usr/bin/id -u`} 895if [ "$procowner" != "0" ]; then 896 err 'you must be the super-user (uid 0) to use this utility.' 897 exit 1 898fi 899 900# Override from our conf file 901# Quickly go through the commandline line to see if we should read 902# from our configuration file. The actual parsing of the commandline 903# arguments happens after we read in our configuration file (commandline 904# should override configuration file). 905# 906for _i in $* ; do 907 if [ "$_i" = "-N" ]; then 908 readconfig= 909 break; 910 fi 911done 912if [ -n "$readconfig" ]; then 913 # On a long-lived system, the first time this script is run it 914 # will barf upon reading the configuration file for its perl predecessor. 915 if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then 916 [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 917 fi 918fi 919 920# Process command-line options 921# 922for _switch ; do 923 case $_switch in 924 -L) 925 defaultclass="$2" 926 shift; shift 927 ;; 928 -C) 929 configflag=yes 930 shift 931 ;; 932 -D) 933 Dflag=yes 934 shift 935 ;; 936 -E) 937 disableflag=yes 938 shift 939 ;; 940 -k) 941 udotdir="$2" 942 shift; shift 943 ;; 944 -f) 945 [ "$2" != "-" ] && infile="$2" 946 fflag=yes 947 shift; shift 948 ;; 949 -g) 950 defaultLgroup="$2" 951 shift; shift 952 ;; 953 -G) 954 defaultgroups="$2" 955 shift; shift 956 ;; 957 -h) 958 show_usage 959 exit 0 960 ;; 961 -d) 962 homeprefix="$2" 963 shift; shift 964 ;; 965 -m) 966 case "$2" in 967 [Nn][Oo]) 968 msgflag= 969 ;; 970 *) 971 msgflag=yes 972 msgfile="$2" 973 ;; 974 esac 975 shift; shift 976 ;; 977 -M) 978 defaultHomePerm=$2 979 shift; shift 980 ;; 981 -N) 982 readconfig= 983 shift 984 ;; 985 -w) 986 case "$2" in 987 no|none|random|yes) 988 passwdtype=$2 989 ;; 990 *) 991 show_usage 992 exit 1 993 ;; 994 esac 995 shift; shift 996 ;; 997 -q) 998 quietflag=yes 999 shift 1000 ;; 1001 -s) 1002 defaultshell="`fullpath_from_shell $2`" 1003 shift; shift 1004 ;; 1005 -S) 1006 Sflag=yes 1007 shift 1008 ;; 1009 -u) 1010 uidstart=$2 1011 shift; shift 1012 ;; 1013 esac 1014done 1015 1016# If the -f switch was used, get input from a file. Otherwise, 1017# this is an interactive session. 1018# 1019if [ -n "$fflag" ]; then 1020 if [ -z "$infile" ]; then 1021 input_from_file 1022 elif [ -n "$infile" ]; then 1023 if [ -r "$infile" ]; then 1024 input_from_file < $infile 1025 else 1026 err "File ($infile) is unreadable or does not exist." 1027 fi 1028 fi 1029else 1030 input_interactive 1031 while : ; do 1032 if [ -z "$configflag" ]; then 1033 echo -n "Add another user? (yes/no): " 1034 else 1035 echo -n "Re-edit the default configuration? (yes/no): " 1036 fi 1037 read _input 1038 case $_input in 1039 [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) 1040 uidstart=`get_nextuid $uidstart` 1041 input_interactive 1042 continue 1043 ;; 1044 [Nn][Oo]|[Nn]) 1045 echo "Goodbye!" 1046 ;; 1047 *) 1048 continue 1049 ;; 1050 esac 1051 break 1052 done 1053fi 1054