1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
|
# Copyright 2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: acct-user.eclass
# @MAINTAINER:
# Michał Górny <mgorny@gentoo.org>
# @AUTHOR:
# Michael Orlitzky <mjo@gentoo.org>
# Michał Górny <mgorny@gentoo.org>
# @SUPPORTED_EAPIS: 7
# @BLURB: Eclass used to create and maintain a single user entry
# @DESCRIPTION:
# This eclass represents and creates a single user entry. The name
# of the user is derived from ${PN}, while (preferred) UID needs to
# be specified via ACCT_USER_ID. Additional variables are provided
# to override the default home directory, shell and add group
# membership. Packages needing the user in question should depend
# on the package providing it.
#
# The ebuild needs to call acct-user_add_deps after specifying
# ACCT_USER_GROUPS.
#
# Example:
# If your package needs user 'foo' belonging to same-named group, you
# create 'acct-user/foo' package and add an ebuild with the following
# contents:
#
# @CODE
# EAPI=7
# inherit acct-user
# ACCT_USER_ID=200
# ACCT_USER_GROUPS=( foo )
# acct-user_add_deps
# @CODE
#
# Then you add appropriate dependency to your package. The dependency
# type(s) should be:
# - DEPEND (+ RDEPEND) if the user is already needed at build time,
# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
# in pkg_preinst) or run time.
if [[ -z ${_ACCT_USER_ECLASS} ]]; then
_ACCT_USER_ECLASS=1
case ${EAPI:-0} in
7) ;;
*) die "EAPI=${EAPI:-0} not supported";;
esac
inherit user
[[ ${CATEGORY} == acct-user ]] ||
die "Ebuild error: this eclass can be used only in acct-user category!"
# << Eclass variables >>
# @ECLASS-VARIABLE: ACCT_USER_NAME
# @INTERNAL
# @DESCRIPTION:
# The name of the user. This is forced to ${PN} and the policy prohibits
# it from being changed.
ACCT_USER_NAME=${PN}
readonly ACCT_USER_NAME
# @ECLASS-VARIABLE: ACCT_USER_ID
# @REQUIRED
# @DESCRIPTION:
# Preferred UID for the new user. This variable is obligatory, and its
# value must be unique across all user packages.
#
# Overlays should set this to -1 to dynamically allocate UID. Using -1
# in ::gentoo is prohibited by policy.
# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
# @DESCRIPTION:
# If set to a non-null value, the eclass will require the user to have
# specified UID. If the user already exists with another UID, or
# the UID is taken by another user, the install will fail.
: ${ACCT_USER_ENFORCE_ID:=}
# @ECLASS-VARIABLE: ACCT_USER_SHELL
# @DESCRIPTION:
# The shell to use for the user. If not specified, a 'nologin' variant
# for the system is used.
: ${ACCT_USER_SHELL:=-1}
# @ECLASS-VARIABLE: ACCT_USER_HOME
# @DESCRIPTION:
# The home directory for the user. If not specified, /dev/null is used.
# The directory will be created with appropriate permissions if it does
# not exist. When updating, existing home directory will not be moved.
: ${ACCT_USER_HOME:=/dev/null}
# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
# @DEFAULT_UNSET
# @DESCRIPTION:
# The ownership to use for the home directory, in chown ([user][:group])
# syntax. Defaults to the newly created user, and its primary group.
# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
# @DESCRIPTION:
# The permissions to use for the home directory, in chmod (octal
# or verbose) form.
: ${ACCT_USER_HOME_PERMS:=0755}
# @ECLASS-VARIABLE: ACCT_USER_GROUPS
# @REQUIRED
# @DESCRIPTION:
# List of groups the user should belong to. This must be a bash
# array. The first group specified is the user's primary group, while
# the remaining groups (if any) become supplementary groups.
# << Boilerplate ebuild variables >>
: ${DESCRIPTION:="System user: ${ACCT_USER_NAME}"}
: ${SLOT:=0}
: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
S=${WORKDIR}
# << API functions >>
# @FUNCTION: acct-user_add_deps
# @DESCRIPTION:
# Generate appropriate RDEPEND from ACCT_USER_GROUPS. This must be
# called if ACCT_USER_GROUPS are set.
acct-user_add_deps() {
debug-print-function ${FUNCNAME} "${@}"
# ACCT_USER_GROUPS sanity check
if [[ $(declare -p ACCT_USER_GROUPS) != "declare -a"* ]]; then
die 'ACCT_USER_GROUPS must be an array.'
elif [[ ${#ACCT_USER_GROUPS[@]} -eq 0 ]]; then
die 'ACCT_USER_GROUPS must not be empty.'
fi
RDEPEND+=${ACCT_USER_GROUPS[*]/#/ acct-group/}
_ACCT_USER_ADD_DEPS_CALLED=1
}
# << Helper functions >>
# @FUNCTION: eislocked
# @INTERNAL
# @USAGE: <user>
# @DESCRIPTION:
# Check whether the specified user account is currently locked.
# Returns 0 if it is locked, 1 if it is not, 2 if the platform
# does not support determining it.
eislocked() {
[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
case ${CHOST} in
*-freebsd*|*-dragonfly*|*-netbsd*)
[[ $(egetent "$1" | cut -d: -f2) == '*LOCKED*'* ]]
;;
*-openbsd*)
return 2
;;
*)
# NB: 'no password' and 'locked' are indistinguishable
# but we also expire the account which is more clear
[[ $(getent shadow "$1" | cut -d: -f2) == '!'* ]] &&
[[ $(getent shadow "$1" | cut -d: -f8) == 1 ]]
;;
esac
}
# @FUNCTION: elockuser
# @INTERNAL
# @USAGE: <user>
# @DESCRIPTION:
# Lock the specified user account, using the available platform-specific
# functions. This should prevent any login to the account.
#
# Established lock can be reverted using eunlockuser.
#
# This function returns 0 if locking succeeded, 2 if it is not supported
# by the platform code or dies if it fails.
elockuser() {
[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
eislocked "$1"
[[ $? -eq 0 ]] && return 0
case ${CHOST} in
*-freebsd*|*-dragonfly*)
pw lock "$1" || die "Locking account $1 failed"
pw user mod "$1" -e 1 || die "Expiring account $1 failed"
;;
*-netbsd*)
usermod -e 1 -C yes "$1" || die "Locking account $1 failed"
;;
*-openbsd*)
return 2
;;
*)
usermod -e 1 -L "$1" || die "Locking account $1 failed"
;;
esac
elog "User account $1 locked"
return 0
}
# @FUNCTION: eunlockuser
# @INTERNAL
# @USAGE: <user>
# @DESCRIPTION:
# Unlock the specified user account, using the available platform-
# specific functions.
#
# This function returns 0 if unlocking succeeded, 1 if it is not
# supported by the platform code or dies if it fails.
eunlockuser() {
[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
eislocked "$1"
[[ $? -eq 1 ]] && return 0
case ${CHOST} in
*-freebsd*|*-dragonfly*)
pw user mod "$1" -e 0 || die "Unexpiring account $1 failed"
pw unlock "$1" || die "Unlocking account $1 failed"
;;
*-netbsd*)
usermod -e 0 -C no "$1" || die "Unlocking account $1 failed"
;;
*-openbsd*)
return 1
;;
*)
# silence warning if account does not have a password
usermod -e "" -U "$1" 2>/dev/null || die "Unlocking account $1 failed"
;;
esac
ewarn "User account $1 unlocked after reinstating."
return 0
}
# << Phase functions >>
EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
pkg_prerm
# @FUNCTION: acct-user_pkg_pretend
# @DESCRIPTION:
# Performs sanity checks for correct eclass usage, and early-checks
# whether requested UID can be enforced.
acct-user_pkg_pretend() {
debug-print-function ${FUNCNAME} "${@}"
# verify that acct-user_add_deps() has been called
# (it verifies ACCT_USER_GROUPS itself)
if [[ -z ${_ACCT_USER_ADD_DEPS_CALLED} ]]; then
die "Ebuild error: acct-user_add_deps must have been called in global scope!"
fi
# verify ACCT_USER_ID
[[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
[[ ${ACCT_USER_ID} -eq -1 ]] && return
[[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
# check for ACCT_USER_ID collisions early
if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
local user_by_id=$(egetusername "${ACCT_USER_ID}")
local user_by_name=$(egetent passwd "${ACCT_USER_NAME}")
if [[ -n ${user_by_id} ]]; then
if [[ ${user_by_id} != ${ACCT_USER_NAME} ]]; then
eerror "The required UID is already taken by another user."
eerror " UID: ${ACCT_USER_ID}"
eerror " needed for: ${ACCT_USER_NAME}"
eerror " current user: ${user_by_id}"
die "UID ${ACCT_USER_ID} taken already"
fi
elif [[ -n ${user_by_name} ]]; then
eerror "The requested user exists already with wrong UID."
eerror " username: ${ACCT_USER_NAME}"
eerror " requested UID: ${ACCT_USER_ID}"
eerror " current entry: ${user_by_name}"
die "Username ${ACCT_USER_NAME} exists with wrong UID"
fi
fi
}
# @FUNCTION: acct-user_src_install
# @DESCRIPTION:
# Installs a keep-file into the user's home directory to ensure it is
# owned by the package.
acct-user_src_install() {
debug-print-function ${FUNCNAME} "${@}"
if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
# note: we can't set permissions here since the user isn't
# created yet
keepdir "${ACCT_USER_HOME}"
fi
}
# @FUNCTION: acct-user_pkg_preinst
# @DESCRIPTION:
# Creates the user if it does not exist yet. Sets permissions
# of the home directory in install image.
acct-user_pkg_preinst() {
debug-print-function ${FUNCNAME} "${@}"
local groups=${ACCT_USER_GROUPS[*]}
enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
"${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \
"${groups// /,}"
if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
# default ownership to user:group
if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then
ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]}
fi
# Path might be missing due to INSTALL_MASK, etc.
# https://bugs.gentoo.org/691478
if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then
eerror "Home directory is missing from the installation image:"
eerror " ${ACCT_USER_HOME}"
eerror "Check INSTALL_MASK for entries that would cause this."
die "${ACCT_USER_HOME} does not exist"
fi
fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"
fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"
fi
}
# @FUNCTION: acct-user_pkg_postinst
# @DESCRIPTION:
# Updates user properties if necessary. This needs to be done after
# new home directory is installed.
acct-user_pkg_postinst() {
debug-print-function ${FUNCNAME} "${@}"
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
# NB: eset* functions check current value
esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
local groups=${ACCT_USER_GROUPS[*]}
esetgroups "${ACCT_USER_NAME}" "${groups// /,}"
# comment field can not contain colons
esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
eunlockuser "${ACCT_USER_NAME}"
}
# @FUNCTION: acct-user_pkg_prerm
# @DESCRIPTION:
# Ensures that the user account is locked out when it is removed.
acct-user_pkg_prerm() {
debug-print-function ${FUNCNAME} "${@}"
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
if [[ -z ${REPLACED_BY_VERSION} ]]; then
if [[ -z $(egetent passwd "${ACCT_USER_NAME}") ]]; then
ewarn "User account not found: ${ACCT_USER_NAME}"
ewarn "Locking process will be skipped."
return
fi
esetshell "${ACCT_USER_NAME}" -1
esetcomment "${ACCT_USER_NAME}" \
"$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
elockuser "${ACCT_USER_NAME}"
fi
}
fi
|