- new upgrade release from new upstream
- provide vipw and vigr
This commit is contained in:
parent
1bed265897
commit
0b4d54c804
@ -1,5 +1,3 @@
|
|||||||
shadow-4.0.16.tar.bz2
|
|
||||||
shadow-4.0.16-nscd.c
|
|
||||||
shadow-4.0.17.tar.bz2
|
|
||||||
shadow-4.0.17-login.defs
|
shadow-4.0.17-login.defs
|
||||||
shadow-4.0.18.1.tar.bz2
|
shadow-4.0.18.1-useradd
|
||||||
|
shadow-4.1.0.tar.bz2
|
||||||
|
@ -1,133 +0,0 @@
|
|||||||
--- shadow-4.0.11.1/src/groupadd.c.vipw 2005-07-19 11:50:45.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/groupadd.c 2005-08-04 15:14:58.000000000 +0000
|
|
||||||
@@ -438,6 +451,7 @@
|
|
||||||
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
+ struct stat s;
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
struct passwd *pampw;
|
|
||||||
@@ -492,6 +506,11 @@
|
|
||||||
OPENLOG ("groupadd");
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
|
|
||||||
+ if (stat("/etc/gtmp", &s) == 0) {
|
|
||||||
+ fputs("vigr lockfile (/etc/gtmp) is present.\n", stderr);
|
|
||||||
+ fail_exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
--- shadow-4.0.11.1/src/userdel.c.vipw 2005-08-04 15:16:06.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/userdel.c 2005-08-04 15:18:15.000000000 +0000
|
|
||||||
@@ -577,6 +577,7 @@
|
|
||||||
struct group *grp;
|
|
||||||
int arg;
|
|
||||||
int errors = 0;
|
|
||||||
+ struct stat s;
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
@@ -637,6 +638,11 @@
|
|
||||||
|
|
||||||
OPENLOG ("userdel");
|
|
||||||
|
|
||||||
+ if (stat("/etc/ptmp", &s) == 0) {
|
|
||||||
+ fputs("vipw lockfile (/etc/ptmp) is present.\n", stderr);
|
|
||||||
+ fail_exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
is_shadow_pwd = spw_file_present ();
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
--- shadow-4.0.11.1/src/groupmod.c.vipw 2005-08-04 15:20:09.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/groupmod.c 2005-08-04 15:21:27.000000000 +0000
|
|
||||||
@@ -407,6 +407,7 @@
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
struct group *grp;
|
|
||||||
+ struct stat s;
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
@@ -458,6 +459,11 @@
|
|
||||||
}
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
|
|
||||||
+ if (stat("/etc/gtmp", &s) == 0) {
|
|
||||||
+ fputs("vigr lockfile (/etc/gtmp) is present.\n", stderr);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
OPENLOG ("groupmod");
|
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
--- shadow-4.0.11.1/src/groupdel.c.vipw 2005-08-04 15:22:00.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/groupdel.c 2005-08-04 15:23:10.000000000 +0000
|
|
||||||
@@ -222,6 +222,7 @@
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
struct group *grp;
|
|
||||||
+ struct stat s;
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
@@ -276,6 +277,11 @@
|
|
||||||
}
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
|
|
||||||
+ if (stat("/etc/gtmp", &s) == 0) {
|
|
||||||
+ fputs("vigr lockfile (/etc/gtmp) is present.\n", stderr);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
OPENLOG ("groupdel");
|
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
--- shadow-4.0.11.1/src/usermod.c.vipw 2005-08-04 15:23:30.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/usermod.c 2005-08-04 15:25:31.000000000 +0000
|
|
||||||
@@ -1224,6 +1224,7 @@
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
int grp_err = 0;
|
|
||||||
+ struct stat s;
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
@@ -1245,6 +1246,12 @@
|
|
||||||
user_groups[0] = (char *) 0;
|
|
||||||
|
|
||||||
OPENLOG ("usermod");
|
|
||||||
+
|
|
||||||
+ if (stat("/etc/ptmp", &s) == 0) {
|
|
||||||
+ fputs("vipw lockfile (/etc/ptmp) is present.\n", stderr);
|
|
||||||
+ fail_exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
|
|
||||||
is_shadow_pwd = spw_file_present ();
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
--- shadow-4.0.11.1/src/useradd.c.vipw 2005-08-04 15:25:54.000000000 +0000
|
|
||||||
+++ shadow-4.0.11.1/src/useradd.c 2005-08-04 15:28:42.000000000 +0000
|
|
||||||
@@ -1651,6 +1651,7 @@
|
|
||||||
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
+ struct stat s;
|
|
||||||
#ifdef USE_PAM
|
|
||||||
pam_handle_t *pamh = NULL;
|
|
||||||
struct passwd *pampw;
|
|
||||||
@@ -1669,6 +1670,11 @@
|
|
||||||
|
|
||||||
OPENLOG ("useradd");
|
|
||||||
|
|
||||||
+ if (stat("/etc/ptmp", &s) == 0) {
|
|
||||||
+ fputs("vipw lockfile (/etc/ptmp) is present.\n", stderr);
|
|
||||||
+ fail_exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
|
|
||||||
user_groups = malloc ((1 + sys_ngroups) * sizeof (char *));
|
|
||||||
|
|
@ -1,92 +0,0 @@
|
|||||||
--- shadow-4.0.13/src/newgrp.c.newgrpPwd 2005-09-15 18:44:12.000000000 +0200
|
|
||||||
+++ shadow-4.0.13/src/newgrp.c 2005-10-21 16:02:16.000000000 +0200
|
|
||||||
@@ -333,25 +333,37 @@ int main (int argc, char **argv)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * see if she is a member of this group. If she isn't a member, she
|
|
||||||
- * needs to provide the group password. If there is no group
|
|
||||||
- * password, she will be denied access anyway.
|
|
||||||
- *
|
|
||||||
- */
|
|
||||||
- if (!is_on_list (grp->gr_mem, name))
|
|
||||||
- needspasswd = 1;
|
|
||||||
+ /* Needn't password:
|
|
||||||
+ * - default user's GID = group ID
|
|
||||||
+ * - members of group
|
|
||||||
+ * - root
|
|
||||||
+ * Need password:
|
|
||||||
+ * - all others users
|
|
||||||
+ *
|
|
||||||
+ * -- Karel Zak <kzak@redhat.com> 2004/03/29
|
|
||||||
+ */
|
|
||||||
+ if (getuid ()!=0)
|
|
||||||
+ {
|
|
||||||
+ if (grp->gr_gid==pwd->pw_gid)
|
|
||||||
+ needspasswd = 0;
|
|
||||||
+ else if (is_on_list (grp->gr_mem, name))
|
|
||||||
+ needspasswd = 0;
|
|
||||||
+ else
|
|
||||||
+ needspasswd = 1;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If she does not have either a shadowed password, or a regular
|
|
||||||
* password, and the group has a password, she needs to give the
|
|
||||||
* group password.
|
|
||||||
*/
|
|
||||||
- if ((spwd = getspnam (name)))
|
|
||||||
- pwd->pw_passwd = spwd->sp_pwdp;
|
|
||||||
-
|
|
||||||
- if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
|
|
||||||
- needspasswd = 1;
|
|
||||||
+ if (!needspasswd)
|
|
||||||
+ {
|
|
||||||
+ if ((spwd = getspnam (name)))
|
|
||||||
+ pwd->pw_passwd = spwd->sp_pwdp;
|
|
||||||
+ if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
|
|
||||||
+ needspasswd = 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Now i see about letting her into the group she requested. If she
|
|
||||||
@@ -362,7 +374,21 @@ int main (int argc, char **argv)
|
|
||||||
* Note that she now has to provide the password to her own group,
|
|
||||||
* unless she is listed as a member. -- JWP
|
|
||||||
*/
|
|
||||||
- if (getuid () != 0 && needspasswd) {
|
|
||||||
+ if (needspasswd) {
|
|
||||||
+
|
|
||||||
+ /* note: the original util-linux newgrp didn't ask for pasword if
|
|
||||||
+ * there is no password. It's better directly give up.
|
|
||||||
+ * -- kzak@redhat.com
|
|
||||||
+ */
|
|
||||||
+ if (grp->gr_passwd==NULL || grp->gr_passwd[0] == '\0') {
|
|
||||||
+ /*
|
|
||||||
+ * there is no password, print out "Sorry" and give up
|
|
||||||
+ */
|
|
||||||
+ sleep (1);
|
|
||||||
+ fputs (_("Sorry.\n"), stderr);
|
|
||||||
+ goto failure;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* get the password from her, and set the salt for
|
|
||||||
* the decryption from the group file.
|
|
||||||
@@ -378,15 +404,6 @@ int main (int argc, char **argv)
|
|
||||||
cpasswd = pw_encrypt (cp, grp->gr_passwd);
|
|
||||||
strzero (cp);
|
|
||||||
|
|
||||||
- if (grp->gr_passwd[0] == '\0') {
|
|
||||||
- /*
|
|
||||||
- * there is no password, print out "Sorry" and give up
|
|
||||||
- */
|
|
||||||
- sleep (1);
|
|
||||||
- fputs (_("Sorry.\n"), stderr);
|
|
||||||
- goto failure;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if (strcmp (cpasswd, grp->gr_passwd) != 0) {
|
|
||||||
SYSLOG ((LOG_INFO,
|
|
||||||
"Invalid password for group `%s' from `%s'",
|
|
@ -1,58 +0,0 @@
|
|||||||
--- shadow-4.0.17/man/useradd.8.lOption 2006-11-02 18:23:50.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/man/useradd.8 2006-11-02 18:23:50.000000000 +0100
|
|
||||||
@@ -96,6 +96,9 @@
|
|
||||||
\fB\-m\fR
|
|
||||||
option. The default is to not create the directory and to not copy any files.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-l\fR
|
|
||||||
+Do not add the user to the last login log file. This is an option added by Red Hat.
|
|
||||||
+.TP 3n
|
|
||||||
\fB-n\fR
|
|
||||||
A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
|
|
||||||
.TP 3n
|
|
||||||
--- shadow-4.0.17/src/useradd.c.lOption 2006-11-02 18:23:50.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/useradd.c 2006-11-02 18:26:46.000000000 +0100
|
|
||||||
@@ -124,6 +124,7 @@
|
|
||||||
Gflg = 0, /* secondary group set for new account */
|
|
||||||
kflg = 0, /* specify a directory to fill new user directory */
|
|
||||||
mflg = 0, /* create user's home directory if it doesn't exist */
|
|
||||||
+ lflg = 0, /* do not add user to lastlog database file */
|
|
||||||
Mflg = 0, /* do NOT create user's home directory no matter what */
|
|
||||||
nflg = 0, /* do NOT create a group having the same name as the user */
|
|
||||||
oflg = 0, /* permit non-unique user ID to be specified with -u */
|
|
||||||
@@ -630,6 +631,7 @@
|
|
||||||
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
|
||||||
" -m, --create-home create home directory for the new user\n"
|
|
||||||
" account\n"
|
|
||||||
+ " -l, do not add user to lastlog database file\n"
|
|
||||||
" -M, do not create user's home directory(overrides /etc/login.defs)\n"
|
|
||||||
" -r, create system account\n"
|
|
||||||
" -o, --non-unique allow create user with duplicate\n"
|
|
||||||
@@ -1041,7 +1043,7 @@
|
|
||||||
{NULL, 0, NULL, '\0'}
|
|
||||||
};
|
|
||||||
while ((c =
|
|
||||||
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnrop:s:u:",
|
|
||||||
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'b':
|
|
||||||
@@ -1181,6 +1183,9 @@
|
|
||||||
case 'm':
|
|
||||||
mflg++;
|
|
||||||
break;
|
|
||||||
+ case 'l':
|
|
||||||
+ lflg++;
|
|
||||||
+ break;
|
|
||||||
case 'o':
|
|
||||||
oflg++;
|
|
||||||
break;
|
|
||||||
@@ -1549,7 +1554,7 @@
|
|
||||||
* no user with this UID exists yet (entries for shared UIDs
|
|
||||||
* are left unchanged). --marekm
|
|
||||||
*/
|
|
||||||
- if (!getpwuid (user_id)) {
|
|
||||||
+ if (!getpwuid (user_id) && !lflg) {
|
|
||||||
faillog_reset (user_id);
|
|
||||||
lastlog_reset (user_id);
|
|
||||||
}
|
|
@ -1,15 +0,0 @@
|
|||||||
diff -Nurp shadow-4.0.17.orig/src/useradd.c shadow-4.0.17/src/useradd.c
|
|
||||||
--- shadow-4.0.17.orig/src/useradd.c 2006-10-02 18:25:30.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/useradd.c 2006-10-02 18:25:43.000000000 +0100
|
|
||||||
@@ -1611,6 +1611,10 @@ static void create_home (void)
|
|
||||||
_
|
|
||||||
("%s: cannot create directory %s\n"),
|
|
||||||
Prog, user_home);
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
||||||
+ "adding home directory", user_name, user_id, 0);
|
|
||||||
+#endif
|
|
||||||
fail_exit (E_HOMEDIR);
|
|
||||||
}
|
|
||||||
chown (user_home, user_id, user_gid);
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
--- shadow-4.0.17/man/groupdel.8.exitValues 2006-10-04 22:40:59.000000000 +0200
|
|
||||||
+++ shadow-4.0.17/man/groupdel.8 2006-10-04 22:43:51.000000000 +0200
|
|
||||||
@@ -45,6 +45,9 @@
|
|
||||||
\fI2\fR
|
|
||||||
invalid command syntax
|
|
||||||
.TP 3n
|
|
||||||
+\fI6\fR
|
|
||||||
+specified group doesn’t exist
|
|
||||||
+.TP 3n
|
|
||||||
\fI8\fR
|
|
||||||
can't remove user's primary group
|
|
||||||
.TP 3n
|
|
@ -1,13 +0,0 @@
|
|||||||
--- shadow-4.0.17/lib/commonio.c.fdInherit 2006-08-04 10:56:52.000000000 +0200
|
|
||||||
+++ shadow-4.0.17/lib/commonio.c 2006-08-04 11:00:05.000000000 +0200
|
|
||||||
@@ -457,6 +457,10 @@
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* not not inherit fd */
|
|
||||||
+ fcntl(fileno(db->fp), F_SETFD, FD_CLOEXEC);
|
|
||||||
+
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
db->scontext = NULL;
|
|
||||||
if ((is_selinux_enabled () > 0) && (!db->readonly)) {
|
|
@ -1,11 +0,0 @@
|
|||||||
--- shadow-4.0.18.1/src/usermod.c.appendOption 2007-01-14 14:04:29.000000000 +0100
|
|
||||||
+++ shadow-4.0.18.1/src/usermod.c 2007-01-14 14:05:04.000000000 +0100
|
|
||||||
@@ -905,7 +905,7 @@
|
|
||||||
*/
|
|
||||||
int c;
|
|
||||||
static struct option long_options[] = {
|
|
||||||
- {"append", required_argument, NULL, 'a'},
|
|
||||||
+ {"append", no_argument, NULL, 'a'},
|
|
||||||
{"comment", required_argument, NULL, 'c'},
|
|
||||||
{"home", required_argument, NULL, 'd'},
|
|
||||||
{"expiredate", required_argument, NULL, 'e'},
|
|
@ -1,32 +0,0 @@
|
|||||||
--- shadow-4.0.18.1/src/useradd.c.gid 2006-11-04 14:09:53.000000000 +0100
|
|
||||||
+++ shadow-4.0.18.1/src/useradd.c 2006-11-04 14:15:09.000000000 +0100
|
|
||||||
@@ -207,11 +207,8 @@
|
|
||||||
char *errptr;
|
|
||||||
|
|
||||||
gid = strtol (grname, &errptr, 10);
|
|
||||||
- if (*errptr || errno == ERANGE || gid < 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: invalid numeric argument '%s'\n"), Prog, grname);
|
|
||||||
- exit (E_BAD_ARG);
|
|
||||||
- }
|
|
||||||
+ if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0)
|
|
||||||
+ return getgrgid (gid);
|
|
||||||
return getgrnam (grname);
|
|
||||||
}
|
|
||||||
|
|
||||||
--- shadow-4.0.18.1/src/usermod.c.gid 2006-11-04 14:15:23.000000000 +0100
|
|
||||||
+++ shadow-4.0.18.1/src/usermod.c 2006-11-04 14:16:42.000000000 +0100
|
|
||||||
@@ -166,11 +166,8 @@
|
|
||||||
char *errptr;
|
|
||||||
|
|
||||||
val = strtol (grname, &errptr, 10);
|
|
||||||
- if (*errptr || errno == ERANGE || val < 0) {
|
|
||||||
- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog,
|
|
||||||
- grname);
|
|
||||||
- exit (E_BAD_ARG);
|
|
||||||
- }
|
|
||||||
+ if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && val >= 0)
|
|
||||||
+ return getgrgid (val);
|
|
||||||
return getgrnam (grname);
|
|
||||||
}
|
|
||||||
|
|
@ -1,178 +0,0 @@
|
|||||||
--- shadow-4.0.18.1/src/usermod.c.groupLoop 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/src/usermod.c 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -628,7 +628,7 @@
|
|
||||||
continue;
|
|
||||||
|
|
||||||
changed = 0;
|
|
||||||
- if (!gr_update (ngrp)) {
|
|
||||||
+ if (!gr_update_entry (grp, ngrp)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error adding new group entry\n"), Prog);
|
|
||||||
SYSLOG ((LOG_ERR, "error adding group entry"));
|
|
||||||
@@ -770,7 +770,7 @@
|
|
||||||
/*
|
|
||||||
* Update the group entry to reflect the changes.
|
|
||||||
*/
|
|
||||||
- if (!sgr_update (nsgrp)) {
|
|
||||||
+ if (!sgr_update_entry (sgrp, nsgrp)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error adding new group entry\n"), Prog);
|
|
||||||
SYSLOG ((LOG_ERR, "error adding shadow group entry"));
|
|
||||||
--- shadow-4.0.18.1/src/userdel.c.groupLoop 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/src/userdel.c 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -153,7 +153,7 @@
|
|
||||||
exit (13); /* XXX */
|
|
||||||
}
|
|
||||||
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
|
|
||||||
- if (!gr_update (ngrp))
|
|
||||||
+ if (!gr_update_entry (grp, ngrp))
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error updating group entry\n"), Prog);
|
|
||||||
|
|
||||||
@@ -252,7 +252,7 @@
|
|
||||||
if (was_admin)
|
|
||||||
nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
|
|
||||||
|
|
||||||
- if (!sgr_update (nsgrp))
|
|
||||||
+ if (!sgr_update_entry (sgrp, nsgrp))
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error updating group entry\n"), Prog);
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
--- shadow-4.0.18.1/src/useradd.c.groupLoop 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/src/useradd.c 2007-05-25 11:54:28.000000000 +0200
|
|
||||||
@@ -727,30 +727,6 @@
|
|
||||||
struct sgrp *nsgrp;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Test for unique entries of user_groups in /etc/group
|
|
||||||
- * pvrabec@redhat.com
|
|
||||||
- */
|
|
||||||
- char **user_groups_tmp = user_groups;
|
|
||||||
-
|
|
||||||
- while (*user_groups_tmp) {
|
|
||||||
- int count = 0;
|
|
||||||
-
|
|
||||||
- for (gr_rewind (), grp = gr_next (); grp && count < 2;
|
|
||||||
- grp = gr_next ()) {
|
|
||||||
- if (strcmp (*user_groups_tmp, grp->gr_name) == 0) {
|
|
||||||
- count++;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- if (count > 1) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- "%s: error not unique group names in group file\n",
|
|
||||||
- Prog);
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
- user_groups_tmp++;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/* Locking and opening of the group files moved to open_files() --gafton */
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -780,7 +756,7 @@
|
|
||||||
* update the group entry to reflect the change.
|
|
||||||
*/
|
|
||||||
ngrp->gr_mem = add_list (ngrp->gr_mem, user_name);
|
|
||||||
- if (!gr_update (ngrp)) {
|
|
||||||
+ if (!gr_update_entry (grp, ngrp)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error adding new group entry\n"), Prog);
|
|
||||||
fail_exit (E_GRP_UPDATE);
|
|
||||||
@@ -828,7 +804,7 @@
|
|
||||||
* update the group entry to reflect the change.
|
|
||||||
*/
|
|
||||||
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name);
|
|
||||||
- if (!sgr_update (nsgrp)) {
|
|
||||||
+ if (!sgr_update_entry (sgrp, nsgrp)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: error adding new group entry\n"), Prog);
|
|
||||||
fail_exit (E_GRP_UPDATE);
|
|
||||||
--- shadow-4.0.18.1/lib/sgroupio.c.groupLoop 2005-08-31 19:24:56.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/sgroupio.c 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -146,6 +146,13 @@
|
|
||||||
return commonio_update (&gshadow_db, (const void *) sg);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int sgr_update_entry(const struct sgrp *oldgr, const struct sgrp *newgr)
|
|
||||||
+{
|
|
||||||
+ return commonio_update_entry(&gshadow_db, (const void *) oldgr,
|
|
||||||
+ (const void *) newgr);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
int sgr_remove (const char *name)
|
|
||||||
{
|
|
||||||
return commonio_remove (&gshadow_db, name);
|
|
||||||
--- shadow-4.0.18.1/lib/groupio.c.groupLoop 2005-08-31 19:24:56.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/groupio.c 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -128,6 +128,12 @@
|
|
||||||
return commonio_remove (&group_db, name);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int gr_update_entry(const struct group *oldgr, const struct group *newgr)
|
|
||||||
+{
|
|
||||||
+ return commonio_update_entry(&group_db, (const void *) oldgr,
|
|
||||||
+ (const void *) newgr);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int gr_rewind (void)
|
|
||||||
{
|
|
||||||
return commonio_rewind (&group_db);
|
|
||||||
--- shadow-4.0.18.1/lib/sgroupio.h.groupLoop 2005-03-31 07:14:49.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/sgroupio.h 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -11,4 +11,5 @@
|
|
||||||
extern int sgr_rewind (void);
|
|
||||||
extern int sgr_unlock (void);
|
|
||||||
extern int sgr_update (const struct sgrp *);
|
|
||||||
+extern int sgr_update_entry(const struct sgrp *oldgr, const struct sgrp *newgr);
|
|
||||||
extern int sgr_sort (void);
|
|
||||||
--- shadow-4.0.18.1/lib/commonio.c.groupLoop 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/commonio.c 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -826,6 +826,36 @@
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int commonio_update_entry(struct commonio_db *db, const void *oldgr,
|
|
||||||
+ const void *newgr)
|
|
||||||
+{
|
|
||||||
+ struct commonio_entry *tmp;
|
|
||||||
+
|
|
||||||
+ if (!db->isopen || db->readonly) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ tmp = db->head;
|
|
||||||
+ while (tmp != NULL) {
|
|
||||||
+ if (oldgr == tmp->eptr)
|
|
||||||
+ break;
|
|
||||||
+ tmp = tmp->next;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Didn't find this in the database; hop out */
|
|
||||||
+ if (tmp == NULL)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ tmp->eptr = db->ops->dup(newgr);
|
|
||||||
+ if (tmp->eptr == NULL)
|
|
||||||
+ return 1;
|
|
||||||
+ tmp->changed = 1;
|
|
||||||
+
|
|
||||||
+ db->changed = 1;
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
|
|
||||||
void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p)
|
|
||||||
{
|
|
||||||
--- shadow-4.0.18.1/lib/groupio.h.groupLoop 2005-03-31 07:14:49.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/groupio.h 2007-05-25 11:51:33.000000000 +0200
|
|
||||||
@@ -10,4 +10,6 @@
|
|
||||||
extern int gr_rewind (void);
|
|
||||||
extern int gr_unlock (void);
|
|
||||||
extern int gr_update (const struct group *);
|
|
||||||
+extern int gr_update_entry(const struct group *oldgr, const struct group *newgr);
|
|
||||||
extern int gr_sort (void);
|
|
||||||
+
|
|
@ -1,36 +0,0 @@
|
|||||||
--- shadow-4.0.17/src/chpasswd.c.overflow 2006-11-08 11:09:32.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/chpasswd.c 2006-11-08 13:13:15.000000000 +0100
|
|
||||||
@@ -239,9 +239,13 @@
|
|
||||||
newpwd = cp;
|
|
||||||
if (!eflg) {
|
|
||||||
if (md5flg) {
|
|
||||||
- char salt[12] = "$1$";
|
|
||||||
+ char tmp[12];
|
|
||||||
+ char salt[15] = "\0";
|
|
||||||
|
|
||||||
- strcat (salt, crypt_make_salt ());
|
|
||||||
+ strcpy( tmp, crypt_make_salt ());
|
|
||||||
+ if( !strncmp( tmp, "$1$", 3) )
|
|
||||||
+ strcat( salt, "$1$");
|
|
||||||
+ strcat( salt, tmp);
|
|
||||||
cp = pw_encrypt (newpwd, salt);
|
|
||||||
} else
|
|
||||||
cp = pw_encrypt (newpwd, crypt_make_salt ());
|
|
||||||
--- shadow-4.0.17/src/chgpasswd.c.overflow 2006-11-08 13:13:40.000000000 +0100
|
|
||||||
+++ shadow-4.0.17/src/chgpasswd.c 2006-11-08 13:17:24.000000000 +0100
|
|
||||||
@@ -243,9 +243,13 @@
|
|
||||||
newpwd = cp;
|
|
||||||
if (!eflg) {
|
|
||||||
if (md5flg) {
|
|
||||||
- char salt[12] = "$1$";
|
|
||||||
+ char tmp[12];
|
|
||||||
+ char salt[15] = "\0";
|
|
||||||
|
|
||||||
- strcat (salt, crypt_make_salt ());
|
|
||||||
+ strcpy( tmp, crypt_make_salt ());
|
|
||||||
+ if( !strncmp( tmp, "$1$", 3) )
|
|
||||||
+ strcat( salt, "$1$");
|
|
||||||
+ strcat( salt, tmp);
|
|
||||||
cp = pw_encrypt (newpwd, salt);
|
|
||||||
} else
|
|
||||||
cp = pw_encrypt (newpwd, crypt_make_salt ());
|
|
@ -1,9 +0,0 @@
|
|||||||
# useradd defaults file
|
|
||||||
GROUP=100
|
|
||||||
HOME=/home
|
|
||||||
INACTIVE=-1
|
|
||||||
EXPIRE=
|
|
||||||
SHELL=/bin/bash
|
|
||||||
SKEL=/etc/skel
|
|
||||||
CREATE_MAIL_SPOOL=yes
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
|||||||
--- shadow-4.0.18.1/libmisc/chkname.c.goodname 2005-08-31 19:24:57.000000000 +0200
|
diff -up shadow-4.1.0/libmisc/chkname.c.goodname shadow-4.1.0/libmisc/chkname.c
|
||||||
+++ shadow-4.0.18.1/libmisc/chkname.c 2007-06-26 16:20:40.000000000 +0200
|
--- shadow-4.1.0/libmisc/chkname.c.goodname 2007-11-11 00:45:59.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/libmisc/chkname.c 2007-12-12 13:57:20.000000000 +0100
|
||||||
@@ -18,16 +18,24 @@
|
@@ -18,16 +18,24 @@
|
||||||
static int good_name (const char *name)
|
static int good_name (const char *name)
|
||||||
{
|
{
|
||||||
@ -32,7 +33,7 @@
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -43,10 +51,9 @@
|
@@ -43,10 +51,9 @@ int check_user_name (const char *name)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -45,7 +46,7 @@
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return good_name (name);
|
return good_name (name);
|
||||||
@@ -54,11 +61,13 @@
|
@@ -54,11 +61,13 @@ int check_user_name (const char *name)
|
||||||
|
|
||||||
int check_group_name (const char *name)
|
int check_group_name (const char *name)
|
||||||
{
|
{
|
||||||
@ -64,33 +65,29 @@
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return good_name (name);
|
return good_name (name);
|
||||||
--- shadow-4.0.18.1/man/groupadd.8.goodname 2007-06-26 16:20:40.000000000 +0200
|
diff -up shadow-4.1.0/man/groupadd.8.goodname shadow-4.1.0/man/groupadd.8
|
||||||
+++ shadow-4.0.18.1/man/groupadd.8 2007-06-26 16:22:05.000000000 +0200
|
--- shadow-4.1.0/man/groupadd.8.goodname 2007-12-12 13:51:43.000000000 +0100
|
||||||
@@ -73,15 +73,11 @@
|
+++ shadow-4.1.0/man/groupadd.8 2007-12-12 14:00:29.000000000 +0100
|
||||||
Shadow password suite configuration.
|
@@ -126,9 +126,7 @@ Shadow password suite configuration\.
|
||||||
|
.RE
|
||||||
.SH "CAVEATS"
|
.SH "CAVEATS"
|
||||||
.PP
|
.PP
|
||||||
-Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
|
-Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
|
||||||
-.PP
|
-.PP
|
||||||
-Groupnames may only be up to 16 characters long.
|
-Groupnames may only be up to 16 characters long\.
|
||||||
+Groupnames may only be up to 32 characters long.
|
+Groupnames may only be up to 32 characters long\.
|
||||||
.PP
|
.PP
|
||||||
If the groupname already exists in an external group database such as NIS,
|
You may not add a NIS or LDAP group\. This must be performed on the corresponding server\.
|
||||||
\fBgroupadd\fR
|
|
||||||
will deny the group creation request.
|
|
||||||
-.PP
|
|
||||||
-Groupnames may only be up to 16 characters long.
|
|
||||||
.SH "EXIT VALUES"
|
|
||||||
.PP
|
.PP
|
||||||
The
|
diff -up shadow-4.1.0/man/useradd.8.goodname shadow-4.1.0/man/useradd.8
|
||||||
--- shadow-4.0.18.1/man/useradd.8.goodname 2007-06-26 16:20:40.000000000 +0200
|
--- shadow-4.1.0/man/useradd.8.goodname 2007-12-12 13:51:43.000000000 +0100
|
||||||
+++ shadow-4.0.18.1/man/useradd.8 2007-06-26 16:20:40.000000000 +0200
|
+++ shadow-4.1.0/man/useradd.8 2007-12-12 14:01:36.000000000 +0100
|
||||||
@@ -179,8 +179,6 @@
|
@@ -242,8 +242,6 @@ You may not add a user to a NIS or LDAP
|
||||||
Similarly, if the username already exists in an external user database such as NIS,
|
Similarly, if the username already exists in an external user database such as NIS or LDAP,
|
||||||
\fBuseradd\fR
|
\fBuseradd\fR
|
||||||
will deny the user account creation request.
|
will deny the user account creation request\.
|
||||||
-.PP
|
-.PP
|
||||||
-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
|
-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
|
||||||
.SH "FILES"
|
.SH "CONFIGURATION"
|
||||||
.TP 3n
|
.PP
|
||||||
\fI/etc/passwd\fR
|
The following configuration variables in
|
66
shadow-4.1.0-lOption.patch
Normal file
66
shadow-4.1.0-lOption.patch
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
diff -up shadow-4.1.0/src/useradd.c.lOption shadow-4.1.0/src/useradd.c
|
||||||
|
--- shadow-4.1.0/src/useradd.c.lOption 2007-12-12 14:03:22.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/src/useradd.c 2007-12-12 14:08:43.000000000 +0100
|
||||||
|
@@ -124,6 +124,7 @@ static int
|
||||||
|
Gflg = 0, /* secondary group set for new account */
|
||||||
|
kflg = 0, /* specify a directory to fill new user directory */
|
||||||
|
mflg = 0, /* create user's home directory if it doesn't exist */
|
||||||
|
+ lflg = 0, /* do not add user to lastlog database file */
|
||||||
|
Mflg = 0, /* do NOT create user's home directory no matter what */
|
||||||
|
nflg = 0, /* do NOT create a group having the same name as the user */
|
||||||
|
oflg = 0, /* permit non-unique user ID to be specified with -u */
|
||||||
|
@@ -634,8 +635,9 @@ static void usage (void)
|
||||||
|
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
||||||
|
" -m, --create-home create home directory for the new user\n"
|
||||||
|
" account\n"
|
||||||
|
- " -M, do not create user's home directory(overrides /etc/login.defs)\n"
|
||||||
|
- " -r, create system account\n"
|
||||||
|
+ " -l, do not add user to lastlog database file\n"
|
||||||
|
+ " -M, do not create user's home directory(overrides /etc/login.defs)\n"
|
||||||
|
+ " -r, create system account\n"
|
||||||
|
" -o, --non-unique allow create user with duplicate\n"
|
||||||
|
" (non-unique) UID\n"
|
||||||
|
" -p, --password PASSWORD use encrypted password for the new user\n"
|
||||||
|
@@ -1032,7 +1034,7 @@ static void process_flags (int argc, cha
|
||||||
|
{NULL, 0, NULL, '\0'}
|
||||||
|
};
|
||||||
|
while ((c =
|
||||||
|
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnrop:s:u:",
|
||||||
|
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
||||||
|
long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'b':
|
||||||
|
@@ -1169,6 +1171,9 @@ static void process_flags (int argc, cha
|
||||||
|
case 'm':
|
||||||
|
mflg++;
|
||||||
|
break;
|
||||||
|
+ case 'l':
|
||||||
|
+ lflg++;
|
||||||
|
+ break;
|
||||||
|
case 'o':
|
||||||
|
oflg++;
|
||||||
|
break;
|
||||||
|
@@ -1538,7 +1543,7 @@ static void usr_update (void)
|
||||||
|
* are left unchanged). --marekm
|
||||||
|
*/
|
||||||
|
/* local, no need for xgetpwuid */
|
||||||
|
- if (!getpwuid (user_id)) {
|
||||||
|
+ if (!getpwuid (user_id) && !lflg) {
|
||||||
|
faillog_reset (user_id);
|
||||||
|
lastlog_reset (user_id);
|
||||||
|
}
|
||||||
|
diff -up shadow-4.1.0/man/useradd.8.lOption shadow-4.1.0/man/useradd.8
|
||||||
|
--- shadow-4.1.0/man/useradd.8.lOption 2007-12-12 14:03:22.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/man/useradd.8 2007-12-12 14:06:31.000000000 +0100
|
||||||
|
@@ -53,6 +53,11 @@ option is not used,
|
||||||
|
must exist\.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
+\fB-l\fR
|
||||||
|
+.RS 4
|
||||||
|
+Do not add the user to the last login log file. This is an option added by Red Hat.
|
||||||
|
+.RE
|
||||||
|
+.PP
|
||||||
|
\fB\-D\fR
|
||||||
|
.RS 4
|
||||||
|
See below, the subsection "Changing the default values"\.
|
@ -1,122 +1,218 @@
|
|||||||
--- shadow-4.0.18.1/man/newusers.8.redhat 2006-07-30 22:54:08.000000000 +0200
|
diff -up shadow-4.1.0/src/useradd.c.redhat shadow-4.1.0/src/useradd.c
|
||||||
+++ shadow-4.0.18.1/man/newusers.8 2007-11-29 15:08:49.000000000 +0100
|
--- shadow-4.1.0/src/useradd.c.redhat 2007-12-09 23:43:09.000000000 +0100
|
||||||
@@ -35,6 +35,8 @@ This field may be the name of an existin
|
+++ shadow-4.1.0/src/useradd.c 2007-12-12 12:19:34.000000000 +0100
|
||||||
This field will be checked for existence as a directory and a new directory with the same name will be created if it does not already exist. The ownership of the directory will be set to be that of the user being created or updated.
|
@@ -81,7 +81,7 @@
|
||||||
.PP
|
static gid_t def_group = 100;
|
||||||
This command is intended to be used in a large system environment where many accounts are updated at a single time.
|
static const char *def_gname = "other";
|
||||||
+.PP
|
static const char *def_home = "/home";
|
||||||
+Default encryption algorithm is DES, but this setting can be changed in \fI/etc/login.defs\fR. Red Hat uses MD5 to encrypt passwords by default.
|
-static const char *def_shell = "";
|
||||||
.SH "CAVEATS"
|
+static const char *def_shell = "/sbin/nologin";
|
||||||
.PP
|
static const char *def_template = SKEL_DIR;
|
||||||
The input file must be protected since it contains unencrypted passwords.
|
static const char *def_create_mail_spool = "no";
|
||||||
--- shadow-4.0.18.1/man/useradd.8.redhat 2006-07-30 22:54:26.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/man/useradd.8 2007-11-29 15:08:49.000000000 +0100
|
|
||||||
@@ -25,7 +25,7 @@ When invoked without the
|
|
||||||
\fB\-D\fR
|
|
||||||
option, the
|
|
||||||
\fBuseradd\fR
|
|
||||||
-command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.
|
|
||||||
+command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. The version provided with Red Hat Linux will create a group for each user added to the system by default.
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.PP
|
|
||||||
The options which apply to the
|
|
||||||
@@ -65,7 +65,7 @@ The date on which the user account will
|
|
||||||
The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature. The default value is \-1.
|
|
||||||
.TP 3n
|
|
||||||
\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
|
|
||||||
-The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is 1 or whatever is specified in
|
|
||||||
+The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group.
|
|
||||||
\fI/etc/default/useradd\fR.
|
|
||||||
.TP 3n
|
|
||||||
\fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,...\fR[\fI,GROUPN\fR]]]
|
|
||||||
@@ -76,6 +76,9 @@ option. The default is for the user to b
|
|
||||||
\fB\-h\fR, \fB\-\-help\fR
|
|
||||||
Display help message and exit.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-M\fR
|
|
||||||
+The user's home directory will not be created, even if the system wide settings from \fI/etc/login.defs\fR is to create home dirs.
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-m\fR, \fB\-\-create\-home\fR
|
|
||||||
The user's home directory will be created if it does not exist. The files contained in
|
|
||||||
\fISKEL_DIR\fR
|
|
||||||
@@ -93,6 +96,9 @@ option is only valid in conjunction with
|
|
||||||
\fB\-m\fR
|
|
||||||
option. The default is to not create the directory and to not copy any files.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-n\fR
|
|
||||||
+A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-K\fR, \fB\-\-key\fR \fIKEY\fR=\fIVALUE\fR
|
|
||||||
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
|
|
||||||
|
|
||||||
@@ -118,6 +124,9 @@ Allow the creation of a user account wit
|
@@ -93,7 +93,7 @@ static char def_file[] = USER_DEFAULTS_F
|
||||||
The encrypted password, as returned by
|
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||||
\fBcrypt\fR(3). The default is to disable the account.
|
|
||||||
.TP 3n
|
|
||||||
+\fB-r\fR
|
|
||||||
+This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in \fI/etc/login.defs\fR and whose password does not expire. Note that \fBuseradd\fR will not create a home directory for such an user, regardless of the default setting in \fI/etc/login.defs\fR. You have to specify \fB-m\fR option if you want a home directory for a system account to be created. This is an option added by Red Hat
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
|
|
||||||
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
|
|
||||||
.TP 3n
|
|
||||||
@@ -161,6 +170,8 @@ displays the current default values.
|
|
||||||
The system administrator is responsible for placing the default user files in the
|
|
||||||
\fI/etc/skel/\fR
|
|
||||||
directory.
|
|
||||||
+.br
|
|
||||||
+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions.
|
|
||||||
.SH "CAVEATS"
|
|
||||||
.PP
|
|
||||||
You may not add a user to a NIS group. This must be performed on the NIS server.
|
|
||||||
@@ -181,6 +192,9 @@ Secure user account information.
|
|
||||||
\fI/etc/group\fR
|
|
||||||
Group account information.
|
|
||||||
.TP 3n
|
|
||||||
+\fI/etc/gshadow\fR
|
|
||||||
+Secure group account information.
|
|
||||||
+.TP 3n
|
|
||||||
\fI/etc/default/useradd\fR
|
|
||||||
Default values for account creation.
|
|
||||||
.TP 3n
|
|
||||||
--- shadow-4.0.18.1/man/groupadd.8.redhat 2006-07-30 22:53:48.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/man/groupadd.8 2007-11-29 15:08:49.000000000 +0100
|
|
||||||
@@ -14,7 +14,7 @@
|
|
||||||
groupadd \- create a new group
|
|
||||||
.SH "SYNOPSIS"
|
|
||||||
.HP 9
|
|
||||||
-\fBgroupadd\fR [\-g\ \fIGID\fR\ [\-o]] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
|
|
||||||
+\fBgroupadd\fR [\-g\ \fIgid\fR\ [\-o]] [\-r] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
|
|
||||||
.SH "DESCRIPTION"
|
|
||||||
.PP
|
|
||||||
The
|
|
||||||
@@ -32,10 +32,13 @@ This option causes to just exit with suc
|
|
||||||
\fB\-g\fR
|
|
||||||
is turned off).
|
|
||||||
.TP 3n
|
|
||||||
+\fB-r\fR
|
|
||||||
+This flag instructs \fBgroupadd\fR to add a system account. The first available \fIgid\fR lower than 499 will be automatically selected unless the \fB-g\fR option is also given on the command line. This is an option added by Red Hat.
|
|
||||||
+.TP 3n
|
|
||||||
\fB\-g\fR \fIGID\fR
|
|
||||||
The numerical value of the group's ID. This value must be unique, unless the
|
|
||||||
\fB\-o\fR
|
|
||||||
-option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. Values between 0 and 999 are typically reserved for system accounts.
|
|
||||||
+option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 500 and greater than every other group. Values between 0 and 499 are typically reserved for system accounts.
|
|
||||||
.TP 3n
|
|
||||||
\fB\-h\fR, \fB\-\-help\fR
|
|
||||||
Display help message and exit.
|
|
||||||
--- shadow-4.0.18.1/man/chpasswd.8.redhat 2006-07-30 22:53:40.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/man/chpasswd.8 2007-11-29 15:08:49.000000000 +0100
|
|
||||||
@@ -24,7 +24,7 @@ reads a list of user name and password p
|
|
||||||
|
|
||||||
\fIuser_name\fR:\fIpassword\fR
|
static const char *user_name = "";
|
||||||
.PP
|
-static const char *user_pass = "!";
|
||||||
-By default the supplied password must be in clear\-text. Default encryption algorithm is DES. Also the password age will be updated, if present.
|
+static const char *user_pass = "!!";
|
||||||
+By default the supplied password must be in clear\-text. Default encryption algorithm is DES, but this setting can be changed in \fI/etc/login.defs\fR. Red Hat uses MD5 to encrypt passwords by default. Also the password age will be updated, if present.
|
static uid_t user_id;
|
||||||
.PP
|
static gid_t user_gid;
|
||||||
This command is intended to be used in a large system environment where many accounts are created at a single time.
|
static const char *user_comment = "";
|
||||||
.SH "OPTIONS"
|
@@ -124,8 +124,10 @@ static int
|
||||||
--- shadow-4.0.18.1/src/groupadd.c.redhat 2006-07-28 19:38:52.000000000 +0200
|
Gflg = 0, /* secondary group set for new account */
|
||||||
+++ shadow-4.0.18.1/src/groupadd.c 2007-11-29 15:08:49.000000000 +0100
|
kflg = 0, /* specify a directory to fill new user directory */
|
||||||
|
mflg = 0, /* create user's home directory if it doesn't exist */
|
||||||
|
- nflg = 0, /* create a group having the same name as the user */
|
||||||
|
+ Mflg = 0, /* do NOT create user's home directory no matter what */
|
||||||
|
+ nflg = 0, /* do NOT create a group having the same name as the user */
|
||||||
|
oflg = 0, /* permit non-unique user ID to be specified with -u */
|
||||||
|
+ rflg = 0, /* create a system account */
|
||||||
|
sflg = 0, /* shell program for new account */
|
||||||
|
uflg = 0; /* specify user ID for new account */
|
||||||
|
|
||||||
|
@@ -632,6 +634,8 @@ static void usage (void)
|
||||||
|
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
||||||
|
" -m, --create-home create home directory for the new user\n"
|
||||||
|
" account\n"
|
||||||
|
+ " -M, do not create user's home directory(overrides /etc/login.defs)\n"
|
||||||
|
+ " -r, create system account\n"
|
||||||
|
" -o, --non-unique allow create user with duplicate\n"
|
||||||
|
" (non-unique) UID\n"
|
||||||
|
" -p, --password PASSWORD use encrypted password for the new user\n"
|
||||||
|
@@ -684,11 +688,20 @@ static void new_spent (struct spwd *spen
|
||||||
|
spent->sp_namp = (char *) user_name;
|
||||||
|
spent->sp_pwdp = (char *) user_pass;
|
||||||
|
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
|
||||||
|
- spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
||||||
|
- spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
||||||
|
- spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
|
||||||
|
- spent->sp_inact = scale_age (def_inactive);
|
||||||
|
- spent->sp_expire = scale_age (user_expire);
|
||||||
|
+ if (!rflg) {
|
||||||
|
+ spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
||||||
|
+ spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
||||||
|
+ spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
|
||||||
|
+ spent->sp_inact = scale_age (def_inactive);
|
||||||
|
+ spent->sp_expire = scale_age (user_expire);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ spent->sp_min = scale_age(-1);
|
||||||
|
+ spent->sp_max = scale_age(-1);
|
||||||
|
+ spent->sp_warn = scale_age(-1);
|
||||||
|
+ spent->sp_inact = scale_age(-1);
|
||||||
|
+ spent->sp_expire = scale_age(-1);
|
||||||
|
+ }
|
||||||
|
spent->sp_flag = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -821,8 +834,14 @@ static void find_new_uid (void)
|
||||||
|
const struct passwd *pwd;
|
||||||
|
uid_t uid_min, uid_max;
|
||||||
|
|
||||||
|
- uid_min = getdef_unum ("UID_MIN", 1000);
|
||||||
|
- uid_max = getdef_unum ("UID_MAX", 60000);
|
||||||
|
+ if (!rflg) {
|
||||||
|
+ uid_min = getdef_unum ("UID_MIN", 500);
|
||||||
|
+ uid_max = getdef_unum ("UID_MAX", 60000);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ uid_min = 1;
|
||||||
|
+ uid_max = getdef_unum ("UID_MIN", 500) - 1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Start with some UID value if the user didn't provide us with
|
||||||
|
@@ -852,7 +871,7 @@ static void find_new_uid (void)
|
||||||
|
#endif
|
||||||
|
exit (E_NAME_IN_USE);
|
||||||
|
}
|
||||||
|
- if (uflg && user_id == pwd->pw_uid) {
|
||||||
|
+ if (!oflg && uflg && user_id == pwd->pw_uid) {
|
||||||
|
fprintf (stderr, _("%s: UID %u is not unique\n"),
|
||||||
|
Prog, (unsigned int) user_id);
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
@@ -908,8 +927,13 @@ static void find_new_gid ()
|
||||||
|
const struct group *grp;
|
||||||
|
gid_t gid_min, gid_max;
|
||||||
|
|
||||||
|
- gid_min = getdef_num ("GID_MIN", 500);
|
||||||
|
- gid_max = getdef_num ("GID_MAX", 60000);
|
||||||
|
+ if (!rflg) {
|
||||||
|
+ gid_min = getdef_unum ("GID_MIN", 500);
|
||||||
|
+ gid_max = getdef_unum ("GID_MAX", 60000);
|
||||||
|
+ } else {
|
||||||
|
+ gid_min = 1;
|
||||||
|
+ gid_max = getdef_unum ("GID_MIN", 500) - 1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Start with some GID value if the user didn't provide us with
|
||||||
|
@@ -1008,7 +1032,7 @@ static void process_flags (int argc, cha
|
||||||
|
{NULL, 0, NULL, '\0'}
|
||||||
|
};
|
||||||
|
while ((c =
|
||||||
|
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
|
||||||
|
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnrop:s:u:",
|
||||||
|
long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'b':
|
||||||
|
@@ -1177,6 +1201,15 @@ static void process_flags (int argc, cha
|
||||||
|
user_id = get_uid (optarg);
|
||||||
|
uflg++;
|
||||||
|
break;
|
||||||
|
+ case 'n':
|
||||||
|
+ nflg++;
|
||||||
|
+ break;
|
||||||
|
+ case 'r':
|
||||||
|
+ rflg++;
|
||||||
|
+ break;
|
||||||
|
+ case 'M':
|
||||||
|
+ Mflg++;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
usage ();
|
||||||
|
}
|
||||||
|
@@ -1184,6 +1217,9 @@ static void process_flags (int argc, cha
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (mflg && Mflg) /* the admin is not decided .. create or not ? */
|
||||||
|
+ usage();
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Certain options are only valid in combination with others.
|
||||||
|
* Check it here so that they can be specified in any order.
|
||||||
|
@@ -1698,6 +1734,14 @@ int main (int argc, char **argv)
|
||||||
|
}
|
||||||
|
#endif /* USE_PAM */
|
||||||
|
|
||||||
|
+ if (!rflg) /* for system accounts defaults are ignored and we
|
||||||
|
+ * do not create a home dir -- gafton */
|
||||||
|
+ if (getdef_bool("CREATE_HOME"))
|
||||||
|
+ mflg = 1;
|
||||||
|
+
|
||||||
|
+ if (Mflg) /* absolutely sure that we do not create home dirs */
|
||||||
|
+ mflg = 0;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* See if we are messing with the defaults file, or creating
|
||||||
|
* a new user.
|
||||||
|
@@ -1728,7 +1772,7 @@ int main (int argc, char **argv)
|
||||||
|
* to that group, use useradd -g username username.
|
||||||
|
* --bero
|
||||||
|
*/
|
||||||
|
- if (!gflg) {
|
||||||
|
+ if ( !(nflg || gflg) ) {
|
||||||
|
if (getgrnam (user_name)) { /* local, no need for xgetgrnam */
|
||||||
|
fprintf (stderr,
|
||||||
|
_
|
||||||
|
@@ -1779,27 +1823,22 @@ int main (int argc, char **argv)
|
||||||
|
("%s: warning: the home directory already exists.\n"
|
||||||
|
"Not copying any file from skel directory into it.\n"),
|
||||||
|
Prog);
|
||||||
|
-
|
||||||
|
- } else if (getdef_str ("CREATE_HOME")) {
|
||||||
|
- /*
|
||||||
|
- * RedHat added the CREATE_HOME option in login.defs in their
|
||||||
|
- * version of shadow-utils (which makes -m the default, with
|
||||||
|
- * new -M option to turn it off). Unfortunately, this
|
||||||
|
- * changes the way useradd works (it can be run by scripts
|
||||||
|
- * expecting some standard behaviour), compared to other
|
||||||
|
- * Unices and other Linux distributions, and also adds a lot
|
||||||
|
- * of confusion :-(.
|
||||||
|
- * So we now recognize CREATE_HOME and give a warning here
|
||||||
|
- * (better than "configuration error ... notify administrator"
|
||||||
|
- * errors in every program that reads /etc/login.defs). -MM
|
||||||
|
- */
|
||||||
|
- fprintf (stderr,
|
||||||
|
- _
|
||||||
|
- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
|
||||||
|
- Prog);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- create_mail ();
|
||||||
|
+ /* Warning removed to protect the innocent. */
|
||||||
|
+ /*
|
||||||
|
+ * The whole idea about breaking some stupid scripts by creating a new
|
||||||
|
+ * variable is crap - I could care less about the scripts. Historically
|
||||||
|
+ * adduser type programs have always created the home directories and
|
||||||
|
+ * I don't like the idea of providing a script when we can fix the
|
||||||
|
+ * binary itself. And if the scripts are using the right options to the
|
||||||
|
+ * useradd then they will not break. If not, they depend on unspecified
|
||||||
|
+ * behavior and they will break, but they were broken anyway to begin
|
||||||
|
+ * with --gafton
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ /* Do not create mail directory for system accounts */
|
||||||
|
+ if( !rflg )
|
||||||
|
+ create_mail ();
|
||||||
|
|
||||||
|
close_files ();
|
||||||
|
|
||||||
|
diff -up shadow-4.1.0/src/groupadd.c.redhat shadow-4.1.0/src/groupadd.c
|
||||||
|
--- shadow-4.1.0/src/groupadd.c.redhat 2007-11-24 23:41:19.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/src/groupadd.c 2007-12-12 12:15:00.000000000 +0100
|
||||||
@@ -74,6 +74,7 @@ static char *Prog;
|
@@ -74,6 +74,7 @@ static char *Prog;
|
||||||
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
|
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
|
||||||
static int gflg = 0; /* ID value for the new group */
|
static int gflg = 0; /* ID value for the new group */
|
||||||
@ -127,8 +223,8 @@
|
|||||||
static void usage (void);
|
static void usage (void);
|
||||||
@@ -100,6 +101,7 @@ static void usage (void)
|
@@ -100,6 +101,7 @@ static void usage (void)
|
||||||
"Options:\n"
|
"Options:\n"
|
||||||
" -f, --force force exit with success status if the specified\n"
|
" -f, --force force exit with success status if the\n"
|
||||||
" group already exists\n"
|
" specified group already exists\n"
|
||||||
+ " -r, create system account\n"
|
+ " -r, create system account\n"
|
||||||
" -g, --gid GID use GID for the new group\n"
|
" -g, --gid GID use GID for the new group\n"
|
||||||
" -h, --help display this help message and exit\n"
|
" -h, --help display this help message and exit\n"
|
||||||
@ -171,214 +267,134 @@
|
|||||||
case 'g':
|
case 'g':
|
||||||
gflg++;
|
gflg++;
|
||||||
group_id = get_gid (optarg);
|
group_id = get_gid (optarg);
|
||||||
--- shadow-4.0.18.1/src/useradd.c.redhat 2006-07-28 19:42:48.000000000 +0200
|
diff -up shadow-4.1.0/man/chpasswd.8.redhat shadow-4.1.0/man/chpasswd.8
|
||||||
+++ shadow-4.0.18.1/src/useradd.c 2007-11-29 15:44:39.000000000 +0100
|
diff -up shadow-4.1.0/man/newusers.8.redhat shadow-4.1.0/man/newusers.8
|
||||||
@@ -81,7 +81,7 @@
|
diff -up shadow-4.1.0/man/useradd.8.redhat shadow-4.1.0/man/useradd.8
|
||||||
static gid_t def_group = 100;
|
--- shadow-4.1.0/man/useradd.8.redhat 2007-12-10 00:07:10.000000000 +0100
|
||||||
static const char *def_gname = "other";
|
+++ shadow-4.1.0/man/useradd.8 2007-12-12 12:05:54.000000000 +0100
|
||||||
static const char *def_home = "/home";
|
@@ -25,9 +25,9 @@ When invoked without the
|
||||||
-static const char *def_shell = "";
|
\fB\-D\fR
|
||||||
+static const char *def_shell = "/sbin/nologin";
|
option, the
|
||||||
static const char *def_template = SKEL_DIR;
|
\fBuseradd\fR
|
||||||
static const char *def_create_mail_spool = "no";
|
-command creates a new user account using the values specified on the command line plus the default values from the system\. Depending on command line options, the
|
||||||
|
+command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the
|
||||||
@@ -93,7 +93,7 @@ static char def_file[] = USER_DEFAULTS_F
|
\fBuseradd\fR
|
||||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
-command will update system files and may also create the new user\'s home directory and copy initial files\.
|
||||||
|
+command will update system files and may also create the new user's home directory and copy initial files. The version provided with Red Hat Linux will create a group for each user added to the system by default.
|
||||||
static const char *user_name = "";
|
.SH "OPTIONS"
|
||||||
-static const char *user_pass = "!";
|
.PP
|
||||||
+static const char *user_pass = "!!";
|
The options which apply to the
|
||||||
static uid_t user_id;
|
@@ -84,7 +84,7 @@ The number of days after a password expi
|
||||||
static gid_t user_gid;
|
.PP
|
||||||
static const char *user_comment = "";
|
\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
|
||||||
@@ -124,8 +124,10 @@ static int
|
.RS 4
|
||||||
Gflg = 0, /* secondary group set for new account */
|
-The group name or number of the user\'s initial login group\. The group name must exist\. A group number must refer to an already existing group\. The default group number is 1 or whatever is specified in
|
||||||
kflg = 0, /* specify a directory to fill new user directory */
|
+The group name or number of the user\'s initial login group\. The group name must exist\. A group number must refer to an already existing group\.
|
||||||
mflg = 0, /* create user's home directory if it doesn't exist */
|
\fI/etc/default/useradd\fR\.
|
||||||
- nflg = 0, /* create a group having the same name as the user */
|
.RE
|
||||||
+ Mflg = 0, /* do NOT create user's home directory no matter what */
|
.PP
|
||||||
+ nflg = 0, /* do NOT create a group having the same name as the user */
|
@@ -100,6 +100,13 @@ option\. The default is for the user to
|
||||||
oflg = 0, /* permit non-unique user ID to be specified with -u */
|
Display help message and exit\.
|
||||||
+ rflg = 0, /* create a system account */
|
.RE
|
||||||
sflg = 0, /* shell program for new account */
|
.PP
|
||||||
uflg = 0; /* specify user ID for new account */
|
+\fB-M\fR
|
||||||
|
+.RS 4
|
||||||
@@ -633,6 +635,8 @@ static void usage (void)
|
+The user\'s home directory will not be created, even if the system wide settings from
|
||||||
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
|
+\fI/etc/login.defs\fR
|
||||||
" -m, --create-home create home directory for the new user\n"
|
+is to create home dirs\.
|
||||||
" account\n"
|
+.RE
|
||||||
+ " -M, do not create user's home directory(overrides /etc/login.defs)\n"
|
+.PP
|
||||||
+ " -r, create system account\n"
|
\fB\-m\fR, \fB\-\-create\-home\fR
|
||||||
" -o, --non-unique allow create user with duplicate\n"
|
.RS 4
|
||||||
" (non-unique) UID\n"
|
The user\'s home directory will be created if it does not exist\. The files contained in
|
||||||
" -p, --password PASSWORD use encrypted password for the new user\n"
|
@@ -119,6 +126,13 @@ option is only valid in conjunction with
|
||||||
@@ -685,11 +689,20 @@ static void new_spent (struct spwd *spen
|
option\. The default is to not create the directory and to not copy any files\.
|
||||||
spent->sp_namp = (char *) user_name;
|
.RE
|
||||||
spent->sp_pwdp = (char *) user_pass;
|
.PP
|
||||||
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
|
+\fB-n\fR
|
||||||
- spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
+.RS 4
|
||||||
- spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
+A group having the same name as the user being added to the system will be created by default\. This option will turn off this Red Hat Linux specific behavior\. When this option is used, users by default will be placed in whatever group is specified in
|
||||||
- spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
|
+\fI/etc/default/useradd\fR\.
|
||||||
- spent->sp_inact = scale_age (def_inactive);
|
+If no default group is defined, group 1 will be used.
|
||||||
- spent->sp_expire = scale_age (user_expire);
|
+.RE
|
||||||
+ if (!rflg) {
|
+.PP
|
||||||
+ spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
\fB\-K\fR, \fB\-\-key\fR \fIKEY\fR=\fIVALUE\fR
|
||||||
+ spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
.RS 4
|
||||||
+ spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
|
Overrides /etc/login\.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others)\.
|
||||||
+ spent->sp_inact = scale_age (def_inactive);
|
@@ -150,6 +164,19 @@ The encrypted password, as returned by
|
||||||
+ spent->sp_expire = scale_age (user_expire);
|
\fBcrypt\fR(3)\. The default is to disable the account\.
|
||||||
+ }
|
.RE
|
||||||
+ else {
|
.PP
|
||||||
+ spent->sp_min = scale_age(-1);
|
+\fB-r\fR
|
||||||
+ spent->sp_max = scale_age(-1);
|
+.RS 4
|
||||||
+ spent->sp_warn = scale_age(-1);
|
+This flag is used to create a system account\. That is, a user with a UID lower than the value of UID_MIN defined in
|
||||||
+ spent->sp_inact = scale_age(-1);
|
+\fI/etc/login.defs\fR
|
||||||
+ spent->sp_expire = scale_age(-1);
|
+and whose password does not expire\. Note that
|
||||||
+ }
|
+\fBuseradd\fR
|
||||||
spent->sp_flag = -1;
|
+will not create a home directory for such an user, regardless of the default setting in
|
||||||
}
|
+\fI/etc/login.defs\fR\.
|
||||||
|
+You have to specify
|
||||||
@@ -837,8 +850,14 @@ static void find_new_uid (void)
|
+\fB-m\fR
|
||||||
const struct passwd *pwd;
|
+option if you want a home directory for a system account to be created\. This is an option added by Red Hat\.
|
||||||
uid_t uid_min, uid_max;
|
+.RE
|
||||||
|
+.PP
|
||||||
- uid_min = getdef_unum ("UID_MIN", 1000);
|
\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
|
||||||
- uid_max = getdef_unum ("UID_MAX", 60000);
|
.RS 4
|
||||||
+ if (!rflg) {
|
The name of the user\'s login shell\. The default is to leave this field blank, which causes the system to select the default login shell\.
|
||||||
+ uid_min = getdef_unum ("UID_MIN", 500);
|
@@ -206,6 +233,8 @@ The name of a new user\'s login shell\.
|
||||||
+ uid_max = getdef_unum ("UID_MAX", 60000);
|
The system administrator is responsible for placing the default user files in the
|
||||||
+ }
|
\fI/etc/skel/\fR
|
||||||
+ else {
|
directory\.
|
||||||
+ uid_min = 1;
|
+.br
|
||||||
+ uid_max = getdef_unum ("UID_MIN", 500) - 1;
|
+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions\.
|
||||||
+ }
|
.SH "CAVEATS"
|
||||||
|
.PP
|
||||||
/*
|
You may not add a user to a NIS or LDAP group\. This must be performed on the corresponding server\.
|
||||||
* Start with some UID value if the user didn't provide us with
|
@@ -315,6 +344,11 @@ Secure user account information\.
|
||||||
@@ -868,7 +887,7 @@ static void find_new_uid (void)
|
Group account information\.
|
||||||
#endif
|
.RE
|
||||||
exit (E_NAME_IN_USE);
|
.PP
|
||||||
}
|
+\fI/etc/gshadow\fR
|
||||||
- if (uflg && user_id == pwd->pw_uid) {
|
+.RS 4
|
||||||
+ if (!oflg && uflg && user_id == pwd->pw_uid) {
|
+Secure group account information\.
|
||||||
fprintf (stderr, _("%s: UID %u is not unique\n"),
|
+.RE
|
||||||
Prog, (unsigned int) user_id);
|
+.PP
|
||||||
#ifdef WITH_AUDIT
|
\fI/etc/default/useradd\fR
|
||||||
@@ -923,8 +942,13 @@ static void find_new_gid ()
|
.RS 4
|
||||||
const struct group *grp;
|
Default values for account creation\.
|
||||||
gid_t gid_min, gid_max;
|
diff -up shadow-4.1.0/man/groupadd.8.redhat shadow-4.1.0/man/groupadd.8
|
||||||
|
--- shadow-4.1.0/man/groupadd.8.redhat 2007-12-10 00:06:00.000000000 +0100
|
||||||
- gid_min = getdef_num ("GID_MIN", 500);
|
+++ shadow-4.1.0/man/groupadd.8 2007-12-12 12:11:23.000000000 +0100
|
||||||
- gid_max = getdef_num ("GID_MAX", 60000);
|
@@ -14,7 +14,7 @@
|
||||||
+ if (!rflg) {
|
groupadd - create a new group
|
||||||
+ gid_min = getdef_unum ("GID_MIN", 500);
|
.SH "SYNOPSIS"
|
||||||
+ gid_max = getdef_unum ("GID_MAX", 60000);
|
.HP 9
|
||||||
+ } else {
|
-\fBgroupadd\fR [\-g\ \fIGID\fR\ [\-o]] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
|
||||||
+ gid_min = 1;
|
+\fBgroupadd\fR [\-g\ \fIgid\fR\ [\-o]] [\-r] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
|
||||||
+ gid_max = getdef_unum ("GID_MIN", 500) - 1;
|
.SH "DESCRIPTION"
|
||||||
+ }
|
.PP
|
||||||
|
The
|
||||||
/*
|
@@ -34,11 +34,22 @@ This option causes the command to simply
|
||||||
* Start with some GID value if the user didn't provide us with
|
is turned off)\.
|
||||||
@@ -1022,7 +1046,7 @@ static void process_flags (int argc, cha
|
.RE
|
||||||
{NULL, 0, NULL, '\0'}
|
.PP
|
||||||
};
|
+\fB-r\fR
|
||||||
while ((c =
|
+.RS 4
|
||||||
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
|
+This flag instructs
|
||||||
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnrop:s:u:",
|
+\fBgroupadd\fR
|
||||||
long_options, NULL)) != -1) {
|
+to add a system account\. The first available
|
||||||
switch (c) {
|
+\fIgid\fR
|
||||||
case 'b':
|
+lower than 499 will be automatically selected unless the
|
||||||
@@ -1194,6 +1218,15 @@ static void process_flags (int argc, cha
|
+\fB-g\fR
|
||||||
user_id = get_uid (optarg);
|
+option is also given on the command line\. This is an option added by Red Hat\.
|
||||||
uflg++;
|
+.RE
|
||||||
break;
|
+.PP
|
||||||
+ case 'n':
|
\fB\-g\fR \fIGID\fR
|
||||||
+ nflg++;
|
.RS 4
|
||||||
+ break;
|
The numerical value of the group\'s ID\. This value must be unique, unless the
|
||||||
+ case 'r':
|
\fB\-o\fR
|
||||||
+ rflg++;
|
-option is used\. The value must be non\-negative\. The default is to use the smallest ID value greater than 999 and greater than every other group\. Values between 0 and 999 are typically reserved for system accounts\.
|
||||||
+ break;
|
+option is used\. The value must be non\-negative\. The default is to use the smallest ID value greater than 500 and greater than every other group\. Values between 0 and 499 are typically reserved for system accounts\.
|
||||||
+ case 'M':
|
.RE
|
||||||
+ Mflg++;
|
.PP
|
||||||
+ break;
|
\fB\-h\fR, \fB\-\-help\fR
|
||||||
default:
|
|
||||||
usage ();
|
|
||||||
}
|
|
||||||
@@ -1201,6 +1234,9 @@ static void process_flags (int argc, cha
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (mflg && Mflg) /* the admin is not decided .. create or not ? */
|
|
||||||
+ usage();
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Certain options are only valid in combination with others.
|
|
||||||
* Check it here so that they can be specified in any order.
|
|
||||||
@@ -1706,6 +1742,14 @@ int main (int argc, char **argv)
|
|
||||||
}
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
|
|
||||||
+ if (!rflg) /* for system accounts defaults are ignored and we
|
|
||||||
+ * do not create a home dir -- gafton */
|
|
||||||
+ if (getdef_bool("CREATE_HOME"))
|
|
||||||
+ mflg = 1;
|
|
||||||
+
|
|
||||||
+ if (Mflg) /* absolutely sure that we do not create home dirs */
|
|
||||||
+ mflg = 0;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* See if we are messing with the defaults file, or creating
|
|
||||||
* a new user.
|
|
||||||
@@ -1736,7 +1780,7 @@ int main (int argc, char **argv)
|
|
||||||
* to that group, use useradd -g username username.
|
|
||||||
* --bero
|
|
||||||
*/
|
|
||||||
- if (!gflg) {
|
|
||||||
+ if ( !(nflg || gflg) ) {
|
|
||||||
if (getgrnam (user_name)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_
|
|
||||||
@@ -1787,27 +1831,22 @@ int main (int argc, char **argv)
|
|
||||||
("%s: warning: the home directory already exists.\n"
|
|
||||||
"Not copying any file from skel directory into it.\n"),
|
|
||||||
Prog);
|
|
||||||
-
|
|
||||||
- } else if (getdef_str ("CREATE_HOME")) {
|
|
||||||
- /*
|
|
||||||
- * RedHat added the CREATE_HOME option in login.defs in their
|
|
||||||
- * version of shadow-utils (which makes -m the default, with
|
|
||||||
- * new -M option to turn it off). Unfortunately, this
|
|
||||||
- * changes the way useradd works (it can be run by scripts
|
|
||||||
- * expecting some standard behaviour), compared to other
|
|
||||||
- * Unices and other Linux distributions, and also adds a lot
|
|
||||||
- * of confusion :-(.
|
|
||||||
- * So we now recognize CREATE_HOME and give a warning here
|
|
||||||
- * (better than "configuration error ... notify administrator"
|
|
||||||
- * errors in every program that reads /etc/login.defs). -MM
|
|
||||||
- */
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _
|
|
||||||
- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
|
|
||||||
- Prog);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- create_mail ();
|
|
||||||
+ /* Warning removed to protect the innocent. */
|
|
||||||
+ /*
|
|
||||||
+ * The whole idea about breaking some stupid scripts by creating a new
|
|
||||||
+ * variable is crap - I could care less about the scripts. Historically
|
|
||||||
+ * adduser type programs have always created the home directories and
|
|
||||||
+ * I don't like the idea of providing a script when we can fix the
|
|
||||||
+ * binary itself. And if the scripts are using the right options to the
|
|
||||||
+ * useradd then they will not break. If not, they depend on unspecified
|
|
||||||
+ * behavior and they will break, but they were broken anyway to begin
|
|
||||||
+ * with --gafton
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ /* Do not create mail directory for system accounts */
|
|
||||||
+ if( !rflg )
|
|
||||||
+ create_mail ();
|
|
||||||
|
|
||||||
nscd_flush_cache ("passwd");
|
|
||||||
nscd_flush_cache ("group");
|
|
@ -1,15 +1,6 @@
|
|||||||
--- shadow-4.0.18.1/libmisc/Makefile.am.useradd 2005-09-05 18:21:37.000000000 +0200
|
diff -up /dev/null shadow-4.1.0/libmisc/system.c
|
||||||
+++ shadow-4.0.18.1/libmisc/Makefile.am 2007-11-29 15:47:39.000000000 +0100
|
--- /dev/null 2007-12-08 00:31:02.590331462 +0100
|
||||||
@@ -41,6 +41,7 @@ libmisc_a_SOURCES = \
|
+++ shadow-4.1.0/libmisc/system.c 2007-12-12 14:13:30.000000000 +0100
|
||||||
setugid.c \
|
|
||||||
setupenv.c \
|
|
||||||
shell.c \
|
|
||||||
+ system.c \
|
|
||||||
strtoday.c \
|
|
||||||
sub.c \
|
|
||||||
sulog.c \
|
|
||||||
--- shadow-4.0.18.1/libmisc/system.c.useradd 2007-11-29 15:47:39.000000000 +0100
|
|
||||||
+++ shadow-4.0.18.1/libmisc/system.c 2007-11-29 15:47:39.000000000 +0100
|
|
||||||
@@ -0,0 +1,37 @@
|
@@ -0,0 +1,37 @@
|
||||||
+#include <config.h>
|
+#include <config.h>
|
||||||
+
|
+
|
||||||
@ -48,8 +39,9 @@
|
|||||||
+ exit (-1);
|
+ exit (-1);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
--- shadow-4.0.18.1/libmisc/copydir.c.useradd 2006-07-10 06:35:56.000000000 +0200
|
diff -up shadow-4.1.0/libmisc/copydir.c.selinux shadow-4.1.0/libmisc/copydir.c
|
||||||
+++ shadow-4.0.18.1/libmisc/copydir.c 2007-11-29 15:47:39.000000000 +0100
|
--- shadow-4.1.0/libmisc/copydir.c.selinux 2007-11-11 00:45:59.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/libmisc/copydir.c 2007-12-12 14:13:30.000000000 +0100
|
||||||
@@ -54,7 +54,7 @@ struct link_name {
|
@@ -54,7 +54,7 @@ struct link_name {
|
||||||
static struct link_name *links;
|
static struct link_name *links;
|
||||||
|
|
||||||
@ -59,97 +51,150 @@
|
|||||||
{
|
{
|
||||||
security_context_t scontext = NULL;
|
security_context_t scontext = NULL;
|
||||||
|
|
||||||
--- shadow-4.0.18.1/man/usermod.8.xml.useradd 2006-07-24 07:48:36.000000000 +0200
|
diff -up shadow-4.1.0/libmisc/Makefile.am.selinux shadow-4.1.0/libmisc/Makefile.am
|
||||||
+++ shadow-4.0.18.1/man/usermod.8.xml 2007-11-29 15:47:39.000000000 +0100
|
--- shadow-4.1.0/libmisc/Makefile.am.selinux 2007-11-23 10:15:48.000000000 +0100
|
||||||
@@ -226,6 +226,19 @@
|
+++ shadow-4.1.0/libmisc/Makefile.am 2007-12-12 14:13:30.000000000 +0100
|
||||||
</para>
|
@@ -42,6 +42,7 @@ libmisc_a_SOURCES = \
|
||||||
</listitem>
|
setugid.c \
|
||||||
</varlistentry>
|
setupenv.c \
|
||||||
+ <varlistentry>
|
shell.c \
|
||||||
+ <term>
|
+ system.c \
|
||||||
+ <option>-Z</option>, <option>--selinux-user</option>
|
strtoday.c \
|
||||||
+ <replaceable>SEUSER</replaceable>
|
sub.c \
|
||||||
+ </term>
|
sulog.c \
|
||||||
+ <listitem>
|
diff -up shadow-4.1.0/src/useradd.c.selinux shadow-4.1.0/src/useradd.c
|
||||||
+ <para>
|
--- shadow-4.1.0/src/useradd.c.selinux 2007-12-12 14:11:41.000000000 +0100
|
||||||
+ The SELinux user for the user's login. The default is to leave this
|
+++ shadow-4.1.0/src/useradd.c 2007-12-12 14:24:12.000000000 +0100
|
||||||
+ field the blank, which causes the system to select the default
|
@@ -100,6 +100,7 @@ static const char *user_comment = "";
|
||||||
+ SELinux user.
|
static const char *user_home = "";
|
||||||
+ </para>
|
static const char *user_shell = "";
|
||||||
+ </listitem>
|
static const char *create_mail_spool = "";
|
||||||
+ </varlistentry>
|
+static const char *user_selinux = "";
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
--- shadow-4.0.18.1/man/usermod.8.useradd 2006-07-30 22:54:28.000000000 +0200
|
static long user_expire = -1;
|
||||||
+++ shadow-4.0.18.1/man/usermod.8 2007-11-29 15:47:39.000000000 +0100
|
static int is_shadow_pwd;
|
||||||
@@ -92,6 +92,10 @@ Unlock a user's password. This removes t
|
@@ -170,6 +171,7 @@ static int set_defaults (void);
|
||||||
\fB\-p\fR
|
static int get_groups (char *);
|
||||||
or
|
static void usage (void);
|
||||||
\fB\-L\fR.
|
static void new_pwent (struct passwd *);
|
||||||
+.TP 3n
|
+static void selinux_update_mapping (void);
|
||||||
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
|
||||||
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
|
||||||
+
|
|
||||||
.SH "CAVEATS"
|
|
||||||
.PP
|
|
||||||
|
|
||||||
--- shadow-4.0.18.1/man/useradd.8.useradd 2007-11-29 15:46:24.000000000 +0100
|
static long scale_age (long);
|
||||||
+++ shadow-4.0.18.1/man/useradd.8 2007-11-29 15:47:39.000000000 +0100
|
static void new_spent (struct spwd *);
|
||||||
@@ -137,6 +137,9 @@ The name of the user's login shell. The
|
@@ -356,6 +358,7 @@ static void get_defaults (void)
|
||||||
The numerical value of the user's ID. This value must be unique, unless the
|
def_create_mail_spool = xstrdup (cp);
|
||||||
\fB\-o\fR
|
}
|
||||||
option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts.
|
}
|
||||||
+.TP 3n
|
+ fclose(fp);
|
||||||
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
|
||||||
+The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
|
||||||
.SS "Changing the default values"
|
|
||||||
.PP
|
|
||||||
When invoked with the
|
|
||||||
--- shadow-4.0.18.1/man/useradd.8.xml.useradd 2006-07-24 07:48:36.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/man/useradd.8.xml 2007-11-29 15:47:39.000000000 +0100
|
|
||||||
@@ -251,6 +251,19 @@
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term>
|
|
||||||
+ <option>-Z</option>, <option>--selinux-user</option>
|
|
||||||
+ <replaceable>SEUSER</replaceable>
|
|
||||||
+ </term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ The SELinux user for the user's login. The default is to leave this
|
|
||||||
+ field blank, which causes the system to select the default SELinux
|
|
||||||
+ user.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
|
|
||||||
<refsect2 id='changing_the_default_values'>
|
|
||||||
--- shadow-4.0.18.1/src/userdel.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
|
||||||
+++ shadow-4.0.18.1/src/userdel.c 2007-11-29 15:47:39.000000000 +0100
|
|
||||||
@@ -792,6 +792,17 @@ int main (int argc, char **argv)
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -644,6 +647,10 @@ static void usage (void)
|
||||||
|
" account\n"
|
||||||
|
" -s, --shell SHELL the login shell for the new user account\n"
|
||||||
|
" -u, --uid UID force use the UID for the new user account\n"
|
||||||
+#ifdef WITH_SELINUX
|
+#ifdef WITH_SELINUX
|
||||||
+ if (is_selinux_enabled() > 0) {
|
+ " -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"
|
||||||
+ const char *argv[5];
|
+#endif
|
||||||
|
+
|
||||||
|
"\n"));
|
||||||
|
exit (E_USAGE);
|
||||||
|
}
|
||||||
|
@@ -1030,11 +1037,18 @@ static void process_flags (int argc, cha
|
||||||
|
{"non-unique", no_argument, NULL, 'o'},
|
||||||
|
{"password", required_argument, NULL, 'p'},
|
||||||
|
{"shell", required_argument, NULL, 's'},
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ {"selinux-user", required_argument, NULL, 'Z'},
|
||||||
|
+#endif
|
||||||
|
{"uid", required_argument, NULL, 'u'},
|
||||||
|
{NULL, 0, NULL, '\0'}
|
||||||
|
};
|
||||||
|
while ((c =
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:Z:",
|
||||||
|
+#else
|
||||||
|
getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
||||||
|
+#endif
|
||||||
|
long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'b':
|
||||||
|
@@ -1215,6 +1229,17 @@ static void process_flags (int argc, cha
|
||||||
|
case 'M':
|
||||||
|
Mflg++;
|
||||||
|
break;
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ case 'Z':
|
||||||
|
+ if (is_selinux_enabled() > 0)
|
||||||
|
+ user_selinux = optarg;
|
||||||
|
+ else {
|
||||||
|
+ fprintf (stderr,_("%s: -Z requires SELinux enabled kernel\n"), Prog);
|
||||||
|
+
|
||||||
|
+ exit (E_BAD_ARG);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
default:
|
||||||
|
usage ();
|
||||||
|
}
|
||||||
|
@@ -1583,6 +1608,33 @@ static void usr_update (void)
|
||||||
|
grp_update ();
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void selinux_update_mapping () {
|
||||||
|
+
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ if (is_selinux_enabled() <= 0) return;
|
||||||
|
+
|
||||||
|
+ if (*user_selinux) { /* must be done after passwd write() */
|
||||||
|
+ const char *argv[7];
|
||||||
+ argv[0] = "/usr/sbin/semanage";
|
+ argv[0] = "/usr/sbin/semanage";
|
||||||
+ argv[1] = "login";
|
+ argv[1] = "login";
|
||||||
+ argv[2] = "-d";
|
+ argv[2] = "-a";
|
||||||
+ argv[3] = user_name;
|
+ argv[3] = "-s";
|
||||||
+ argv[4] = NULL;
|
+ argv[4] = user_selinux;
|
||||||
+ safe_system(argv[0], argv, NULL, 1);
|
+ argv[5] = user_name;
|
||||||
|
+ argv[6] = NULL;
|
||||||
|
+ if (safe_system(argv[0], argv, NULL, 0)) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||||
|
+ Prog, user_name, user_selinux);
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
+ "adding SELinux user mapping", user_name, user_id, 0);
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
|
+
|
||||||
|
+}
|
||||||
/*
|
/*
|
||||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
* create_home - create the user's home directory
|
||||||
* the entry from /etc/passwd.
|
*
|
||||||
--- shadow-4.0.18.1/src/usermod.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
@@ -1592,7 +1644,11 @@ static void usr_update (void)
|
||||||
+++ shadow-4.0.18.1/src/usermod.c 2007-11-29 15:47:39.000000000 +0100
|
*/
|
||||||
|
static void create_home (void)
|
||||||
|
{
|
||||||
|
+
|
||||||
|
if (access (user_home, F_OK)) {
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ selinux_file_context (user_home);
|
||||||
|
+#endif
|
||||||
|
/* XXX - create missing parent directories. --marekm */
|
||||||
|
if (mkdir (user_home, 0)) {
|
||||||
|
fprintf (stderr,
|
||||||
|
@@ -1818,6 +1874,8 @@ int main (int argc, char **argv)
|
||||||
|
|
||||||
|
usr_update ();
|
||||||
|
|
||||||
|
+ selinux_update_mapping();
|
||||||
|
+
|
||||||
|
if (mflg) {
|
||||||
|
create_home ();
|
||||||
|
if (home_added)
|
||||||
|
diff -up shadow-4.1.0/src/usermod.c.selinux shadow-4.1.0/src/usermod.c
|
||||||
|
--- shadow-4.1.0/src/usermod.c.selinux 2007-11-24 23:41:19.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/src/usermod.c 2007-12-12 14:21:44.000000000 +0100
|
||||||
@@ -90,6 +90,7 @@ static char *user_comment;
|
@@ -90,6 +90,7 @@ static char *user_comment;
|
||||||
static char *user_home;
|
static char *user_home;
|
||||||
static char *user_newhome;
|
static char *user_newhome;
|
||||||
@ -158,7 +203,7 @@
|
|||||||
static long user_expire;
|
static long user_expire;
|
||||||
static long user_inactive;
|
static long user_inactive;
|
||||||
static long sys_ngroups;
|
static long sys_ngroups;
|
||||||
@@ -132,6 +133,7 @@ static int is_shadow_grp;
|
@@ -139,6 +140,7 @@ static int sgr_locked = 0;
|
||||||
static int get_groups (char *);
|
static int get_groups (char *);
|
||||||
static void usage (void);
|
static void usage (void);
|
||||||
static void new_pwent (struct passwd *);
|
static void new_pwent (struct passwd *);
|
||||||
@ -166,7 +211,7 @@
|
|||||||
|
|
||||||
static void new_spent (struct spwd *);
|
static void new_spent (struct spwd *);
|
||||||
static void fail_exit (int);
|
static void fail_exit (int);
|
||||||
@@ -294,6 +296,9 @@ static void usage (void)
|
@@ -302,6 +304,9 @@ static void usage (void)
|
||||||
" -s, --shell SHELL new login shell for the user account\n"
|
" -s, --shell SHELL new login shell for the user account\n"
|
||||||
" -u, --uid UID new UID for the user account\n"
|
" -u, --uid UID new UID for the user account\n"
|
||||||
" -U, --unlock unlock the user account\n"
|
" -U, --unlock unlock the user account\n"
|
||||||
@ -176,7 +221,7 @@
|
|||||||
"\n"));
|
"\n"));
|
||||||
exit (E_USAGE);
|
exit (E_USAGE);
|
||||||
}
|
}
|
||||||
@@ -918,13 +923,20 @@ static void process_flags (int argc, cha
|
@@ -888,13 +893,20 @@ static void process_flags (int argc, cha
|
||||||
{"move-home", no_argument, NULL, 'm'},
|
{"move-home", no_argument, NULL, 'm'},
|
||||||
{"non-unique", no_argument, NULL, 'o'},
|
{"non-unique", no_argument, NULL, 'o'},
|
||||||
{"password", required_argument, NULL, 'p'},
|
{"password", required_argument, NULL, 'p'},
|
||||||
@ -197,8 +242,8 @@
|
|||||||
long_options, NULL)) != -1) {
|
long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'a':
|
case 'a':
|
||||||
@@ -1073,6 +1085,16 @@ static void process_flags (int argc, cha
|
@@ -1028,6 +1040,16 @@ static void process_flags (int argc, cha
|
||||||
|
case 'U':
|
||||||
Uflg++;
|
Uflg++;
|
||||||
break;
|
break;
|
||||||
+#ifdef WITH_SELINUX
|
+#ifdef WITH_SELINUX
|
||||||
@ -214,16 +259,16 @@
|
|||||||
default:
|
default:
|
||||||
usage ();
|
usage ();
|
||||||
}
|
}
|
||||||
@@ -1542,6 +1564,8 @@ int main (int argc, char **argv)
|
@@ -1575,6 +1597,8 @@ int main (int argc, char **argv)
|
||||||
if (Gflg || lflg)
|
nscd_flush_cache ("passwd");
|
||||||
grp_err = grp_update ();
|
nscd_flush_cache ("group");
|
||||||
|
|
||||||
+ selinux_update_mapping();
|
+ selinux_update_mapping();
|
||||||
+
|
+
|
||||||
if (mflg)
|
if (mflg)
|
||||||
move_home ();
|
move_home ();
|
||||||
|
|
||||||
@@ -1573,3 +1597,62 @@ int main (int argc, char **argv)
|
@@ -1603,3 +1627,62 @@ int main (int argc, char **argv)
|
||||||
exit (E_SUCCESS);
|
exit (E_SUCCESS);
|
||||||
/* NOT REACHED */
|
/* NOT REACHED */
|
||||||
}
|
}
|
||||||
@ -286,163 +331,106 @@
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+}
|
+}
|
||||||
--- shadow-4.0.18.1/src/useradd.c.useradd 2007-11-29 15:46:24.000000000 +0100
|
diff -up shadow-4.1.0/src/userdel.c.selinux shadow-4.1.0/src/userdel.c
|
||||||
+++ shadow-4.0.18.1/src/useradd.c 2007-11-29 15:52:00.000000000 +0100
|
--- shadow-4.1.0/src/userdel.c.selinux 2007-11-24 23:41:19.000000000 +0100
|
||||||
@@ -100,6 +100,7 @@ static const char *user_comment = "";
|
+++ shadow-4.1.0/src/userdel.c 2007-12-12 14:13:30.000000000 +0100
|
||||||
static const char *user_home = "";
|
@@ -809,6 +809,17 @@ int main (int argc, char **argv)
|
||||||
static const char *user_shell = "";
|
#endif
|
||||||
static const char *create_mail_spool = "";
|
|
||||||
+static const char *user_selinux = "";
|
|
||||||
|
|
||||||
static long user_expire = -1;
|
|
||||||
static int is_shadow_pwd;
|
|
||||||
@@ -170,6 +171,7 @@ static int set_defaults (void);
|
|
||||||
static int get_groups (char *);
|
|
||||||
static void usage (void);
|
|
||||||
static void new_pwent (struct passwd *);
|
|
||||||
+static void selinux_update_mapping (void);
|
|
||||||
|
|
||||||
static long scale_age (long);
|
|
||||||
static void new_spent (struct spwd *);
|
|
||||||
@@ -354,6 +356,7 @@ static void get_defaults (void)
|
|
||||||
def_create_mail_spool = xstrdup (cp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ fclose(fp);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -641,7 +644,10 @@ static void usage (void)
|
|
||||||
" -p, --password PASSWORD use encrypted password for the new user\n"
|
|
||||||
" account\n"
|
|
||||||
" -s, --shell SHELL the login shell for the new user account\n"
|
|
||||||
- " -u, --uid UID force use the UID for the new user account\n"
|
|
||||||
+ " -u, --uid UID force use the UID for the new user account\n"
|
|
||||||
+#ifdef WITH_SELINUX
|
+#ifdef WITH_SELINUX
|
||||||
+ " -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"
|
+ if (is_selinux_enabled() > 0) {
|
||||||
+#endif
|
+ const char *argv[5];
|
||||||
"\n"));
|
|
||||||
exit (E_USAGE);
|
|
||||||
}
|
|
||||||
@@ -1041,11 +1047,18 @@ static void process_flags (int argc, cha
|
|
||||||
{"non-unique", no_argument, NULL, 'o'},
|
|
||||||
{"password", required_argument, NULL, 'p'},
|
|
||||||
{"shell", required_argument, NULL, 's'},
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ {"selinux-user", required_argument, NULL, 'Z'},
|
|
||||||
+#endif
|
|
||||||
{"uid", required_argument, NULL, 'u'},
|
|
||||||
{NULL, 0, NULL, '\0'}
|
|
||||||
};
|
|
||||||
while ((c =
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:Z:",
|
|
||||||
+#else
|
|
||||||
getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mlMnrop:s:u:",
|
|
||||||
+#endif
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'b':
|
|
||||||
@@ -1229,6 +1242,17 @@ static void process_flags (int argc, cha
|
|
||||||
case 'M':
|
|
||||||
Mflg++;
|
|
||||||
break;
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ case 'Z':
|
|
||||||
+ if (is_selinux_enabled() > 0)
|
|
||||||
+ user_selinux = optarg;
|
|
||||||
+ else {
|
|
||||||
+ fprintf (stderr,_("%s: -Z requires SELinux enabled kernel\n"), Prog);
|
|
||||||
+
|
|
||||||
+ exit (E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+#endif
|
|
||||||
default:
|
|
||||||
usage ();
|
|
||||||
}
|
|
||||||
@@ -1596,6 +1620,33 @@ static void usr_update (void)
|
|
||||||
grp_update ();
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void selinux_update_mapping () {
|
|
||||||
+
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ if (is_selinux_enabled() <= 0) return;
|
|
||||||
+
|
|
||||||
+ if (*user_selinux) { /* must be done after passwd write() */
|
|
||||||
+ const char *argv[7];
|
|
||||||
+ argv[0] = "/usr/sbin/semanage";
|
+ argv[0] = "/usr/sbin/semanage";
|
||||||
+ argv[1] = "login";
|
+ argv[1] = "login";
|
||||||
+ argv[2] = "-a";
|
+ argv[2] = "-d";
|
||||||
+ argv[3] = "-s";
|
+ argv[3] = user_name;
|
||||||
+ argv[4] = user_selinux;
|
+ argv[4] = NULL;
|
||||||
+ argv[5] = user_name;
|
+ safe_system(argv[0], argv, NULL, 1);
|
||||||
+ argv[6] = NULL;
|
|
||||||
+ if (safe_system(argv[0], argv, NULL, 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
||||||
+ Prog, user_name, user_selinux);
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
||||||
+ "adding SELinux user mapping", user_name, user_id, 0);
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+
|
|
||||||
+}
|
|
||||||
/*
|
/*
|
||||||
* create_home - create the user's home directory
|
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||||
*
|
* the entry from /etc/passwd.
|
||||||
@@ -1605,7 +1656,11 @@ static void usr_update (void)
|
diff -up shadow-4.1.0/man/useradd.8.selinux shadow-4.1.0/man/useradd.8
|
||||||
*/
|
--- shadow-4.1.0/man/useradd.8.selinux 2007-12-12 14:11:41.000000000 +0100
|
||||||
static void create_home (void)
|
+++ shadow-4.1.0/man/useradd.8 2007-12-12 14:19:21.000000000 +0100
|
||||||
{
|
@@ -163,6 +163,11 @@ doesn\'t work yet\.
|
||||||
+
|
Allow the creation of a user account with a duplicate (non\-unique) UID\.
|
||||||
if (access (user_home, F_OK)) {
|
.RE
|
||||||
+#ifdef WITH_SELINUX
|
.PP
|
||||||
+ selinux_file_context (user_home);
|
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
||||||
+#endif
|
+.RS 4
|
||||||
/* XXX - create missing parent directories. --marekm */
|
+The SELinux user for the user\'s login\. The default is to leave this field blank, which causes the system to select the default SELinux user\.
|
||||||
if (mkdir (user_home, 0)) {
|
+.RE
|
||||||
fprintf (stderr,
|
+.PP
|
||||||
@@ -1833,6 +1888,17 @@ int main (int argc, char **argv)
|
\fB\-p\fR, \fB\-\-password\fR \fIPASSWORD\fR
|
||||||
|
.RS 4
|
||||||
|
The encrypted password, as returned by
|
||||||
|
diff -up shadow-4.1.0/man/usermod.8.xml.selinux shadow-4.1.0/man/usermod.8.xml
|
||||||
|
--- shadow-4.1.0/man/usermod.8.xml.selinux 2007-12-09 00:24:36.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/man/usermod.8.xml 2007-12-12 14:13:30.000000000 +0100
|
||||||
|
@@ -245,6 +245,19 @@
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term>
|
||||||
|
+ <option>-Z</option>, <option>--selinux-user</option>
|
||||||
|
+ <replaceable>SEUSER</replaceable>
|
||||||
|
+ </term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>
|
||||||
|
+ The SELinux user for the user's login. The default is to leave this
|
||||||
|
+ field the blank, which causes the system to select the default
|
||||||
|
+ SELinux user.
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
usr_update ();
|
diff -up shadow-4.1.0/man/usermod.8.selinux shadow-4.1.0/man/usermod.8
|
||||||
|
--- shadow-4.1.0/man/usermod.8.selinux 2007-12-10 00:07:16.000000000 +0100
|
||||||
|
+++ shadow-4.1.0/man/usermod.8 2007-12-12 14:17:10.000000000 +0100
|
||||||
|
@@ -133,6 +133,11 @@ Note: if you wish to unlock the account
|
||||||
|
value from
|
||||||
|
\fI/etc/default/useradd\fR)\.
|
||||||
|
.RE
|
||||||
|
+.PP
|
||||||
|
+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR
|
||||||
|
+.RS 4
|
||||||
|
+The SELinux user for the user\'s login\. The default is to leave this field blank, which causes the system to select the default SELinux user.
|
||||||
|
+.RE
|
||||||
|
.SH "CAVEATS"
|
||||||
|
.PP
|
||||||
|
|
||||||
+ /* Do not create mail directory for system accounts */
|
diff -up shadow-4.1.0/man/useradd.8.xml.selinux shadow-4.1.0/man/useradd.8.xml
|
||||||
+ if( !rflg )
|
--- shadow-4.1.0/man/useradd.8.xml.selinux 2007-12-09 00:24:36.000000000 +0100
|
||||||
+ create_mail ();
|
+++ shadow-4.1.0/man/useradd.8.xml 2007-12-12 14:13:30.000000000 +0100
|
||||||
+
|
@@ -274,6 +274,19 @@
|
||||||
+ nscd_flush_cache ("passwd");
|
</para>
|
||||||
+ nscd_flush_cache ("group");
|
</listitem>
|
||||||
+
|
</varlistentry>
|
||||||
+ close_files ();
|
+ <varlistentry>
|
||||||
+
|
+ <term>
|
||||||
+ selinux_update_mapping();
|
+ <option>-Z</option>, <option>--selinux-user</option>
|
||||||
+
|
+ <replaceable>SEUSER</replaceable>
|
||||||
if (mflg) {
|
+ </term>
|
||||||
create_home ();
|
+ <listitem>
|
||||||
if (home_added)
|
+ <para>
|
||||||
@@ -1856,15 +1922,6 @@ int main (int argc, char **argv)
|
+ The SELinux user for the user's login. The default is to leave this
|
||||||
* with --gafton
|
+ field blank, which causes the system to select the default SELinux
|
||||||
*/
|
+ user.
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
- /* Do not create mail directory for system accounts */
|
<refsect2 id='changing_the_default_values'>
|
||||||
- if( !rflg )
|
diff -up shadow-4.1.0/lib/defines.h.selinux shadow-4.1.0/lib/defines.h
|
||||||
- create_mail ();
|
--- shadow-4.1.0/lib/defines.h.selinux 2007-11-24 12:18:35.000000000 +0100
|
||||||
-
|
+++ shadow-4.1.0/lib/defines.h 2007-12-12 14:13:30.000000000 +0100
|
||||||
- nscd_flush_cache ("passwd");
|
|
||||||
- nscd_flush_cache ("group");
|
|
||||||
-
|
|
||||||
- close_files ();
|
|
||||||
-
|
|
||||||
#ifdef USE_PAM
|
|
||||||
if (retval == PAM_SUCCESS)
|
|
||||||
pam_end (pamh, PAM_SUCCESS);
|
|
||||||
--- shadow-4.0.18.1/lib/defines.h.useradd 2005-09-05 18:22:03.000000000 +0200
|
|
||||||
+++ shadow-4.0.18.1/lib/defines.h 2007-11-29 15:47:39.000000000 +0100
|
|
||||||
@@ -342,4 +342,7 @@ extern char *strerror ();
|
@@ -342,4 +342,7 @@ extern char *strerror ();
|
||||||
#include <libaudit.h>
|
#include <libaudit.h>
|
||||||
#endif
|
#endif
|
||||||
@ -451,9 +439,10 @@
|
|||||||
+#include <selinux/selinux.h>
|
+#include <selinux/selinux.h>
|
||||||
+#endif
|
+#endif
|
||||||
#endif /* _DEFINES_H_ */
|
#endif /* _DEFINES_H_ */
|
||||||
--- shadow-4.0.18.1/lib/prototypes.h.useradd 2006-02-07 17:36:30.000000000 +0100
|
diff -up shadow-4.1.0/lib/prototypes.h.selinux shadow-4.1.0/lib/prototypes.h
|
||||||
+++ shadow-4.0.18.1/lib/prototypes.h 2007-11-29 15:47:39.000000000 +0100
|
--- shadow-4.1.0/lib/prototypes.h.selinux 2007-11-23 21:10:52.000000000 +0100
|
||||||
@@ -52,6 +52,9 @@ extern int is_listed (const char *, cons
|
+++ shadow-4.1.0/lib/prototypes.h 2007-12-12 14:13:30.000000000 +0100
|
||||||
|
@@ -53,6 +53,9 @@ extern int is_listed (const char *, cons
|
||||||
/* copydir.c */
|
/* copydir.c */
|
||||||
extern int copy_tree (const char *, const char *, uid_t, gid_t);
|
extern int copy_tree (const char *, const char *, uid_t, gid_t);
|
||||||
extern int remove_tree (const char *);
|
extern int remove_tree (const char *);
|
||||||
@ -463,7 +452,7 @@
|
|||||||
|
|
||||||
/* encrypt.c */
|
/* encrypt.c */
|
||||||
extern char *pw_encrypt (const char *, const char *);
|
extern char *pw_encrypt (const char *, const char *);
|
||||||
@@ -147,6 +150,9 @@ extern void setup_env (struct passwd *);
|
@@ -151,6 +154,9 @@ extern void setup_env (struct passwd *);
|
||||||
/* shell.c */
|
/* shell.c */
|
||||||
extern int shell (const char *, const char *, char *const *);
|
extern int shell (const char *, const char *, char *const *);
|
||||||
|
|
@ -4,31 +4,22 @@
|
|||||||
|
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.0.18.1
|
Version: 4.1.0
|
||||||
Release: 20%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://shadow.pld.org.pl/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
|
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
||||||
Source1: shadow-4.0.17-login.defs
|
Source1: shadow-4.0.17-login.defs
|
||||||
Source2: shadow-4.0.18.1-useradd
|
Source2: shadow-4.0.18.1-useradd
|
||||||
Source3: shadow-4.0.16-nscd.c
|
|
||||||
Patch0: shadow-4.0.17-redhat.patch
|
Patch0: shadow-4.1.0-redhat.patch
|
||||||
Patch1: shadow-4.0.3-noinst.patch
|
Patch1: shadow-4.0.3-noinst.patch
|
||||||
Patch2: shadow-4.0.11.1-vipw.patch
|
Patch2: shadow-4.1.0-goodname.patch
|
||||||
Patch3: shadow-4.0.14-goodname.patch
|
Patch3: shadow-4.1.0-lOption.patch
|
||||||
Patch4: shadow-4.0.13-newgrpPwd.patch
|
Patch4: shadow-4.1.0-selinux.patch
|
||||||
Patch5: shadow-4.0.16-lOption.patch
|
Patch5: shadow-4.0.18.1-sysAccount.patch
|
||||||
Patch6: shadow-4.0.17-notInheritFd.patch
|
Patch6: shadow-4.0.18.1-findNewUidOnce.patch
|
||||||
Patch7: shadow-4.0.17-exitValues.patch
|
Patch7: shadow-4.0.18.1-mtime.patch
|
||||||
Patch8: shadow-4.0.17-auditLogging.patch
|
|
||||||
Patch9: shadow-4.0.18.1-gid.patch
|
|
||||||
Patch10: shadow-4.0.18.1-overflow.patch
|
|
||||||
Patch11: shadow-4.0.17-useradd.patch
|
|
||||||
Patch12: shadow-4.0.18.1-appendOption.patch
|
|
||||||
Patch13: shadow-4.0.18.1-sysAccount.patch
|
|
||||||
Patch14: shadow-4.0.18.1-findNewUidOnce.patch
|
|
||||||
Patch15: shadow-4.0.18.1-groupLoop.patch
|
|
||||||
Patch16: shadow-4.0.18.1-mtime.patch
|
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -55,25 +46,12 @@ are used for managing group accounts.
|
|||||||
%setup -q -n shadow-%{version}
|
%setup -q -n shadow-%{version}
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
%patch1 -p1 -b .noinst
|
%patch1 -p1 -b .noinst
|
||||||
%patch2 -p1 -b .vipw
|
%patch2 -p1 -b .goodname
|
||||||
%patch3 -p1 -b .goodname
|
%patch3 -p1 -b .lOption
|
||||||
%patch4 -p1 -b .newgrpPwd
|
%patch4 -p1 -b .selinux
|
||||||
%patch5 -p1 -b .lOption
|
%patch5 -p1 -b .sysAccount
|
||||||
|
%patch6 -p1 -b .findNewUidOnce
|
||||||
#replace whole file
|
%patch7 -p1 -b .mtime
|
||||||
cp %{SOURCE3} lib/nscd.c
|
|
||||||
%patch6 -p1 -b .notInheritFd
|
|
||||||
|
|
||||||
%patch7 -p1 -b .exitValues
|
|
||||||
%patch8 -p1 -b .auditLogging
|
|
||||||
%patch9 -p1 -b .gid
|
|
||||||
%patch10 -p1 -b .overflow
|
|
||||||
%patch11 -p1 -b .useradd
|
|
||||||
%patch12 -p1 -b .appendOption
|
|
||||||
%patch13 -p1 -b .sysAccount
|
|
||||||
%patch14 -p1 -b .findNewUidOnce
|
|
||||||
%patch15 -p1 -b .groupLoop
|
|
||||||
%patch16 -p1 -b .mtime
|
|
||||||
|
|
||||||
rm po/*.gmo
|
rm po/*.gmo
|
||||||
rm po/stamp-po
|
rm po/stamp-po
|
||||||
@ -123,8 +101,6 @@ rm $RPM_BUILD_ROOT/%{_bindir}/su
|
|||||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
|
rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
|
||||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
|
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
|
||||||
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
|
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
|
||||||
rm $RPM_BUILD_ROOT/%{_sbindir}/vipw
|
|
||||||
rm $RPM_BUILD_ROOT/%{_sbindir}/vigr
|
|
||||||
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
|
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
|
||||||
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
|
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
|
||||||
@ -153,12 +129,8 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
|
|||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/vipw.*
|
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/vipw.*
|
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/vigr.*
|
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/vigr.*
|
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
|
||||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
||||||
|
|
||||||
@ -193,6 +165,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_sbindir}/*conv
|
%{_sbindir}/*conv
|
||||||
%{_sbindir}/chpasswd
|
%{_sbindir}/chpasswd
|
||||||
%{_sbindir}/newusers
|
%{_sbindir}/newusers
|
||||||
|
%{_sbindir}/vipw
|
||||||
|
%{_sbindir}/vigr
|
||||||
%{_mandir}/man1/chage.1*
|
%{_mandir}/man1/chage.1*
|
||||||
%{_mandir}/man1/gpasswd.1*
|
%{_mandir}/man1/gpasswd.1*
|
||||||
%{_mandir}/man1/sg.1*
|
%{_mandir}/man1/sg.1*
|
||||||
@ -213,8 +187,14 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mandir}/man8/*conv.8*
|
%{_mandir}/man8/*conv.8*
|
||||||
%{_mandir}/man8/lastlog.8*
|
%{_mandir}/man8/lastlog.8*
|
||||||
%{_mandir}/man8/faillog.8*
|
%{_mandir}/man8/faillog.8*
|
||||||
|
%{_mandir}/man8/vipw.8*
|
||||||
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 12 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.1.0-1
|
||||||
|
- new upgrade release from new upstream
|
||||||
|
- provide vipw and vigr
|
||||||
|
|
||||||
* Thu Nov 29 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-20
|
* Thu Nov 29 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-20
|
||||||
- do not create mail spool entries for system accounts (#402351)
|
- do not create mail spool entries for system accounts (#402351)
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
7ebc6a5cd0207246a6b2c9ebf9b30391 shadow-4.0.16-nscd.c
|
|
||||||
e7751d46ecf219c07ae0b028ab3335c6 shadow-4.0.18.1.tar.bz2
|
|
||||||
e91727c55dbafc9915250e31535f13bb shadow-4.0.17-login.defs
|
e91727c55dbafc9915250e31535f13bb shadow-4.0.17-login.defs
|
||||||
|
ebdf46b79f9b414353c9ae8aba4d55cc shadow-4.0.18.1-useradd
|
||||||
|
dd6ca3ac424b447962d7a7af923b7bda shadow-4.1.0.tar.bz2
|
||||||
|
Loading…
Reference in New Issue
Block a user