[Adduser-devel] tentative patch for multiple bugs about adding new
users to extra groups
Stephen Gran
sgran at debian.org
Sun Apr 23 12:47:02 UTC 2006
This is a very tentative patch for adding new user to various groups
by default. What immediately popped out at me while doing this was that
$action = addusertogroup and all the others should probably be handled
inside of a subroutine, instead of having to be copy and pasted many
times. I can get to that later if you are interested.
For the meantime, I think this patch does a reasonablyy sensible
'nothing by default, no extra groups for system users, only add t5o
extra groups on forst adding of user' logic. The shadow package can
call adduser with --add_extra_groups for the initial user install if
they like, but if they don't, current behavior remains unchanged.
Thanks, and take care,
Index: adduser
===================================================================
--- adduser (revision 550)
+++ adduser (working copy)
@@ -86,6 +86,7 @@
our $no_create_home = undef;
our $special_home = undef;
our $special_shell = undef;
+our $add_extra_groups = 0;
# Global variables we need later
my $existing_user = undef;
@@ -123,6 +124,7 @@
"gid=i" => \$new_gid,
"conf=s" => \$configfile,
"no-create-home" => \$no_create_home,
+ "add_extra_groups" => \$add_extra_groups,
"debug" => sub { $verbose = 2 } );
# everyone can issue "--help" and "--version", but only root can go on
@@ -533,6 +535,31 @@
}
}
+ if ( $add_extra_groups || $config{"add_extra_groups"} ) {
+ printf (gtx("Adding new user `%s' to extra groups\n", $new_name));
+ foreach my $newgrp ( split ' ', $config{"extra_groups"} ) {
+ if (!defined getgrnam($newgrp)) {
+ warnf (gtx("The group `%s' does not exist.\n"),$newgrp);
+ next;
+ }
+ if (&user_is_member($new_name, $newgrp)) {
+ printf gtx("The user `%s' is already a member of `%s'.\n"),
+ $new_name,$newgrp if $verbose;
+ next;
+
+ }
+
+ printf gtx("Adding user `%s' to group `%s'...\n"),$new_name,$newgrp
+ if $verbose;
+ &invalidate_nscd();
+ &systemcall('/usr/bin/gpasswd', '-M',
+ join(',', get_group_members($newgrp), $new_name),
+ $newgrp);
+ &invalidate_nscd();
+ }
+ }
+
+
if ($config{"quotauser"}) {
printf (gtx("Setting quota from `%s'.\n"),$config{quotauser});
&systemcall('/usr/sbin/edquota', '-p', $config{quotauser}, $new_name);
Index: AdduserCommon.pm
===================================================================
--- AdduserCommon.pm (revision 550)
+++ AdduserCommon.pm (working copy)
@@ -199,6 +199,8 @@
$configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$";
$configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)";
$configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$";
+ $configref->{"extra_groups"} = "dialout cdrom floppy audio src video lp src users";
+ $configref->{"add_extra_groups"} = 0;
foreach( @$conflistref ) {
read_config($_,$configref);
Index: adduser.conf
===================================================================
--- adduser.conf (revision 550)
+++ adduser.conf (working copy)
@@ -61,3 +61,11 @@
# If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this
# regular expression when creating a new home directory
SKEL_IGNORE_REGEX="dpkg-(old|new|dist)"
+
+# Set this if you want the --add_extra_groups option to adduser to add
+# new users to other groups. Default:
+#EXTRA_GROUPS="dialout cdrom floppy audio src video lp src users"
+
+# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS
+# option above will be default behavior for adding new, non-system users
+#ADD_EXTRA_GROUPS=1
ndex: doc/adduser.8
===================================================================
--- doc/adduser.8 (revision 550)
+++ doc/adduser.8 (working copy)
@@ -10,7 +10,7 @@
.SH NAME
adduser, addgroup \- add a user or group to the system
.SH SYNOPSIS
-.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user"
+.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] [\-\-extra_groups] user"
.PP
.BR adduser " \-\-system [options] [\-\-home DIR] [\-\-shell SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-group | \-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user"
.PP
@@ -70,7 +70,10 @@
.BR USERS_GID .
Users' groups can also be overridden from the command line with the
.BR \-\-gid " or " \-\-ingroup
-options to set the group by id or name, respectively.
+options to set the group by id or name, respectively. Also, users can be
+added to one or more groups defined in adduser.conf either by setting
+ADD_EXTRA_GROUPS to 1 in adduser.conf, or by passing --add_extra_groups on
+the commandline.
.B adduser
will create a home directory subject to
@@ -255,6 +258,9 @@
.B \-\-lastuid ID
Override the last uid in the range that the uid is chosen from.
.TP
+.B \-\-add_extra_groups
+Add new user to extra groups defined in adduser.conf
+.TP
.B \-\-version
Display version and copyright information.
.SH FILES
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran at debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060423/23503e3e/attachment.pgp
More information about the Adduser-devel
mailing list