1 # Copyright 1999-2019 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 # base-system@gentoo.org (Linux)
7 # Michał Górny <mgorny@gentoo.org> (NetBSD)
8 # @BLURB: user management in ebuilds
10 # The user eclass contains a suite of functions that allow ebuilds
11 # to quickly make sure users in the installed system are sane.
13 if [[ -z ${_USER_ECLASS} ]]; then
16 # @FUNCTION: _assert_pkg_ebuild_phase
18 # @USAGE: <calling func name>
19 _assert_pkg_ebuild_phase() {
20 case ${EBUILD_PHASE} in
21 setup|preinst|postinst) ;;
23 eerror "'$1()' called from '${EBUILD_PHASE}' phase which is not OK:"
24 eerror "You may only call from pkg_{setup,preinst,postinst} functions."
25 eerror "Package fails at QA and at life. Please file a bug."
26 die "Bad package! $1 is only for use in some pkg_* functions!"
31 # @USAGE: <database> <key>
33 # Small wrapper for getent (Linux), nidump (< Mac OS X 10.5),
34 # dscl (Mac OS X 10.5), and pw (FreeBSD) used in enewuser()/enewgroup().
36 # Supported databases: group passwd
40 [[ $# -ge 3 ]] && die "usage: egetent <database> <key>"
44 *) die "sorry, database '${db}' not yet supported; file a bug" ;;
48 *-freebsd*|*-dragonfly*)
56 if [[ ${key} == [[:digit:]]* ]] ; then
57 [[ ${db} == "user" ]] && opts="-u" || opts="-g"
60 pw show ${db} ${opts} "${key}" -q
63 grep "${key}:\*:" /etc/${db}
66 # ignore nscd output if we're not running as root
67 type -p nscd >/dev/null && nscd -i "${db}" 2>/dev/null
68 getent "${db}" "${key}"
73 # @FUNCTION: user_get_nologin
76 # Find an appropriate 'nologin' shell for the platform, and output
81 for eshell in /sbin/nologin /usr/sbin/nologin /bin/false /usr/bin/false /dev/null ; do
82 [[ -x ${ROOT}${eshell} ]] && break
85 if [[ ${eshell} == "/dev/null" ]] ; then
86 ewarn "Unable to identify the shell to use, proceeding with userland default."
88 GNU) eshell="/bin/false" ;;
89 BSD) eshell="/sbin/nologin" ;;
90 Darwin) eshell="/usr/sbin/nologin" ;;
91 *) die "Unable to identify the default shell for userland ${USERLAND}"
99 # @USAGE: <user> [-F] [-M] [uid] [shell] [homedir] [groups]
101 # Same as enewgroup, you are not required to understand how to properly add
102 # a user to the system. The only required parameter is the username.
103 # Default uid is (pass -1 for this) next available, default shell is
104 # /bin/false, default homedir is /dev/null, and there are no default groups.
106 # If -F is passed, enewuser will always enforce specified UID and fail if it
107 # can not be assigned.
108 # If -M is passed, enewuser does not create the home directory if it does not
111 if [[ ${EUID} != 0 ]] ; then
112 einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
115 _assert_pkg_ebuild_phase ${FUNCNAME}
117 local create_home=1 force_uid=
118 while [[ $1 == -* ]]; do
122 *) die "${FUNCNAME}: invalid option ${1}";;
128 local euser=$1; shift
129 if [[ -z ${euser} ]] ; then
130 eerror "No username specified !"
131 die "Cannot call enewuser without a username"
134 # lets see if the username already exists
135 if [[ -n $(egetent passwd "${euser}") ]] ; then
138 einfo "Adding user '${euser}' to your system ..."
140 # options to pass to useradd
145 if [[ -n ${euid} && ${euid} != -1 ]] ; then
146 if [[ ${euid} -gt 0 ]] ; then
147 if [[ -n $(egetent passwd ${euid}) ]] ; then
148 [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
152 eerror "Userid given but is not greater than 0 !"
153 die "${euid} is not a valid UID"
156 [[ -n ${force_uid} ]] && die "${FUNCNAME}: -F with uid==-1 makes no sense"
159 if [[ ${euid} == "next" ]] ; then
160 for ((euid = 101; euid <= 999; euid++)); do
161 [[ -z $(egetent passwd ${euid}) ]] && break
163 [[ ${euid} -le 999 ]] || die "${FUNCNAME}: no free UID found"
166 einfo " - Userid: ${euid}"
169 local eshell=$1; shift
170 if [[ ! -z ${eshell} ]] && [[ ${eshell} != "-1" ]] ; then
171 if [[ ! -e ${ROOT}${eshell} ]] ; then
172 eerror "A shell was specified but it does not exist !"
173 die "${eshell} does not exist in ${ROOT}"
175 if [[ ${eshell} == */false || ${eshell} == */nologin ]] ; then
176 eerror "Do not specify ${eshell} yourself, use -1"
177 die "Pass '-1' as the shell parameter"
180 eshell=$(user_get_nologin)
182 einfo " - Shell: ${eshell}"
183 opts+=( -s "${eshell}" )
186 local ehome=$1; shift
187 if [[ -z ${ehome} ]] || [[ ${ehome} == "-1" ]] ; then
190 einfo " - Home: ${ehome}"
191 opts+=( -d "${ehome}" )
194 local egroups=$1; shift
196 IFS="," read -r -a egroups_arr <<<"${egroups}"
197 if [[ ${#egroups_arr[@]} -gt 0 ]] ; then
198 local defgroup exgroups
199 for g in "${egroups_arr[@]}" ; do
200 if [[ -z $(egetent group "${g}") ]] ; then
201 eerror "You must add group ${g} to the system first"
202 die "${g} is not a valid GID"
204 if [[ -z ${defgroup} ]] ; then
210 opts+=( -g "${defgroup}" )
211 if [[ ! -z ${exgroups} ]] ; then
212 opts+=( -G "${exgroups:1}" )
215 einfo " - Groups: ${egroups:-(none)}"
218 if [[ $# -gt 0 ]] ; then
219 die "extra arguments no longer supported; please file a bug"
221 local comment="added by portage for ${PN}"
222 opts+=( -c "${comment}" )
223 einfo " - GECOS: ${comment}"
228 *-freebsd*|*-dragonfly*)
229 pw useradd "${euser}" "${opts[@]}" || die
233 useradd "${opts[@]}" "${euser}" || die
237 # all ops the same, except the -g vs -g/-G ...
238 useradd -u ${euid} -s "${eshell}" \
239 -d "${ehome}" -g "${egroups}" "${euser}" || die
243 useradd -M -N -r "${opts[@]}" "${euser}" || die
247 if [[ -n ${create_home} && ! -e ${ROOT}/${ehome} ]] ; then
248 einfo " - Creating ${ehome} in ${ROOT}"
249 mkdir -p "${ROOT}/${ehome}"
250 chown "${euser}" "${ROOT}/${ehome}"
251 chmod 755 "${ROOT}/${ehome}"
255 # @FUNCTION: enewgroup
256 # @USAGE: <group> [gid]
258 # This function does not require you to understand how to properly add a
259 # group to the system. Just give it a group name to add and enewgroup will
260 # do the rest. You may specify the gid for the group or allow the group to
261 # allocate the next available one.
263 # If -F is passed, enewgroup will always enforce specified GID and fail if it
264 # can not be assigned.
266 if [[ ${EUID} != 0 ]] ; then
267 einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
270 _assert_pkg_ebuild_phase ${FUNCNAME}
273 while [[ $1 == -* ]]; do
276 *) die "${FUNCNAME}: invalid option ${1}";;
282 local egroup=$1; shift
283 if [[ -z ${egroup} ]] ; then
284 eerror "No group specified !"
285 die "Cannot call enewgroup without a group"
288 # see if group already exists
289 if [[ -n $(egetent group "${egroup}") ]] ; then
292 einfo "Adding group '${egroup}' to your system ..."
296 if [[ ! -z ${egid} ]] ; then
297 if [[ ${egid} -gt 0 ]] ; then
298 if [[ -n $(egetent group ${egid}) ]] ; then
299 [[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken"
300 egid="next available; requested gid taken"
303 eerror "Groupid given but is not greater than 0 !"
304 die "${egid} is not a valid GID"
307 [[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense"
308 egid="next available"
310 einfo " - Groupid: ${egid}"
313 if [[ $# -gt 0 ]] ; then
314 die "extra arguments no longer supported; please file a bug"
317 # Some targets need to find the next available GID manually
318 _enewgroup_next_gid() {
319 if [[ ${egid} == *[!0-9]* ]] ; then
321 for ((egid = 101; egid <= 999; egid++)) ; do
322 [[ -z $(egetent group ${egid}) ]] && break
324 [[ ${egid} -le 999 ]] || die "${FUNCNAME}: no free GID found"
330 *-freebsd*|*-dragonfly*)
332 pw groupadd "${egroup}" -g ${egid} || die
337 groupadd -g ${egid} "${egroup}" || die
342 if [[ ${egid} == *[!0-9]* ]] ; then
343 # Non numeric; let groupadd figure out a GID for us
348 # We specify -r so that we get a GID in the system range from login.defs
349 groupadd -r ${opts} "${egroup}" || die
354 # @FUNCTION: egetusername
357 # Gets the username for given UID.
359 [[ $# -eq 1 ]] || die "usage: egetusername <uid>"
364 # @FUNCTION: egetgroupname
367 # Gets the group name for given GID.
369 [[ $# -eq 1 ]] || die "usage: egetgroupname <gid>"
374 # @FUNCTION: egethome
377 # Gets the home directory for the specified user.
381 [[ $# -eq 1 ]] || die "usage: egethome <user>"
384 *-freebsd*|*-dragonfly*)
387 *) # Linux, NetBSD, OpenBSD, etc...
392 egetent passwd "$1" | cut -d: -f${pos}
395 # @FUNCTION: egetshell
398 # Gets the shell for the specified user.
402 [[ $# -eq 1 ]] || die "usage: egetshell <user>"
405 *-freebsd*|*-dragonfly*)
408 *) # Linux, NetBSD, OpenBSD, etc...
413 egetent passwd "$1" | cut -d: -f${pos}
416 # @FUNCTION: esethome
417 # @USAGE: <user> <homedir>
419 # Update the home directory in a platform-agnostic way.
420 # Required parameters is the username and the new home directory.
421 # Specify -1 if you want to set home to the enewuser default
423 # If the new home directory does not exist, it is created.
424 # Any previously existing home directory is NOT moved.
426 _assert_pkg_ebuild_phase ${FUNCNAME}
429 local euser=$1; shift
430 if [[ -z ${euser} ]] ; then
431 eerror "No username specified !"
432 die "Cannot call esethome without a username"
435 # lets see if the username already exists
436 if [[ -z $(egetent passwd "${euser}") ]] ; then
437 ewarn "User does not exist, cannot set home dir -- skipping."
442 local ehome=$1; shift
443 if [[ -z ${ehome} ]] ; then
444 eerror "No home directory specified !"
445 die "Cannot call esethome without a home directory or '-1'"
448 if [[ ${ehome} == "-1" ]] ; then
452 # exit with no message if home dir is up to date
453 if [[ $(egethome "${euser}") == ${ehome} ]]; then
457 einfo "Updating home for user '${euser}' ..."
458 einfo " - Home: ${ehome}"
460 # ensure home directory exists, otherwise update will fail
461 if [[ ! -e ${ROOT}/${ehome} ]] ; then
462 einfo " - Creating ${ehome} in ${ROOT}"
463 mkdir -p "${ROOT}/${ehome}"
464 chown "${euser}" "${ROOT}/${ehome}"
465 chmod 755 "${ROOT}/${ehome}"
468 # update the home directory
470 *-freebsd*|*-dragonfly*)
471 pw usermod "${euser}" -d "${ehome}" && return 0
472 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
473 eerror "There was an error when attempting to update the home directory for ${euser}"
474 eerror "Please update it manually on your system:"
475 eerror "\t pw usermod \"${euser}\" -d \"${ehome}\""
479 usermod -d "${ehome}" "${euser}" && return 0
480 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
481 eerror "There was an error when attempting to update the home directory for ${euser}"
482 eerror "Please update it manually on your system (as root):"
483 eerror "\t usermod -d \"${ehome}\" \"${euser}\""
488 # @FUNCTION: esetshell
489 # @USAGE: <user> <shell>
491 # Update the shell in a platform-agnostic way.
492 # Required parameters is the username and the new shell.
493 # Specify -1 if you want to set shell to platform-specific nologin.
495 _assert_pkg_ebuild_phase ${FUNCNAME}
498 local euser=$1; shift
499 if [[ -z ${euser} ]] ; then
500 eerror "No username specified !"
501 die "Cannot call esetshell without a username"
504 # lets see if the username already exists
505 if [[ -z $(egetent passwd "${euser}") ]] ; then
506 ewarn "User does not exist, cannot set shell -- skipping."
511 local eshell=$1; shift
512 if [[ -z ${eshell} ]] ; then
513 eerror "No shell specified !"
514 die "Cannot call esetshell without a shell or '-1'"
517 if [[ ${eshell} == "-1" ]] ; then
518 eshell=$(user_get_nologin)
521 # exit with no message if shell is up to date
522 if [[ $(egetshell "${euser}") == ${eshell} ]]; then
526 einfo "Updating shell for user '${euser}' ..."
527 einfo " - Shell: ${eshell}"
531 *-freebsd*|*-dragonfly*)
532 pw usermod "${euser}" -s "${eshell}" && return 0
533 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
534 eerror "There was an error when attempting to update the shell for ${euser}"
535 eerror "Please update it manually on your system:"
536 eerror "\t pw usermod \"${euser}\" -s \"${eshell}\""
540 usermod -s "${eshell}" "${euser}" && return 0
541 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
542 eerror "There was an error when attempting to update the shell for ${euser}"
543 eerror "Please update it manually on your system (as root):"
544 eerror "\t usermod -s \"${eshell}\" \"${euser}\""