1 # Copyright 1999-2019 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 # base-system@gentoo.org (Linux)
7 # Michał Górny <mgorny@gentoo.org> (NetBSD)
8 # @BLURB: user management in ebuilds
10 # The user eclass contains a suite of functions that allow ebuilds
11 # to quickly make sure users in the installed system are sane.
13 if [[ -z ${_USER_ECLASS} ]]; then
16 # @FUNCTION: _assert_pkg_ebuild_phase
18 # @USAGE: <calling func name>
19 _assert_pkg_ebuild_phase() {
20 case ${EBUILD_PHASE} in
21 setup|preinst|postinst|prerm|postrm) ;;
23 eerror "'$1()' called from '${EBUILD_PHASE}' phase which is not OK:"
24 eerror "You may only call from pkg_{setup,{pre,post}{inst,rm}} functions."
25 eerror "Package fails at QA and at life. Please file a bug."
26 die "Bad package! $1 is only for use in some pkg_* functions!"
31 # @USAGE: <database> <key>
33 # Small wrapper for getent (Linux), nidump (< Mac OS X 10.5),
34 # dscl (Mac OS X 10.5), and pw (FreeBSD) used in enewuser()/enewgroup().
36 # Supported databases: group passwd
40 [[ $# -ge 3 ]] && die "usage: egetent <database> <key>"
44 *) die "sorry, database '${db}' not yet supported; file a bug" ;;
48 *-freebsd*|*-dragonfly*)
56 if [[ ${key} == [[:digit:]]* ]] ; then
57 [[ ${db} == "user" ]] && opts="-u" || opts="-g"
60 pw show ${db} ${opts} "${key}" -q
63 grep "${key}:\*:" /etc/${db}
66 # ignore nscd output if we're not running as root
67 type -p nscd >/dev/null && nscd -i "${db}" 2>/dev/null
68 getent "${db}" "${key}"
73 # @FUNCTION: user_get_nologin
76 # Find an appropriate 'nologin' shell for the platform, and output
81 for eshell in /sbin/nologin /usr/sbin/nologin /bin/false /usr/bin/false /dev/null ; do
82 [[ -x ${ROOT}${eshell} ]] && break
85 if [[ ${eshell} == "/dev/null" ]] ; then
86 ewarn "Unable to identify the shell to use, proceeding with userland default."
88 GNU) eshell="/bin/false" ;;
89 BSD) eshell="/sbin/nologin" ;;
90 Darwin) eshell="/usr/sbin/nologin" ;;
91 *) die "Unable to identify the default shell for userland ${USERLAND}"
99 # @USAGE: <user> [-F] [-M] [uid] [shell] [homedir] [groups]
101 # Same as enewgroup, you are not required to understand how to properly add
102 # a user to the system. The only required parameter is the username.
103 # Default uid is (pass -1 for this) next available, default shell is
104 # /bin/false, default homedir is /dev/null, and there are no default groups.
106 # If -F is passed, enewuser will always enforce specified UID and fail if it
107 # can not be assigned.
108 # If -M is passed, enewuser does not create the home directory if it does not
111 if [[ ${EUID} != 0 ]] ; then
112 einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
115 _assert_pkg_ebuild_phase ${FUNCNAME}
117 local create_home=1 force_uid=
118 while [[ $1 == -* ]]; do
122 *) die "${FUNCNAME}: invalid option ${1}";;
128 local euser=$1; shift
129 if [[ -z ${euser} ]] ; then
130 eerror "No username specified !"
131 die "Cannot call enewuser without a username"
134 # lets see if the username already exists
135 if [[ -n $(egetent passwd "${euser}") ]] ; then
138 einfo "Adding user '${euser}' to your system ..."
140 # options to pass to useradd
145 if [[ -n ${euid} && ${euid} != -1 ]] ; then
146 if [[ ${euid} -gt 0 ]] ; then
147 if [[ -n $(egetent passwd ${euid}) ]] ; then
148 [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
152 eerror "Userid given but is not greater than 0 !"
153 die "${euid} is not a valid UID"
156 [[ -n ${force_uid} ]] && die "${FUNCNAME}: -F with uid==-1 makes no sense"
159 if [[ ${euid} == "next" ]] ; then
160 for ((euid = 999; euid >= 101; euid--)); do
161 [[ -z $(egetent passwd ${euid}) ]] && break
163 [[ ${euid} -ge 101 ]] || die "${FUNCNAME}: no free UID found"
166 einfo " - Userid: ${euid}"
169 local eshell=$1; shift
170 if [[ ! -z ${eshell} ]] && [[ ${eshell} != "-1" ]] ; then
171 if [[ ! -e ${ROOT}${eshell} ]] ; then
172 eerror "A shell was specified but it does not exist !"
173 die "${eshell} does not exist in ${ROOT}"
175 if [[ ${eshell} == */false || ${eshell} == */nologin ]] ; then
176 eerror "Do not specify ${eshell} yourself, use -1"
177 die "Pass '-1' as the shell parameter"
180 eshell=$(user_get_nologin)
182 einfo " - Shell: ${eshell}"
183 opts+=( -s "${eshell}" )
186 local ehome=$1; shift
187 if [[ -z ${ehome} ]] || [[ ${ehome} == "-1" ]] ; then
190 einfo " - Home: ${ehome}"
191 opts+=( -d "${ehome}" )
194 local egroups=$1; shift
196 IFS="," read -r -a egroups_arr <<<"${egroups}"
197 if [[ ${#egroups_arr[@]} -gt 0 ]] ; then
198 local defgroup exgroups
199 for g in "${egroups_arr[@]}" ; do
200 if [[ -z $(egetent group "${g}") ]] ; then
201 eerror "You must add group ${g} to the system first"
202 die "${g} is not a valid GID"
204 if [[ -z ${defgroup} ]] ; then
210 opts+=( -g "${defgroup}" )
211 if [[ ! -z ${exgroups} ]] ; then
212 opts+=( -G "${exgroups:1}" )
215 einfo " - Groups: ${egroups:-(none)}"
218 if [[ $# -gt 0 ]] ; then
219 die "extra arguments no longer supported; please file a bug"
221 local comment="added by portage for ${PN}"
222 opts+=( -c "${comment}" )
223 einfo " - GECOS: ${comment}"
228 *-freebsd*|*-dragonfly*)
229 pw useradd "${euser}" "${opts[@]}" || die
233 useradd "${opts[@]}" "${euser}" || die
237 # all ops the same, except the -g vs -g/-G ...
238 useradd -u ${euid} -s "${eshell}" \
239 -d "${ehome}" -g "${egroups}" "${euser}" || die
243 useradd -M -N -r "${opts[@]}" "${euser}" || die
247 if [[ -n ${create_home} && ! -e ${ROOT}/${ehome} ]] ; then
248 einfo " - Creating ${ehome} in ${ROOT}"
249 mkdir -p "${ROOT}/${ehome}"
250 chown "${euser}" "${ROOT}/${ehome}"
251 chmod 755 "${ROOT}/${ehome}"
255 # @FUNCTION: enewgroup
256 # @USAGE: <group> [gid]
258 # This function does not require you to understand how to properly add a
259 # group to the system. Just give it a group name to add and enewgroup will
260 # do the rest. You may specify the gid for the group or allow the group to
261 # allocate the next available one.
263 # If -F is passed, enewgroup will always enforce specified GID and fail if it
264 # can not be assigned.
266 if [[ ${EUID} != 0 ]] ; then
267 einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
270 _assert_pkg_ebuild_phase ${FUNCNAME}
273 while [[ $1 == -* ]]; do
276 *) die "${FUNCNAME}: invalid option ${1}";;
282 local egroup=$1; shift
283 if [[ -z ${egroup} ]] ; then
284 eerror "No group specified !"
285 die "Cannot call enewgroup without a group"
288 # see if group already exists
289 if [[ -n $(egetent group "${egroup}") ]] ; then
292 einfo "Adding group '${egroup}' to your system ..."
296 if [[ ! -z ${egid} ]] ; then
297 if [[ ${egid} -gt 0 ]] ; then
298 if [[ -n $(egetent group ${egid}) ]] ; then
299 [[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken"
300 egid="next available; requested gid taken"
303 eerror "Groupid given but is not greater than 0 !"
304 die "${egid} is not a valid GID"
307 [[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense"
308 egid="next available"
310 einfo " - Groupid: ${egid}"
313 if [[ $# -gt 0 ]] ; then
314 die "extra arguments no longer supported; please file a bug"
317 # Some targets need to find the next available GID manually
318 _enewgroup_next_gid() {
319 if [[ ${egid} == *[!0-9]* ]] ; then
321 for ((egid = 999; egid >= 101; egid--)) ; do
322 [[ -z $(egetent group ${egid}) ]] && break
324 [[ ${egid} -ge 101 ]] || die "${FUNCNAME}: no free GID found"
330 *-freebsd*|*-dragonfly*)
332 pw groupadd "${egroup}" -g ${egid} || die
337 groupadd -g ${egid} "${egroup}" || die
342 if [[ ${egid} == *[!0-9]* ]] ; then
343 # Non numeric; let groupadd figure out a GID for us
348 # We specify -r so that we get a GID in the system range from login.defs
349 groupadd -r ${opts} "${egroup}" || die
354 # @FUNCTION: egetusername
357 # Gets the username for given UID.
359 [[ $# -eq 1 ]] || die "usage: egetusername <uid>"
361 egetent passwd "$1" | cut -d: -f1
364 # @FUNCTION: egetgroupname
367 # Gets the group name for given GID.
369 [[ $# -eq 1 ]] || die "usage: egetgroupname <gid>"
371 egetent group "$1" | cut -d: -f1
374 # @FUNCTION: egethome
377 # Gets the home directory for the specified user.
381 [[ $# -eq 1 ]] || die "usage: egethome <user>"
384 *-freebsd*|*-dragonfly*)
387 *) # Linux, NetBSD, OpenBSD, etc...
392 egetent passwd "$1" | cut -d: -f${pos}
395 # @FUNCTION: egetshell
398 # Gets the shell for the specified user.
402 [[ $# -eq 1 ]] || die "usage: egetshell <user>"
405 *-freebsd*|*-dragonfly*)
408 *) # Linux, NetBSD, OpenBSD, etc...
413 egetent passwd "$1" | cut -d: -f${pos}
416 # @FUNCTION: egetcomment
419 # Gets the comment field for the specified user.
423 [[ $# -eq 1 ]] || die "usage: egetshell <user>"
426 *-freebsd*|*-dragonfly*)
429 *) # Linux, NetBSD, OpenBSD, etc...
434 egetent passwd "$1" | cut -d: -f${pos}
437 # @FUNCTION: egetgroups
440 # Gets all the groups user belongs to. The primary group is returned
441 # first, then all supplementary groups. Groups are ','-separated.
443 [[ $# -eq 1 ]] || die "usage: egetgroups <user>"
446 read -r -a egroups_arr < <(id -G -n "$1")
448 local g groups=${egroups_arr[0]}
449 # sort supplementary groups to make comparison possible
451 [[ -n ${g} ]] && groups+=",${g}"
452 done < <(printf '%s\n' "${egroups_arr[@]:1}" | sort)
456 # @FUNCTION: esethome
457 # @USAGE: <user> <homedir>
459 # Update the home directory in a platform-agnostic way.
460 # Required parameters is the username and the new home directory.
461 # Specify -1 if you want to set home to the enewuser default
463 # If the new home directory does not exist, it is created.
464 # Any previously existing home directory is NOT moved.
466 _assert_pkg_ebuild_phase ${FUNCNAME}
469 local euser=$1; shift
470 if [[ -z ${euser} ]] ; then
471 eerror "No username specified !"
472 die "Cannot call esethome without a username"
475 # lets see if the username already exists
476 if [[ -z $(egetent passwd "${euser}") ]] ; then
477 ewarn "User does not exist, cannot set home dir -- skipping."
482 local ehome=$1; shift
483 if [[ -z ${ehome} ]] ; then
484 eerror "No home directory specified !"
485 die "Cannot call esethome without a home directory or '-1'"
488 if [[ ${ehome} == "-1" ]] ; then
492 # exit with no message if home dir is up to date
493 if [[ $(egethome "${euser}") == ${ehome} ]]; then
497 einfo "Updating home for user '${euser}' ..."
498 einfo " - Home: ${ehome}"
500 # ensure home directory exists, otherwise update will fail
501 if [[ ! -e ${ROOT}/${ehome} ]] ; then
502 einfo " - Creating ${ehome} in ${ROOT}"
503 mkdir -p "${ROOT}/${ehome}"
504 chown "${euser}" "${ROOT}/${ehome}"
505 chmod 755 "${ROOT}/${ehome}"
508 # update the home directory
510 *-freebsd*|*-dragonfly*)
511 pw usermod "${euser}" -d "${ehome}" && return 0
512 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
513 eerror "There was an error when attempting to update the home directory for ${euser}"
514 eerror "Please update it manually on your system:"
515 eerror "\t pw usermod \"${euser}\" -d \"${ehome}\""
519 usermod -d "${ehome}" "${euser}" && return 0
520 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
521 eerror "There was an error when attempting to update the home directory for ${euser}"
522 eerror "Please update it manually on your system (as root):"
523 eerror "\t usermod -d \"${ehome}\" \"${euser}\""
528 # @FUNCTION: esetshell
529 # @USAGE: <user> <shell>
531 # Update the shell in a platform-agnostic way.
532 # Required parameters is the username and the new shell.
533 # Specify -1 if you want to set shell to platform-specific nologin.
535 _assert_pkg_ebuild_phase ${FUNCNAME}
538 local euser=$1; shift
539 if [[ -z ${euser} ]] ; then
540 eerror "No username specified !"
541 die "Cannot call esetshell without a username"
544 # lets see if the username already exists
545 if [[ -z $(egetent passwd "${euser}") ]] ; then
546 ewarn "User does not exist, cannot set shell -- skipping."
551 local eshell=$1; shift
552 if [[ -z ${eshell} ]] ; then
553 eerror "No shell specified !"
554 die "Cannot call esetshell without a shell or '-1'"
557 if [[ ${eshell} == "-1" ]] ; then
558 eshell=$(user_get_nologin)
561 # exit with no message if shell is up to date
562 if [[ $(egetshell "${euser}") == ${eshell} ]]; then
566 einfo "Updating shell for user '${euser}' ..."
567 einfo " - Shell: ${eshell}"
571 *-freebsd*|*-dragonfly*)
572 pw usermod "${euser}" -s "${eshell}" && return 0
573 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
574 eerror "There was an error when attempting to update the shell for ${euser}"
575 eerror "Please update it manually on your system:"
576 eerror "\t pw usermod \"${euser}\" -s \"${eshell}\""
580 usermod -s "${eshell}" "${euser}" && return 0
581 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
582 eerror "There was an error when attempting to update the shell for ${euser}"
583 eerror "Please update it manually on your system (as root):"
584 eerror "\t usermod -s \"${eshell}\" \"${euser}\""
589 # @FUNCTION: esetcomment
590 # @USAGE: <user> <comment>
592 # Update the comment field in a platform-agnostic way.
593 # Required parameters is the username and the new comment.
595 _assert_pkg_ebuild_phase ${FUNCNAME}
598 local euser=$1; shift
599 if [[ -z ${euser} ]] ; then
600 eerror "No username specified !"
601 die "Cannot call esetcomment without a username"
604 # lets see if the username already exists
605 if [[ -z $(egetent passwd "${euser}") ]] ; then
606 ewarn "User does not exist, cannot set comment -- skipping."
611 local ecomment=$1; shift
612 if [[ -z ${ecomment} ]] ; then
613 eerror "No comment specified !"
614 die "Cannot call esetcomment without a comment"
617 # exit with no message if comment is up to date
618 if [[ $(egetcomment "${euser}") == ${ecomment} ]]; then
622 einfo "Updating comment for user '${euser}' ..."
623 einfo " - Comment: ${ecomment}"
627 *-freebsd*|*-dragonfly*)
628 pw usermod "${euser}" -c "${ecomment}" && return 0
629 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
630 eerror "There was an error when attempting to update the comment for ${euser}"
631 eerror "Please update it manually on your system:"
632 eerror "\t pw usermod \"${euser}\" -c \"${ecomment}\""
636 usermod -c "${ecomment}" "${euser}" && return 0
637 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
638 eerror "There was an error when attempting to update the comment for ${euser}"
639 eerror "Please update it manually on your system (as root):"
640 eerror "\t usermod -c \"${ecomment}\" \"${euser}\""
645 # @FUNCTION: esetgroups
646 # @USAGE: <user> <groups>
648 # Update the group field in a platform-agnostic way.
649 # Required parameters is the username and the new list of groups,
650 # primary group first.
652 _assert_pkg_ebuild_phase ${FUNCNAME}
654 [[ ${#} -eq 2 ]] || die "Usage: ${FUNCNAME} <user> <groups>"
657 local euser=$1; shift
659 # lets see if the username already exists
660 if [[ -z $(egetent passwd "${euser}") ]] ; then
661 ewarn "User does not exist, cannot set group -- skipping."
666 local egroups=$1; shift
668 local g egroups_arr=()
669 IFS="," read -r -a egroups_arr <<<"${egroups}"
670 [[ ${#egroups_arr[@]} -gt 0 ]] || die "${FUNCNAME}: no groups specified"
672 for g in "${egroups_arr[@]}" ; do
673 if [[ -z $(egetent group "${g}") ]] ; then
674 eerror "You must add group ${g} to the system first"
675 die "${g} is not a valid GID"
679 local defgroup=${egroups_arr[0]} exgroups_arr=()
680 # sort supplementary groups to make comparison possible
681 readarray -t exgroups_arr < <(printf '%s\n' "${egroups_arr[@]:1}" | sort)
682 local exgroups=${exgroups_arr[*]}
683 exgroups=${exgroups// /,}
684 egroups=${defgroup}${exgroups:+,${exgroups}}
686 # exit with no message if group membership is up to date
687 if [[ $(egetgroups "${euser}") == ${egroups} ]]; then
691 local opts=( -g "${defgroup}" -G "${exgroups}" )
692 einfo "Updating groups for user '${euser}' ..."
693 einfo " - Groups: ${egroups}"
697 *-freebsd*|*-dragonfly*)
698 pw usermod "${euser}" "${opts[@]}" && return 0
699 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
700 eerror "There was an error when attempting to update the groups for ${euser}"
701 eerror "Please update it manually on your system:"
702 eerror "\t pw usermod \"${euser}\" ${opts[*]}"
706 usermod "${opts[@]}" "${euser}" && return 0
707 [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
708 eerror "There was an error when attempting to update the groups for ${euser}"
709 eerror "Please update it manually on your system (as root):"
710 eerror "\t usermod ${opts[*]} \"${euser}\""