From f67cc1eca6cad02a9bf77d65c90797cc01c7c6b5 Mon Sep 17 00:00:00 2001 From: asmeron Date: Mon, 25 Mar 2024 15:50:40 +0600 Subject: [PATCH] Fix script account --- ublinux/functions | 7 +- ublinux/rc.halt.pre/25-accounts-sync | 3 + ublinux/rc.preinit/10-accounts | 309 +++++++++++++++------------ 3 files changed, 184 insertions(+), 135 deletions(-) diff --git a/ublinux/functions b/ublinux/functions index 34112f2..d42d95f 100755 --- a/ublinux/functions +++ b/ublinux/functions @@ -205,6 +205,7 @@ globalconf_convert_pass_plain_to_hash(){ # - # Все пользователи диапазона # # Имя пользователя get_conf_useradd_from_system(){ + SOURCE=${SYSCONF}/users; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null FILE_PASSWD="${ROOTFS}/etc/passwd" FILE_SHADOW="${ROOTFS}/etc/shadow" FILE_LOGINDEFS="${ROOTFS}/etc/login.defs" @@ -234,9 +235,9 @@ get_conf_useradd_from_system(){ && SELECT_PASSWORD=${BASH_REMATCH[2]} [[ ${SELECT_PASSWORD} == "!*" && ${SELECT_PLAINPASSWORD} != "x" ]] && SELECT_PASSWORD="${SELECT_PLAINPASSWORD}" - #SELECT_EXTRAGROUPS=$(${CHROOT} id -nrG ${SELECT_USER} | tr " " ",") - SELECT_EXTRAGROUPS=$(printf "%s\n" $(${CHROOT} id -nrG ${SELECT_USER}) | sort -u | xargs | tr " " ",") - SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//,nobody/}; SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//nobody/} + #SELECT_EXTRAGROUPS=$(printf "%s\n" $(${CHROOT} id -nrG ${SELECT_USER}) | sort -u | xargs | tr " " ",") + #SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//,nobody/}; SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//nobody/} + SELECT_EXTRAGROUPS=$(comm --nocheck-order -13 <(printf "%s\n" ${USERGROUPS//,/ } | sort -u) <(printf "%s\n" $(${CHROOT} id -nrG ${SELECT_USER}) | sort -u) | xargs | tr " " ",") [[ -n ${SELECT_HOME} && ${SELECT_HOME} != "${DEFAULT_HOME}/${SELECT_USER}" ]] && SELECT_OPTIONAL+=" --home-dir ${SELECT_HOME}" [[ -n ${SELECT_SHELL} && ${SELECT_SHELL} != ${DEFAULT_SHELL} ]] && SELECT_OPTIONAL+=" --shell ${SELECT_SHELL}" if [[ ${SELECT_PASSWORD} == "!*" ]]; then diff --git a/ublinux/rc.halt.pre/25-accounts-sync b/ublinux/rc.halt.pre/25-accounts-sync index b7ddf5e..12f1915 100755 --- a/ublinux/rc.halt.pre/25-accounts-sync +++ b/ublinux/rc.halt.pre/25-accounts-sync @@ -27,6 +27,8 @@ exec_useradd_sync(){ [[ -n ${GET_USERADD} ]] && ${ROOTFS}/usr/bin/ubconfig --quiet --target global set [users] ${GET_USERADD} [[ -n ${GET_USERSHADOW} ]] && ${ROOTFS}/usr/bin/ubconfig --quiet --target global set [users] ${GET_USERSHADOW} } + ${ROOTFS}/usr/bin/ubconfig --quiet --target global remove [users] USERADD[*] + ${ROOTFS}/usr/bin/ubconfig --quiet --target global remove [users] USERSHADOW[*] if [[ ${USERADD_SYNC} =~ 'shutdown@all' ]]; then set_ubconfig "@all" elif [[ ${USERADD_SYNC} =~ 'shutdown@users' ]]; then @@ -60,6 +62,7 @@ exec_groupadd_sync(){ local GET_GROUPADD=$(get_conf_groupadd_from_system ${PARAM}) [[ -n ${GET_GROUPADD} ]] && ${ROOTFS}/usr/bin/ubconfig --quiet --target global set [users] ${GET_GROUPADD} } + ${ROOTFS}/usr/bin/ubconfig --quiet --target global remove [users] GROUPADD[*] if [[ ${GROUPADD_SYNC} =~ 'shutdown@all' ]]; then set_ubconfig "@all" elif [[ ${GROUPADD_SYNC} =~ 'shutdown@users' ]]; then diff --git a/ublinux/rc.preinit/10-accounts b/ublinux/rc.preinit/10-accounts index 4e1bef9..22ef73e 100755 --- a/ublinux/rc.preinit/10-accounts +++ b/ublinux/rc.preinit/10-accounts @@ -5,13 +5,13 @@ # Current dir allways must be set to root (/) # All system path must be relative, except initrd dirs -ENABLED=yes +ENABLED= [[ ${ENABLED} == "yes" ]] || exit 0 DEBUGMODE=no PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin -unset ROOTFS CMD_CHROOT; [[ -d /usr/lib/ublinux ]] || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; } +CMD_CHROOT= ; [[ -d /usr/lib/ublinux ]] || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; } SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 debug_mode "$0" "$@" @@ -30,6 +30,7 @@ SOURCE=${FILE_ROOT_USERS}; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null FILE_GROUP="${ROOTFS}/etc/group" FILE_GSHADOW="${ROOTFS}/etc/gshadow" PATH_HOME="/home" + NAME_REGEX="^[a-z_][-a-z0-9_]*\$" # Задать пароль пользователю # $1 # Имя пользователя @@ -96,7 +97,7 @@ create_home(){ cp -Taf ${ROOTFS}/etc/skel "${ROOTFS}${PATH_HOME}/${SELECT_USERNAME}" fi #rsync -rlpt --ignore-existing etc/skel/ "${ROOTFS}${PATH_HOME}/${SELECT_USERNAME}" - [[ -n ${ROOTFS} ]] && ARG_RECURSIVE="-R" || unset ARG_RECURSIVE + [[ -n ${ROOTFS} ]] && ARG_RECURSIVE="-R" || ARG_RECURSIVE= ${CMD_CHROOT} /usr/bin/chown -f ${ARG_RECURSIVE} "${SELECT_USERNAME}" ${PATH_HOME}/"${SELECT_USERNAME}" ${CMD_CHROOT} /usr/bin/chown -f ${ARG_RECURSIVE} :"${SELECT_GROUP}" "${PATH_HOME}/${SELECT_USERNAME}" } @@ -164,6 +165,9 @@ exec_01_add_groups(){ [[ -n ${COMMAND} ]] || COMMAND="set=" local PARAM="$@" local GROUPADD_GROUPS SELECT_GROUP ARG_FINDGROUP_ID FINDGROUP_ID + DATA_FILE_GROUP=$(cat ${FILE_GROUP}) + # Загрузить файлы которые совпадают в каталогах /usr/lib/sysusers.d/ и /usr/share/ublinux-sysusers/. И загрузить которые уникальные в /usr/lib/sysusers.d/ + DATA_SYSUSERS=$(cat ${ROOTFS}/usr/lib/sysusers.d/*.conf ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) if [[ -n ${PARAM} ]]; then GROUPADD_GROUPS=${PARAM} else @@ -174,21 +178,25 @@ exec_01_add_groups(){ [[ ${GROUPADD_GROUPS:0:1} == ',' ]] && GROUPADD_GROUPS=${GROUPADD_GROUPS:1} [[ ${GROUPADD_GROUPS} =~ ','$ ]] && GROUPADD_GROUPS=${GROUPADD_GROUPS%*,} [[ -n ${GROUPADD_GROUPS} ]] && while IFS= read -u3 SELECT_GROUP; do - unset ARG_FINDGROUP_ID + local ARG_FINDGROUP_ID= # Найти группу по имени - [[ $(cat ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) =~ ($'\n'|^)+'g'[[:blank:]]+"${SELECT_GROUP}"[[:blank:]]+([[:digit:]]+)[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_ID=${BASH_REMATCH[2]} || FINDGROUP_ID= - # Найти группу по GUID - #[[ $(cat ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) =~ ($'\n'|^)+'g'[[:blank:]]+([^$'\n']+)[[:blank:]]+"${SELECT_GROUP}"[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_NAME=${BASH_REMATCH[2]} - if [[ ${FINDGROUP_ID} != "" && $(cat ${FILE_GROUP} 2>/dev/null) =~ ($'\n'|^)+${SELECT_GROUP}:[^$'\n']*:${FINDGROUP_ID}:[^$'\n']*($'\n'|$)+ ]]; then + [[ ${DATA_SYSUSERS} =~ ($'\n'|^)+'g'[[:blank:]]+"${SELECT_GROUP}"[[:blank:]]+([[:digit:]]+)[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_ID=${BASH_REMATCH[2]} || FINDGROUP_ID= + # Найти группу по GID + #[[ ${DATA_SYSUSERS} =~ ($'\n'|^)+'g'[[:blank:]]+([^$'\n']+)[[:blank:]]+"${SELECT_GROUP}"[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_NAME=${BASH_REMATCH[2]} + if [[ ${FINDGROUP_ID} != "" && ${DATA_FILE_GROUP} =~ ($'\n'|^)+${SELECT_GROUP}:[^$'\n']*:${FINDGROUP_ID}:[^$'\n']*($'\n'|$)+ ]]; then # Группа найдена, имя и id совпадают, пропускаем добавление continue - elif [[ ${FINDGROUP_ID} != "" && $(cat ${FILE_GROUP} 2>/dev/null) =~ ($'\n'|^)+${SELECT_GROUP}:[^$'\n']*($'\n'|$)+ ]]; then + elif [[ ${FINDGROUP_ID} != "" && ${DATA_FILE_GROUP} =~ ($'\n'|^)+${SELECT_GROUP}:[^$'\n']*($'\n'|$)+ ]]; then # Группа найдена, имя и id не совпадают, удаляем группу echo "WARNING: the group '${SELECT_GROUP}' has an id different from the template /usr/share/ublinux-sysusers/*.sysusers and the id will be changed to '${SELECT_GROUP}:${FINDGROUP_ID}'" ${CMD_CHROOT} /usr/bin/groupdel -f ${SELECT_GROUP} fi [[ ${FINDGROUP_ID} == @(""|"-") ]] || ARG_FINDGROUP_ID="--gid ${FINDGROUP_ID}" - ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_FINDGROUP_ID} ${SELECT_GROUP} + if [[ ${SELECT_GROUP} =~ ${NAME_REGEX} ]]; then + ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_FINDGROUP_ID} ${SELECT_GROUP} + else + >&2 echo "ERROR: '${SELECT_GROUP}' cannot be a group name" + fi done 3<<< "${GROUPADD_GROUPS//,/$'\n'}" fi } @@ -238,14 +246,14 @@ exec_02_neededusers(){ fi # Создаём пользователя if ! grep -q ^"${SELECT_USERNAME}": ${FILE_PASSWD} 2>/dev/null; then - [[ -n ${SELECT_UID} ]] && ARG_SELECT_UID="-u ${SELECT_UID}" || unset ARG_SELECT_UID + [[ -n ${SELECT_UID} ]] && ARG_SELECT_UID="-u ${SELECT_UID}" || ARG_SELECT_UID= if [[ -x ${ROOTFS}/usr/bin/useradd ]]; then - [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-c '${SELECT_GECOS}'" || unset ARG_SELECT_GECOS - [[ -n ${DEFAULTGROUP} ]] && ARG_DEFAULTGROUP="-G ${DEFAULTGROUP}" || unset ARG_DEFAULTGROUP + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-c '${SELECT_GECOS}'" || ARG_SELECT_GECOS= + [[ -n ${DEFAULTGROUP} ]] && ARG_DEFAULTGROUP="-G ${DEFAULTGROUP}" || ARG_DEFAULTGROUP= eval ${CMD_CHROOT} /usr/bin/useradd -M ${ARG_DEFAULTGROUP} ${ARG_SELECT_UID} ${ARG_SELECT_GECOS} ${SELECT_USERNAME} #>/dev/null 2>&1 elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then # busybox adduser - [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-g '${SELECT_GECOS}'" || unset ARG_SELECT_GECOS + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-g '${SELECT_GECOS}'" || ARG_SELECT_GECOS= [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="-G ${SELECT_GROUP}" || ARG_SELECT_GROUP="-G ${SELECT_USERNAME}" eval ${CMD_CHROOT} /usr/bin/busybox adduser -D -H ${ARG_DEFAULTGROUP} ${ARG_SELECT_UID} ${ARG_SELECT_GECOS} ${SELECT_USERNAME} #>/dev/null 2>&1 fi @@ -331,91 +339,110 @@ exec_03_useradd(){ [[ ${#USERADD[@]} == 0 ]] && USERADD[${DEFAULTUSER}]="Administrator:${ADMUID}:x:x:x:${DEFAULTPASSWD}" [[ ${NOSECUREROOTPASSWD} == ${DEFAULTROOTPASSWD} ]] && ADDADM=yes useradd_local(){ + DATA_FILE_PASSWD=$(cat ${FILE_PASSWD}) + DATA_FILE_GROUP=$(cat ${FILE_GROUP}) local SELECT_USERNAME=$1 - if [[ -n ${PARAM} && -z ${ROOTFS} ]]; then # Вызов как исполнителя после ubconfig # Добавить параметр в ${FILE_ROOT_USERS}=.users_credential и удалить хеш пароля параметра USERADD[.*] в /etc/ublinux/users + if [[ -n ${PARAM} && -z ${ROOTFS} ]]; then if [[ -f ${FILE_ROOT_USERS} ]]; then sed "/USERADD\[${SELECT_USERNAME}\]=/d" -i "${FILE_ROOT_USERS}" echo "USERADD[${SELECT_USERNAME}]='${USERADD[${SELECT_USERNAME}]}'" >> ${FILE_ROOT_USERS} fi [[ -f "${SYSCONF}/users" ]] && sed -E "s/(USERADD\[${SELECT_USERNAME}\]=[\'\"]?)([^:]*:[^:]*:[^:]*:[^:]*:[^:]*:)[^\'\"]*([\'\"]?)/\1\2\3/g" -i "${SYSCONF}/users" fi - IFS=: read -r SELECT_GECOS SELECT_UID SELECT_GROUP SELECT_EXTRAGROUPS SELECT_OPTIONAL SELECT_PASSWORD NULL <<< "${USERADD[${SELECT_USERNAME}]}" - [[ ${SELECT_GECOS,,} == "x" ]] && unset SELECT_GECOS - [[ ${SELECT_OPTIONAL,,} == "x" ]] && unset SELECT_OPTIONAL - [[ ${SELECT_OPTIONAL} =~ ("--home-dir "|"-d ")([^' ']*)(' '|$) ]] && HOME_DIR_SELECT_USERNAME="${BASH_REMATCH[2]}" || HOME_DIR_SELECT_USERNAME="${PATH_HOME}/${SELECT_USERNAME}" - [[ ${SELECT_UID,,} == "x" || ${SELECT_UID} =~ ^[^0-9]+$ ]] && unset SELECT_UID - # Если существует домашний каталог пользователя, то UID берём от каталога - if [[ -z ${SELECT_UID} && -d "${ROOTFS}${HOME_DIR_SELECT_USERNAME}" ]]; then - SELECT_UID=$(stat -c %u "${ROOTFS}${HOME_DIR_SELECT_USERNAME}") - [[ $(cat ${FILE_PASSWD} 2>/dev/null) =~ ($'\n'|^)+[^:]*:[^:]*:"${SELECT_UID}": ]] && unset SELECT_UID - fi - [[ ${SELECT_GROUP,,} == "x" ]] && unset SELECT_GROUP - # Если существует домашний каталог пользователя, то GID берём от каталога - if [[ -z ${SELECT_GROUP} && -d "${ROOTFS}${HOME_DIR_SELECT_USERNAME}" ]]; then - SELECT_GROUP=$(stat -c %g "${ROOTFS}${HOME_DIR_SELECT_USERNAME}") - [[ $(cat ${FILE_PASSWD} 2>/dev/null) =~ ($'\n'|^)+[^:]*:[^:]*:[^:]*:"${SELECT_GROUP}": ]] && unset SELECT_GROUP - fi - [[ ${SELECT_EXTRAGROUPS,,} == "x" ]] && unset SELECT_EXTRAGROUPS - [[ ${SELECT_PASSWORD} == @(""|"x") ]] && SELECT_PASSWORD="${DEFAULTPASSWD}" - [[ ${SELECT_PASSWORD} != @(""|'!*'|'!'|'*') ]] && SELECT_PASSWORD="$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})" - # Если в дополнительных группа присутствует группа по имени пользователя, то удалить её из списка - SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//${SELECT_USERNAME}/} - # Создадать группы из параметра SELECT_EXTRAGROUPS - local SELECT_EXTRAGROUPS_TO_EXEC_01= - [[ -n ${SELECT_EXTRAGROUPS} ]] && while IFS= read -u4 ITEM_SELECT_EXTRAGROUP; do - [[ ${ITEM_SELECT_EXTRAGROUP} != "" ]] || continue - if [[ -n ${GROUPADD[${ITEM_SELECT_EXTRAGROUP}]} ]]; then - exec_05_groupadd "GROUPADD[${ITEM_SELECT_EXTRAGROUP}]=${GROUPADD[${ITEM_SELECT_EXTRAGROUP}]}" - else - SELECT_EXTRAGROUPS_TO_EXEC_01+="${ITEM_SELECT_EXTRAGROUP}," + # Проверяем существует ли пользователь в системе + [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+"${SELECT_USERNAME}": ]] && IS_USERNAME_PASSWD=yes || IS_USERNAME_PASSWD= + # Проверяем отсутствие пользователя в системе или параметр принудительного обновления + if [[ ${IS_USERNAME_PASSWD} == "" || ${USERADD_SYNC} =~ 'boot' || ${USERADD_SYNC[${SELECT_USERNAME}]} =~ 'boot' ]]; then + IFS=: read -r SELECT_GECOS SELECT_UID SELECT_GROUP SELECT_EXTRAGROUPS SELECT_OPTIONAL SELECT_PASSWORD NULL <<< "${USERADD[${SELECT_USERNAME}]}" +#echo -e "\n===> exec_03_useradd: ${SELECT_USERNAME}=${SELECT_GECOS}:${SELECT_UID}:${SELECT_GROUP}:${SELECT_EXTRAGROUPS}:${SELECT_OPTIONAL}:${SELECT_PASSWORD}" + [[ ${SELECT_GECOS,,} == "x" ]] && SELECT_GECOS= + [[ ${SELECT_OPTIONAL,,} == "x" ]] && SELECT_OPTIONAL= + [[ ${SELECT_OPTIONAL} =~ ("--home-dir "|"-d ")([^' ']*)(' '|$) ]] && HOME_DIR_SELECT_USERNAME="${BASH_REMATCH[2]}" || HOME_DIR_SELECT_USERNAME="${PATH_HOME}/${SELECT_USERNAME}" + [[ ${SELECT_UID,,} == "x" || ${SELECT_UID} =~ ^[^0-9]+$ ]] && SELECT_UID= + # Если существует домашний каталог пользователя, то UID берём от каталога + if [[ -z ${SELECT_UID} && -d "${ROOTFS}${HOME_DIR_SELECT_USERNAME}" ]]; then + SELECT_UID=$(stat -c %u "${ROOTFS}${HOME_DIR_SELECT_USERNAME}") + [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+[^:]*:[^:]*:"${SELECT_UID}": ]] && SELECT_UID= + fi + [[ ${SELECT_GROUP,,} == "x" ]] && SELECT_GROUP= + # Если существует домашний каталог пользователя, то GID берём от каталога + if [[ -z ${SELECT_GROUP} && -d "${ROOTFS}${HOME_DIR_SELECT_USERNAME}" ]]; then + SELECT_GROUP=$(stat -c %g "${ROOTFS}${HOME_DIR_SELECT_USERNAME}") + [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+[^:]*:[^:]*:[^:]*:"${SELECT_GROUP}": ]] && SELECT_GROUP= fi - done 4<<< "${SELECT_EXTRAGROUPS//,/$'\n'}" - [[ ${SELECT_EXTRAGROUPS_TO_EXEC_01} != "" ]] && exec_01_add_groups "${SELECT_EXTRAGROUPS_TO_EXEC_01%*,}" - SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS},${USERGROUPS}" - [[ ${SELECT_UID} == ${ADMUID} && ${ADDADM} == "yes" ]] && SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS},${ADMGROUPS}" - SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS//;/,}"; SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS//,,/,}" - [[ ${SELECT_EXTRAGROUPS:0:1} == "," ]] && SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS:1}" + [[ ${SELECT_PASSWORD} == @(""|"x") ]] && SELECT_PASSWORD="${DEFAULTPASSWD}" + [[ ${SELECT_PASSWORD} != @(""|'!*'|'!'|'*') ]] && SELECT_PASSWORD="$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})" + [[ ${SELECT_EXTRAGROUPS,,} == "x" ]] && SELECT_EXTRAGROUPS= + # Если в дополнительных группа присутствует группа по имени пользователя, то удалить её из списка + SELECT_EXTRAGROUPS=${SELECT_EXTRAGROUPS//${SELECT_USERNAME}/} + # Создадать группы из параметра SELECT_EXTRAGROUPS + local SELECT_EXTRAGROUPS_TO_EXEC_01= + local SELECT_EXTRAGROUPS_TO_EXEC_05= + [[ -n ${SELECT_EXTRAGROUPS} ]] && while IFS= read -u4 ITEM_SELECT_EXTRAGROUP; do + [[ ${ITEM_SELECT_EXTRAGROUP} != "" ]] || continue + if [[ -n ${GROUPADD[${ITEM_SELECT_EXTRAGROUP}]} ]]; then + #exec_05_groupadd "GROUPADD[${ITEM_SELECT_EXTRAGROUP}]=${GROUPADD[${ITEM_SELECT_EXTRAGROUP}]}" + SELECT_EXTRAGROUPS_TO_EXEC_05+="exec_05_groupadd GROUPADD[${ITEM_SELECT_EXTRAGROUP}]=${GROUPADD[${ITEM_SELECT_EXTRAGROUP}]}; " + else + SELECT_EXTRAGROUPS_TO_EXEC_01+="${ITEM_SELECT_EXTRAGROUP}," + fi + done 4<<< "${SELECT_EXTRAGROUPS//,/$'\n'}" +#[[ ${SELECT_EXTRAGROUPS_TO_EXEC_01} != "" ]] && echo "exec_01_add_groups ${SELECT_EXTRAGROUPS_TO_EXEC_01%*,}" +# [[ ${SELECT_EXTRAGROUPS_TO_EXEC_01} != "" ]] && exec_01_add_groups "${SELECT_EXTRAGROUPS_TO_EXEC_01%*,}" +#[[ ${SELECT_EXTRAGROUPS_TO_EXEC_05} != "" ]] && echo "eval ${SELECT_EXTRAGROUPS_TO_EXEC_05}" +# [[ ${SELECT_EXTRAGROUPS_TO_EXEC_05} != "" ]] && eval "${SELECT_EXTRAGROUPS_TO_EXEC_05}" + SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS},${USERGROUPS}" + [[ ${SELECT_UID} == ${ADMUID} && ${ADDADM} == "yes" ]] && SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS},${ADMGROUPS}" + SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS//;/,}"; SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS//,,/,}" + [[ ${SELECT_EXTRAGROUPS:0:1} == "," ]] && SELECT_EXTRAGROUPS="${SELECT_EXTRAGROUPS:1}" #echo "===> ${SELECT_USERNAME}=${SELECT_GECOS}:${SELECT_UID}:${SELECT_GROUP}:${SELECT_EXTRAGROUPS}:${SELECT_OPTIONAL}:${SELECT_PASSWORD}" #echo "===> ${SELECT_USERNAME}=${SELECT_GECOS}:${SELECT_UID}:${SELECT_GROUP}:${SELECT_EXTRAGROUPS}:${SELECT_OPTIONAL}" - ARG_SELECT_UID=; ARG_SELECT_GROUP=; ARG_SELECT_GECOS=; ARG_SELECT_PASSWORD=; ARG_SELECT_OPTIONAL=; STATUS=; IS_USERNAME_PASSWD= - # Проверяем существует ли пользователь в системе - [[ $(cat ${FILE_PASSWD} 2>/dev/null) =~ ($'\n'|^)+"${SELECT_USERNAME}": ]] && IS_USERNAME_PASSWD=yes - if [[ ${IS_USERNAME_PASSWD} == "" || ${USERADD_SYNC} =~ 'boot' || ${USERADD_SYNC[${SELECT_USERNAME}]} =~ 'boot' ]]; then - # Проверяем отсутствие пользователя в системе или параметр принудительного обновления - [[ -n ${SELECT_UID} && ${SELECT_UID} != 0 ]] && ARG_SELECT_UID="--uid ${SELECT_UID}" || unset ARG_SELECT_UID + ARG_SELECT_UID=; ARG_SELECT_GROUP=; ARG_SELECT_GECOS=; ARG_SELECT_PASSWORD=; ARG_SELECT_OPTIONAL=; STATUS=; IS_USERNAME_PASSWD= + [[ -n ${SELECT_UID} && ${SELECT_UID} != 0 ]] && ARG_SELECT_UID="--uid ${SELECT_UID}" || ARG_SELECT_UID= + # Если указана основная группа, но она не создана, то создать - unset ARG_GROUPADD_GID ARG_GROUPADD_GROUPNAME + local ARG_GROUPADD_GID= ARG_GROUPADD_GROUPNAME= if [[ -n ${SELECT_GROUP} && -n ${GROUPADD[${SELECT_GROUP}]} ]]; then # Если группа указана и присутствует в списке групп GROUPADD[.] +#echo 0:${SELECT_GROUP} +#echo "exec_05_groupadd GROUPADD[${SELECT_GROUP}]=${GROUPADD[${SELECT_GROUP}]}" exec_05_groupadd "GROUPADD[${SELECT_GROUP}]=${GROUPADD[${SELECT_GROUP}]}" - elif [[ -n ${SELECT_GROUP} && ! $(cat ${FILE_GROUP}) =~ ($'\n'|^)+(${SELECT_GROUP}:|[^$'\n']*:${SELECT_GROUP}:) ]]; then + elif [[ -n ${SELECT_GROUP} && ! ${DATA_FILE_GROUP} =~ ($'\n'|^)+(${SELECT_GROUP}:|[^$'\n']*:${SELECT_GROUP}:) ]]; then # Если группа указана и не найдена в файле shadow # Группа имет цифровой GID и номер GID=UID if [[ ${SELECT_GROUP} =~ ^[[:digit:]]+$ && ${SELECT_GROUP} == ${SELECT_UID} ]]; then +#echo 1:${SELECT_GROUP} ARG_GROUPADD_GID="${SELECT_GROUP}" ARG_GROUPADD_GROUPNAME=${SELECT_USERNAME} elif [[ ${SELECT_GROUP} =~ ^[[:digit:]]+$ && ${SELECT_GROUP} != ${SELECT_UID} ]]; then +#echo 2:${SELECT_GROUP} # Группа имет цифровой GID и номер GID!=UID ARG_GROUPADD_GID="${SELECT_GROUP}" ARG_GROUPADD_GROUPNAME=${SELECT_USERNAME} - elif [[ ${SELECT_GROUP} =~ [[:alpha:]]+ ]]; then + elif [[ ${SELECT_GROUP} =~ ${NAME_REGEX} ]]; then +#echo 3:${SELECT_GROUP} # Группа имет буквенный GID ARG_GROUPADD_GROUPNAME=${SELECT_USERNAME} else +#echo 4:${SELECT_GROUP} # Если группа не имеет цифры и буквы - unset SELECT_GROUP - fi - [[ -n ${ARG_GROUPADD_GROUPNAME} ]] && exec_05_groupadd "GROUPADD[${ARG_GROUPADD_GROUPNAME}]=x:${ARG_GROUPADD_GID}" + SELECT_GROUP= + fi + if [[ -n ${ARG_GROUPADD_GROUPNAME} ]]; then + [[ ${ARG_GROUPADD_GROUPNAME} =~ ${NAME_REGEX} ]] || ARG_GROUPADD_GROUPNAME="_${ARG_GROUPADD_GROUPNAME}" +#echo "exec_05_groupadd GROUPADD[${ARG_GROUPADD_GROUPNAME}]=x:${ARG_GROUPADD_GID}" + exec_05_groupadd "GROUPADD[${ARG_GROUPADD_GROUPNAME}]=x:${ARG_GROUPADD_GID}" + fi fi if [[ ${IS_USERNAME_PASSWD} == "" ]]; then # Создаём пользователя if [[ -x ${ROOTFS}/usr/bin/useradd ]]; then - [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="--comment '${SELECT_GECOS}'" || unset ARG_SELECT_GECOS - [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="--gid ${SELECT_GROUP}" || unset ARG_SELECT_GROUP - [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || unset ARG_SELECT_PASSWORD + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="--comment '${SELECT_GECOS}'" || ARG_SELECT_GECOS= + [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="--gid ${SELECT_GROUP}" || ARG_SELECT_GROUP= + [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || ARG_SELECT_PASSWORD= ARG_SELECT_OPTIONAL="${SELECT_OPTIONAL}" [[ ${SELECT_OPTIONAL} =~ ("-o"|"--non-unique") ]] && [[ -n ${ARG_SELECT_UID} ]] || { ARG_SELECT_OPTIONAL=${ARG_SELECT_OPTIONAL//-o/}; ARG_SELECT_OPTIONAL=${ARG_SELECT_OPTIONAL//--non-unique/}; } [[ ${SELECT_OPTIONAL} =~ ("-M"|"--no-create-home") ]] || { [[ -d "${ROOTFS}${HOME_DIR_SELECT_USERNAME}" ]] || ARG_SELECT_OPTIONAL+=" --create-home"; } @@ -431,10 +458,10 @@ exec_03_useradd(){ eval ${CMD_CHROOT} /usr/bin/useradd ${ARG_SELECT_PASSWORD} ${SELECT_USERNAME}; STATUS=$?; } [[ ${STATUS} -eq 0 ]] || { echo "WARNING: Attempt 5 to use 'useradd ${SELECT_USERNAME}' failed, try attempt 6"; \ eval ${CMD_CHROOT} /usr/bin/useradd ${SELECT_USERNAME}; STATUS=$?; } - [[ ${STATUS} -eq 0 ]] || { echo "ERROR: Attempt 6 to use 'useradd ${SELECT_USERNAME}' failed, exit"; return 1; } + [[ ${STATUS} -eq 0 ]] || { >&2 echo "ERROR: Attempt 6 to use 'useradd ${SELECT_USERNAME}' failed, exit"; return 1; } elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then # busybox adduser - [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-g '${SELECT_GECOS}'" || unset ARG_SELECT_GECOS + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-g '${SELECT_GECOS}'" || ARG_SELECT_GECOS= [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="-G ${SELECT_GROUP}" || ARG_SELECT_GROUP="-G ${SELECT_USERNAME}" [[ ${SELECT_OPTIONAL} =~ ("-M"|"--no-create-home") ]] && ARG_SELECT_OPTIONAL+=" -H" eval ${CMD_CHROOT} /usr/bin/busybox adduser -D ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_OPTIONAL} ${SELECT_USERNAME} #>/dev/null 2>&1 @@ -444,9 +471,9 @@ exec_03_useradd(){ else # Изменяем пользователя if [[ -x ${ROOTFS}/usr/bin/usermod ]]; then - [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="--comment '${SELECT_GECOS}'" || unset ARG_SELECT_GECOS - [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="--gid ${SELECT_GROUP}" || unset ARG_SELECT_GROUP - [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || unset ARG_SELECT_PASSWORD + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="--comment '${SELECT_GECOS}'" || ARG_SELECT_GECOS= + [[ -n ${SELECT_GROUP} ]] && ARG_SELECT_GROUP="--gid ${SELECT_GROUP}" || ARG_SELECT_GROUP= + [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || ARG_SELECT_PASSWORD= ARG_SELECT_OPTIONAL= [[ ${SELECT_OPTIONAL} =~ ("-o"|"--non-unique") ]] && [[ -n ${ARG_SELECT_UID} ]] && ARG_SELECT_OPTIONAL+=" --non-unique" [[ ${SELECT_OPTIONAL} =~ ("--shell "|"-s ")([^' ']*)(' '|$) ]] && ARG_SELECT_OPTIONAL+=" --shell ${BASH_REMATCH[2]}" @@ -454,20 +481,24 @@ exec_03_useradd(){ eval ${CMD_CHROOT} /usr/bin/usermod ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_OPTIONAL} ${ARG_SELECT_PASSWORD} ${SELECT_USERNAME}; STATUS=$? [[ ${STATUS} -eq 0 ]] || { echo "WARNING: Attempt 1 to use 'usermod ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_OPTIONAL} ${SELECT_USERNAME}' failed, try attempt 2"; \ eval ${CMD_CHROOT} /usr/bin/usermod ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_PASSWORD} ${SELECT_USERNAME}; STATUS=$?; } - [[ ${STATUS} -eq 0 ]] || { echo "ERROR: Attempt 2 to use 'usermod ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_PASSWORD} ${SELECT_USERNAME}' failed, exit"; return 1; } + [[ ${STATUS} -eq 0 ]] || { >&2 echo "ERROR: Attempt 2 to use 'usermod ${ARG_SELECT_UID} ${ARG_SELECT_GROUP} ${ARG_SELECT_GECOS} ${ARG_SELECT_PASSWORD} ${SELECT_USERNAME}' failed, exit"; return 1; } elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then true fi fi - if [[ -x ${ROOTFS}/usr/bin/usermod ]]; then + # Создаём дополнитеьные группы +#[[ ${SELECT_EXTRAGROUPS_TO_EXEC_01} != "" ]] && echo "exec_01_add_groups ${SELECT_EXTRAGROUPS_TO_EXEC_01%*,}" + [[ ${SELECT_EXTRAGROUPS_TO_EXEC_01} != "" ]] && exec_01_add_groups "${SELECT_EXTRAGROUPS_TO_EXEC_01%*,}" +#[[ ${SELECT_EXTRAGROUPS_TO_EXEC_05} != "" ]] && echo "eval ${SELECT_EXTRAGROUPS_TO_EXEC_05}" + [[ ${SELECT_EXTRAGROUPS_TO_EXEC_05} != "" ]] && eval "${SELECT_EXTRAGROUPS_TO_EXEC_05}" # Добавляем пользователя в основную группу - #${CMD_CHROOT} /usr/bin/usermod -a -G ${SELECT_EXTRAGROUPS%*,} ${SELECT_USERNAME} #>/dev/null 2>&1 + if [[ -x ${ROOTFS}/usr/bin/usermod ]]; then # Добавляем пользователя в дополнительные группы ${CMD_CHROOT} /usr/bin/usermod -a -G ${SELECT_EXTRAGROUPS%*,} ${SELECT_USERNAME} #>/dev/null 2>&1 elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then true fi - # Задаём параметры пароля пользователю /etc/shadow из USERSHADOW[user]. Только если запущено отдельно с параметром. + # Задаём параметры пароля пользователю /etc/shadow из USERSHADOW[user]. Только если запущено отдельно с параметром [[ -n ${PARAM} && -n ${USERSHADOW[${SELECT_USERNAME}]} ]] && exec_04_usershadow "USERSHADOW[${SELECT_USERNAME}]=${USERSHADOW[${SELECT_USERNAME}]}" # Проверим права на домашний каталог пользователя совпадают с указанным польователем, если нет, то переназначим if [[ -d ${ROOTFS}${HOME_DIR_SELECT_USERNAME} ]]; then @@ -514,7 +545,7 @@ exec_03_useradd(){ ${CMD_CHROOT} /usr/bin/userdel --force ${SELECT_USERNAME} fi [[ -f ${FILE_ROOT_USERS} ]] && sed "/USERADD\[${SELECT_USERNAME}\]/d" -i "${FILE_ROOT_USERS}" 2>/dev/null - ${CMD_CHROOT} /usr/bin/ubconfig --noexecute remove [users] "USERSHADOW[${SELECT_USERNAME}]" + ${CMD_CHROOT} /usr/bin/ubconfig --target system --noexecute remove [users] "USERSHADOW[${SELECT_USERNAME}]" } if [[ ${SELECT_USERNAME} == @("*"|"**"|"/"|"//") ]]; then [[ -f ${FILE_ROOT_USERS} ]] && while IFS= read -ru3 LINE_USERADD; do @@ -525,6 +556,7 @@ exec_03_useradd(){ fi fi fi +# echo -e "\nEND\n" } # Параметры пользователя системы /etc/shadow. Если пользователь существует, то без изменений @@ -559,39 +591,47 @@ exec_04_usershadow(){ fi if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#USERSHADOW[@]} != 0 ]]; then while IFS= read -ru3 SELECT_USERNAME; do - [[ -n ${SELECT_USERNAME} ]] && ${CMD_CHROOT} /usr/bin/getent shadow ${SELECT_USERNAME} &>/dev/null || continue + # Если пользователь не существует, то пропустить + if [[ -n ${SELECT_USERNAME} ]]; then + if ! ${CMD_CHROOT} /usr/bin/getent shadow ${SELECT_USERNAME} &>/dev/null; then + ${CMD_CHROOT} /usr/bin/ubconfig --quiet --noexecute remove [users] "USERSHADOW[${SELECT_USERNAME}]" + continue + fi + else + continue + fi IFS=: read -r SELECT_LASTCHANGED SELECT_MINDAY SELECT_MAXDAY SELECT_WARN SELECT_INACTIVE SELECT_EXPIRE NULL <<< "${USERSHADOW[${SELECT_USERNAME}]}" - # Получить из секунд от эпохи текущую дату: date -d @1705841503 - # Получить от эпохи количество дней: $(( $(date +%s)/(60*60*24) )). В дне 86400 секунд (60*60*24) - #[[ ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(date --date=${SELECT_LASTCHANGED} +"%s") - #[[ -z ${SELECT_LASTCHANGED_EPOH} && -x /bin/busybox && ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(busybox date --date="${SELECT_LASTCHANGED//./}0000" +"%s") - #[[ -z ${SELECT_LASTCHANGED_EPOH} && -x ${ROOTFS}/usr/bin//date && ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(${ROOTFS}/usr/bin/date --date="${SELECT_LASTCHANGED//./} 0000" +"%s") - #[[ -n ${SELECT_LASTCHANGED_EPOH} ]] && SELECT_LASTCHANGED=$(( ${SELECT_LASTCHANGED_EPOH}/(60*60*24) )) - #[[ ${SELECT_LASTCHANGED,,} == @(""|"x") || ${SELECT_LASTCHANGED} =~ ^[^0-9]*$ || ! ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && unset SELECT_LASTCHANGED - [[ ${SELECT_LASTCHANGED} =~ (^[0-9]*$|^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$) ]] || unset SELECT_LASTCHANGED - [[ ${SELECT_MINDAY} =~ ^[0-9]*$ ]] || unset SELECT_MINDAY - [[ ${SELECT_MAXDAY} =~ ^[0-9]*$ ]] || unset SELECT_MAXDAY - [[ ${SELECT_WARN} =~ ^[0-9]*$ ]] || unset SELECT_WARN - [[ ${SELECT_INACTIVE} =~ (-1|^[0-9]*$) ]] || unset SELECT_INACTIVE - #[[ ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(date --date=${SELECT_EXPIRE} +"%s") - #[[ -z ${SELECT_EXPIRE_EPOH} && -x /bin/busybox && ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(busybox date --date="${SELECT_EXPIRE//./}0000" +"%s") - #[[ -z ${SELECT_EXPIRE_EPOH} && -x ${ROOTFS}/usr/bin/date && ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(${ROOTFS}/usr/bin/date --date="${SELECT_EXPIRE//./} 0000" +"%s") - #[[ -n ${SELECT_EXPIRE_EPOH} ]] && SELECT_EXPIRE=$(( ${SELECT_EXPIRE_EPOH}/(60*60*24) )) - [[ ${SELECT_EXPIRE} =~ (-1|^[0-9]*$|^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$) ]] || unset SELECT_EXPIRE - if [[ -z ${SELECT_LASTCHANGED} && -z ${SELECT_MINDAY} && -z ${SELECT_MAXDAY} && -z ${SELECT_WARN} && -z ${SELECT_INACTIVE} && -z ${SELECT_EXPIRE} ]]; then - unset SELECT_LASTCHANGED - SELECT_MINDAY="0" - SELECT_MAXDAY="99999" - SELECT_WARN="7" - SELECT_INACTIVE="-1" - SELECT_EXPIRE="-1" - fi - [[ -n ${SELECT_LASTCHANGED} ]] && ARG_SELECT_LASTCHANGED="--lastday ${SELECT_LASTCHANGED}" || unset ARG_SELECT_LASTCHANGED - [[ -n ${SELECT_MINDAY} ]] && ARG_SELECT_MINDAY="--mindays ${SELECT_MINDAY}" || unset ARG_SELECT_MINDAY - [[ -n ${SELECT_MAXDAY} ]] && ARG_SELECT_MAXDAY="--maxdays ${SELECT_MAXDAY}" || unset ARG_SELECT_MAXDAY - [[ -n ${SELECT_WARN} ]] && ARG_SELECT_WARN="--warndays ${SELECT_WARN}" || unset ARG_SELECT_WARN - [[ -n ${SELECT_INACTIVE} ]] && ARG_SELECT_INACTIVE="--inactive ${SELECT_INACTIVE}" || unset ARG_SELECT_INACTIVE - [[ -n ${SELECT_EXPIRE} ]] && ARG_SELECT_EXPIRE="--expiredate ${SELECT_EXPIRE}" || unset ARG_SELECT_EXPIRE + # Получить из секунд от эпохи текущую дату: date -d @1705841503 + # Получить от эпохи количество дней: $(( $(date +%s)/(60*60*24) )). В дне 86400 секунд (60*60*24) + #[[ ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(date --date=${SELECT_LASTCHANGED} +"%s") + #[[ -z ${SELECT_LASTCHANGED_EPOH} && -x /bin/busybox && ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(busybox date --date="${SELECT_LASTCHANGED//./}0000" +"%s") + #[[ -z ${SELECT_LASTCHANGED_EPOH} && -x ${ROOTFS}/usr/bin//date && ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED_EPOH=$(${ROOTFS}/usr/bin/date --date="${SELECT_LASTCHANGED//./} 0000" +"%s") + #[[ -n ${SELECT_LASTCHANGED_EPOH} ]] && SELECT_LASTCHANGED=$(( ${SELECT_LASTCHANGED_EPOH}/(60*60*24) )) + #[[ ${SELECT_LASTCHANGED,,} == @(""|"x") || ${SELECT_LASTCHANGED} =~ ^[^0-9]*$ || ! ${SELECT_LASTCHANGED} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && SELECT_LASTCHANGED= + [[ ${SELECT_LASTCHANGED} =~ (^[0-9]*$|^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$) ]] || SELECT_LASTCHANGED= + [[ ${SELECT_MINDAY} =~ ^[0-9]*$ ]] || SELECT_MINDAY= + [[ ${SELECT_MAXDAY} =~ ^[0-9]*$ ]] || SELECT_MAXDAY= + [[ ${SELECT_WARN} =~ ^[0-9]*$ ]] || SELECT_WARN= + [[ ${SELECT_INACTIVE} =~ (-1|^[0-9]*$) ]] || SELECT_INACTIVE= + #[[ ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(date --date=${SELECT_EXPIRE} +"%s") + #[[ -z ${SELECT_EXPIRE_EPOH} && -x /bin/busybox && ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(busybox date --date="${SELECT_EXPIRE//./}0000" +"%s") + #[[ -z ${SELECT_EXPIRE_EPOH} && -x ${ROOTFS}/usr/bin/date && ${SELECT_EXPIRE} =~ ^[0-9]{4,4}'.'[0-9]{1,2}'.'[0-9]{1,2}$ ]] && SELECT_EXPIRE_EPOH=$(${ROOTFS}/usr/bin/date --date="${SELECT_EXPIRE//./} 0000" +"%s") + #[[ -n ${SELECT_EXPIRE_EPOH} ]] && SELECT_EXPIRE=$(( ${SELECT_EXPIRE_EPOH}/(60*60*24) )) + [[ ${SELECT_EXPIRE} =~ (-1|^[0-9]*$|^[0-9]{4,4}'-'[0-9]{1,2}'-'[0-9]{1,2}$) ]] || SELECT_EXPIRE= + if [[ -z ${SELECT_LASTCHANGED} && -z ${SELECT_MINDAY} && -z ${SELECT_MAXDAY} && -z ${SELECT_WARN} && -z ${SELECT_INACTIVE} && -z ${SELECT_EXPIRE} ]]; then + SELECT_LASTCHANGED= + SELECT_MINDAY="0" + SELECT_MAXDAY="99999" + SELECT_WARN="7" + SELECT_INACTIVE="-1" + SELECT_EXPIRE="-1" + fi + [[ -n ${SELECT_LASTCHANGED} ]] && ARG_SELECT_LASTCHANGED="--lastday ${SELECT_LASTCHANGED}" || ARG_SELECT_LASTCHANGED= + [[ -n ${SELECT_MINDAY} ]] && ARG_SELECT_MINDAY="--mindays ${SELECT_MINDAY}" || ARG_SELECT_MINDAY= + [[ -n ${SELECT_MAXDAY} ]] && ARG_SELECT_MAXDAY="--maxdays ${SELECT_MAXDAY}" || ARG_SELECT_MAXDAY= + [[ -n ${SELECT_WARN} ]] && ARG_SELECT_WARN="--warndays ${SELECT_WARN}" || ARG_SELECT_WARN= + [[ -n ${SELECT_INACTIVE} ]] && ARG_SELECT_INACTIVE="--inactive ${SELECT_INACTIVE}" || ARG_SELECT_INACTIVE= + [[ -n ${SELECT_EXPIRE} ]] && ARG_SELECT_EXPIRE="--expiredate ${SELECT_EXPIRE}" || ARG_SELECT_EXPIRE= # Задаём параметры пароля пользователя if [[ -x ${ROOTFS}/usr/bin/chage ]]; then ${CMD_CHROOT} /usr/bin/chage ${ARG_SELECT_LASTCHANGED} ${ARG_SELECT_MINDAY} ${ARG_SELECT_MAXDAY} ${ARG_SELECT_WARN} ${ARG_SELECT_INACTIVE} ${ARG_SELECT_EXPIRE} "${SELECT_USERNAME}" #>/dev/null 2>&1 @@ -634,6 +674,7 @@ exec_05_groupadd(){ local SELECT_GROUP SELECT_USERS SELECT_GID SELECT_OPTIONAL SELECT_ADMINISTRATORS SELECT_PASSWORD NULL local ARG_SELECT_USERS ARG_SELECT_GID SELECT_OPTIONAL ARG_SELECT_PASSWORD ARG_NON_UNIQUE local DATA_FILE_PASSWD REAL_SELECT_USERS REAL_SELECT_ADMINISTRATORS + DATA_SYSUSERS=$(cat ${ROOTFS}/usr/lib/sysusers.d/*.conf ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) if [[ -n ${PARAM} ]]; then local GROUPADD= declare -A GROUPADD @@ -651,29 +692,30 @@ exec_05_groupadd(){ [[ -f "${SYSCONF}/users" ]] && sed -E "s/(GROUPADD\[${SELECT_GROUP}\]=[\'\"]?)([^:]*:[^:]*:[^:]*:[^:]*:)[^\'\"]*([\'\"]?)/\1\2\3/g" -i "${SYSCONF}/users" fi IFS=: read -r SELECT_USERS SELECT_GID SELECT_OPTIONAL SELECT_ADMINISTRATORS SELECT_PASSWORD NULL <<< "${GROUPADD[${SELECT_GROUP}]}" - [[ ${SELECT_USERS} == "x" ]] && unset SELECT_USERS - [[ ${SELECT_GID,,} == "x" || ${SELECT_GID} =~ ^[^0-9]*$ ]] && unset SELECT_GID -#echo "==> ${SELECT_GROUP}:${SELECT_USERS}:${SELECT_GID}:${SELECT_OPTIONAL}:${SELECT_ADMINISTRATORS}:${SELECT_PASSWORD}" - [[ ${SELECT_OPTIONAL} == "x" ]] && unset SELECT_OPTIONAL - [[ ${SELECT_PASSWORD} == @(""|"x") ]] && unset SELECT_PASSWORD + [[ ${SELECT_USERS} == "x" ]] && SELECT_USERS= + [[ ${SELECT_GID,,} == "x" || ${SELECT_GID} =~ ^[^0-9]*$ ]] && SELECT_GID= +#echo "==> exec_05_groupadd: ${SELECT_GROUP}:${SELECT_USERS}:${SELECT_GID}:${SELECT_OPTIONAL}:${SELECT_ADMINISTRATORS}:${SELECT_PASSWORD}" + [[ ${SELECT_OPTIONAL} == "x" ]] && SELECT_OPTIONAL= + [[ ${SELECT_PASSWORD} == @(""|"x") ]] && SELECT_PASSWORD= [[ ${SELECT_PASSWORD} != @(""|'!*'|'!'|'*') ]] && SELECT_PASSWORD=$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD}) # Поиск по имени в шаблонах пользователей/групп systemd - [[ $(cat ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) =~ ($'\n'|^)+'g'[[:blank:]]+"${SELECT_GROUP}"[[:blank:]]+([[:digit:]]+)[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_ID=${BASH_REMATCH[2]} || unset FINDGROUP_ID + [[ ${DATA_SYSUSERS} =~ ($'\n'|^)+'g'[[:blank:]]+"${SELECT_GROUP}"[[:blank:]]+([[:digit:]]+)[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_ID=${BASH_REMATCH[2]} || FINDGROUP_ID= # Поиск по GID в шаблонах пользователей/групп systemd [[ -z ${FINDGROUP_ID} ]] \ - && [[ $(cat ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers) =~ ($'\n'|^)+'g'[[:blank:]]+([^$'\n']+)[[:blank:]]+"${SELECT_GROUP}"[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_NAME=${BASH_REMATCH[2]} || unset FINDGROUP_NAME + && [[ ${DATA_SYSUSERS} =~ ($'\n'|^)+'g'[[:blank:]]+([^$'\n']+)[[:blank:]]+"${SELECT_GROUP}"[^$'\n']*($'\n'|$)+ ]] && FINDGROUP_NAME=${BASH_REMATCH[2]} || FINDGROUP_NAME= [[ -n ${FINDGROUP_ID} ]] && SELECT_GID="${FINDGROUP_ID}" [[ -n ${FINDGROUP_NAME} ]] && SELECT_GID="${FINDGROUP_NAME}" - DATA_FILE_GROUP=$(cat ${FILE_GROUP} 2>/dev/null) + DATA_FILE_GROUP=$(cat ${FILE_GROUP}) # Добавляем аргументы к опциям, при условии что такого GID не существует - [[ -n ${SELECT_GID} ]] && [[ ! ${DATA_FILE_GROUP} =~ :${SELECT_GID}: ]] && ARG_SELECT_GID="--gid ${SELECT_GID}" || unset ARG_SELECT_GID - #[[ -n ${SELECT_USERS} ]] && ARG_SELECT_USERS="--users ${SELECT_USERS}" || unset ARG_SELECT_USERS - [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || unset ARG_SELECT_PASSWORD + [[ -n ${SELECT_GID} ]] && [[ ! ${DATA_FILE_GROUP} =~ :${SELECT_GID}: ]] && ARG_SELECT_GID="--gid ${SELECT_GID}" || ARG_SELECT_GID= + #[[ -n ${SELECT_USERS} ]] && ARG_SELECT_USERS="--users ${SELECT_USERS}" || ARG_SELECT_USERS= + [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || ARG_SELECT_PASSWORD= [[ ${SELECT_OPTIONAL} =~ ("-o"|"--non-unique") ]] && [[ -n ${ARG_SELECT_GID} ]] || { SELECT_OPTIONAL=${SELECT_OPTIONAL//-o/}; SELECT_OPTIONAL=${SELECT_OPTIONAL//--non-unique/}; } # Создаём группу, если создана то изменяем под установленные параметры if [[ ! ${DATA_FILE_GROUP} =~ ($'\n'|^)+${SELECT_GROUP}: ]]; then if [[ -x ${ROOTFS}/usr/bin/groupadd ]]; then #${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_SELECT_USERS} ${ARG_SELECT_GID} ${SELECT_OPTIONAL} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} +#echo "eval ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_SELECT_GID} ${SELECT_OPTIONAL} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP}" eval ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_SELECT_GID} ${SELECT_OPTIONAL} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} [[ $? -eq 0 ]] || { echo "WARNING: Attempt 1 to use 'groupadd ${ARG_SELECT_GID} ${SELECT_OPTIONAL} ${SELECT_GROUP}' failed, try attempt 2"; \ eval ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_SELECT_GID} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} ; } @@ -681,7 +723,7 @@ exec_05_groupadd(){ eval ${CMD_CHROOT} /usr/bin/groupadd --force ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} ; } [[ $? -eq 0 ]] || { echo "WARNING: Attempt 3 to use 'groupadd ${SELECT_GROUP}' failed, try attempt 4"; \ ${CMD_CHROOT} /usr/bin/groupadd --force ${SELECT_GROUP} ; } - [[ $? -eq 0 ]] || { echo "ERROR: Attempt 4 to use 'groupadd ${SELECT_GROUP}' failed, exit"; return 1; } + [[ $? -eq 0 ]] || { >&2 echo "ERROR: Attempt 4 to use 'groupadd ${SELECT_GROUP}' failed, exit"; return 1; } elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then true # Задаём пароль группе @@ -690,9 +732,10 @@ exec_05_groupadd(){ elif [[ -n ${ARG_SELECT_GID} ]]; then if [[ -x ${ROOTFS}/usr/bin/groupmod ]]; then # т.к. groupmod принимет не все возможные аргументы совместимы с groupadd, то фильтруем - [[ ${SELECT_OPTIONAL} =~ ("--non-unique"|"-o") ]] && [[ -n ${ARG_SELECT_GID} ]] && ARG_NON_UNIQUE="--non-unique" || unset ARG_NON_UNIQUE - [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || unset ARG_SELECT_PASSWORD + [[ ${SELECT_OPTIONAL} =~ ("--non-unique"|"-o") ]] && [[ -n ${ARG_SELECT_GID} ]] && ARG_NON_UNIQUE="--non-unique" || ARG_NON_UNIQUE= + [[ -n ${SELECT_PASSWORD} ]] && ARG_SELECT_PASSWORD="--password '${SELECT_PASSWORD}'" || ARG_SELECT_PASSWORD= #eval ${CMD_CHROOT} /usr/bin/groupmod --append ${ARG_SELECT_USERS} ${ARG_SELECT_GID} ${ARG_NON_UNIQUE} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} +#echo "eval ${CMD_CHROOT} /usr/bin/groupmod ${ARG_SELECT_GID} ${ARG_NON_UNIQUE} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP}" eval ${CMD_CHROOT} /usr/bin/groupmod ${ARG_SELECT_GID} ${ARG_NON_UNIQUE} ${ARG_SELECT_PASSWORD} ${SELECT_GROUP} elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then true @@ -700,25 +743,26 @@ exec_05_groupadd(){ # set_gpasswd "${SELECT_GROUP}" "${SELECT_PASSWORD}" fi fi - DATA_FILE_PASSWD=$(cat ${FILE_PASSWD} 2>/dev/null) - unset REAL_SELECT_USERS REAL_SELECT_ADMINISTRATORS + DATA_FILE_PASSWD=$(cat ${FILE_PASSWD}) + local REAL_SELECT_USERS= REAL_SELECT_ADMINISTRATORS= # Если пользователь не существуют то убрать из списка SELECT_USERS - while IFS= read -r READ_SELECT_USERS; do - [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+${READ_SELECT_USERS}: ]] && REAL_SELECT_USERS+=",${READ_SELECT_USERS}" + while IFS= read -r ITEM_SELECT_USERS; do + [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+${ITEM_SELECT_USERS}: ]] && REAL_SELECT_USERS+=",${ITEM_SELECT_USERS}" done <<< ${SELECT_USERS//,/$'\n'} [[ ${REAL_SELECT_USERS:0:1} == "," ]] && REAL_SELECT_USERS=${REAL_SELECT_USERS:1} - [[ ${REAL_SELECT_USERS} != "" ]] && SELECT_USERS=${REAL_SELECT_USERS} || unset SELECT_USERS + [[ ${REAL_SELECT_USERS} != "" ]] && SELECT_USERS=${REAL_SELECT_USERS} || SELECT_USERS= # Если пользователь не существуют то убрать из списка REAL_SELECT_ADMINISTRATORS - while IFS= read -r READ_SELECT_ADMINISTRATORS; do - [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+${READ_SELECT_ADMINISTRATORS}: ]] && REAL_SELECT_ADMINISTRATORS+=",${READ_SELECT_ADMINISTRATORS}" + while IFS= read -r ITEM_SELECT_ADMINISTRATORS; do + [[ ${DATA_FILE_PASSWD} =~ ($'\n'|^)+${ITEM_SELECT_ADMINISTRATORS}: ]] && REAL_SELECT_ADMINISTRATORS+=",${ITEM_SELECT_ADMINISTRATORS}" done <<< ${SELECT_ADMINISTRATORS//,/$'\n'} [[ ${REAL_SELECT_ADMINISTRATORS:0:1} == "," ]] && REAL_SELECT_ADMINISTRATORS=${REAL_SELECT_ADMINISTRATORS:1} - [[ ${REAL_SELECT_ADMINISTRATORS} != "" ]] && SELECT_ADMINISTRATORS=${REAL_SELECT_ADMINISTRATORS} || unset SELECT_ADMINISTRATORS - # Добавляем пользователей в группу, т.к. groupadd не добавил пользователей в /etc/shadow + [[ ${REAL_SELECT_ADMINISTRATORS} != "" ]] && SELECT_ADMINISTRATORS=${REAL_SELECT_ADMINISTRATORS} || SELECT_ADMINISTRATORS= + # Добавляем пользователей в группу, т.к. groupadd не добавил пользователей в /etc/gshadow if [[ -n ${SELECT_USERS} || -n ${SELECT_ADMINISTRATORS} ]]; then if [[ -x ${ROOTFS}/usr/bin/gpasswd ]]; then - [[ -n ${SELECT_USERS} ]] && ARG_SELECT_USERS="-M ${SELECT_USERS}" || unset ARG_SELECT_USERS - [[ -n ${SELECT_ADMINISTRATORS} ]] && ARG_SELECT_ADMINISTRATORS="-A ${SELECT_ADMINISTRATORS}" || unset ARG_SELECT_ADMINISTRATORS + [[ -n ${SELECT_USERS} ]] && ARG_SELECT_USERS="-M ${SELECT_USERS}" || ARG_SELECT_USERS= + [[ -n ${SELECT_ADMINISTRATORS} ]] && ARG_SELECT_ADMINISTRATORS="-A ${SELECT_ADMINISTRATORS}" || ARG_SELECT_ADMINISTRATORS= +#echo "${CMD_CHROOT} /usr/bin/gpasswd ${ARG_SELECT_ADMINISTRATORS} ${ARG_SELECT_USERS} ${SELECT_GROUP}" ${CMD_CHROOT} /usr/bin/gpasswd ${ARG_SELECT_ADMINISTRATORS} ${ARG_SELECT_USERS} ${SELECT_GROUP} #>/dev/null 2>&1 elif [[ -x ${ROOTFS}/usr/bin/busybox ]]; then true @@ -727,6 +771,7 @@ exec_05_groupadd(){ } local LIST_GROUPADD_GID= LIST_GROUPADD_NOGID= while IFS= read -ru3 SELECT_GROUP; do + [[ ${SELECT_GROUP} =~ ${NAME_REGEX} ]] || { >&2 echo "ERROR: '${SELECT_GROUP}' cannot be a group name"; continue; } IFS=: read -r SELECT_USERS SELECT_GID SELECT_OPTIONAL SELECT_ADMINISTRATORS SELECT_PASSWORD NULL <<< "${GROUPADD[${SELECT_GROUP}]}" if [[ ${SELECT_GID} =~ ^[0-9]+$ ]] ; then LIST_GROUPADD_GID+="groupadd_local ${SELECT_GROUP}; "