--- cron-config.orig 2014-11-06 15:15:35.037348900 -0500 +++ cron-config 2014-11-07 12:52:53.970746100 -0500 @@ -138,114 +138,41 @@ get_NT() { return 0 } # === End of get_NT() === # -# ====================================================================== -# Routine: warning_for_etc_file -# Display a warning message for the user about overwriting the specified -# file in /etc. -# ====================================================================== -warning_for_etc_file() { - echo - echo "WARNING: The command above overwrites any existing /etc/$1." - echo "You may want to preserve /etc/$1 before generating a new," - echo "one, and then compare your saved /etc/$1 file with the" - echo "newly-generated one in case you need to restore other" - echo "entries." - echo -} # === warning_for_etc_file() === # - # ====================================================================== # Routine: get_system_and_admins_gids -# Get the ADMINs ids from /etc/group and /etc/passwd +# Get the ADMINs ids from group and passwd # ====================================================================== get_system_and_admins_ids() { ret=0 - for fname in /etc/passwd /etc/group; do - if ls -ld "${fname}" | grep -Eq '^-r..r..r..'; then - true - else - echo "The file $fname is not readable by all." - echo "Please run 'chmod +r $fname'." - echo - ret=1 - fi - done - - [ ! -r /etc/passwd -o ! -r /etc/group ] && return 1; + ADMINSGID=$(getent group S-1-5-32-544 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/') + SYSTEMGID=$(getent group S-1-5-18 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/') + ADMINSUID=$(getent passwd S-1-5-32-544 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/') + SYSTEMUID=$(getent passwd S-1-5-18 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/') - ADMINSGID=$(sed -ne '/^[^:]*:S-1-5-32-544:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/group) - SYSTEMGID=$(sed -ne '/^[^:]*:S-1-5-18:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/group) if [ -z "$ADMINSGID" -o -z "$SYSTEMGID" ]; then - echo "It appears that you do not have correct entries for the" - echo "ADMINISTRATORS and/or SYSTEM sids in /etc/group." - echo - echo "Use the 'mkgroup' utility to generate them" - echo " mkgroup -l > /etc/group" - warning_for_etc_file group + echo "Entries for the ADMINISTRATORS and/or SYSTEM sids are not found in group." ret=1; fi - ADMINSUID=$(sed -ne '/^[^:]*:[^:]*:[0-9]*:[0-9]*:[^:]*,S-1-5-32-544:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/passwd) - SYSTEMUID=$(sed -ne '/^[^:]*:[^:]*:[0-9]*:[0-9]*:[^:]*,S-1-5-18:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/passwd) if [ -z "$ADMINSUID" -o -z "$SYSTEMUID" ]; then - echo "It appears that you do not have correct entries for the" - echo "ADMINISTRATORS and/or SYSTEM sids in /etc/passwd." - echo - echo "Use the 'mkpasswd' utility to generate it" - echo " mkpasswd -l > /etc/passwd." - warning_for_etc_file passwd + echo "Entries for the ADMINISTRATORS and/or SYSTEM sids are not found in passwd." ret=1; fi return "${ret}" } # === get_system_and_admins_ids() === # -# ====================================================================== -# Routine: check_passwd_and_group -# Check to see whether the user's password ID and group exist in the -# system /etc/passwd and /etc/group files, respectively. -# ====================================================================== -check_passwd_and_group() { - ret=0 - if [ "$(id -gn)" = "mkpasswd" ]; then - echo "It appears that you do not have an entry for your user ID" - echo "in /etc/passwd." - echo - echo "If so, use the 'mkpasswd' utility to generate an" - echo "entry for your User ID in the password file:" - echo " mkpasswd -l -u User_ID >> /etc/passwd" - echo "or" - echo " mkpasswd -d -u User_ID >> /etc/passwd." - echo - ret=1 - fi - - if [ "$(id -gn)" = mkgroup ]; then - echo "It appears that you do not have an entry for your group ID" - echo "in /etc/group. If this check is incorrect, then re-run" - echo "this script with the '-f' command-line option." - echo - echo "Otherwise, use the 'mkgroup' utility to generate an" - echo "entry for your group ID in the password file:" - echo " mkgroup -l -g Group_id >> /etc/group" - echo "or" - echo " mkgroup -d -g Group_id >> /etc/group." - echo - ret=1 - fi - return "${ret}" -} # === End of check_passwd_and_group() === # # ====================================================================== # Routine: check_user -# Check to see that the specified user exists once in /etc/passwd +# Check that the specified user does no exists more than once in /etc/passwd # ====================================================================== check_user() { - count=$(grep -ic "^$1:" /etc/passwd) - if [ $count = 0 ]; then - echo "ERROR: User $1 does not appear in /etc/passwd." - echo - return 1; + + if [ ! -e /etc/passwd ]; then + return 0; fi + count=$(grep -ic "^$1:" /etc/passwd) if [ $count -gt 1 ]; then echo "WARNING: User $1 appears $count times in /etc/passwd." echo "This may confuse the system." @@ -489,7 +416,6 @@ cron_diagnose() { fi get_system_and_admins_ids || return 1 - check_passwd_and_group || return 1 if [ "$username" = "$USER" ] then @@ -659,15 +585,22 @@ create_user() { fi fi pwd_entry="$(mkpasswd -l -u "${username}" | sed -e 's?\(^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:\).*?\1/var/empty:/bin/false?')" - grep -Eiq "^${username}:" "${SYSCONFDIR}/passwd" && username_in_passwd=yes && - grep -Fiq "${pwd_entry}" "${SYSCONFDIR}"/passwd && entry_in_passwd=yes - if [ "${entry_in_passwd}" != "yes" ]; then - if [ "${username_in_passwd}" = "yes" ]; then - temp="${TEMP_DIR}/passwd.$$.tmp" - grep -Ev "^${username}:" "${SYSCONFDIR}/passwd" > "${temp}" && - mv -f "${temp}" "${SYSCONFDIR}/passwd" || return 1 - fi - echo "${pwd_entry}" >> "${SYSCONFDIR}/passwd" || ret=1 + fullusername=$(echo "$pwd_entry" | sed -e 's/^\([^:]*\):.*$/\1/') + if [ ! -e "${SYSCONFDIR}/passwd" ]; then + echo "${pwd_entry}" > "${SYSCONFDIR}/passwd" || ret=1 + chown "${ADMINSUID}" "${SYSCONFDIR}/passwd" + chmod 644 "${SYSCONFDIR}/passwd" + else + grep -iq "^${fullusername}:" "${SYSCONFDIR}/passwd" && username_in_passwd=yes && + grep -Fiq "${pwd_entry}" "${SYSCONFDIR}"/passwd && entry_in_passwd=yes + if [ "${entry_in_passwd}" != "yes" ]; then + if [ "${username_in_passwd}" = "yes" ]; then + temp="${TEMP_DIR}/passwd.$$.tmp" + grep -iv "^${fullusername}:" "${SYSCONFDIR}/passwd" > "${temp}" && + mv -f "${temp}" "${SYSCONFDIR}/passwd" || return 1 + fi + echo "${pwd_entry}" >> "${SYSCONFDIR}/passwd" || ret=1 + fi fi return "${ret}" }