#!/bin/bash # # create-root, Copyright 2003 Red Hat Inc. # # This file is part of Cygwin. # Subdirectory where the new package is being installed PREFIX=/usr # Directory where the config files are stored SYSCONFDIR=/etc progname=$0 auto_answer="" port_number=22 request() { if [ "${auto_answer}" = "yes" ] then echo "$1 (yes/no) yes" return 0 elif [ "${auto_answer}" = "no" ] then echo "$1 (yes/no) no" return 1 fi answer="" while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] do echo -n "$1 (yes/no) " read -e answer done if [ "X${answer}" = "Xyes" ] then return 0 else return 1 fi } # Check options while : do case $# in 0) break ;; esac option=$1 shift case "${option}" in -d | --debug ) set -x ;; -y | --yes ) auto_answer=yes ;; -n | --no ) auto_answer=no ;; -c | --cygwin ) cygwin_value="$1" shift ;; -p | --port ) port_number=$1 shift ;; -w | --pwd ) password_value="$1" shift ;; *) echo "usage: ${progname} [OPTION]..." echo echo "This script creates a "root" user which has appropriate privileges" echo "to run services which need to switch user context without password." echo echo "Options:" echo " --debug -d Enable shell's debug output." echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo " --pwd -w Use \"pwd\" as password for user 'root'." echo exit 1 ;; esac done # Check if running on NT uname | grep -q CYGWIN_NT && _nt=yes # If not running on NT, nothing to do if [ ${_nt} != "yes" ] then echo "Nothing to do on 9x/Me." exit 0 fi # Check if running under NT5 or later _nt5=`uname | awk -F- '{print ( $2 >= 5.0 ) ? "yes" : "no";}'` # Check if running under NT5.1 or later _nt5_1=`uname | awk -F- '{print ( $2 > 5.0 ) ? "yes" : "no";}'` # Check for ${SYSCONFDIR} directory if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] then echo echo "${SYSCONFDIR} is existant but not a directory." echo "Cannot create global configuration files." echo exit 1 fi # Create it if necessary if [ ! -e "${SYSCONFDIR}" ] then mkdir "${SYSCONFDIR}" if [ ! -e "${SYSCONFDIR}" ] then echo echo "Creating ${SYSCONFDIR} directory failed" echo exit 1 fi fi echo echo echo "Warning: The following functions require administrator privileges!" echo # Check if a user root is already in /etc/passwd. grep -q '^root:' ${SYSCONFDIR}/passwd && root_in_passwd=yes # Drop root from passwd since it could have wrong settings. if [ "${root_in_passwd}" = "yes" ] then grep -v '^root:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$ rm -f ${SYSCONFDIR}/passwd mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd chmod g-w,o-w ${SYSCONFDIR}/passwd fi # Drop root from group file since it could have wrong settings. # Inject a correct entry instead. echo 'root:S-1-5-32-544:0:' > ${SYSCONFDIR}/group.$$ grep -v '^root:' ${SYSCONFDIR}/group >> ${SYSCONFDIR}/group.$$ rm -f ${SYSCONFDIR}/group mv ${SYSCONFDIR}/group.$$ ${SYSCONFDIR}/group chmod g-w,o-w ${SYSCONFDIR}/group # Get local name of administrators group. _admingroup=`mkgroup -l | awk -F: '/:544:/{print $1;}'` # Check if a user root exists on the system. net user root >/dev/null 2>&1 && root_in_sam=yes if [ "${root_in_sam}" = "yes" ] then echo echo "You already have a user 'root' on your system. Is that user supposed" if ! request "to be used as the required privileged user account?" then echo echo "In that case, this script can't do its job. Either rename the" echo "user called 'root' or create a 'root' entry in ${SYSCONFDIR}/passwd," echo "using a user with appropriate privileges." exit 1 fi else # Create a local root user. mkdir -p /home/root dos_var_empty=`cygpath -w /home/root` while [ "${root_in_sam}" != "yes" ] do if [ -n "${password_value}" ] then _password="${password_value}" # Allow to ask for password if first try fails password_value="" else echo echo "Please enter a password for new user 'root'. Please be sure that" echo "this password matches the password rules given on your system." echo "Entering no password will exit the configuration." while [ -z "$_password" -o "$_password" != "$_password_check" ] do echo read -s -e -p "Password: " _password echo if [ -z "${_password}" ] then echo echo "Exiting configuration. No user root has been created." exit 1 fi read -s -e -p "Reenter password: " _password_check echo if [ "$_password" != "$_password_check" ] then echo echo "Sorry, passwords do not match. Try again." fi done fi net user root "${_password}" /add /fullname:"Cygwin root account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && root_in_sam=yes if [ "${root_in_sam}" != "yes" ] then echo "Creating the user 'root' failed! Reason:" cat /tmp/nu.$$ rm /tmp/nu.$$ fi done fi # Check if root is already member of the local administrators group. net localgroup administrators | egrep -q '\' && root_in_admingroup=yes # Otherwise add root to the local administrators group. if [ "${root_in_admingroup}" != "yes" ] then net localgroup "${_admingroup}" root /add > /dev/null 2>&1 && root_in_admingroup=yes if [ "${root_in_admingroup}" != "yes" ] then echo "WARNING: Adding user root to local group ${_admingroup} failed!" echo "Please add root to local group ${_admingroup} before" echo "starting the sshd service!" echo else echo echo "User 'root' has been created with password '${_password}'." echo "If you change the password, please keep in mind to change the password" echo "for all services running under user 'root', too." fi fi # Try setting the password expiry to "never". This requires a newer version # of the passwd tool. passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'` if [ "${passwd_has_expiry_flags}" != "yes" ] then echo echo "WARNING: User root has password expiry set to system default." echo "Please check that password never expires or set it to your needs." else if ! passwd -e root then echo echo "WARNING: Setting password expiry for user root failed!" echo "Please check that password never expires or set it to your needs." fi fi # Create appropriate root entry with uid and gid 0 in /etc/passwd. if [ "${root_in_sam}" = "yes" ] then mkpasswd -l -u root | sed -e 's/:[0-9]*:[0-9]*:/:0:0:/;s/bash$/false/' >> ${SYSCONFDIR}/passwd fi # Give user root the appropriate user rights. editrights -a SeAssignPrimaryTokenPrivilege -u root && editrights -a SeCreateTokenPrivilege -u root && editrights -a SeIncreaseQuotaPrivilege -u root && editrights -a SeServiceLogonRight -u root && root_got_all_rights="yes" # deny logon" rights only exist on W2K and higher. if [ "${_nt5}" = "yes" ] then editrights -a SeDenyInteractiveLogonRight -u root editrights -a SeDenyNetworkLogonRight -u root # DenyRemoteInteractiveLogon only exists on XP and higher. if [ "${_nt5_1}" = "yes" ] then editrights -a SeDenyRemoteInteractiveLogonRight -u root fi fi if [ "${root_got_all_rights}" != "yes" ] then echo echo "Assigning the appropriate privileges to user 'root' failed!" echo "Please be sure to add these rights to user 'root' as soon as possible." exit 1 fi echo echo "root configuration finished. Have fun!"