[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: Re: [Pkg-shadow-devel] [patch] fix up useradd handling with usergroups
From: Nicolas =?iso-8859-1?Q?Fran=E7ois?= <nicolas.francois () centraliens ! net>
Date: 2008-02-24 13:58:29
Message-ID: 20080224135829.GB29089 () nekral ! nekral ! homelinux ! net
[Download RAW message or body]
Hello Mike,
On Sun, Feb 24, 2008 at 07:05:07AM -0500, vapier@gentoo.org wrote:
> unfortunately, the exact details are fuzzy as this was posted to the old
> upstream shadow list quite a while ago before it died, and i dont think the
> mail archives are available for me to refer to.
>
> basically, useradd misbehaves when not using the "-g" option wrt the
> USERGROUPS_ENAB option. the useradd code has logic for handling of an '-n'
> flag, but it never fully implemented it.
>
> original Gentoo bug:
> http://bugs.gentoo.org/128715
Thanks for raising this topic.
There is one issue with your patch (for more details, see also
http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-February/006334.html)
The -n option currently exists in Debian, Fedora, and Gentoo with
different meanings. So I would prefer to use completely different options
and avoid incompatibilities.
I would currently prefer the attached patch (useradd-n.patch),
distributions could then add one of useradd-n.gentoo.patch or
useradd-n.debian.patch for backward compatibility.
Best Regards,
--
Nekral
["useradd-n.gentoo.patch" (text/x-diff)]
--- src/useradd.c 2008-02-24 14:38:09.038053528 +0100
+++ src/useradd.c.gentoo 2008-02-24 14:46:25.946655705 +0100
@@ -1042,6 +1042,9 @@
user_id = get_uid (optarg);
uflg++;
break;
+ case 'n':
+ fprintf (stderr, _("%s: option -n is deprecated, use -U instead\n", Prog);
+ /* Pass through */
case 'U':
Uflg++;
break;
["useradd-n.debian.patch" (text/x-diff)]
--- src/useradd.c 2008-02-24 14:38:09.038053528 +0100
+++ src/useradd.c.debian 2008-02-24 14:48:29.849807873 +0100
@@ -1004,6 +1004,9 @@
case 'm':
mflg++;
break;
+ case 'n':
+ fprintf (stderr, _("%s: option -n is deprecated, use -N instead\n", Prog);
+ /* Pass through */
case 'N':
Nflg++;
break;
["useradd-n.patch" (text/x-diff)]
Index: src/useradd.c
===================================================================
--- src/useradd.c (révision 1849)
+++ src/useradd.c (copie de travail)
@@ -126,11 +126,12 @@
kflg = 0, /* specify a directory to fill new user directory */
lflg = 0, /* do not add user to lastlog database file */
mflg = 0, /* create user's home directory if it doesn't exist */
- nflg = 0, /* create a group having the same name as the user */
+ Nflg = 0, /* do not create a group having the same name as the user, but add \
the user to def_group (or the group specified with -g) */ oflg = 0, /* permit \
non-unique user ID to be specified with -u */ rflg = 0, /* create a system account \
*/ sflg = 0, /* shell program for new account */
- uflg = 0; /* specify user ID for new account */
+ uflg = 0, /* specify user ID for new account */
+ Uflg = 0; /* create a group having the same name as the user */
static int home_added;
@@ -633,6 +634,8 @@
" faillog databases\n"
" -m, --create-home create home directory for the new user\n"
" account\n"
+ " -N, --no-user-group do not create a group with the same name \
as\n" + " the user\n"
" -o, --non-unique allow create user with duplicate\n"
" (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new \
user\n" @@ -640,6 +643,7 @@
" -r, --system create a system account\n"
" -s, --shell SHELL the login shell for the new user \
account\n"
" -u, --uid UID force use the UID for the new user \
account\n" + " -U, --user-group create a group with the same \
name as the user\n" "\n"), stderr);
exit (E_USAGE);
}
@@ -850,15 +854,17 @@
{"skel", required_argument, NULL, 'k'},
{"key", required_argument, NULL, 'K'},
{"create-home", no_argument, NULL, 'm'},
+ {"no-user-group", no_argument, NULL, 'N'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
{"system", no_argument, NULL, 'r'},
{"shell", required_argument, NULL, 's'},
{"uid", required_argument, NULL, 'u'},
+ {"user-group", no_argument, NULL, 'U'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMop:rs:u:",
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
long_options, NULL)) != -1) {
switch (c) {
case 'b':
@@ -998,6 +1004,9 @@
case 'm':
mflg++;
break;
+ case 'N':
+ Nflg++;
+ break;
case 'o':
oflg++;
break;
@@ -1033,6 +1042,9 @@
user_id = get_uid (optarg);
uflg++;
break;
+ case 'U':
+ Uflg++;
+ break;
default:
usage ();
}
@@ -1040,12 +1052,39 @@
}
}
+ if (!gflg && !Nflg && ! Uflg) {
+ /* Get the settings from login.defs */
+ Uflg = getdef_bool ("USERGROUPS_ENAB");
+ }
+
/*
* Certain options are only valid in combination with others.
* Check it here so that they can be specified in any order.
*/
- if ((oflg && !uflg) || (kflg && !mflg))
+ if (oflg && !uflg) {
+ fprintf (stderr,
+ _("%s: %s flag is ONLY allowed with the %s flag\n"),
+ Prog, "-o", "-u");
usage ();
+ }
+ if (kflg && !mflg) {
+ fprintf (stderr,
+ _("%s: %s flag is ONLY allowed with the %s flag\n"),
+ Prog, "-k", "-m");
+ usage ();
+ }
+ if (Uflg && gflg) {
+ fprintf (stderr,
+ _("%s: options %s and %s conflict\n"),
+ Prog, "-U", "-g");
+ usage ();
+ }
+ if (Uflg && Nflg) {
+ fprintf (stderr,
+ _("%s: options %s and %s conflict\n"),
+ Prog, "-U", "-N");
+ usage ();
+ }
/*
* Either -D or username is required. Defaults can be set with -D
@@ -1583,7 +1622,7 @@
* to that group, use useradd -g username username.
* --bero
*/
- if (!gflg) {
+ if (Uflg) {
if (getgrnam (user_name)) { /* local, no need for xgetgrnam */
fprintf (stderr,
_
@@ -1630,7 +1669,7 @@
/* do we have to add a group for that user? This is why we need to
* open the group files in the open_files() function --gafton */
- if (!(nflg || gflg)) {
+ if (Uflg) {
if (find_new_gid (rflg, &user_gid, &user_id) < 0) {
fprintf (stderr,
_("%s: can't create group\n"),
Index: man/useradd.8.xml
===================================================================
--- man/useradd.8.xml (révision 1805)
+++ man/useradd.8.xml (copie de travail)
@@ -240,6 +240,25 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-N</option>, <option>--no-user-group</option>
+ </term>
+ <listitem>
+ <para>
+ Do not create a group with the same name as the user, but
+ add the user to the group specified by the <option>-g</option>
+ option or by the GROUP variable in
+ <filename>/etc/default/useradd</filename>.
+ </para>
+ <para>
+ The default behavior (if the <option>-g</option>,
+ <option>-N</option>, and <option>-U</option> options are not
+ specified) is defined by the <option>USERGROUPS_ENAB</option>
+ variable in <filename>login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
@@ -287,6 +306,23 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-U</option>, <option>--user-group</option>
+ </term>
+ <listitem>
+ <para>
+ Create a group with the same name as the user, and
+ add the user to this group.
+ </para>
+ <para>
+ The default behavior (if the <option>-g</option>,
+ <option>-N</option>, and <option>-U</option> options are not
+ specified) is defined by the <option>USERGROUPS_ENAB</option>
+ variable in <filename>login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
<refsect2 id='changing_the_default_values'>
Index: man/login.defs.d/USERGROUPS_ENAB.xml
===================================================================
--- man/login.defs.d/USERGROUPS_ENAB.xml (révision 1805)
+++ man/login.defs.d/USERGROUPS_ENAB.xml (copie de travail)
@@ -7,8 +7,10 @@
the same as gid, and username is the same as the primary group name.
<para>
</para>
- If set to <replaceable>yes</replaceable>, userdel will remove the
- user's group if it contains no more members.
+ If set to <replaceable>yes</replaceable>, <command>userdel</command>
+ will remove the user's group if it contains no more members, and
+ <command>useradd</command> will create by default a group with the
+ name of the user.
</para>
</listitem>
</varlistentry>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic