Bash程序  |  190行  |  4.78 KB

#!/bin/sh
#
#    Copyright (c) International Business Machines  Corp., 2001
#
#    This program is free software;  you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY;  without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#    the GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program;  if not, write to the Free Software
#    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
#   FILE        : IDcheck.sh
#   DESCRIPTION : checks for req'd users/groups and will create them if requested.
#   HISTORY     : see the cvs log
#

# Prompt user if ids/groups should be created
echo "Checking for required user/group ids"
echo ""

# Check ids and create if needed.
NO_NOBODY_ID=1
NO_BIN_ID=1
NO_DAEMON_ID=1
NO_NOBODY_GRP=1
NO_BIN_GRP=1
NO_DAEMON_GRP=1
NO_USERS_GRP=1
NO_SYS_GRP=1

group="$DESTDIR/etc/group"
passwd="$DESTDIR/etc/passwd"

# find entry.
fe() {
    ID=$1
    FILE=$2
    [ -e "$FILE" ] || return $?
    grep -q "^$ID:" "$FILE"
}

prompt_for_create() {
	if [ -z "$CREATE_ENTRIES" ] ; then

		if [ $NO_NOBODY_ID -ne 0 -o $NO_BIN_ID -ne 0 -o $NO_DAEMON_ID -ne 0 -o $NO_NOBODY_GRP -ne 0 -o $NO_BIN_GRP -ne 0 -o $NO_DAEMON_GRP -ne 0 -o $NO_USERS_GRP -ne 0 -o $NO_SYS_GRP -ne 0 ] ; then
			echo -n "If any required user ids and/or groups are missing, would you like these created? [y/N]"
			read ans
			case "$ans" in
			[Yy]*) CREATE_ENTRIES=1 ;;
			*)     CREATE_ENTRIES=0 ;;
			esac
		else
			CREATE_ENTRIES=0
		fi

	fi
}

if [ -z ${EUID} ] ; then
	EUID=$(id -u)
fi

for i in "$passwd" "$group"; do
    if [ -e "$i" -a ! -r "$i" ] ; then
	echo "$i not readable by uid $EUID"
	exit 1
    fi
done

fe bin "$passwd"; NO_BIN_ID=$?
fe daemon "$passwd"; NO_DAEMON_ID=$?
fe nobody "$passwd"; NO_NOBODY_ID=$?

fe bin "$group"; NO_BIN_GRP=$?
fe daemon "$group"; NO_DAEMON_GRP=$?
fe nobody "$group" || fe nogroup "$group"; NO_NOBODY_GRP=$?
fe sys "$group"; NO_SYS_GRP=$?
fe users "$group"; NO_USERS_GRP=$?

prompt_for_create

debug_vals() {

echo "Missing the following group / user entries:"
echo "Group file:		$group"
echo "Password file:		$passwd"
echo "nobody:			$NO_NOBODY_ID"
echo "bin:			$NO_BIN_ID"
echo "daemon:			$NO_DAEMON_ID"
echo "nobody[/nogroup] grp:	$NO_NOBODY_GRP"
echo "bin grp:			$NO_BIN_GRP"
echo "daemon grp:		$NO_DAEMON_GRP"
echo "sys grp:			$NO_SYS_GRP"
echo "users grp:		$NO_USERS_GRP"
echo ""

}

#debug_vals

if [ $CREATE_ENTRIES -ne 0 ] ; then
    if ! touch "$group" "$passwd" 2>/dev/null; then
        echo "Failed to touch $group or $passwd"
        exit 1
    fi
fi

make_user_group() {
	local name=$1 id=$2 no_id=$3 no_grp=$4

	if [ $no_id -eq 0 -a $no_grp -eq 0 ] ; then
		echo "'$name' user id and group found."
	elif [ $CREATE_ENTRIES -ne 0 ] ; then
		echo "Creating entries for $name"

		# Avoid chicken and egg issue with id(1) call
		# made above and below.
		if ! fe "$name" "$passwd" && [ $no_id -ne 0 ] ; then
			echo "${name}:x:${id}:${id}:${name}::" >> "$passwd"
		fi
		if [ $no_grp -ne 0 ] ; then
			echo "${name}:x:$(id -u ${name}):" >> "$group"
		fi
	fi
}
make_user_group nobody 65534 $NO_NOBODY_ID $NO_NOBODY_GRP
make_user_group bin 1 $NO_BIN_ID $NO_BIN_GRP
make_user_group daemon 2 $NO_DAEMON_ID $NO_DAEMON_GRP

if [ $NO_USERS_GRP -eq 0 ] ; then
	echo "Users group found."
elif [ $CREATE_ENTRIES -ne 0 ] ; then
	echo 'users:x:100:' >> "$group"
fi

if [ $NO_SYS_GRP -eq 0 ] ; then
	echo "Sys group found."
elif [ $CREATE_ENTRIES -ne 0 ] ; then
	echo 'sys:x:3:' >> "$group"
fi

MISSING_ENTRY=0

# For entries that exist in both $group and $passwd.
for i in bin daemon; do
    for file in "$group" "$passwd"; do
        if ! fe "$i" "$file"; then
            MISSING_ENTRY=1
            break
        fi
    done
    if [ $MISSING_ENTRY -ne 0 ]; then
        break
    fi
done

# nobody is a standard group on all distros, apart from debian based ones;
# let's account for the fact that they use the nogroup group instead.
if ! fe "nobody" "$passwd" || ! (fe "nogroup" "$group" || fe "nobody" "$group")
then
    MISSING_ENTRY=1
fi

# For entries that only exist in $group.
for i in users sys; do
    if ! fe "$i" "$group" ; then
        MISSING_ENTRY=1
    fi
done

if [ $MISSING_ENTRY -eq 0 ] ; then
    echo "Required users/groups exist."
    exit 0
fi

echo ""
echo "*****************************************"
echo "* Required users/groups do NOT exist!!! *"
echo "*                                       *"
echo "* Some kernel/syscall tests will FAIL!  *"
echo "*****************************************"
exit 1