Stephen Gran
2006-Apr-23 12:47 UTC
tentative patch for multiple bugs about adding new users to extra groups
This is a very tentative patch for adding new user to various groups by default. What immediately popped out at me while doing this was that $action = addusertogroup and all the others should probably be handled inside of a subroutine, instead of having to be copy and pasted many times. I can get to that later if you are interested. For the meantime, I think this patch does a reasonablyy sensible ''nothing by default, no extra groups for system users, only add t5o extra groups on forst adding of user'' logic. The shadow package can call adduser with --add_extra_groups for the initial user install if they like, but if they don''t, current behavior remains unchanged. Thanks, and take care, Index: adduser ==================================================================--- adduser (revision 550) +++ adduser (working copy) @@ -86,6 +86,7 @@ our $no_create_home = undef; our $special_home = undef; our $special_shell = undef; +our $add_extra_groups = 0; # Global variables we need later my $existing_user = undef; @@ -123,6 +124,7 @@ "gid=i" => \$new_gid, "conf=s" => \$configfile, "no-create-home" => \$no_create_home, + "add_extra_groups" => \$add_extra_groups, "debug" => sub { $verbose = 2 } ); # everyone can issue "--help" and "--version", but only root can go on @@ -533,6 +535,31 @@ } } + if ( $add_extra_groups || $config{"add_extra_groups"} ) { + printf (gtx("Adding new user `%s'' to extra groups\n", $new_name)); + foreach my $newgrp ( split '' '', $config{"extra_groups"} ) { + if (!defined getgrnam($newgrp)) { + warnf (gtx("The group `%s'' does not exist.\n"),$newgrp); + next; + } + if (&user_is_member($new_name, $newgrp)) { + printf gtx("The user `%s'' is already a member of `%s''.\n"), + $new_name,$newgrp if $verbose; + next; + + } + + printf gtx("Adding user `%s'' to group `%s''...\n"),$new_name,$newgrp + if $verbose; + &invalidate_nscd(); + &systemcall(''/usr/bin/gpasswd'', ''-M'', + join('','', get_group_members($newgrp), $new_name), + $newgrp); + &invalidate_nscd(); + } + } + + if ($config{"quotauser"}) { printf (gtx("Setting quota from `%s''.\n"),$config{quotauser}); &systemcall(''/usr/sbin/edquota'', ''-p'', $config{quotauser}, $new_name); Index: AdduserCommon.pm ==================================================================--- AdduserCommon.pm (revision 550) +++ AdduserCommon.pm (working copy) @@ -199,6 +199,8 @@ $configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$"; $configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)"; $configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$"; + $configref->{"extra_groups"} = "dialout cdrom floppy audio src video lp src users"; + $configref->{"add_extra_groups"} = 0; foreach( @$conflistref ) { read_config($_,$configref); Index: adduser.conf ==================================================================--- adduser.conf (revision 550) +++ adduser.conf (working copy) @@ -61,3 +61,11 @@ # If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this # regular expression when creating a new home directory SKEL_IGNORE_REGEX="dpkg-(old|new|dist)" + +# Set this if you want the --add_extra_groups option to adduser to add +# new users to other groups. Default: +#EXTRA_GROUPS="dialout cdrom floppy audio src video lp src users" + +# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS +# option above will be default behavior for adding new, non-system users +#ADD_EXTRA_GROUPS=1 ndex: doc/adduser.8 ==================================================================--- doc/adduser.8 (revision 550) +++ doc/adduser.8 (working copy) @@ -10,7 +10,7 @@ .SH NAME adduser, addgroup \- add a user or group to the system .SH SYNOPSIS -.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user" +.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] [\-\-extra_groups] user" .PP .BR adduser " \-\-system [options] [\-\-home DIR] [\-\-shell SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-group | \-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user" .PP @@ -70,7 +70,10 @@ .BR USERS_GID . Users'' groups can also be overridden from the command line with the .BR \-\-gid " or " \-\-ingroup -options to set the group by id or name, respectively. +options to set the group by id or name, respectively. Also, users can be +added to one or more groups defined in adduser.conf either by setting +ADD_EXTRA_GROUPS to 1 in adduser.conf, or by passing --add_extra_groups on +the commandline. .B adduser will create a home directory subject to @@ -255,6 +258,9 @@ .B \-\-lastuid ID Override the last uid in the range that the uid is chosen from. .TP +.B \-\-add_extra_groups +Add new user to extra groups defined in adduser.conf +.TP .B \-\-version Display version and copyright information. .SH FILES -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- _______________________________________________ Adduser-devel mailing list Adduser-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/adduser-devel
Stephen Gran
2006-Apr-23 13:04 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
This one time, at band camp, Stephen Gran said:> This is a very tentative patch for adding new user to various groups > by default.And it had an obvious bug that I noticed 3 seconds after sending it. Grr. This one actually test that $config{"extra_groups"} is set before doing anything silly, and also fixes a misplaced '')''. Sorry about that. Index: doc/adduser.8 ==================================================================--- doc/adduser.8 (revision 550) +++ doc/adduser.8 (working copy) @@ -10,7 +10,7 @@ .SH NAME adduser, addgroup \- add a user or group to the system .SH SYNOPSIS -.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user" +.BR adduser " [options] [\-\-home DIR] [\-\-shell|\-s SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-firstuid ID] [\-\-lastuid ID] [\-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] [\-\-extra_groups] user" .PP .BR adduser " \-\-system [options] [\-\-home DIR] [\-\-shell SHELL] [\-\-no-create-home] [\-\-uid ID] [\-\-group | \-\-ingroup GROUP | \-\-gid ID] [\-\-disabled-password] [\-\-disabled-login] [\-\-gecos GECOS] user" .PP @@ -70,7 +70,10 @@ .BR USERS_GID . Users'' groups can also be overridden from the command line with the .BR \-\-gid " or " \-\-ingroup -options to set the group by id or name, respectively. +options to set the group by id or name, respectively. Also, users can be +added to one or more groups defined in adduser.conf either by setting +ADD_EXTRA_GROUPS to 1 in adduser.conf, or by passing --add_extra_groups on +the commandline. .B adduser will create a home directory subject to @@ -255,6 +258,9 @@ .B \-\-lastuid ID Override the last uid in the range that the uid is chosen from. .TP +.B \-\-add_extra_groups +Add new user to extra groups defined in adduser.conf +.TP .B \-\-version Display version and copyright information. .SH FILES Index: adduser ==================================================================--- adduser (revision 550) +++ adduser (working copy) @@ -86,6 +86,7 @@ our $no_create_home = undef; our $special_home = undef; our $special_shell = undef; +our $add_extra_groups = 0; # Global variables we need later my $existing_user = undef; @@ -123,6 +124,7 @@ "gid=i" => \$new_gid, "conf=s" => \$configfile, "no-create-home" => \$no_create_home, + "add_extra_groups" => \$add_extra_groups, "debug" => sub { $verbose = 2 } ); # everyone can issue "--help" and "--version", but only root can go on @@ -533,6 +535,31 @@ } } + if ( ( $add_extra_groups || $config{"add_extra_groups"} ) && defined($config{"extra_groups"}) ) { + printf (gtx("Adding new user `%s'' to extra groups\n"), $new_name); + foreach my $newgrp ( split '' '', $config{"extra_groups"} ) { + if (!defined getgrnam($newgrp)) { + warnf (gtx("The group `%s'' does not exist.\n"),$newgrp); + next; + } + if (&user_is_member($new_name, $newgrp)) { + printf gtx("The user `%s'' is already a member of `%s''.\n"), + $new_name,$newgrp if $verbose; + next; + + } + + printf gtx("Adding user `%s'' to group `%s''...\n"),$new_name,$newgrp + if $verbose; + &invalidate_nscd(); + &systemcall(''/usr/bin/gpasswd'', ''-M'', + join('','', get_group_members($newgrp), $new_name), + $newgrp); + &invalidate_nscd(); + } + } + + if ($config{"quotauser"}) { printf (gtx("Setting quota from `%s''.\n"),$config{quotauser}); &systemcall(''/usr/sbin/edquota'', ''-p'', $config{quotauser}, $new_name); Index: AdduserCommon.pm ==================================================================--- AdduserCommon.pm (revision 550) +++ AdduserCommon.pm (working copy) @@ -199,6 +199,8 @@ $configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$"; $configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)"; $configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$"; + $configref->{"extra_groups"} = "dialout cdrom floppy audio src video lp users"; + $configref->{"add_extra_groups"} = 0; foreach( @$conflistref ) { read_config($_,$configref); Index: adduser.conf ==================================================================--- adduser.conf (revision 550) +++ adduser.conf (working copy) @@ -61,3 +61,11 @@ # If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this # regular expression when creating a new home directory SKEL_IGNORE_REGEX="dpkg-(old|new|dist)" + +# Set this if you want the --add_extra_groups option to adduser to add +# new users to other groups. Default: +#EXTRA_GROUPS="dialout cdrom floppy audio src video lp src users" + +# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS +# option above will be default behavior for adding new, non-system users +#ADD_EXTRA_GROUPS=1 -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060423/11c25198/attachment.pgp
Marc Haber
2006-Apr-26 14:42 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
On Sun, Apr 23, 2006 at 02:03:47PM +0100, Stephen Gran wrote:> This one time, at band camp, Stephen Gran said: > > This is a very tentative patch for adding new user to various groups > > by default. > > And it had an obvious bug that I noticed 3 seconds after sending it. > Grr. > > This one actually test that $config{"extra_groups"} is set before doing > anything silly, and also fixes a misplaced '')''.I have committed the patch to svn after uploading adduser 3.87. At the time of this writing, I intend to put 3.88 into experimental. Stephen, can you provide test suite cases for your patch? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Stephen Gran
2006-Apr-26 15:01 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
This one time, at band camp, Marc Haber said:> On Sun, Apr 23, 2006 at 02:03:47PM +0100, Stephen Gran wrote: > > This one time, at band camp, Stephen Gran said: > > > This is a very tentative patch for adding new user to various groups > > > by default. > > > > And it had an obvious bug that I noticed 3 seconds after sending it. > > Grr. > > > > This one actually test that $config{"extra_groups"} is set before doing > > anything silly, and also fixes a misplaced '')''. > > I have committed the patch to svn after uploading adduser 3.87. At the > time of this writing, I intend to put 3.88 into experimental. > > Stephen, can you provide test suite cases for your patch?OK, let me just throw out ideas for writing the testsuite before doing so. My idea is that the test suite should call adduser --add_extra_groups and check that a) all extra groups are added to the user account b) cleanup is handled correctly c) invalid groups get handled correctly throughout Am I missing anything? Thanks, -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060426/39724375/attachment.pgp
Marc Haber
2006-Apr-26 15:31 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
On Wed, Apr 26, 2006 at 04:00:55PM +0100, Stephen Gran wrote:> Am I missing anything?Nothing obvious. I''ll poke J?rg to take a look at this thread. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Stephen Gran
2006-Apr-29 17:10 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060429/8d7fd95d/attachment-0001.pgp
Marc Haber
2006-May-12 15:47 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
Hi, sorry for taking so long to reply. On Sat, Apr 29, 2006 at 06:09:51PM +0100, Stephen Gran wrote:> Here''s a rough first go at a test suite. It could be significantly > expanded, but I see that most of the other testsuites are pretty > minimal, so I opted to keep it concise. Comments welcome.I''d like to see the test actually adding the new user to some group. This might need shipping of a tailored adduser.conf file with the test suite and using adduser --conf to have the appropriate adduser instance use the tailored configuration. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Stephen Gran
2006-May-13 21:18 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
This one time, at band camp, Marc Haber said:> Hi, > > sorry for taking so long to reply.No problem.> On Sat, Apr 29, 2006 at 06:09:51PM +0100, Stephen Gran wrote: > > Here''s a rough first go at a test suite. It could be significantly > > expanded, but I see that most of the other testsuites are pretty > > minimal, so I opted to keep it concise. Comments welcome. > > I''d like to see the test actually adding the new user to some group. > This might need shipping of a tailored adduser.conf file with the test > suite and using adduser --conf to have the appropriate adduser > instance use the tailored configuration.OK, so I''ll add the new suer, then ad that user to another group (cleaning up after)? If that''s correct, I''ll knock something together shortly. -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060513/95ba3e55/attachment.pgp
Marc Haber
2006-May-14 07:38 UTC
[Adduser-devel] tentative patch for multiple bugs about adding new users to extra groups
On Sat, May 13, 2006 at 10:18:25PM +0100, Stephen Gran wrote:> > On Sat, Apr 29, 2006 at 06:09:51PM +0100, Stephen Gran wrote: > > I''d like to see the test actually adding the new user to some group. > > This might need shipping of a tailored adduser.conf file with the test > > suite and using adduser --conf to have the appropriate adduser > > instance use the tailored configuration. > > OK, so I''ll add the new suer, then ad that user to another group > (cleaning up after)?The suite doesn''t clean up after itself (should be invoked in a chroot), so you don''t need to clean up. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835