Hi,
in reply to #357978, I intend to drop the explicitly listed paths from
the adduser code. Instead, ENV{"PATH"} will be reset to
/sbin:/usr/sbin:/usr/local/sbin to allow local diversions while still
preferring the system binaries.
Any comments?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Stephen Gran
2006-Apr-26 19:42 UTC
[Adduser-devel] Ditch full paths in favor of locally set PATH?
This one time, at band camp, Marc Haber said:> Hi, > > in reply to #357978, I intend to drop the explicitly listed paths from > the adduser code. Instead, ENV{"PATH"} will be reset to > /sbin:/usr/sbin:/usr/local/sbin to allow local diversions while still > preferring the system binaries. > > Any comments?I think if the sysadmin really wants to override one of the important system utilities, it should be allowed. Indeed, I do this at one site at work to make passwd talk to LDAP. This patch looks for the right executable in $PATH, instead of hardcoding, which feels correct to me. This patch also does a couple of other things at the same time, but I can split that out if you prefer. It adds vim modelines (yay!) It replaces system(chmod|chown) with the perl builtins It changes a few systemcall to &systemcall For the last one, I''d like to discuss it at some point. So far, I have been using the &subroutine (new style) calling convention, since that seems like what you have been using up to this point. It has some advantages, but it also has some disadvantages. It overrides prototyping, for one thing, which I generally like to use in my perl. Using prototyping means, of course, that you have to be very careful about the order of your subroutine declarations when using strict, or else you get unnecessary runtime warnings. But that''s a talk for another time, and a lot of code cleanup either way. For now, I''m just trying to make it consistent. I''ll try to get the patch right this time :) steve@spartacus:~/NMU/adduser$ svn up At revision 562. steve@spartacus:~/NMU/adduser$ svn diff Index: deluser ==================================================================--- deluser (revision 562) +++ deluser (working copy) @@ -28,8 +28,6 @@ # See the usage subroutine for explanation about how the program can be called #################### -$ENV{"PATH"} = "/sbin:/bin:/usr/sbin:/usr/bin"; - use warnings; use strict; use Getopt::Long; @@ -289,13 +287,17 @@ print "backup_name = $backup_name"; print $filesfile join("\n",@files); $filesfile->close(); - systemcall("/bin/tar", "-cf", $backup_name, "--files-from", $filesfilename); - systemcall("chmod","600", $backup_name); - systemcall("chown","root:root", $backup_name); + my $tar = &which(''tar''); + &systemcall($tar, "-cf", $backup_name, "--files-from", $filesfilename); + chmod 600, $backup_name; + my $rootid = 0; + chown $rootid, $rootid, $backup_name; unlink($filesfilename); - if(-e "/usr/bin/bzip2") { + my $bzip2 = &which(''bzip2'', 1); + my $gzip = &which(''gzip''), 1); + if($bzip) { systemcall("/usr/bin/bzip2", $backup_name); - } elsif(-e "/bin/gzip") { + } elsif($gzip) { systemcall("/bin/gzip", "--best", $backup_name); } } @@ -311,12 +313,14 @@ if (system("crontab -l $user >/dev/null 2>&1") == 0) { # crontab -l returns 1 if there is no crontab - systemcall("/usr/bin/crontab -r $user"); + my $crontab = &which(''crontab''); + &systemcall($crontab, "-r", $user); s_print (gtx("Removing crontab\n")); } s_printf (gtx("Removing user `%s''...\n"),$user); - systemcall("/usr/sbin/userdel", $user); + my $userdel = &which(''userdel''); + &systemcall($userdel, $user); &invalidate_nscd(); systemcall(''/usr/local/sbin/deluser.local'', $user, $pw_uid, @@ -355,7 +359,8 @@ endpwent; s_printf (gtx("Removing group `%s''...\n"),$group); - systemcall("/usr/sbin/groupdel",$group); + my $groupdel = &which(''groupdel''); + &systemcall($groupdel,$group); &invalidate_nscd(); s_print (gtx("done.\n")); exit 0; @@ -391,7 +396,8 @@ s_printf (gtx("Removing user `%s'' from group `%s''...\n"),$user,$group); #systemcall("usermod","-G", join(",",@groups), $user ); - systemcall(''/usr/bin/gpasswd'',''-M'', join('','',@members), $group); + my $gpasswd = &which(''gpasswd''); + &systemcall($gpasswd,''-M'', join('','',@members), $group); &invalidate_nscd(); s_print (gtx("done.\n")); } @@ -470,4 +476,4 @@ return(defined getgrnam($exist_group)); } - +# vim:set ai et sts=4 sw=4 tw=0: Index: adduser ==================================================================--- adduser (revision 562) +++ adduser (working copy) @@ -269,7 +269,8 @@ printf (gtx("Adding group `%s'' (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $addgroup = &which(''addgroup''); + &systemcall($addgroup, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); print (gtx("Done.\n")) if $verbose; exit 0; @@ -297,7 +298,8 @@ printf (gtx("Adding group `%s'' (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); print (gtx("Done.\n")) if $verbose; exit 0; @@ -325,7 +327,8 @@ #&systemcall(''usermod'', ''-G'', #join(",", get_users_groups($existing_user), $existing_group), #$existing_user); - &systemcall(''/usr/bin/gpasswd'', ''-M'', + my $passwd = &which(''passwd''); + &systemcall($passwd, ''-M'', join('','', get_group_members($existing_group), $existing_user), $existing_group); #&systemcall(''gpasswd'', ''-a'',$existing_user,$existing_group); @@ -390,7 +393,8 @@ if ($make_group_also && !getgrnam($new_name)) { printf (gtx("Adding new group `%s'' (%s).\n"),$new_name,$new_gid) if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); } @@ -399,18 +403,20 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || ''/bin/false''; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', + my $useradd = &which(''useradd''); + &systemcall($useradd, ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', $shell, ''-u'', $new_uid, $new_name); - print "/usr/bin/chage -M 99999 $new_name\n" if ($verbose > 1); + my $chage = &which(''chage''); + print "$chage -M 99999 $new_name\n" if ($verbose > 1); # do _not_ use systemcall() here, since systemcall() dies on # non-zero exit code and we need to do special handling here! - if (system(''/usr/bin/chage'', ''-M'', ''99999'', $new_name)) { + if (&systemcall($chage, ''-M'', ''99999'', $new_name)) { if( ($?>>8) ne 15 ) { - &cleanup("$0: `/usr/bin/chage -M 99999 $new_name'' returned error code " . ($?>>8) . ". Aborting.\n") + &cleanup("$0: `$chage -M 99999 $new_name'' returned error code " . ($?>>8) . ". Aborting.\n") if ($?>>8); - &cleanup("$0: `/usr/bin/chage -M 99999 $new_name'' exited from signal " . ($?&255) . ". Aborting.\n"); + &cleanup("$0: `$chage -M 99999 $new_name'' exited from signal " . ($?&255) . ". Aborting.\n"); } else { - print (gtx("chage failed with return code 15, shadow not enabled, password aging cannot be set. Continuing.\n")); + print (gtx("$chage failed with return code 15, shadow not enabled, password aging cannot be set. Continuing.\n")); } } &invalidate_nscd(); @@ -474,7 +480,8 @@ if ($make_group_also) { printf (gtx("Adding new group `%s'' (%s).\n"),$new_name,$new_gid) if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd(); } @@ -483,7 +490,8 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || $config{"dshell"}; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', + my $groupadd = &which(''useradd''); + &systemcall($useradd, ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', $shell, ''-u'', $new_uid, $new_name); &invalidate_nscd(); @@ -492,7 +500,8 @@ # useradd without -p has left the account disabled (password string is ''!'') if ($ask_passwd) { for (;;) { - &systemcall(''/usr/bin/passwd'', $new_name); + my $passwd = &which(''passwd''); + &systemcall($passwd, $new_name); my $ok = $? & 128; if ($ok != 0) { my $noexpr = langinfo(NOEXPR()); @@ -518,7 +527,8 @@ } } else { if(!$disabled_login) { - &systemcall(''/usr/sbin/usermod'', ''-p'', ''*'', $new_name); + my $usermod = &which(''usermod''); + &systemcall($usermod, ''-p'', ''*'', $new_name); } } @@ -528,7 +538,8 @@ else { my $yesexpr = langinfo(YESEXPR()); for (;;) { - &systemcall(''/usr/bin/chfn'', $new_name); + my $chfn = &which(''chfn''); + &systemcall($chfn, $new_name); # Translators: [y/N] has to be replaced by values defined in your # locale. You can see by running "locale yesexpr" which regular # expression will be checked to find positive answer. @@ -555,7 +566,8 @@ printf gtx("Adding user `%s'' to group `%s''...\n"),$new_name,$newgrp if $verbose; &invalidate_nscd(); - &systemcall(''/usr/bin/gpasswd'', ''-M'', + my $gpasswd = &which(''gpasswd''); + &systemcall($gpasswd, ''-M'', join('','', get_group_members($newgrp), $new_name), $newgrp); &invalidate_nscd(); @@ -565,7 +577,8 @@ if ($config{"quotauser"}) { printf (gtx("Setting quota from `%s''.\n"),$config{quotauser}); - &systemcall(''/usr/sbin/edquota'', ''-p'', $config{quotauser}, $new_name); + my $edquota = &which(''edquota''); + &systemcall($edquota, ''-p'', $config{quotauser}, $new_name); } &systemcall(''/usr/local/sbin/adduser.local'', $new_name, $new_uid, @@ -825,23 +838,24 @@ } sub ch_gecos { + my $chfn = &which(''chfn''); my $gecos = shift; if($gecos =~ /,/) { my($gecos_name,$gecos_room,$gecos_work,$gecos_home,$gecos_other) = split(/,/,$gecos); - &systemcall(''/usr/bin/chfn'', ''-f'', $gecos_name, ''-r'', $gecos_room, $new_name); - &systemcall(''/usr/bin/chfn'',''-w'',$gecos_work,$new_name) + &systemcall($chfn, ''-f'', $gecos_name, ''-r'', $gecos_room, $new_name); + &systemcall($chfn,''-w'',$gecos_work,$new_name) if(defined($gecos_work)); - &systemcall(''/usr/bin/chfn'',''-h'',$gecos_home,$new_name) + &systemcall($chfn,''-h'',$gecos_home,$new_name) if(defined($gecos_home)); - &systemcall(''/usr/bin/chfn'',''-o'',$gecos_other,$new_name) + &systemcall($chfn,''-o'',$gecos_other,$new_name) if(defined($gecos_other)); } else { - &systemcall(''/usr/bin/chfn'', ''-f'', $gecos, $new_name); + &systemcall($chfn, ''-f'', $gecos, $new_name); } } @@ -953,4 +967,4 @@ # cperl-indent-level:4 # End: - +# vim:set ai et sts=4 sw=4 tw=0: Index: AdduserCommon.pm ==================================================================--- AdduserCommon.pm (revision 562) +++ AdduserCommon.pm (working copy) @@ -30,12 +30,7 @@ } # Check if we need to invalidate the NSCD cache - my $nscd; - if(-e "/usr/sbin/nscd") { - $nscd = "/usr/sbin/nscd"; - } elsif(-e "/usr/bin/nscd") { - $nscd = "/usr/bin/nscd"; - } + my $nscd = &which(''nscd'',1); # this function replaces startnscd and stopnscd (closes: #54726) # We are ignoring any error messages given by nscd here since we # cannot expect the nscd maintainer and upstream to document their @@ -166,6 +161,17 @@ } } +sub which { + my ($progname, $nonfatal) = @_ ; + for my $dir (split /:/, $ENV{"PATH"}) { + if (-x $dir/$progname ) { + return $dir/$progname; + } + } + dief(gtx("No program named $progname in \$PATH\n")) unless ($nonfatal); +} + + # preseed the configuration variables # then read the config file /etc/adduser and overwrite the data hardcoded here sub preseed_config { @@ -210,3 +216,5 @@ # Local Variables: # mode:cperl # End: + +# vim:set ai et sts=4 sw=4 tw=0: -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060426/59c41c26/attachment.pgp
Stephen Gran
2006-Apr-29 11:32 UTC
[Adduser-devel] Ditch full paths in favor of locally set PATH?
This one time, at band camp, Stephen Gran said:> This one time, at band camp, Marc Haber said: > > Hi, > > > > in reply to #357978, I intend to drop the explicitly listed paths from > > the adduser code. Instead, ENV{"PATH"} will be reset to > > /sbin:/usr/sbin:/usr/local/sbin to allow local diversions while still > > preferring the system binaries. > > > > Any comments? > > I think if the sysadmin really wants to override one of the important > system utilities, it should be allowed. Indeed, I do this at one site > at work to make passwd talk to LDAP. > > This patch looks for the right executable in $PATH, instead of > hardcoding, which feels correct to me.And has a bunch of brokenness in it. Let me rework it. Sorry - I really need to get a real test environment going on that laptop. -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060429/10a2658b/attachment.pgp
Marc Haber
2006-Apr-29 11:39 UTC
[Adduser-devel] Ditch full paths in favor of locally set PATH?
On Sat, Apr 29, 2006 at 12:32:13PM +0100, Stephen Gran wrote:> This one time, at band camp, Stephen Gran said: > > This one time, at band camp, Marc Haber said: > > > Hi, > > > > > > in reply to #357978, I intend to drop the explicitly listed paths from > > > the adduser code. Instead, ENV{"PATH"} will be reset to > > > /sbin:/usr/sbin:/usr/local/sbin to allow local diversions while still > > > preferring the system binaries. > > > > > > Any comments? > > > > I think if the sysadmin really wants to override one of the important > > system utilities, it should be allowed. Indeed, I do this at one site > > at work to make passwd talk to LDAP. > > > > This patch looks for the right executable in $PATH, instead of > > hardcoding, which feels correct to me. > > And has a bunch of brokenness in it. Let me rework it. Sorry - I > really need to get a real test environment going on that laptop.Yes, testing adduser without an easily rebuiltable chroot setup is a pain. I''ll hold off applying the patch, but tell the bug reporter that we''ll change to honoring $PATH soon. Thanks for reminding me that we avoid using a shell and would have to handle the path search ourselves. Didn''t think about that. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Stephen Gran
2006-Apr-29 16:39 UTC
[Adduser-devel] Ditch full paths in favor of locally set PATH?
This one time, at band camp, Marc Haber said:> On Sat, Apr 29, 2006 at 12:32:13PM +0100, Stephen Gran wrote: > > This one time, at band camp, Stephen Gran said: > > > > > > This patch looks for the right executable in $PATH, instead of > > > hardcoding, which feels correct to me. > > > > And has a bunch of brokenness in it. Let me rework it. Sorry - I > > really need to get a real test environment going on that laptop. > > Yes, testing adduser without an easily rebuiltable chroot setup is a > pain. I''ll hold off applying the patch, but tell the bug reporter that > we''ll change to honoring $PATH soon.Yes, I''m discovering that. Well, I have a half baked solution for now, and I''ll work out something a little smarter when I have some time to push that way.> Thanks for reminding me that we avoid using a shell and would have to > handle the path search ourselves. Didn''t think about that.OK, this patch actually builds correctly and passes the current build-suite. I think I may have got it right this time. Index: deluser ==================================================================--- deluser (revision 562) +++ deluser (working copy) @@ -28,8 +28,6 @@ # See the usage subroutine for explanation about how the program can be called #################### -$ENV{"PATH"} = "/sbin:/bin:/usr/sbin:/usr/bin"; - use warnings; use strict; use Getopt::Long; @@ -289,14 +287,18 @@ print "backup_name = $backup_name"; print $filesfile join("\n",@files); $filesfile->close(); - systemcall("/bin/tar", "-cf", $backup_name, "--files-from", $filesfilename); - systemcall("chmod","600", $backup_name); - systemcall("chown","root:root", $backup_name); + my $tar = &which(''tar''); + &systemcall($tar, "-cf", $backup_name, "--files-from", $filesfilename); + chmod 600, $backup_name; + my $rootid = 0; + chown $rootid, $rootid, $backup_name; unlink($filesfilename); - if(-e "/usr/bin/bzip2") { - systemcall("/usr/bin/bzip2", $backup_name); - } elsif(-e "/bin/gzip") { - systemcall("/bin/gzip", "--best", $backup_name); + my $bzip2 = &which(''bzip2'', 1); + my $gzip = &which(''gzip'', 1); + if($bzip2) { + systemcall($bzip2, $backup_name); + } elsif($gzip) { + systemcall($gzip, "--best", $backup_name); } } @@ -311,12 +313,14 @@ if (system("crontab -l $user >/dev/null 2>&1") == 0) { # crontab -l returns 1 if there is no crontab - systemcall("/usr/bin/crontab -r $user"); + my $crontab = &which(''crontab''); + &systemcall($crontab, "-r", $user); s_print (gtx("Removing crontab\n")); } s_printf (gtx("Removing user `%s''...\n"),$user); - systemcall("/usr/sbin/userdel", $user); + my $userdel = &which(''userdel''); + &systemcall($userdel, $user); &invalidate_nscd(); systemcall(''/usr/local/sbin/deluser.local'', $user, $pw_uid, @@ -355,7 +359,8 @@ endpwent; s_printf (gtx("Removing group `%s''...\n"),$group); - systemcall("/usr/sbin/groupdel",$group); + my $groupdel = &which(''groupdel''); + &systemcall($groupdel,$group); &invalidate_nscd(); s_print (gtx("done.\n")); exit 0; @@ -391,7 +396,8 @@ s_printf (gtx("Removing user `%s'' from group `%s''...\n"),$user,$group); #systemcall("usermod","-G", join(",",@groups), $user ); - systemcall(''/usr/bin/gpasswd'',''-M'', join('','',@members), $group); + my $gpasswd = &which(''gpasswd''); + &systemcall($gpasswd,''-M'', join('','',@members), $group); &invalidate_nscd(); s_print (gtx("done.\n")); } @@ -470,4 +476,4 @@ return(defined getgrnam($exist_group)); } - +# vim:set ai et sts=4 sw=4 tw=0: Index: adduser ==================================================================--- adduser (revision 562) +++ adduser (working copy) @@ -269,7 +269,8 @@ printf (gtx("Adding group `%s'' (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); print (gtx("Done.\n")) if $verbose; exit 0; @@ -297,7 +298,8 @@ printf (gtx("Adding group `%s'' (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); print (gtx("Done.\n")) if $verbose; exit 0; @@ -325,7 +327,8 @@ #&systemcall(''usermod'', ''-G'', #join(",", get_users_groups($existing_user), $existing_group), #$existing_user); - &systemcall(''/usr/bin/gpasswd'', ''-M'', + my $gpasswd = &which(''gpasswd''); + &systemcall($gpasswd, ''-M'', join('','', get_group_members($existing_group), $existing_user), $existing_group); #&systemcall(''gpasswd'', ''-a'',$existing_user,$existing_group); @@ -390,7 +393,8 @@ if ($make_group_also && !getgrnam($new_name)) { printf (gtx("Adding new group `%s'' (%s).\n"),$new_name,$new_gid) if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd("group"); } @@ -399,18 +403,20 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || ''/bin/false''; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', + my $useradd = &which(''useradd''); + &systemcall($useradd, ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', $shell, ''-u'', $new_uid, $new_name); - print "/usr/bin/chage -M 99999 $new_name\n" if ($verbose > 1); + my $chage = &which(''chage''); + print "$chage -M 99999 $new_name\n" if ($verbose > 1); # do _not_ use systemcall() here, since systemcall() dies on # non-zero exit code and we need to do special handling here! - if (system(''/usr/bin/chage'', ''-M'', ''99999'', $new_name)) { + if (&systemcall($chage, ''-M'', ''99999'', $new_name)) { if( ($?>>8) ne 15 ) { - &cleanup("$0: `/usr/bin/chage -M 99999 $new_name'' returned error code " . ($?>>8) . ". Aborting.\n") + &cleanup("$0: `$chage -M 99999 $new_name'' returned error code " . ($?>>8) . ". Aborting.\n") if ($?>>8); - &cleanup("$0: `/usr/bin/chage -M 99999 $new_name'' exited from signal " . ($?&255) . ". Aborting.\n"); + &cleanup("$0: `$chage -M 99999 $new_name'' exited from signal " . ($?&255) . ". Aborting.\n"); } else { - print (gtx("chage failed with return code 15, shadow not enabled, password aging cannot be set. Continuing.\n")); + printf (gtx("%s failed with return code 15, shadow not enabled, password aging cannot be set. Continuing.\n"), $chage); } } &invalidate_nscd(); @@ -474,7 +480,8 @@ if ($make_group_also) { printf (gtx("Adding new group `%s'' (%s).\n"),$new_name,$new_gid) if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + my $groupadd = &which(''groupadd''); + &systemcall($groupadd, ''-g'', $new_gid, $new_name); &invalidate_nscd(); } @@ -483,7 +490,8 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || $config{"dshell"}; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', + my $useradd = &which(''useradd''); + &systemcall($useradd, ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', $shell, ''-u'', $new_uid, $new_name); &invalidate_nscd(); @@ -492,7 +500,8 @@ # useradd without -p has left the account disabled (password string is ''!'') if ($ask_passwd) { for (;;) { - &systemcall(''/usr/bin/passwd'', $new_name); + my $passwd = &which(''passwd''); + &systemcall($passwd, $new_name); my $ok = $? & 128; if ($ok != 0) { my $noexpr = langinfo(NOEXPR()); @@ -518,7 +527,8 @@ } } else { if(!$disabled_login) { - &systemcall(''/usr/sbin/usermod'', ''-p'', ''*'', $new_name); + my $usermod = &which(''usermod''); + &systemcall($usermod, ''-p'', ''*'', $new_name); } } @@ -528,7 +538,8 @@ else { my $yesexpr = langinfo(YESEXPR()); for (;;) { - &systemcall(''/usr/bin/chfn'', $new_name); + my $chfn = &which(''chfn''); + &systemcall($chfn, $new_name); # Translators: [y/N] has to be replaced by values defined in your # locale. You can see by running "locale yesexpr" which regular # expression will be checked to find positive answer. @@ -555,7 +566,8 @@ printf gtx("Adding user `%s'' to group `%s''...\n"),$new_name,$newgrp if $verbose; &invalidate_nscd(); - &systemcall(''/usr/bin/gpasswd'', ''-M'', + my $gpasswd = &which(''gpasswd''); + &systemcall($gpasswd, ''-M'', join('','', get_group_members($newgrp), $new_name), $newgrp); &invalidate_nscd(); @@ -565,7 +577,8 @@ if ($config{"quotauser"}) { printf (gtx("Setting quota from `%s''.\n"),$config{quotauser}); - &systemcall(''/usr/sbin/edquota'', ''-p'', $config{quotauser}, $new_name); + my $edquota = &which(''edquota''); + &systemcall($edquota, ''-p'', $config{quotauser}, $new_name); } &systemcall(''/usr/local/sbin/adduser.local'', $new_name, $new_uid, @@ -825,23 +838,24 @@ } sub ch_gecos { + my $chfn = &which(''chfn''); my $gecos = shift; if($gecos =~ /,/) { my($gecos_name,$gecos_room,$gecos_work,$gecos_home,$gecos_other) = split(/,/,$gecos); - &systemcall(''/usr/bin/chfn'', ''-f'', $gecos_name, ''-r'', $gecos_room, $new_name); - &systemcall(''/usr/bin/chfn'',''-w'',$gecos_work,$new_name) + &systemcall($chfn, ''-f'', $gecos_name, ''-r'', $gecos_room, $new_name); + &systemcall($chfn,''-w'',$gecos_work,$new_name) if(defined($gecos_work)); - &systemcall(''/usr/bin/chfn'',''-h'',$gecos_home,$new_name) + &systemcall($chfn,''-h'',$gecos_home,$new_name) if(defined($gecos_home)); - &systemcall(''/usr/bin/chfn'',''-o'',$gecos_other,$new_name) + &systemcall($chfn,''-o'',$gecos_other,$new_name) if(defined($gecos_other)); } else { - &systemcall(''/usr/bin/chfn'', ''-f'', $gecos, $new_name); + &systemcall($chfn, ''-f'', $gecos, $new_name); } } @@ -953,4 +967,4 @@ # cperl-indent-level:4 # End: - +# vim:set ai et sts=4 sw=4 tw=0: Index: AdduserCommon.pm ==================================================================--- AdduserCommon.pm (revision 562) +++ AdduserCommon.pm (working copy) @@ -30,12 +30,7 @@ } # Check if we need to invalidate the NSCD cache - my $nscd; - if(-e "/usr/sbin/nscd") { - $nscd = "/usr/sbin/nscd"; - } elsif(-e "/usr/bin/nscd") { - $nscd = "/usr/bin/nscd"; - } + my $nscd = &which(''nscd'',1); # this function replaces startnscd and stopnscd (closes: #54726) # We are ignoring any error messages given by nscd here since we # cannot expect the nscd maintainer and upstream to document their @@ -166,6 +161,17 @@ } } +sub which { + my ($progname, $nonfatal) = @_ ; + for my $dir (split /:/, $ENV{"PATH"}) { + if (-x "$dir/$progname" ) { + return "$dir/$progname"; + } + } + dief(gtx("No program named %s in \$PATH\n"), $progname) unless ($nonfatal); +} + + # preseed the configuration variables # then read the config file /etc/adduser and overwrite the data hardcoded here sub preseed_config { @@ -210,3 +216,5 @@ # Local Variables: # mode:cperl # End: + +#vim:set ai et sts=4 sw=4 tw=0: -- -------------------------------------------------------------------------- | Stephen Gran | Q: Are we not men? A: We are Vaxen. | | steve@lobefin.net | | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060429/7703a002/attachment.pgp
Marc Haber
2006-May-13 13:36 UTC
[Adduser-devel] Ditch full paths in favor of locally set PATH?
On Sat, Apr 29, 2006 at 05:39:39PM +0100, Stephen Gran wrote:> OK, this patch actually builds correctly and passes the current > build-suite. I think I may have got it right this time.Looks good. Committed to svn. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835