Skip to content
Permalink
Browse files

adding sync-unix-accounts.php, synchronize unix accounts with AlternC…

… ones. not enabled by default, not even installed yet
  • Loading branch information...
vincib committed Mar 29, 2018
1 parent 13144a1 commit 240a7738fc0aa1626b49c4f072b1e80cfd2c0d48
Showing with 167 additions and 0 deletions.
  1. +167 −0 src/sync-unix-accounts.php
@@ -0,0 +1,167 @@
#!/usr/bin/php
<?php
/**
* Synchronize all ALTERNC accounts to be also UNIX accounts
* set / delete entries in /etc/passwd /etc/shadow /etc/group
* the home of each user will be the AlternC root folder.
* launch me as a cron as root :)
*/
// Totally ignore those UNIX AND ALTERNC accounts :
$skip=array("root","bin","www-data","sshd","mail","vmail","sys","man","lp","news","uucp","proxy","backup","list","irc","nobody","mysql","postfix","bind","ftp","clamav","munin","postgres","amavis","dspam","puppet","nagios","proftpd","messagebus","statd","alterncpanel","dovecot","dovenull","alternc-roundcube","saned");
// Set the user to have THIS shell :
$newshell="/bin/bash"; // could be /bin/false or /bin/nologin
if (getmyuid()!=0) {
echo "Fatal: must be launched as root !\n";
exit(1);
}
$lock="/run/sync-unix-accounts.lock";
if (is_file($lock) && is_dir("/proc/".intval(file_get_contents($lock)))) {
echo "AlternC Sync Unix locked\n";
exit(0);
}
file_put_contents($lock,getmypid());
require_once("/usr/share/alternc/panel/class/config_nochk.php");
global $db;
$members=array();
$unix=array();
putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin");
openlog("[AlternC Sync Unix]",null,LOG_USER);
$db->query("SELECT uid,login FROM membres;");
while ($db->next_record()) {
if (in_array($db->Record["login"],$skip)) continue;
$members[$db->Record["uid"]]=$db->Record["login"];
}
$f=fopen("/etc/passwd","rb");
while ($s=fgets($f,1024)) {
list($user,$pass,$uid,$gid,$gecos,$home,$shell)=explode(":",$s,7);
if ($uid<2000 || $uid>32000 || $uid!=$gid || substr($home,0,strlen($L_ALTERNC_HTML))!=$L_ALTERNC_HTML) continue;
$unix[$uid]=$user;
}
// print_r($unix); print_r($members);
// $L_ALTERNC_HTML
// What shall we create / delete ?
$create=array();
$delete=array();
foreach($members as $muid=>$mlogin) {
if (!isset($unix[$muid])) {
$create[$muid]=$mlogin;
} else {
if ($unix[$muid]!=$mlogin) {
$delete[$muid]=1;
}
}
}
foreach($unix as $uuid=>$ulogin) {
if (!isset($members[$uuid])) {
$delete[$uuid]=$ulogin;
}
}
if (!count($create) && !count($delete)) {
@unlink($lock);
exit(0);
}
syslog(LOG_INFO,"Will create ".count($create)." Unix account and delete ".count($delete).".");
// print_r($create); print_r($delete);
// ------------------------------------------------------------
// /ETC/PASSWD
copy("/etc/passwd","/etc/passwd.bak");
$f=fopen("/etc/passwd","rb");
flock($f,LOCK_EX);
$g=fopen("/etc/passwd.alternc","wb");
$lastwascr=false;
while ($s=fgets($f,1024)) {
list($user,$pass,$uid,$gid,$gecos,$home,$shell)=explode(":",$s,7);
if ($uid<2000 || $uid>32000 || $uid!=$gid
|| substr($home,0,strlen($L_ALTERNC_HTML))!=$L_ALTERNC_HTML
|| !isset($delete[$uid])
) {
fputs($g,$s);
$lastwascr = (substr($s,-1)=="\n");
}
}
if (!$lastwascr) { // last line didn't end by \n !! normalize it:
fputs($g,"\n");
}
foreach($create as $uid=>$login) {
fputs($g,$login.":x:".$uid.":".$uid.":,,,:".$L_ALTERNC_HTML."/".substr($login,0,1)."/".$login.":$newshell\n");
}
fclose($f);
fclose($g);
rename("/etc/passwd.alternc","/etc/passwd");
syslog(LOG_INFO,"Wrote /etc/passwd");
// ------------------------------------------------------------
// /ETC/GROUP
copy("/etc/group","/etc/group.bak");
$f=fopen("/etc/group","rb");
flock($f,LOCK_EX);
$g=fopen("/etc/group.alternc","wb");
$lastwascr=false;
while ($s=fgets($f,1024)) {
list($user,$pass,$gid,$users)=explode(":",$s,4);
if ($gid<2000 || $gid>32000
|| !isset($delete[$gid])
) {
fputs($g,$s);
$lastwascr = (substr($s,-1)=="\n");
}
}
if (!$lastwascr) { // last line didn't end by \n !! normalize it:
fputs($g,"\n");
}
foreach($create as $uid=>$login) {
fputs($g,$login.":x:".$uid.":\n");
}
fclose($f);
fclose($g);
rename("/etc/group.alternc","/etc/group");
syslog(LOG_INFO,"Wrote /etc/group");
// ------------------------------------------------------------
// /ETC/SHADOW
copy("/etc/shadow","/etc/shadow.bak");
$f=fopen("/etc/shadow","rb");
flock($f,LOCK_EX);
$g=fopen("/etc/shadow.alternc","wb");
$lastwascr=false;
while ($s=fgets($f,1024)) {
list($user,$pass,$rest)=explode(":",$s,3);
if (
!in_array($user,$delete)
) {
fputs($g,$s);
$lastwascr = (substr($s,-1)=="\n");
}
}
if (!$lastwascr) { // last line didn't end by \n !! normalize it:
fputs($g,"\n");
}
foreach($create as $uid=>$login) {
fputs($g,$login.":*:17380:0:99999:7:::\n");
}
fclose($f);
fclose($g);
chmod("/etc/shadow.alternc",0640);
rename("/etc/shadow.alternc","/etc/shadow");
syslog(LOG_INFO,"Wrote /etc/shadow");
if (count($create)) syslog(LOG_INFO,"Wrote unix system files, ADDED:".implode(" ",$create));
if (count($delete)) syslog(LOG_INFO,"Wrote unix system files, DELETED:".implode(" ",$delete));
@unlink($lock);

4 comments on commit 240a773

@camlafit

This comment has been minimized.

Copy link
Contributor

camlafit replied Apr 12, 2018

Hello

Should be better to use alternc-nss plugin no ?
Plugin complete server configuration without any modification on these files.

@fser

This comment has been minimized.

Copy link
Contributor

fser replied Apr 12, 2018

Or use extrausers (deb libnss-extrausers) which stores additional /etc/passwd like in /var/lib/extrausers.

@camlafit

This comment has been minimized.

Copy link
Contributor

camlafit replied Apr 12, 2018

@fser as you've checked the plugin you've seen this :)
alternc-nss require libnss-extrausers feature

@innoticFR

This comment has been minimized.

Copy link
Contributor

innoticFR replied Apr 12, 2018

Exact. alternc-nss or basic libnss-extrausers is the easiest way

apt-get install libnss-extrausers
sed -i '/extrausers/!s/\(group\|passwd\):.*/& extrausers/' /etc/nsswitch.conf
cat << EOF > /etc/cron.d/alternc-nss
0 * * * * root mysql -bNe "SELECT concat(login,':x:', uid, ':') FROM membres" > /var/lib/extrausers/group
0 * * * * root mysql -bNe "SELECT concat(login,':x:', uid, ':',uid, '::/var/www/alternc/',mid(login,1,1),'/', login, ':/usr/sbin/nologin') FROM membres" > /var/lib/extrausers/passwd
EOF
Please sign in to comment.
You can’t perform that action at this time.