From 809a0fada1e5938185c70324f9c3e56020d94ed0 Mon Sep 17 00:00:00 2001 From: Marco van Wieringen Date: Wed, 21 Jan 2015 13:38:01 +0100 Subject: [PATCH] Fix removing of supplemental groups. Need some coding as usermod -a doesn't work on all platforms. We now figure out if we are creating a user from scratch e.g. its doesn't exist at all or need to update it. For that we look at all groups the user currently is in and add the wanted groups if they are missing. This should work on all platforms as we script around and only use options available on all platforms. When we use usermod -G we supply the full list groups including any specific groups added by the sysadmin. Fixes #382: Don't remove supplemental groups on install. --- scripts/bareos-config-lib.sh.in | 95 ++++++++++++++++++++++++--------- 1 file changed, 70 insertions(+), 25 deletions(-) diff --git a/scripts/bareos-config-lib.sh.in b/scripts/bareos-config-lib.sh.in index 09ac9fd2228..b4359567fcf 100644 --- a/scripts/bareos-config-lib.sh.in +++ b/scripts/bareos-config-lib.sh.in @@ -54,6 +54,11 @@ is_function() # fi # } +info() +{ + echo "$@" >&2 +} + warn() { echo "Warning: $@" >&2 @@ -202,44 +207,84 @@ get_database_utility_path() setup_sd_user() { # - # guaranties that storage-daemon user and group exists + # Guaranties that storage-daemon user and group exists # and storage-daemon user belongs to the required groups. # # normally, storage-daemon user # is already installed by the package preinstall script. # - # - # See what secondary groups exist for the sd user to be added to. - # - ADD_GROUPS="" - for sec_group in ${SEC_GROUPS}; do - cnt=`getent group ${sec_group} | wc -l` - if [ ${cnt} -gt 0 ]; then - [ -z "${ADD_GROUPS}" ] && ADD_GROUPS="-G ${sec_group}" || ADD_GROUPS="${ADD_GROUPS},${sec_group}" - fi - done - getent group ${STORAGE_DAEMON_GROUP} > /dev/null || groupadd -r ${STORAGE_DAEMON_GROUP} # # If the user doesn't exist create a new one otherwise modify it to have the wanted secondary groups. # - if [ "${STORAGE_DAEMON_USER}" != "root" ]; then - getent passwd ${STORAGE_DAEMON_USER} > /dev/null - if [ $? -ne 0 ]; then - # create a new storage_daemon_user - useradd -r --comment "bareos" --home ${WORKING_DIR} -g ${STORAGE_DAEMON_GROUP} ${ADD_GROUPS} --shell /bin/false ${STORAGE_DAEMON_USER} - fi + if [ -z "${STORAGE_DAEMON_USER}" ]; then + info "SKIPPED: no storage daemon user specified." + return 0 + fi + + if getent passwd ${STORAGE_DAEMON_USER} > /dev/null; then + if [ "${STORAGE_DAEMON_USER}" != "root" ]; then + # + # Build a list of all groups the user is already in. + # + ADD_GROUPS="" + CUR_ADD_GROUPS=`id -Gn ${STORAGE_DAEMON_USER}` + for sec_group in ${CUR_ADD_GROUPS}; do + [ -z "${USERMOD_CMDLINE}" ] && USERMOD_CMDLINE="usermod -G ${sec_group}" || USERMOD_CMDLINE="${USERMOD_CMDLINE},${sec_group}" + done + + # + # See what secondary groups exist for the SD user to be added to. + # + for sec_group in ${SEC_GROUPS}; do + if getent group ${sec_group} >/dev/null; then + found=0 + for group in ${CUR_ADD_GROUPS}; do + if [ ${group} = ${sec_group} ]; then + found=1 + fi + done + + if [ ${found} = 0 ]; then + [ -z "${ADD_GROUPS}" ] && ADD_GROUPS="${sec_group}" || ADD_GROUPS="${ADD_GROUPS} ${sec_group}" + [ -z "${USERMOD_CMDLINE}" ] && USERMOD_CMDLINE="usermod -G ${sec_group}" || USERMOD_CMDLINE="${USERMOD_CMDLINE},${sec_group}" + fi + fi + done + + # + # If the user was already created before, + # Make sure the correct primary group is set otherwise fix it. + # + if [ "`id -gn ${STORAGE_DAEMON_USER}`" != "${STORAGE_DAEMON_GROUP}" ]; then + usermod -g ${STORAGE_DAEMON_GROUP} ${STORAGE_DAEMON_USER} || warn "failed to add groups ${STORAGE_DAEMON_GROUP} to ${STORAGE_DAEMON_USER}" + fi - # if the user has already created before, - # make sure the correct primary group is set otherwise fix it. - if [ "`id -gn ${STORAGE_DAEMON_USER}`" != "${STORAGE_DAEMON_GROUP}" ]; then - usermod -g ${STORAGE_DAEMON_GROUP} ${STORAGE_DAEMON_USER} + # + # Add the storage_daemon_user to additional groups (if needed) + # + if [ -n "${ADD_GROUPS}" ]; then + ${USERMOD_CMDLINE} ${STORAGE_DAEMON_USER} || warn "failed: ${USERMOD_CMDLINE} ${STORAGE_DAEMON_USER}" + fi fi + else + # + # User doesn't exist so create it. + # Determine additional groups the user should be in. + # + NEW_ADD_GROUPS="" + for sec_group in ${SEC_GROUPS}; do + if getent group ${sec_group}; then + [ -z "${NEW_ADD_GROUPS}" ] && NEW_ADD_GROUPS="-G ${sec_group}" || NEW_ADD_GROUPS="${NEW_ADD_GROUPS},${sec_group}" + fi + done - # add the storage_daemon_user to additional groups (if defined) - [ "${ADD_GROUPS}" ] && usermod ${ADD_GROUPS} ${STORAGE_DAEMON_USER} + # + # Create a new storage_daemon_user + # + useradd -r --comment "bareos" --home ${WORKING_DIR} -g ${STORAGE_DAEMON_GROUP} ${NEW_ADD_GROUPS} --shell /bin/false ${STORAGE_DAEMON_USER} || warn "failed to create user ${STORAGE_DAEMON_USER}" fi } @@ -560,7 +605,7 @@ translate_sql_files() mkdir -p `dirname $dest_file` get_translated_sql_file ${SOURCE_DIR}/$i > $dest_file # in case of errors, remove file - if [ $? -ne 0 ]; then + if [ $? != 0 ]; then rm -f $dest_file fi done