forked from coreos/ignition
-
Notifications
You must be signed in to change notification settings - Fork 0
/
passwd.go
99 lines (84 loc) · 2.58 KB
/
passwd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Copyright 2018 CoreOS, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package files
import (
"fmt"
"github.com/coreos/ignition/internal/config/types"
)
// createPasswd creates the users and groups as described in config.Passwd.
func (s *stage) createPasswd(config types.Config) error {
if err := s.createGroups(config); err != nil {
return fmt.Errorf("failed to create groups: %v", err)
}
if err := s.createUsers(config); err != nil {
return fmt.Errorf("failed to create users: %v", err)
}
// to be safe, just blanket mark all passwd-related files rather than
// trying to make it more granular based on which executables we ran
if len(config.Passwd.Groups) != 0 || len(config.Passwd.Users) != 0 {
s.relabel(
"/etc/passwd*",
"/etc/group*",
"/etc/shadow*",
"/etc/gshadow*",
"/etc/subuid*",
"/etc/subgid*",
"/etc/.pwd.lock",
"/home",
"/root",
// for OSTree-based systems (newer restorecon doesn't follow symlinks)
"/var/home",
"/var/roothome",
)
}
return nil
}
// createUsers creates the users as described in config.Passwd.Users.
func (s stage) createUsers(config types.Config) error {
if len(config.Passwd.Users) == 0 {
return nil
}
s.Logger.PushPrefix("createUsers")
defer s.Logger.PopPrefix()
for _, u := range config.Passwd.Users {
if err := s.EnsureUser(u); err != nil {
return fmt.Errorf("failed to create user %q: %v",
u.Name, err)
}
if err := s.SetPasswordHash(u); err != nil {
return fmt.Errorf("failed to set password for %q: %v",
u.Name, err)
}
if err := s.AuthorizeSSHKeys(u); err != nil {
return fmt.Errorf("failed to add keys to user %q: %v",
u.Name, err)
}
}
return nil
}
// createGroups creates the users as described in config.Passwd.Groups.
func (s stage) createGroups(config types.Config) error {
if len(config.Passwd.Groups) == 0 {
return nil
}
s.Logger.PushPrefix("createGroups")
defer s.Logger.PopPrefix()
for _, g := range config.Passwd.Groups {
if err := s.CreateGroup(g); err != nil {
return fmt.Errorf("failed to create group %q: %v",
g.Name, err)
}
}
return nil
}