Home | History | Annotate | Download | only in common_files
      1 #!/bin/sh
      2 #
      3 # CDDL HEADER START
      4 #
      5 # The contents of this file are subject to the terms of the
      6 # Common Development and Distribution License (the "License").
      7 # You may not use this file except in compliance with the License.
      8 #
      9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10 # or http://www.opensolaris.org/os/licensing.
     11 # See the License for the specific language governing permissions
     12 # and limitations under the License.
     13 #
     14 # When distributing Covered Code, include this CDDL HEADER in each
     15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16 # If applicable, add the following below this CDDL HEADER, with the
     17 # fields enclosed by brackets "[]" replaced with your own identifying
     18 # information: Portions Copyright [yyyy] [name of copyright owner]
     19 #
     20 # CDDL HEADER END
     21 #
     22 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
     23 # Use is subject to license terms.
     24 #
     25 
     26 CLEANUP_FILE=/tmp/CLEANUP
     27 
     28 PATH="/usr/bin:/usr/sbin:${PATH}"
     29 export PATH
     30 
     31 #
     32 # PASSREQ is enforced. We need to warn upgraders about the fact that
     33 # they might be locked out if they don't have a root password or
     34 # change PASSREQ
     35 #
     36 NOPASSWARN="Detected password-less accounts while PASSREQ=YES."
     37 NOPASSWARN="${NOPASSWARN} Please examine ${BASEDIR}/etc/default/login before"
     38 NOPASSWARN="${NOPASSWARN} rebooting."
     39 
     40 if grep -i '^PASSREQ=YES'  ${BASEDIR}/etc/default/login >/dev/null 2>&1 ; then
     41 	warn_nopass=1
     42 else
     43 	warn_nopass=0
     44 fi
     45 
     46 while read src dest
     47 do
     48 	if [ ! -f $dest ] ; then
     49 		cp $src $dest
     50 	else
     51 		#
     52 		# 2.6 & earlier versions had an smtp entry; remove it.
     53 		#
     54 		# Some accounts used to be shipped with "NP" they are now
     55 		# shipped as "*LK*" since they shouldn't be able to run
     56 		# cron jobs or login.
     57 		sed '	/^smtp:/d;
     58 			/^nobody:/s/:NP:/:*LK*:/;
     59 			/^nobody4:/s/:NP:/:*LK*:/;
     60 			/^noaccess/s/:NP:/:*LK*:/;' $dest > /tmp/d.$$
     61 		cp /tmp/d.$$ $dest
     62 		rm -f /tmp/d.$$
     63 
     64 		#
     65 		# Add the 'nobody' user from 4.x so that people don't
     66 		# assign it to a regular user and confuse themselves
     67 		#
     68 		NOBODY4_LINE="nobody4:*LK*:6445::::::"
     69 		if grep "^nobody4:" $dest >/dev/null 2>&1 >/dev/null; then
     70 			:
     71 		else
     72 			printf '/^noaccess:*LK*\na\n%s\n.\nw\nq\n' \
     73 				"$NOBODY4_LINE" | ed -s $dest > /dev/null
     74 		fi
     75 
     76 		#
     77 		# Add the 'smmsp' user for sendmail 8.12
     78 		#
     79 		SMMSP_LINE="smmsp:NP:6445::::::"
     80 		if grep "$SMMSP_LINE" $dest >/dev/null 2>&1 >/dev/null; then
     81 			:
     82 		else
     83 			printf '/^nobody4:*LK*\na\n%s\n.\nw\nq\n' \
     84 				"$SMMSP_LINE" | ed -s $dest > /dev/null
     85 		fi
     86 
     87 		#
     88 		# Add the 'gdm' reserved user if it doesn't exist.
     89 		#
     90 		GDM_LINE="gdm:*LK*:::::::"
     91 		if grep "^gdm:" $dest >/dev/null 2>&1 >/dev/null; then
     92 			:
     93 		else
     94 			printf '/^listen:\*LK\*\na\n%s\n.\nw\nq\n' \
     95 				"$GDM_LINE" | ed -s $dest > /dev/null
     96 		fi
     97 
     98 		#
     99 		# Add the 'webservd' reserved user if it doesn't exist.
    100 		#
    101 		WEBSERVD_LINE="webservd:*LK*:::::::"
    102 		if grep "^webservd:" $dest >/dev/null 2>&1 >/dev/null; then
    103 			:
    104 		else
    105 			printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
    106 				"$WEBSERVD_LINE" | ed -s $dest > /dev/null
    107 		fi
    108 
    109 		#
    110 		# Add the 'postgres' reserved user if it doesn't exist.
    111 		#
    112 		POSTGRES_LINE="postgres:NP:::::::"
    113 		if grep "^postgres:" $dest >/dev/null 2>&1 >/dev/null; then
    114 			:
    115 		else
    116 			printf '/^webservd:\*LK\*\na\n%s\n.\nw\nq\n' \
    117 			    "$POSTGRES_LINE" | ed -s $dest > /dev/null
    118 		fi
    119 
    120 
    121 
    122   	 	#
    123                 # Add the 'mysql' reserved user if it doesn't exist.
    124                 #
    125                 MYSQL_LINE="mysql:NP:::::::"
    126                 if grep "^mysql:" $dest >/dev/null 2>&1 >/dev/null; then
    127                         :
    128                 else
    129                         printf '/^postgres:\*LK\*\na\n%s\n.\nw\nq\n' \
    130                             "$MYSQL_LINE" | ed -s $dest > /dev/null
    131                 fi
    132 	
    133 
    134 
    135 		#
    136 		# Add the 'svctag' reserved user if it doesn't exist.
    137 		#
    138 		SVCTAG_LINE="svctag:*LK*:6445::::::"
    139 		if grep "^svctag:" $dest >/dev/null 2>&1 >/dev/null; then
    140 			:
    141 		else
    142 			printf '/^postgres:NP\na\n%s\n.\nw\nq\n' \
    143 			    "$SVCTAG_LINE" | ed -s $dest > /dev/null
    144 		fi
    145 
    146 		#
    147 		# Add the 'unknown' reserved user if it doesn't exist.
    148 		#
    149 		UNKNOWN_LINE="unknown:*LK*:::::::"
    150 		if grep "^unknown:" $dest >/dev/null 2>&1 >/dev/null; then
    151 			:
    152 		else
    153 			printf '/^svctag:*LK*\na\n%s\n.\nw\nq\n' \
    154 			    "$UNKNOWN_LINE" | ed -s $dest > /dev/null
    155 		fi
    156 	
    157 
    158 		#
    159 		# Add the 'dladm' reserved user if it doesn't exist.
    160 		#
    161 		DLADM_LINE="dladm:*LK*:::::::"
    162 		if grep "^dladm:" $dest >/dev/null 2>&1 >/dev/null; then
    163 			:
    164 		else
    165 			printf '/^nuucp:NP\na\n%s\n.\nw\nq\n' \
    166 				"$DLADM_LINE" | ed -s $dest > /dev/null
    167 		fi
    168 
    169 		#
    170 		# Add the 'xvm' reserved user if it doesn't exist.
    171 		#
    172 		XVM_LINE="xvm:*LK*:::::::"
    173 		if grep "^xvm:" $dest >/dev/null 2>&1 >/dev/null; then
    174 			:
    175 		else
    176 			printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
    177 				"$XVM_LINE" | ed -s $dest > /dev/null
    178 		fi
    179 
    180 		#
    181 		# Add the 'zfssnap' reserved user if it doesn't exist.
    182 		#
    183 		ZFSSNAP_LINE="zfssnap:NP:::::::"
    184 		if grep "^zfssnap:" $dest 2>&1 > /dev/null; then
    185 			:
    186 		else
    187 			printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
    188 				"$ZFSSNAP_LINE" | ed -s $dest > /dev/null
    189 		fi
    190 
    191 		#
    192 		# Add the 'upnp' reserved user if it doesn't exist.
    193 		#
    194 		UPNP_LINE="upnp:NP:::::::"
    195 		if grep "^upnp:" $dest 2>&1 > /dev/null; then
    196 			:
    197 		else
    198 			printf '/^zfssnap:\*LK\*\na\n%s\n.\nw\nq\n' \
    199 				"$UPNP_LINE" | ed -s $dest > /dev/null
    200 		fi
    201 
    202 		#
    203 		# Add the 'openldap' reserved user if it doesn't exist.
    204 		#
    205 		OPENLDAP_LINE="openldap:*LK*:::::::"
    206 		if grep "^openldap:" $dest >/dev/null 2>&1 >/dev/null; then
    207 			:
    208 		else
    209 			printf '/^mysql:NP\na\n%s\n.\nw\nq\n' \
    210 				"$OPENLDAP_LINE" | ed -s $dest > /dev/null
    211 		fi
    212 
    213 		#
    214 		# Warn the user if an empty password is found and
    215 		# PASSREQ is set to yes.
    216 		#
    217 		if [ $warn_nopass -eq 1 ]; then
    218 			if grep '^[^:]*::' $dest > /dev/null 2>&1 ; then
    219 				echo "${dest} $NOPASSWARN" >> ${CLEANUP_FILE}
    220 				warn_nopass=0;
    221 			fi
    222 		fi
    223 
    224 	fi
    225 done
    226 
    227 exit 0
    228