1 #!/bin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 # Use is subject to license terms. 24 # 25 26 CLEANUP_FILE=/tmp/CLEANUP 27 28 PATH="/usr/bin:/usr/sbin:${PATH}" 29 export PATH 30 31 # 32 # PASSREQ is enforced. We need to warn upgraders about the fact that 33 # they might be locked out if they don't have a root password or 34 # change PASSREQ 35 # 36 NOPASSWARN="Detected password-less accounts while PASSREQ=YES." 37 NOPASSWARN="${NOPASSWARN} Please examine ${BASEDIR}/etc/default/login before" 38 NOPASSWARN="${NOPASSWARN} rebooting." 39 40 if grep -i '^PASSREQ=YES' ${BASEDIR}/etc/default/login >/dev/null 2>&1 ; then 41 warn_nopass=1 42 else 43 warn_nopass=0 44 fi 45 46 while read src dest 47 do 48 if [ ! -f $dest ] ; then 49 cp $src $dest 50 else 51 # 52 # 2.6 & earlier versions had an smtp entry; remove it. 53 # 54 # Some accounts used to be shipped with "NP" they are now 55 # shipped as "*LK*" since they shouldn't be able to run 56 # cron jobs or login. 57 sed ' /^smtp:/d; 58 /^nobody:/s/:NP:/:*LK*:/; 59 /^nobody4:/s/:NP:/:*LK*:/; 60 /^noaccess/s/:NP:/:*LK*:/;' $dest > /tmp/d.$$ 61 cp /tmp/d.$$ $dest 62 rm -f /tmp/d.$$ 63 64 # 65 # Add the 'nobody' user from 4.x so that people don't 66 # assign it to a regular user and confuse themselves 67 # 68 NOBODY4_LINE="nobody4:*LK*:6445::::::" 69 if grep "^nobody4:" $dest >/dev/null 2>&1 >/dev/null; then 70 : 71 else 72 printf '/^noaccess:*LK*\na\n%s\n.\nw\nq\n' \ 73 "$NOBODY4_LINE" | ed -s $dest > /dev/null 74 fi 75 76 # 77 # Add the 'smmsp' user for sendmail 8.12 78 # 79 SMMSP_LINE="smmsp:NP:6445::::::" 80 if grep "$SMMSP_LINE" $dest >/dev/null 2>&1 >/dev/null; then 81 : 82 else 83 printf '/^nobody4:*LK*\na\n%s\n.\nw\nq\n' \ 84 "$SMMSP_LINE" | ed -s $dest > /dev/null 85 fi 86 87 # 88 # Add the 'gdm' reserved user if it doesn't exist. 89 # 90 GDM_LINE="gdm:*LK*:::::::" 91 if grep "^gdm:" $dest >/dev/null 2>&1 >/dev/null; then 92 : 93 else 94 printf '/^listen:\*LK\*\na\n%s\n.\nw\nq\n' \ 95 "$GDM_LINE" | ed -s $dest > /dev/null 96 fi 97 98 # 99 # Add the 'webservd' reserved user if it doesn't exist. 100 # 101 WEBSERVD_LINE="webservd:*LK*:::::::" 102 if grep "^webservd:" $dest >/dev/null 2>&1 >/dev/null; then 103 : 104 else 105 printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 106 "$WEBSERVD_LINE" | ed -s $dest > /dev/null 107 fi 108 109 # 110 # Add the 'postgres' reserved user if it doesn't exist. 111 # 112 POSTGRES_LINE="postgres:NP:::::::" 113 if grep "^postgres:" $dest >/dev/null 2>&1 >/dev/null; then 114 : 115 else 116 printf '/^webservd:\*LK\*\na\n%s\n.\nw\nq\n' \ 117 "$POSTGRES_LINE" | ed -s $dest > /dev/null 118 fi 119 120 121 122 # 123 # Add the 'mysql' reserved user if it doesn't exist. 124 # 125 MYSQL_LINE="mysql:NP:::::::" 126 if grep "^mysql:" $dest >/dev/null 2>&1 >/dev/null; then 127 : 128 else 129 printf '/^postgres:\*LK\*\na\n%s\n.\nw\nq\n' \ 130 "$MYSQL_LINE" | ed -s $dest > /dev/null 131 fi 132 133 134 135 # 136 # Add the 'svctag' reserved user if it doesn't exist. 137 # 138 SVCTAG_LINE="svctag:*LK*:6445::::::" 139 if grep "^svctag:" $dest >/dev/null 2>&1 >/dev/null; then 140 : 141 else 142 printf '/^postgres:NP\na\n%s\n.\nw\nq\n' \ 143 "$SVCTAG_LINE" | ed -s $dest > /dev/null 144 fi 145 146 # 147 # Add the 'dladm' reserved user if it doesn't exist. 148 # 149 DLADM_LINE="dladm:*LK*:::::::" 150 if grep "^dladm:" $dest >/dev/null 2>&1 >/dev/null; then 151 : 152 else 153 printf '/^nuucp:NP\na\n%s\n.\nw\nq\n' \ 154 "$DLADM_LINE" | ed -s $dest > /dev/null 155 fi 156 157 # 158 # Add the 'xvm' reserved user if it doesn't exist. 159 # 160 XVM_LINE="xvm:*LK*:::::::" 161 if grep "^xvm:" $dest >/dev/null 2>&1 >/dev/null; then 162 : 163 else 164 printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 165 "$XVM_LINE" | ed -s $dest > /dev/null 166 fi 167 168 # 169 # Add the 'zfssnap' reserved user if it doesn't exist. 170 # 171 ZFSSNAP_LINE="zfssnap:NP:::::::" 172 if grep "^zfssnap:" $dest 2>&1 > /dev/null; then 173 : 174 else 175 printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 176 "$ZFSSNAP_LINE" | ed -s $dest > /dev/null 177 fi 178 179 # 180 # Add the 'upnp' reserved user if it doesn't exist. 181 # 182 UPNP_LINE="upnp:NP:::::::" 183 if grep "^upnp:" $dest 2>&1 > /dev/null; then 184 : 185 else 186 printf '/^zfssnap:\*LK\*\na\n%s\n.\nw\nq\n' \ 187 "$UPNP_LINE" | ed -s $dest > /dev/null 188 fi 189 190 # 191 # Add the 'openldap' reserved user if it doesn't exist. 192 # 193 OPENLDAP_LINE="openldap:*LK*:::::::" 194 if grep "^openldap:" $dest >/dev/null 2>&1 >/dev/null; then 195 : 196 else 197 printf '/^mysql:NP\na\n%s\n.\nw\nq\n' \ 198 "$OPENLDAP_LINE" | ed -s $dest > /dev/null 199 fi 200 201 # 202 # Warn the user if an empty password is found and 203 # PASSREQ is set to yes. 204 # 205 if [ $warn_nopass -eq 1 ]; then 206 if grep '^[^:]*::' $dest > /dev/null 2>&1 ; then 207 echo "${dest} $NOPASSWARN" >> ${CLEANUP_FILE} 208 warn_nopass=0; 209 fi 210 fi 211 212 fi 213 done 214 215 exit 0 216
Indexes created Sun Nov 08 00:10:13 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.