1 0 stevel #!/bin/sh 2 0 stevel # 3 0 stevel # CDDL HEADER START 4 0 stevel # 5 0 stevel # The contents of this file are subject to the terms of the 6 3147 xc151355 # Common Development and Distribution License (the "License"). 7 3147 xc151355 # You may not use this file except in compliance with the License. 8 0 stevel # 9 0 stevel # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 0 stevel # or http://www.opensolaris.org/os/licensing. 11 0 stevel # See the License for the specific language governing permissions 12 0 stevel # and limitations under the License. 13 0 stevel # 14 0 stevel # When distributing Covered Code, include this CDDL HEADER in each 15 0 stevel # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 0 stevel # If applicable, add the following below this CDDL HEADER, with the 17 0 stevel # fields enclosed by brackets "[]" replaced with your own identifying 18 0 stevel # information: Portions Copyright [yyyy] [name of copyright owner] 19 0 stevel # 20 0 stevel # CDDL HEADER END 21 0 stevel # 22 9890 Darren # Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 0 stevel # Use is subject to license terms. 24 0 stevel # 25 0 stevel 26 8126 Joep CLEANUP_FILE=/tmp/CLEANUP 27 8126 Joep 28 0 stevel PATH="/usr/bin:/usr/sbin:${PATH}" 29 0 stevel export PATH 30 8126 Joep 31 8126 Joep # 32 8126 Joep # PASSREQ is enforced. We need to warn upgraders about the fact that 33 8126 Joep # they might be locked out if they don't have a root password or 34 8126 Joep # change PASSREQ 35 8126 Joep # 36 8126 Joep NOPASSWARN="Detected password-less accounts while PASSREQ=YES." 37 8126 Joep NOPASSWARN="${NOPASSWARN} Please examine ${BASEDIR}/etc/default/login before" 38 8126 Joep NOPASSWARN="${NOPASSWARN} rebooting." 39 8126 Joep 40 8126 Joep if grep -i '^PASSREQ=YES' ${BASEDIR}/etc/default/login >/dev/null 2>&1 ; then 41 8126 Joep warn_nopass=1 42 8126 Joep else 43 8126 Joep warn_nopass=0 44 8126 Joep fi 45 0 stevel 46 0 stevel while read src dest 47 0 stevel do 48 0 stevel if [ ! -f $dest ] ; then 49 0 stevel cp $src $dest 50 0 stevel else 51 0 stevel # 52 0 stevel # 2.6 & earlier versions had an smtp entry; remove it. 53 0 stevel # 54 0 stevel # Some accounts used to be shipped with "NP" they are now 55 0 stevel # shipped as "*LK*" since they shouldn't be able to run 56 0 stevel # cron jobs or login. 57 0 stevel sed ' /^smtp:/d; 58 0 stevel /^nobody:/s/:NP:/:*LK*:/; 59 0 stevel /^nobody4:/s/:NP:/:*LK*:/; 60 0 stevel /^noaccess/s/:NP:/:*LK*:/;' $dest > /tmp/d.$$ 61 0 stevel cp /tmp/d.$$ $dest 62 0 stevel rm -f /tmp/d.$$ 63 0 stevel 64 0 stevel # 65 0 stevel # Add the 'nobody' user from 4.x so that people don't 66 0 stevel # assign it to a regular user and confuse themselves 67 0 stevel # 68 0 stevel NOBODY4_LINE="nobody4:*LK*:6445::::::" 69 9890 Darren if grep "^nobody4:" $dest >/dev/null 2>&1 >/dev/null; then 70 0 stevel : 71 0 stevel else 72 0 stevel printf '/^noaccess:*LK*\na\n%s\n.\nw\nq\n' \ 73 0 stevel "$NOBODY4_LINE" | ed -s $dest > /dev/null 74 0 stevel fi 75 0 stevel 76 0 stevel # 77 0 stevel # Add the 'smmsp' user for sendmail 8.12 78 0 stevel # 79 0 stevel SMMSP_LINE="smmsp:NP:6445::::::" 80 9890 Darren if grep "$SMMSP_LINE" $dest >/dev/null 2>&1 >/dev/null; then 81 0 stevel : 82 0 stevel else 83 0 stevel printf '/^nobody4:*LK*\na\n%s\n.\nw\nq\n' \ 84 0 stevel "$SMMSP_LINE" | ed -s $dest > /dev/null 85 0 stevel fi 86 0 stevel 87 0 stevel # 88 0 stevel # Add the 'gdm' reserved user if it doesn't exist. 89 0 stevel # 90 0 stevel GDM_LINE="gdm:*LK*:::::::" 91 9890 Darren if grep "^gdm:" $dest >/dev/null 2>&1 >/dev/null; then 92 0 stevel : 93 0 stevel else 94 0 stevel printf '/^listen:\*LK\*\na\n%s\n.\nw\nq\n' \ 95 0 stevel "$GDM_LINE" | ed -s $dest > /dev/null 96 0 stevel fi 97 0 stevel 98 0 stevel # 99 0 stevel # Add the 'webservd' reserved user if it doesn't exist. 100 0 stevel # 101 0 stevel WEBSERVD_LINE="webservd:*LK*:::::::" 102 9890 Darren if grep "^webservd:" $dest >/dev/null 2>&1 >/dev/null; then 103 0 stevel : 104 0 stevel else 105 0 stevel printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 106 0 stevel "$WEBSERVD_LINE" | ed -s $dest > /dev/null 107 0 stevel fi 108 3105 jg97986 109 3105 jg97986 # 110 3105 jg97986 # Add the 'postgres' reserved user if it doesn't exist. 111 3105 jg97986 # 112 3105 jg97986 POSTGRES_LINE="postgres:NP:::::::" 113 9890 Darren if grep "^postgres:" $dest >/dev/null 2>&1 >/dev/null; then 114 3105 jg97986 : 115 3105 jg97986 else 116 3105 jg97986 printf '/^webservd:\*LK\*\na\n%s\n.\nw\nq\n' \ 117 3105 jg97986 "$POSTGRES_LINE" | ed -s $dest > /dev/null 118 3105 jg97986 fi 119 3147 xc151355 120 5983 sm156471 121 5983 sm156471 122 5983 sm156471 # 123 5983 sm156471 # Add the 'mysql' reserved user if it doesn't exist. 124 5983 sm156471 # 125 5983 sm156471 MYSQL_LINE="mysql:NP:::::::" 126 9890 Darren if grep "^mysql:" $dest >/dev/null 2>&1 >/dev/null; then 127 5983 sm156471 : 128 5983 sm156471 else 129 5983 sm156471 printf '/^postgres:\*LK\*\na\n%s\n.\nw\nq\n' \ 130 5983 sm156471 "$MYSQL_LINE" | ed -s $dest > /dev/null 131 5983 sm156471 fi 132 5983 sm156471 133 5983 sm156471 134 5983 sm156471 135 3147 xc151355 # 136 5649 pschow # Add the 'svctag' reserved user if it doesn't exist. 137 5649 pschow # 138 5649 pschow SVCTAG_LINE="svctag:*LK*:6445::::::" 139 9890 Darren if grep "^svctag:" $dest >/dev/null 2>&1 >/dev/null; then 140 5649 pschow : 141 5649 pschow else 142 5649 pschow printf '/^postgres:NP\na\n%s\n.\nw\nq\n' \ 143 5649 pschow "$SVCTAG_LINE" | ed -s $dest > /dev/null 144 5649 pschow fi 145 5649 pschow 146 5649 pschow # 147 3147 xc151355 # Add the 'dladm' reserved user if it doesn't exist. 148 3147 xc151355 # 149 3147 xc151355 DLADM_LINE="dladm:*LK*:::::::" 150 9890 Darren if grep "^dladm:" $dest >/dev/null 2>&1 >/dev/null; then 151 3147 xc151355 : 152 3147 xc151355 else 153 3147 xc151355 printf '/^nuucp:NP\na\n%s\n.\nw\nq\n' \ 154 3147 xc151355 "$DLADM_LINE" | ed -s $dest > /dev/null 155 3147 xc151355 fi 156 6784 johnlev 157 6784 johnlev # 158 6784 johnlev # Add the 'xvm' reserved user if it doesn't exist. 159 6784 johnlev # 160 6784 johnlev XVM_LINE="xvm:*LK*:::::::" 161 9890 Darren if grep "^xvm:" $dest >/dev/null 2>&1 >/dev/null; then 162 6784 johnlev : 163 6784 johnlev else 164 6784 johnlev printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 165 6784 johnlev "$XVM_LINE" | ed -s $dest > /dev/null 166 6784 johnlev fi 167 7681 tim 168 7681 tim # 169 7681 tim # Add the 'zfssnap' reserved user if it doesn't exist. 170 7681 tim # 171 7681 tim ZFSSNAP_LINE="zfssnap:NP:::::::" 172 7681 tim if grep "^zfssnap:" $dest 2>&1 > /dev/null; then 173 7681 tim : 174 7681 tim else 175 7681 tim printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \ 176 7681 tim "$ZFSSNAP_LINE" | ed -s $dest > /dev/null 177 7681 tim fi 178 9890 Darren 179 9890 Darren # 180 9890 Darren # Add the 'upnp' reserved user if it doesn't exist. 181 9890 Darren # 182 9890 Darren UPNP_LINE="upnp:NP:::::::" 183 9890 Darren if grep "^upnp:" $dest 2>&1 > /dev/null; then 184 9890 Darren : 185 9890 Darren else 186 9890 Darren printf '/^zfssnap:\*LK\*\na\n%s\n.\nw\nq\n' \ 187 9890 Darren "$UPNP_LINE" | ed -s $dest > /dev/null 188 9890 Darren fi 189 9890 Darren 190 7721 Doug # 191 7721 Doug # Add the 'openldap' reserved user if it doesn't exist. 192 7721 Doug # 193 7721 Doug OPENLDAP_LINE="openldap:*LK*:::::::" 194 9890 Darren if grep "^openldap:" $dest >/dev/null 2>&1 >/dev/null; then 195 7721 Doug : 196 7721 Doug else 197 7721 Doug printf '/^mysql:NP\na\n%s\n.\nw\nq\n' \ 198 7721 Doug "$OPENLDAP_LINE" | ed -s $dest > /dev/null 199 7721 Doug fi 200 8126 Joep 201 8126 Joep # 202 8126 Joep # Warn the user if an empty password is found and 203 8126 Joep # PASSREQ is set to yes. 204 8126 Joep # 205 8126 Joep if [ $warn_nopass -eq 1 ]; then 206 8126 Joep if grep '^[^:]*::' $dest > /dev/null 2>&1 ; then 207 8126 Joep echo "${dest} $NOPASSWARN" >> ${CLEANUP_FILE} 208 8126 Joep warn_nopass=0; 209 8126 Joep fi 210 8126 Joep fi 211 8126 Joep 212 0 stevel fi 213 0 stevel done 214 0 stevel 215 0 stevel exit 0 216
Indexes created Fri Nov 27 11:35:09 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.