#!/bin/sh set -e if [ -e /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule db_version 2.0 fi [ -n "${DEBUG}" ] && set -o xtrace PACKAGE=::package:: [ -n "${DEBUG}" ] && echo "PostInst Parameters: $@" ################################################################### # Subvert an existing user, in case we are installing somewhere we # already exist ################################################################### subvert_existing_user() { USERNAME="$1" db_get ${PACKAGE}/use_existing_username if [ "$RET" = "false" ] ; then return 1 fi echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username USERID="`getent passwd ${USERNAME} | cut -f3 -d:`" USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`" echo "$USERID" >/etc/sysadmins/${PACKAGE}/installed_userid echo "$USERGID" >/etc/sysadmins/${PACKAGE}/installed_usergid echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}" return 0 } ################################################################### # Make a new user, first time up ################################################################### make_new_user() { PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true [ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}" if [ "$PREFUID" != "" ] ; then getent passwd $PREFUID || USERID=${PREFUID} fi if [ "$PREFGID" != "" ] ; then getent group $PREFGID || USERGID=${PREFGID} fi HOMEDIR="/home/${USERNAME}" ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash" [ "${USERID}" != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}" if [ "${USERGID}" != "" ] ; then ADDUSER="${ADDUSER} --gid ${USERGID}" groupadd -g ${USERGID} ${USERNAME} || true fi ${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME} USERID="`getent passwd ${USERNAME} | cut -f3 -d:`" USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`" if [ ! -e "${HOMEDIR}" ] ; then cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR} chown -R ${USERID}:${USERGID} ${HOMEDIR} # Make sure the user home and .ssh directories aren't globally writable chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh fi echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username echo "${USERID}" >/etc/sysadmins/${PACKAGE}/installed_userid echo "${USERGID}" >/etc/sysadmins/${PACKAGE}/installed_usergid echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}" } ################################################################### # Generate a password (if needed) and notify ################################################################### generate_and_notify() { NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email` # if we're on woody, use --always-trust instead of --trust-model DEBVERSION=`head /etc/debian_version` if [ "${DEBVERSION}" = "3.0" ]; then TRUSTOPT="--always-trust" else TRUSTOPT="--trust-model always" fi # Make sure that the gpg directory is secure chmod 700 /etc/sysadmins/${PACKAGE}/gpg # work out if we need it. if [ "${NOTIFYADDR}" != "none" ]; then GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor" EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"` if [ "$EXISTINGHASH" = "*" ] ; then # okay, we're all good, generate and store. NEWPASS="`pwgen -N 1`" || true DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true` MESSAGE="This message was placed here by ${PACKAGE} Your shell password for $USERNAME@`uname -n`$DESC was set as follows: ${NEWPASS} " echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg echo ${USERNAME}:${NEWPASS} | chpasswd PASSMESS="Your shell password is: ${NEWPASS}" echo "Set new password for ${USERNAME}." else if [ "$NEWINSTALL" = "Yes" ]; then PASSMESS="Existing shell password was kept." echo "Existing password kept for ${USERNAME}." else PASSMESS="" fi fi SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null` if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then PASSMESS="" fi if [ -f /etc/sysadmins/suppress_email_notify ] ; then GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null` if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then PASSMESS="" fi fi if [ "$PASSMESS" != "" ] ; then # we want to send email, so build an email. MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'` MESSAGE="Hi there! This is the postinst script for ${PACKAGE} running on `/bin/hostname -f`. Your package was installed or upgraded on this machine. This host runs `/bin/cat /etc/issue.net` and has the following IP addresses: $MESSAGEIP $PASSMESS Thanks! " echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR} echo "Notified ${NOTIFYADDR} of new account." fi else echo "Not setting new password" fi } ################################################################### # Update the user's local home directory files from the template ################################################################### update_if_desired() { HOMEDIR="/home/${USERNAME}" MODFILES="" WD="`pwd`" SKELDIR=/etc/sysadmins/${PACKAGE}/skel cd "${SKELDIR}" # Remove any cruft left around by choosing to use new versions of files find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm for F in `find . -type f ` ; do if [ -f ${HOMEDIR}/$F ]; then EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`" REVISION="`md5sum $F | cut -f1 -d' '`" [ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}" else MODFILES="${MODFILES} ${F}" fi done cd "${WD}" if [ "${MODFILES}" = "" ] ; then echo "No changes needed to existing home directory" else db_get ${PACKAGE}/overwrite_local_files if [ "$RET" = "false" ] ; then echo "Package files differ but I am not updating them - copy manually if desired" else echo "Updating local files from package versions" for F in ${MODFILES} ; do # If we are installing on a machine with NFS mounted /home # then things _will_ fail but we just sail on anyway... FILEDIR="`dirname \"${HOMEDIR}/${F}\"`" if [ ! -d "${FILEDIR}" ] ; then mkdir -p "${FILEDIR}" || continue fi cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue chmod og-w "${HOMEDIR}/${F}" || continue # If this is an authorized keys file then we append a local # keys to the authorized_keys file, if present. if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then echo "Appending local keys to packaged authorized_keys" cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F} fi done # And also be a bit anal in general to allow a re-install # to fix SSH permissions chmod og-w "${HOMEDIR}" chmod og-w "${HOMEDIR}/.ssh" fi fi } ################################################################### # Have they been installed already, or not? ################################################################### NEWINSTALL="No" if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`" USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" update_if_desired else USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`" for N in ${USERNAMES} ; do ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true if [ "x${ENTRY}" = "x" ] ; then USERNAME="${N}" make_new_user break else if subvert_existing_user "${ENTRY}" ; then update_if_desired break fi fi done USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" # So we notify them, regardless of whether the password is set or not. NEWINSTALL="Yes" fi # Generate the password and email generate_and_notify case $1 in configure) # We need to reset the ownership / permissions if they # have previously been installed and then removed... if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then passwd -u "${USERNAME}" || true chown ${USERID}:${USERGID} /home/${USERNAME} || true chmod 750 /home/${USERNAME} || true fi ;; esac #DEBHELPER#