johnno/positiveinternet-userpackage
Template
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
positiveinternet-userpackage/debian/sysadmin.postinst
Jonathan Harker 0658661220 Initial commit.
2012-09-28 02:30:23 +01:00

261 lines
8.9 KiB
Bash
Raw Blame History

#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_version 2.0
fi
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
###################################################################
# Subvert an existing user, in case we are installing somewhere we
# already exist
###################################################################
subvert_existing_user() {
USERNAME="$1"
db_get ${PACKAGE}/use_existing_username
if [ "$RET" = "false" ] ; then
return 1
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
echo "$USERID" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "$USERGID" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
return 0
}
###################################################################
# Make a new user, first time up
###################################################################
make_new_user() {
PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true
PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true
USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true
[ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}"
if [ "$PREFUID" != "" ] ; then
getent passwd $PREFUID || USERID=${PREFUID}
fi
if [ "$PREFGID" != "" ] ; then
getent group $PREFGID || USERGID=${PREFGID}
fi
HOMEDIR="/home/${USERNAME}"
ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash"
[ "${USERID}" != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}"
if [ "${USERGID}" != "" ] ; then
ADDUSER="${ADDUSER} --gid ${USERGID}"
groupadd -g ${USERGID} ${USERNAME} || true
fi
${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME}
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
if [ ! -e "${HOMEDIR}" ] ; then
cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR}
chown -R ${USERID}:${USERGID} ${HOMEDIR}
# Make sure the user home and .ssh directories aren't globally writable
chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
echo "${USERID}" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "${USERGID}" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
}
###################################################################
# Generate a password (if needed) and notify
###################################################################
generate_and_notify() {
NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email`
# if we're on woody, use --always-trust instead of --trust-model
DEBVERSION=`head /etc/debian_version`
if [ "${DEBVERSION}" = "3.0" ]; then
TRUSTOPT="--always-trust"
else
TRUSTOPT="--trust-model always"
fi
# Make sure that the gpg directory is secure
chmod 700 /etc/sysadmins/${PACKAGE}/gpg
# work out if we need it.
if [ "${NOTIFYADDR}" != "none" ]; then
GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor"
EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"`
if [ "$EXISTINGHASH" = "*" ] ; then
# okay, we're all good, generate and store.
NEWPASS="`pwgen -N 1`" || true
DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true`
MESSAGE="This message was placed here by ${PACKAGE}
Your shell password for $USERNAME@`uname -n`$DESC
was set as follows:
${NEWPASS}
"
echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg
echo ${USERNAME}:${NEWPASS} | chpasswd
PASSMESS="Your shell password is: ${NEWPASS}"
echo "Set new password for ${USERNAME}."
else
if [ "$NEWINSTALL" = "Yes" ]; then
PASSMESS="Existing shell password was kept."
echo "Existing password kept for ${USERNAME}."
else
PASSMESS=""
fi
fi
SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null`
if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
if [ -f /etc/sysadmins/suppress_email_notify ] ; then
GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null`
if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
fi
if [ "$PASSMESS" != "" ] ; then
# we want to send email, so build an email.
MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'`
MESSAGE="Hi there!
This is the postinst script for ${PACKAGE} running
on `/bin/hostname -f`.
Your package was installed or upgraded on this machine.
This host runs `/bin/cat /etc/issue.net` and has the following IP addresses:
$MESSAGEIP
$PASSMESS
Thanks!
"
echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR}
echo "Notified ${NOTIFYADDR} of new account."
fi
else
echo "Not setting new password"
fi
}
###################################################################
# Update the user's local home directory files from the template
###################################################################
update_if_desired() {
HOMEDIR="/home/${USERNAME}"
MODFILES=""
WD="`pwd`"
SKELDIR=/etc/sysadmins/${PACKAGE}/skel
cd "${SKELDIR}"
# Remove any cruft left around by choosing to use new versions of files
find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm
for F in `find . -type f ` ; do
if [ -f ${HOMEDIR}/$F ]; then
EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`"
REVISION="`md5sum $F | cut -f1 -d' '`"
[ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}"
else
MODFILES="${MODFILES} ${F}"
fi
done
cd "${WD}"
if [ "${MODFILES}" = "" ] ; then
echo "No changes needed to existing home directory"
else
db_get ${PACKAGE}/overwrite_local_files
if [ "$RET" = "false" ] ; then
echo "Package files differ but I am not updating them - copy manually if desired"
else
echo "Updating local files from package versions"
for F in ${MODFILES} ; do
# If we are installing on a machine with NFS mounted /home
# then things _will_ fail but we just sail on anyway...
FILEDIR="`dirname \"${HOMEDIR}/${F}\"`"
if [ ! -d "${FILEDIR}" ] ; then
mkdir -p "${FILEDIR}" || continue
fi
cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue
chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue
chmod og-w "${HOMEDIR}/${F}" || continue
# If this is an authorized keys file then we append a local
# keys to the authorized_keys file, if present.
if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then
echo "Appending local keys to packaged authorized_keys"
cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F}
fi
done
# And also be a bit anal in general to allow a re-install
# to fix SSH permissions
chmod og-w "${HOMEDIR}"
chmod og-w "${HOMEDIR}/.ssh"
fi
fi
}
###################################################################
# Have they been installed already, or not?
###################################################################
NEWINSTALL="No"
if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`"
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
update_if_desired
else
USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`"
for N in ${USERNAMES} ; do
ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true
if [ "x${ENTRY}" = "x" ] ; then
USERNAME="${N}"
make_new_user
break
else
if subvert_existing_user "${ENTRY}" ; then
update_if_desired
break
fi
fi
done
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
# So we notify them, regardless of whether the password is set or not.
NEWINSTALL="Yes"
fi
# Generate the password and email
generate_and_notify
case $1 in
configure)
# We need to reset the ownership / permissions if they
# have previously been installed and then removed...
if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then
passwd -u "${USERNAME}" || true
chown ${USERID}:${USERGID} /home/${USERNAME} || true
chmod 750 /home/${USERNAME} || true
fi
;;
esac
#DEBHELPER#
Reference in a new issue View git blame Copy permalink