File: brltty-mkuser

package info (click to toggle)
brltty 6.8-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 35,896 kB
  • sloc: ansic: 150,447; java: 13,484; sh: 9,667; xml: 5,702; tcl: 2,634; makefile: 2,339; awk: 713; lisp: 366; python: 321; ml: 301
file content (174 lines) | stat: -rwxr-xr-x 5,906 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
#!/bin/bash
###############################################################################
# BRLTTY - A background process providing access to the console screen (when in
#          text mode) for a blind person using a refreshable braille display.
#
# Copyright (C) 1995-2025 by The BRLTTY Developers.
#
# BRLTTY comes with ABSOLUTELY NO WARRANTY.
#
# This is free software, placed under the terms of the
# GNU Lesser General Public License, as published by the Free Software
# Foundation; either version 2.1 of the License, or (at your option) any
# later version. Please see the file LICENSE-LGPL for details.
#
# Web Page: http://brltty.app/
#
# This software is maintained by Dave Mielke <dave@mielke.cc>.
###############################################################################

set -e
. "`dirname "${0}"`/brltty-prologue.sh"
. "${programDirectory}/brltty-config.sh"

showProgramUsagePurpose() {
cat <<END_OF_PROGRAM_USAGE_PURPOSE
Simplify the job of Creating and making changes to BRLTTY's unprivileged user.
END_OF_PROGRAM_USAGE_PURPOSE
}

declare -A privilegeParameters
parseParameterString privilegeParameters "${BRLTTY_PRIVILEGE_PARAMETERS}" lx

readonly defaultUserName="${privilegeParameters["USER"]}"
readonly defaultUserInformation="Braille Device Daemon"
readonly defaultHomeDirectory="${BRLTTY_UPDATABLE_DIRECTORY}"
readonly defaultLoginShell="/sbin/nologin"

showProgramUsageNotes() {
cat <<END_OF_PROGRAM_USAGE_NOTES
When creating a new user, these options have the following defaults:
  -d  ${defaultHomeDirectory:-the home directory is not defined}
  -g  a new group with the same name as the user
  -i  ${defaultUserInformation}
  -l  ${defaultLoginShell}
These defaults don't apply when making changes to an existing user.
END_OF_PROGRAM_USAGE_NOTES
}

executeCommand() {
   "${useSudo}" && set -- sudo -- "${@}"

   if "${testMode}"
   then
      echo "${*}"
   else
      "${@}"
   fi
}

groupList=()
addGroups() {
   while [ "${#}" -gt 0 ]
   do
      local group="${1}"
      shift 1
      [ -n "${group}" ] || continue

      [ "${group#*/}" = "${group}" ] || {
         [ -e "${group}" ] || continue
         group="$(stat -c "%G" "${group}")" || :
         [ -n "${group}" ] || continue
      }

      local g
      for g in "${groupList[@]}"
      do
         [ "${g}" = "${group}" ] && {
            group=""
            break
         }
      done

      [ -n "${group}" ] && groupList[${#groupList[*]}]="${group}"
   done

   return 0
}

addProgramOption a flag noALSA "don't allow playing sound via the ALSA framework"
addProgramOption b flag noBrlapi "don't allow reading BrlAPI's authorization key file"
addProgramOption c flag noConsoles "don't allow access to the virtual consoles"
addProgramOption d string.path homeDirectory "set/change the home (login) directory"
addProgramOption g string.group primaryGroup "set/change the primary (login) group"
addProgramOption i string.text userInformation "set/change the user information (gecos) text"
addProgramOption k flag noKeyboards "don't allow keyboard monitoring"
addProgramOption l string.path loginShell "set/change the login shell"
addProgramOption p flag noPulse "don't allow playing sound via the Pulse Audio server"
addProgramOption s flag noSerial "don't allow access to serial devices"
addProgramOption u flag noUSB "don't allow access to USB devices"
addProgramOption E flag allowChanges "allow changes to an existing user"
addProgramOption G flag noGroups "don't set/change the supplementary group list"
addProgramOption N flag allowCreate "allow creating a new user"
addProgramOption S flag useSudo "use sudo to execute the commands as root"
addProgramOption T flag testMode "test mode - show the commands that would be executed"
addProgramOption U string.user userName "the user to be created/changed" "${defaultUserName}"
parseProgramArguments "${@}"

[ -n "${userName}" ] || userName="${defaultUserName}"
[ -n "${userName}" ] || syntaxError "unprivileged user not configured - use -U (user) to specify"

if id -u "${userName}" >/dev/null 2>&1
then
   "${allowChanges}" || semanticError "user already exists: ${userName} - use -E (existing) to allow"
   command=(usermod)
else
   "${allowCreate}" || semanticError "user doesn't exist: ${userName} - use -N (new) to allow"
   command=(useradd --system)
   [ -n "${primaryGroup}" ] || command+=(--user-group)

   [ -n "${userInformation}" ] || userInformation="${defaultUserInformation}"
   [ -n "${homeDirectory}" ] || homeDirectory="${defaultHomeDirectory}"
   [ -n "${loginShell}" ] || loginShell="${defaultLoginShell}"

   if [ -z "${homeDirectory}" ]
   then
      createHomeDirectory=false
   elif [ -e "${homeDirectory}" ]
   then
      [ -d "${homeDirectory}" ] || semanticError "not a directory: ${homeDirectory}"
      createHomeDirectory=false
   else
      createHomeDirectory=true
   fi

   if "${createHomeDirectory}"
   then
      command+=(--create-home)
   else
      command+=(--no-create-home)
   fi
fi

[ -n "${homeDirectory}" ] && command+=(--home "${homeDirectory}")
[ -n "${primaryGroup}" ] && command+=(--gid "${primaryGroup}")
[ -n "${userInformation}" ] && command+=(--comment "${userInformation}")
[ -n "${loginShell}" ] && command+=(--shell "${loginShell}")

"${noGroups}" || {
   "${noALSA}" || addGroups audio
   "${noBrlapi}" || addGroups "${BRLAPI_KEY_FILE}"
   "${noConsoles}" || addGroups tty /dev/vcs1 /dev/tty1
   "${noKeyboards}" || addGroups input
   "${noPulse}" || addGroups pulse-access
   "${noSerial}" || addGroups /dev/ttyS0
   "${noUSB}" || addGroups /dev/bus/usb

   groupsOperand="${groupList[*]}"
   groupsOperand="${groupsOperand// /,}"
   command+=(--groups "${groupsOperand}")
}

"${testMode}" || {
   if "${useSudo}"
   then
      sudo -v
   elif [ "$(id -u)" -ne 0 ]
   then
      semanticError "not executing as root"
   fi
}

command+=(-- "${userName}")
executeCommand "${command[@]}"
exit 0