1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188
|
#! /bin/sh
set -e
. /usr/share/debconf/confmodule
if [ "$1" ]; then
export LANG=C # avoid locale errors from perl
ROOT="$1"
chroot=chroot
log='log-output -t user-setup'
else
ROOT=
chroot=
log=
fi
. /usr/lib/user-setup/functions.sh
# Set a password, via chpasswd.
# Use a heredoc rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first installing the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in three arguments: the user, the password, and 'true' if the
# password has been pre-crypted (by preseeding).
setpassword () {
local USER PASSWD
USER="$1"
PASSWD="$2"
local VERSION=$($chroot $ROOT dpkg-query -W -f '${Version}\n' passwd)
if $chroot $ROOT dpkg --compare-versions "$VERSION" ge "1:4.1.4-1"; then
# support for versions with PAM support (Squeeze)
if [ "$3" = true ]; then
$chroot $ROOT usermod --password=$PASSWD $USER
else
$chroot $ROOT chpasswd <<EOF
$USER:$PASSWD
EOF
fi
else
# compatibility support for versions without PAM support (Lenny)
local OPTS
if [ "$3" = true ]; then
OPTS=-e
else
OPTS=-m
fi
$chroot $ROOT chpasswd $OPTS <<EOF
$USER:$PASSWD
EOF
fi
}
# Enable/disable shadow passwords.
db_get passwd/shadow
if [ "$RET" = true ]; then
$log $chroot $ROOT shadowconfig on
else
$log $chroot $ROOT shadowconfig off
fi
if ! root_password; then
# Was the root password preseeded encrypted?
if db_get passwd/root-password-crypted && [ "$RET" ]; then
# The root password was preseeded encrypted.
ROOT_PW="$RET"
PRECRYPTED=true
else
db_get passwd/root-password
ROOT_PW="$RET"
PRECRYPTED=false
fi
# Clear the root password from the database, and set the password.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
if [ "$ROOT_PW" ]; then
setpassword root "$ROOT_PW" "$PRECRYPTED"
fi
ROOT_PW=
else
# Just in case, clear any preseeded root password from the database
# anyway.
db_set passwd/root-password-crypted ''
db_set passwd/root-password ''
db_set passwd/root-password-again ''
fi
db_get passwd/make-user
if [ "$RET" = true ] && ! is_system_user; then
if db_get passwd/user-password-crypted && [ "$RET" ]; then
USER_PW="$RET"
USER_PW_CRYPTED=true
else
db_get passwd/user-password
USER_PW="$RET"
USER_PW_CRYPTED=false
fi
if db_get passwd/user-uid && [ "$RET" ]; then
if [ -x $ROOT/usr/sbin/adduser ]; then
UIDOPT="--uid $RET"
else
UIDOPT="-u $RET"
fi
else
UIDOPT=
fi
# Add the user to the database, using adduser in noninteractive
# mode.
db_get passwd/username
USER="$RET"
db_get passwd/user-fullname
HOME_EXISTED=
if [ -d "$ROOT/home/$USER" ]; then
HOME_EXISTED=1
fi
if [ -x $ROOT/usr/sbin/adduser ]; then
$log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT "$USER" >/dev/null || true
else
$log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true
fi
# Clear the user password from the database.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
setpassword "$USER" "$USER_PW" "$USER_PW_CRYPTED"
if [ "$HOME_EXISTED" ]; then
# The user's home directory already existed before we called
# adduser. This often means that a mount point under
# /home/$USER was selected in (and thus created by) partman,
# and the home directory may have ended up owned by root.
$log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
fi
if [ -n "$USER" ]; then
db_get passwd/user-default-groups
for group in $RET; do
$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
done
fi
db_get passwd/root-login
if [ "$RET" = false ] && [ -n "$USER" ]; then
# Ensure sudo is installed, and set up the user to be able
# to use it.
if [ ! -e $ROOT/etc/sudoers ]; then
# try to work in d-i and out; it's better to
# use apt-install in d-i
apt-install sudo 2>/dev/null || $log $chroot $ROOT apt-get -q -y install sudo || true
fi
if [ -e $ROOT/etc/sudoers ]; then
# Test if we can add the user to the sudo group
# (possible if sudo >= 1.7.2-2 is installed on the target system)
# If we can, do it this way, otherwise add the user to sudoers
# See #597239
if ! $log $chroot $ROOT adduser "$USER" sudo >/dev/null 2>&1; then
echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers
fi
else
# sudo failed to install, system won't be usable
exit 1
fi
# Configure gksu to use sudo, via an alternative, if it's
# installed and the alternative is registered.
if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
$log $chroot $ROOT update-gconf-defaults || true
fi
# Configure aptitude to use sudo.
echo 'Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";' > $ROOT/etc/apt/apt.conf.d/00aptitude
fi
else
# Just in case, clear any preseeded user password from the database
# anyway.
db_set passwd/user-password-crypted ''
db_set passwd/user-password ''
db_set passwd/user-password-again ''
fi
exit 0
|