postinstall.aat (3763B)
1 @include common.aat 2 |### Functions ### 3 |function passwd_user(line, grep1) { 4 /etc/passwd f + 5 !f awk 'BEGIN { FS=OFS=":"; seen=0; line="{{line}}"; split(line, a) } 6 { uids[$3] = $0 } 7 $1 == a[1] { 8 for(n in a) { 9 if(a[n] != $n) { 10 print "error: differing present and requested lines" >>"/dev/stderr" 11 print "requested: " line >>"/dev/stderr" 12 print "present: " $0 >>"/dev/stderr" 13 exit 1 14 } 15 } 16 seen = 1 17 } 18 { print $0 } 19 END { 20 if(seen == 0) { 21 if(a[3] in uids) { 22 print "error: user record with requested UID already present" >>"/dev/stderr" 23 print "requested: " line >>"/dev/stderr" 24 print "present: " uids[a[3]] >>"/dev/stderr" 25 exit 1 26 } 27 print line 28 } 29 }' 30 |} 31 |function shadow_user(line) { 32 /etc/shadow f + 33 !f awk 'BEGIN { FS=OFS=":"; seen=0; line="{{line}}"; split(line, a) } 34 $1 == a[1] { 35 for(n in a) { 36 if(a[n] != $n) { 37 print "error: differing present and requested lines" >>"/dev/stderr" 38 print "requested: " line >>"/dev/stderr" 39 print "present: " $0 >>"/dev/stderr" 40 exit 1 41 } 42 } 43 seen = 1 44 } 45 { print $0 } 46 END { 47 if(seen == 0) { 48 print line 49 } 50 }' 51 |} 52 |function line_append_file(pre, match_str, post, pre_re, post_re, regex, grep1) { 53 | regex = escape_regex(match_str) 54 | grep1 = escape_regex(pre match_str post) 55 ? grep -qEe '^{{grep1}}$' "$fname" 56 ! if grep -qEe '{{pre_re regex post_re}}' "$fname"; then 57 sed -ire 's|{{pre_re regex post_re}}|{{pre match_str post}}|' "$fname" 58 else 59 printf '%s\n' '{{pre match_str post}}' >> "$fname" 60 fi 61 |} 62 |### postinstall.fileset ### 63 |END{ 64 65 /etc + 66 /etc/group + 67 |line_append_file("sshd:x", ":22:", "", "^[^:]*:[^:]*", ".*") 68 |line_append_file("dhcpcd:x", ":546:", "", "^[^:]*:[^:]*", ".*") 69 |line_append_file("rsyncd:x", ":873:", "", "^[^:]*:[^:]*", ".*") 70 |line_append_file("ccx:x", ":1000:", "", "^[^:]*:[^:]*", ".*") 71 # Groups for /dev permissions (mdevd.conf): disk, input, uucp 72 |line_append_file("disk:x", ":6:", "root,adm", "^[^:]*:[^:]*", ".*") 73 |line_append_file("input:x", ":97:", "xorg", "^[^:]*:[^:]*", ".*") 74 |line_append_file("video:x", ":27:", "root,xorg", "^[^:]*:[^:]*", ".*") 75 |line_append_file("uucp:x", ":14:", "ccx", "^[^:]*:[^:]*", ".*") 76 # X11 77 |line_append_file("xorg:x", ":111:", "xorg", "^[^:]*:[^:]*", ".*") 78 # containerized services 79 |line_append_file("wpa_supplicant:x", ":802:", "", "^[^:]*:[^:]*", ".*") 80 |line_append_file("tinc:x", ":665:", "", "^[^:]*:[^:]*", ".*") 81 |line_append_file("networking:x", ":666:", "", "^[^:]*:[^:]*", ".*") 82 83 /etc/passwd f + 84 ?i grep -q '^root:.*:{<root_shell>}$' 85 !f sed -Ee 's|^(root:.*:)[^:]*$|\1{<root_shell>}|' 86 87 |passwd_user("sshd:x:22:22:sshd:/dev/null:/sbin/nologin") 88 |shadow_user("sshd:!::0:::::") 89 90 |passwd_user("rsyncd:x:873:873:rsyncd:/var/empty:/sbin/nologin") 91 |shadow_user("rsyncd:!::0:::::") 92 93 |passwd_user("dhcpcd:x:546:546:dhcpcd:/home/dhcpcd:/sbin/nologin") 94 |shadow_user("dhcpcd:!::0:::::") 95 96 |passwd_user("xorg:x:110:111:xorg:/var/emtpy:/sbin/nologin") 97 |shadow_user("xorg:!::0:::::") 98 99 |passwd_user("wpa_supplicant:x:802:802:wpa_supplicant:/home/wpa_supplicant:/sbin/nologin") 100 |shadow_user("wpa_supplicant:!::0:::::") 101 102 |passwd_user("tinc:x:665:665:tinc:/home/tinc:/sbin/nologin") 103 |shadow_user("tinc:!::0:::::") 104 105 |passwd_user("networking:x:666:666:networking:/home/networking:/sbin/nologin") 106 |shadow_user("networking:!::0:::::") 107 108 |passwd_user("ccx:x:1000:1000:Jan Pobrislo:/home/ccx:/bin/zsh") 109 |#shadow_user("ccx:*:10000::::::") 110 111 /etc/tcb + d m755 112 /etc/tcb/ccx + d m755 o0:1000 113 /etc/tcb/ccx/shadow + f m755 o0:1000 114 ? grep -qe '^ccx:' "$fname" 115 ! printf '%s\n' "ccx:*:10000::::::" >"$fname" 116 117 /etc/skel + 118 /etc/skel/.config + d m750 119 /etc/skel/.cache + d m750 120 /etc/skel/.local + d m755 121 /etc/skel/.local/state + d m750 122 /etc/skel/.local/share + d m755 123 /etc/skel/.local/share/zsh + d m750 124 |}