eclass/sys-user.eclass

   1 # Copyright 1999-2017 Gentoo Foundation
   2 # Distributed under the terms of the GNU General Public License v2
   3
   4 # @ECLASS: sys-user.eclass
   5 # @MAINTAINER:
   6 # Michael Orlitzky <mjo@gentoo.org>
   7 # @BLURB: handle installation and removal of system users.
   8 # @DESCRIPTION:
   9 # This eclass does most of the work for the sys-user/ packages that
  10 # supply system user accounts.
  11
  12 inherit user
  13
  14 EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm
  15
  16 : ${HOMEPAGE:="https://www.gentoo.org/"}
  17 : ${DESCRIPTION:="The ${PN} system user"}
  18 : ${LICENSE:="GPL-2"}
  19
  20 # If you want a different username, use a different package name. This
  21 # prevents different people from claiming the same username.
  22 SYS_USER_NAME="${PN}"
  23
  24 # @ECLASS-VARIABLE: SYS_USER_GROUPS
  25 # @DESCRIPTION:
  26 # A space-separated list of groups that the user will belong to.
  27 # Dependencies on the appropriate sys-group packages are generated
  28 # automatically.
  29 : ${SYS_USER_GROUPS:=${PN}}
  30
  31 # @ECLASS-VARIABLE: SYS_USER_UID
  32 # @REQUIRED
  33 # @DESCRIPTION:
  34 # etc.
  35
  36
  37 # @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT
  38 # @REQUIRED
  39 # @DESCRIPTION:
  40 # Set to "true" if you want to die() if you don't get your desired UID.
  41 : ${SYS_USER_UID_IMPORTANT:=false}
  42
  43 # In many cases, if the UID of a user changes, packages depending on it
  44 # will want to rebuild. We always use SLOT=0, because you can't install
  45 # the same user twice. Then we use the UID as our subslot so that
  46 # subslot deps can be used to rebuild packages when our UID changes.
  47 SLOT="0/${SYS_USER_UID}"
  48
  49 # @ECLASS-VARIABLE: SYS_USER_HOME
  50 # @DESCRIPTION:
  51 # etc.
  52 : ${SYS_USER_HOME:=/home/${SYS_USER_NAME}}
  53
  54 # @ECLASS-VARIABLE: SYS_USER_SHELL
  55 # @DESCRIPTION:
  56 # etc.
  57 : ${SYS_USER_SHELL:=/bin/false}
  58
  59 case ${EAPI} in
  60         6) ;;
  61         *)
  62                 die "${ECLASS} is not compatible with EAPI=${EAPI}"
  63 esac
  64
  65 # Depend on any groups we might need.
  66 for _group in ${SYS_USER_GROUPS}; do
  67         DEPEND+=" sys-group/${_group} "
  68         RDEPEND+=" sys-group/${_group}:= "
  69 done
  70 unset _group
  71
  72 S="${WORKDIR}"
  73
  74 sys-user_src_unpack() { :; }
  75 sys-user_src_compile() { :; }
  76 sys-user_src_test() { :; }
  77
  78 sys-user_getuid() {
  79         # Output the real UID of the given user, or the empty string if the
  80         # user does not exist on the system.
  81         echo $(id --real --user "${1}")
  82 }
  83
  84 sys-user_create() {
  85         # Create the user whose information is contained in the following
  86         # variables:
  87         #
  88         #  * SYS_USER_NAME
  89         #  * SYS_USER_UID
  90         #  * SYS_USER_SHELL
  91         #  * SYS_USER_HOME
  92         #  * SYS_USER_GROUPS
  93         #
  94         # We don't create a group with the same name; that should be the
  95         # job of the matching sys-group package.
  96         useradd --no-user-group \
  97                         ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \
  98                         ${SYS_USER_GROUPS:+--groups }"${SYS_USER_GROUPS}" \
  99                         --shell "${SYS_USER_SHELL}" \
 100                         --home-dir "${SYS_USER_HOME}" \
 101                         "${SYS_USER_NAME}"
 102 }
 103
 104
 105 sys-user_pkg_pretend() {
 106         # Sanity checks that would otherwise run code in global scope.
 107         #
 108         # First ensure that the user didn't say his UID is important and
 109         # then fail to specify one.
 110         if [[ -z "${SYS_USER_UID}" ]] &&
 111                    [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
 112                 # Don't make no damn sense.
 113                 die "arbitrary UID requested with SYS_USER_UID_IMPORTANT=true"
 114         fi
 115
 116         # Next ensure that no other username owns an important UID.
 117         if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
 118                 # Ok, the UID is important. Make sure nobody else has it. Or
 119                 # rather, nobody else *with a different username* has it.
 120                 local oldname=$(egetent passwd "${SYS_USER_UID}" | cut -f1 -d':')
 121                 if [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then
 122                         die "important UID ${SYS_USER_UID} already belongs to ${oldname}"
 123                 fi
 124         fi
 125
 126         # Finally, ensure that this username doesn't already exist with
 127         # another UID if its UID is supposedly important.
 128         local olduid=$(sys-user_getuid "${SYS_USER_NAME}")
 129         if [[ -n "${olduid}" ]]; then
 130                 if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]] && \
 131                            [[ "${SYS_USER_UID}" != "${olduid}" ]]; then
 132                         # The UID is important and specified, but there is already a
 133                         # system user with this name and a different UID. Halp.
 134                         die "user ${SYS_USER_NAME} already exists with UID ${olduid}"
 135                 fi
 136         fi
 137 }
 138
 139 sys-user_src_configure() {
 140         local current_uid=$(sys-user_getuid "${SYS_USER_NAME}")
 141         if [[ -n "${current_uid}" ]]; then
 142                 # UPGRADE PATH: This user already exists, so if the eclass
 143                 # consumer doesn't care about some settings, we can reuse the
 144                 # pre-existing ones.
 145                 #
 146                 # This is also useful for sys-user package upgrades, because it
 147                 # prevents us from incrementing the UID on a reinstall, and doing
 148                 # so would break most packages that need a system user to exist.
 149                 if [[ "${SYS_USER_UID_IMPORTANT}" != "true" ]]; then
 150                         SYS_USER_UID="${current_uid}"
 151                 fi
 152
 153                 if [[ -z "${SYS_USER_HOME}" ]]; then
 154                         SYS_USER_HOME=$(egethome "${SYS_USER_NAME}")
 155                 fi
 156
 157                 if [[ -z "${SYS_USER_SHELL}" ]]; then
 158                         SYS_USER_SHELL=$(egetshell "${SYS_USER_NAME}")
 159                 fi
 160         fi
 161
 162         # The "useradd" and "usermod" tools expect a comma-separated list,
 163         # so change our spaces to commas. Having duplicates in the list is
 164         # not a problem for those two tools.
 165         SYS_USER_GROUPS="${SYS_USER_GROUPS// /,}"
 166 }
 167
 168 sys-user_src_install() {
 169         # Install a placeholder file to /var/lib/sys-user/$uid. This will
 170         # cause collisions if two packages try to install users with the
 171         # same UID. The same problem potentially exists with the username,
 172         # but as long as SYS_USER_NAME is hard-coded to $PN, that shouldn't
 173         # be possible.
 174         #
 175         # Beware, this only works if SYS_USER_UID is guaranteed to have a
 176         # real UID and not, for example, -1. That is taken care of in
 177         # src_configure() for now.
 178         touch "${T}/${SYS_USER_UID}" || die
 179         insinto "/var/lib/sys-user"
 180         doins "${T}/${SYS_USER_UID}"
 181 }
 182
 183 sys-user_pkg_preinst() {
 184         if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
 185                 # The user does not already exist. This is the nice and easy
 186                 # case because no matter how we got here, we want to go ahead
 187                 # and create the (new) user.
 188                 sys-user_create || die "failed to add user ${SYS_USER_NAME}"
 189         elif [[ -n "${REPLACING_VERSIONS}" ]]; then
 190                 #
 191                 # This case is done in pkg_postint() to avoid clobbering a
 192                 # new user when we remove the old one.
 193                 #
 194                 :
 195         else
 196                 # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of
 197                 # a sys-user package. This is the upgrade path from the old
 198                 # style of user/group management to the new style. Lets see if
 199                 # the new user is compatible with the old one; it usually will be.
 200                 # We only bail out if there's a homedir or shell conflict.
 201                 #
 202                 # We should make it policy that new sys-user packages have the
 203                 # same homedir and shell as the existing ones created by
 204                 # ebuilds, but it can't hurt to check again here. These checks
 205                 # are done here (and not in pkg_pretend, where they would be
 206                 # more consistent) because the PMS states that REPLACING_VERSIONS
 207                 # may not be defined there.
 208                 #
 209                 # If a homedir/shell changes during a sys-user upgrade, we don't
 210                 # consider that a problem, because the change was knowingly made
 211                 # by a developer who just edited an ebuild to make that change.
 212                 local oldhome=$(egethome "${SYS_USER_NAME}")
 213                 local oldshell=$(egetshell "${SYS_USER_NAME}")
 214
 215                 if [[ "${oldhome}" != "${SYS_USER_HOME}" ]]; then
 216                         die "home directory conflict for new user: ${SYS_USER_HOME}"
 217                 fi
 218
 219                 if [[ "${oldhshell}" != "${SYS_USER_SHELL}" ]]; then
 220                         die "shell conflict for new user: ${SYS_USER_SHELL}"
 221                 fi
 222
 223                 # The user already exists, so all we have left to do is to try
 224                 # to append SYS_USER_GROUPS to the existing groups.
 225                 usermod --append --groups "${SYS_USER_GROUPS}" \
 226                         || die "failed to append groups to existing user ${SYS_USER_NAME}"
 227         fi
 228 }
 229
 230 sys-user_pkg_postinst() {
 231         if [[ -n "${REPLACING_VERSIONS}" ]]; then
 232            # This is an upgrade from a previous version of a sys-user
 233            # package. This case has to be handled carefully to make sure
 234            # that the pkg_prerm() of the old version doesn't remove the user
 235            # that this new version is going to add. At this point, in our
 236            # pkg_postinst(), the old version's pkg_prerm() phase should have
 237            # already happened.
 238            if [[ -n $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
 239                    die "User ${SYS_USER_NAME} already exists during an upgrade."
 240            else
 241                    sys-user_create || die "failed to add user ${SYS_USER_NAME}"
 242            fi
 243         fi
 244 }
 245
 246 sys-user_pkg_prerm() {
 247         if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
 248                 # We have successfully done nothing.
 249                 ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
 250         else
 251                 userdel "${SYS_USER_NAME}" || \
 252                         die "failed to remove user ${SYS_USER_NAME}"
 253                 einfo "Removed user ${SYS_USER_NAME} from the system."
 254         fi
 255 }