#!/bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # PATH="/usr/bin:/usr/sbin:${PATH}" export PATH TEMPF="/tmp/g.$$" while read src dest do if [ ! -f $dest ] ; then cp $src $dest else # # Strip off any leading "/a" # dest_file=`echo $dest | sed "s=^/a/=/="` # # Add the sysadmin group (gid 14) to support admintool # grep '^sysadmin:.*:14:.*' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then /usr/bin/true elif grep '^sysadmin:' $dest >/dev/null 2>&1; then cur_name="sysadmin" echo "SYSADMIN_NOT_14 $dest_file none" >> /tmp/CLEANUP echo "sysadmin::14:" >> $dest elif grep ':14:' $dest >/dev/null 2>&1; then cur_name=`grep ':14:' $dest | awk -F: '{print $1}'` echo "GROUP14_IN_USE $dest_file none" >> /tmp/CLEANUP echo "sysadmin::14:" >> $dest else # add the group echo "sysadmin::14:" >> $dest fi # # Add the 'nogroup' group from 4.x so that people don't # assign it to a regular user and confuse themselves # NOGROUP_LINE="nogroup::65534:" if grep "$NOGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^noaccess::60002:/ a\ '"$NOGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # Remove redundant /etc/group entries that overlap with # primary groups from /etc/passwd sed ' /^root:/s/\([:,]\)root,/\1/; /^root:/s/,root$//; /^root:/s/:root$/:/; /^bin:/s/\([:,]\)bin,/\1/; /^bin:/s/,bin$//; /^bin:/s/:bin$/:/; /^sys:/s/\([:,]\)sys,/\1/; /^sys:/s/,sys$//; /^sys:/s/:sys$/:/; /^adm:/s/\([:,]\)adm,/\1/; /^adm:/s/,adm$//; /^adm:/s/:adm$/:/; /^tty:/s/\([:,]\)tty,/\1/; /^tty:/s/,tty$//; /^tty:/s/:tty$/:/; /^uucp:/s/\([:,]\)uucp,/\1/; /^uucp:/s/,uucp$//; /^uucp:/s/:uucp$/:/; /^nuucp:/s/\([:,]\)nuucp,/\1/; /^nuucp:/s/,nuucp$//; /^nuucp:/s/:nuucp$/:/; /^daemon:/s/\([:,]\)daemon,/\1/; /^daemon:/s/,daemon$//; /^daemon:/s/:daemon$/:/; /^smmsp:/s/\([:,]\)smmsp,/\1/; /^smmsp:/s/,smmsp$//; /^smmsp:/s/:smmsp$/:/; /^lp:/s/\([:,]\)lp,/\1/; /^lp:/s/,lp$//; /^lp:/s/:lp$/:/' $dest > $TEMPF && cp $TEMPF $dest rm -f $TEMPF #add 'root' to user-list of group1 # line 1,2: skip any line with root in the user field # line 3: users already in list, add "root," # line 4: no users in list, add "root" sed ' /[:,]root,/b /[:,]root$/b s/:1:\([^:][^:]*\)$/:1:root,\1/; s/:1:$/:1:root/; ' $dest > $TEMPF && cp $TEMPF $dest rm -f $TEMPF # # Add the 'smmsp' group for sendmail 8.12 # SMMSPGROUP_LINE="smmsp::25:" if grep "$SMMSPGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^nogroup::65534:/ a\ '"$SMMSPGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'gdm' group if it doesn't already exist. # GDMGROUP_LINE="gdm::50:" cur_name=`awk -F: '$3 == 50 {print $1}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "gdm" ]; then echo "ERROR: Reserved GID 50 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$GDMGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^smmsp::25:/ a\ '"$GDMGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'upnp' group if it doesn't already exist. # UPNPGROUP_LINE="upnp::52:" cur_name=`awk -F: '$3 == 52 {print $1}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "upnp" ]; then echo "ERROR: Reserved GID 52 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$UPNPGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^gdm::50:/ a\ '"$UPNPGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'webservd' group if it doesn't already exist. # WEBSERVDGROUP_LINE="webservd::80:" cur_name=`awk -F: '$3 == 80 {print $1}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "webservd" ]; then echo "ERROR: Reserved GID 80 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$WEBSERVDGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^upnp::50:/ a\ '"$WEBSERVDGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'postgres' group if it doesn't already exist. # POSTGRESGROUP_LINE="postgres::90:" cur_name=`awk -F: '$3 == 90 {print $1}' $dest` cur_id=`awk -F: '$1 == "postgres" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "postgres" ]; then echo "ERROR: Reserved GID 90 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "90" ]; then echo "NOTE: postgres group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$POSTGRESGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^webservd::80:/ a\ '"$POSTGRESGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'mysql' group if it doesn't already exist. # MYSQLGROUP_LINE="mysql::70:" cur_name=`awk -F: '$3 == 70 {print $1}' $dest` cur_id=`awk -F: '$1 == "mysql" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "mysql" ]; then echo "ERROR: Reserved GID 70 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "70" ]; then echo "NOTE: mysql group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$MYSQLGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^postgres::90:/ a\ '"$MYSQLGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'games' group if it doesn't already exist. # GAMESGROUP_LINE="games::20:" cur_name=`awk -F: '$3 == 20 {print $1}' $dest` cur_id=`awk -F: '$1 == "games" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "games" ]; then echo "ERROR: Reserved GID 20 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "20" ]; then echo "NOTE: games group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$GAMESGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^smmsp::25:/ a\ '"$GAMESGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'xvm' group if it doesn't already exist. # XVMGROUP_LINE="xvm::60:" cur_name=`awk -F: '$3 == 60 {print $1}' $dest` cur_id=`awk -F: '$1 == "xvm" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "xvm" ]; then echo "ERROR: Reserved GID 60 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "60" ]; then echo "NOTE: xvm group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$XVMGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^mysql::70:/ a\ '"$XVMGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'slocate' group if it doesn't already exist. # SLOCATEGROUP_LINE="slocate::95:" cur_name=`awk -F: '$3 == 95 {print $1}' $dest` cur_id=`awk -F: '$1 == "slocate" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "slocate" ]; then echo "ERROR: Reserved GID 95 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "95" ]; then echo "NOTE: slocate group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$SLOCATEGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^postgres::90:/ a\ '"$SLOCATEGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'openldap' group if it doesn't already exist. # OPENLDAPGROUP_LINE="openldap::75:" cur_name=`awk -F: '$3 == 75 {print $1}' $dest` cur_id=`awk -F: '$1 == "openldap" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "openldap" ]; then echo "ERROR: Reserved GID 75 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "75" ]; then echo "NOTE: openldap group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$OPENLDAPGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^mysql::70:/ a\ '"$OPENLDAPGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'unknown' group if it doesn't already exist. # UNKNOWNGROUP_LINE="unknown::96:" cur_name=`awk -F: '$3 == 96 {print $1}' $dest` cur_id=`awk -F: '$1 == "unknown" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "unknown" ]; then echo "ERROR: Reserved GID 96 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "96" ]; then echo "NOTE: unknown group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$UNKNOWNGROUP_LINE" $dest >/dev/null 2>&1; then : else sed '/^slocate::95:/ a\ '"$UNKNOWNGROUP_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # Add the 'netadm' group if it doesn't already exist. # NETADMGROUP_LINE="netadm::65:" cur_name=`awk -F: '$3 == 65 {print $1}' $dest` cur_id=`awk -F: '$1 == "netadm" {print $3}' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "netadm" ]; then echo "ERROR: Reserved GID 65 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "65" ]; then echo "NOTE: netadm group already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$NETADMGROUP_LINE" $dest 2>&1 >/dev/null; then : else printf '/^xvm::60:\na\n%s\n.\nw\nq\n' \ "$NETADMGROUP_LINE" | ed -s $dest > /dev/null fi fi done exit 0