#!/bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # PATH="/usr/bin:/usr/sbin:${PATH}" export PATH TEMPF="/tmp/d.$$" while read src dest do if [ ! -f $dest ] ; then cp $src $dest else # # 2.1 version of this file had a trailing blank # in the nobody entry. Remove it. # # 2.6 & earlier versions had an smtp entry; remove it. # # The NFS nobody users get better GECOS entries. sed -e 's/^\(nobody:.*:\) $/\1/' \ -e '/^smtp:/d' \ -e '/^nobody:/s/:Nobody:/:NFS Anonymous Access User:/' \ -e '/^nobody4:/s/:SunOS\ 4\.x\ Nobody:/:SunOS 4.x NFS Anonymous Access User:/;' \ $dest > $TEMPF cp $TEMPF $dest rm -f $TEMPF # # s10 is changing root's group back to 0: # sed -e 's/^root:\([^:]*\):0:1:/root:\1:0:0:/' \ $dest > $TEMPF cp $TEMPF $dest rm -f $TEMPF # # Add the 'nobody' user from 4.x so that people don't # assign it to a regular user and confuse themselves # NOBODY4_LINE="nobody4:x:65534:65534:SunOS 4.x NFS Anoymous Access User:/:" if grep "^nobody4:" $dest >/dev/null 2>&1; then : else sed '/^noaccess:x/ a\ '"$NOBODY4_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'smmsp' user for sendmail 8.12 # SMMSP_LIN="smmsp:x:25:25:SendMail Message Submission Program:/:" if grep "$SMMSP_LIN" $dest >/dev/null 2>&1; then : else sed '/^nobody4:x/ a\ '"$SMMSP_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'gdm' user if it doesn't exist. # GDM_LINE="gdm:x:50:50:GDM Reserved UID:/var/lib/gdm:" OLD_GDM_LINE="gdm:x:50:50:GDM Reserved UID:/:" cur_name=`awk -F: '$3 == 50 { print $1 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "gdm" ]; then echo "ERROR: Reserved UID 50 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$GDM_LINE" $dest >/dev/null 2>&1; then : elif grep "$OLD_GDM_LINE" $dest > /dev/null 2>&1; then sed '/^gdm:/s/:\/:/:\/var\/lib\/gdm:/' $dest > $TEMPF mv -f $TEMPF $dest else sed '/^listen:x/ a\ '"$GDM_LINE"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'webservd' user if it doesn't exist. # WEBSERVD_LIN="webservd:x:80:80:WebServer Reserved UID:/:" cur_name=`awk -F: '$3 == 80 { print $1 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "webservd" ]; then echo "ERROR: Reserved UID 80 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$WEBSERVD_LIN" $dest > /dev/null 2>&1; then : else sed '/^gdm:x/ a\ '"$WEBSERVD_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'postgres' user if it doesn't exist. # POSTGRES_LIN="postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh" cur_name=`awk -F: '$3 == 90 { print $1 }' $dest` cur_id=`awk -F: '$1 == "postgres" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "postgres" ]; then echo "ERROR: Reserved UID 90 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "90" ]; then echo "NOTE: postgres username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$POSTGRES_LIN" $dest > /dev/null 2>&1; then : else sed '/^webservd:x/ a\ '"$POSTGRES_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'mysql' user if it doesn't exist. # MYSQL_LIN="mysql:x:70:70:MySQL Reserved UID:/:" cur_name=`awk -F: '$3 == 70 { print $1 }' $dest` cur_id=`awk -F: '$1 == "mysql" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "mysql" ]; then echo "ERROR: Reserved UID 70 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "70" ]; then echo "NOTE: mysql username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$MYSQL_LIN" $dest > /dev/null 2>&1; then : else sed '/^postgres:x/ a\ '"$MYSQL_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'svctag' user if it doesn't exist. # SVCTAG_LIN="svctag:x:95:12:Service Tag UID:/:" cur_name=`awk -F: '$3 == 95 { print $1 }' $dest` cur_id=`awk -F: '$1 == "svctag" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "svctag" ]; then echo "ERROR: Reserved UID 95 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "95" ]; then echo "NOTE: svctag username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$SVCTAG_LIN" $dest > /dev/null 2>&1; then : else sed '/^postgres:x/ a\ '"$SVCTAG_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'dladm' user if it doesn't exist. # DLADM_LIN="dladm:x:15:65:Datalink Admin:/:" OLD_DLADM_LIN="dladm:x:15:3:Datalink Admin:/:" cur_name=`awk -F: '$3 == 15 { print $1 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "dladm" ]; then echo "ERROR: Reserved UID 15 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$DLADM_LIN" $dest > /dev/null 2>&1; then : elif grep "$OLD_DLADM_LIN" $dest > /dev/null 2>&1; then sed '/^dladm:/s/:3:/:65:/' $dest > $TEMPF mv -f $TEMPF $dest else sed '/^nuucp:x/ a\ '"$DLADM_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'xvm' user if it doesn't exist. # XVM_LIN="xvm:x:60:60:xVM User:/:" cur_name=`awk -F: '$3 == 60 { print $1 }' $dest` cur_id=`awk -F: '$1 == "xvm" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "xvm" ]; then echo "ERROR: Reserved UID 60 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "60" ]; then echo "NOTE: xvm username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$XVM_LIN" $dest > /dev/null 2>&1; then : else sed '/^gdm:x/ a\ '"$XVM_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'openldap' user if it doesn't exist. # OPENLDAP_LIN="openldap:x:75:75:OpenLDAP User:/:" cur_name=`awk -F: '$3 == 75 { print $1 }' $dest` cur_id=`awk -F: '$1 == "openldap" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "openldap" ]; then echo "ERROR: Reserved UID 75 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "75" ]; then echo "NOTE: openldap username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$OPENLDAP_LIN" $dest > /dev/null 2>&1; then : else sed '/^mysql:x/ a\ '"$OPENLDAP_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'zfssnap' user if it doesn't exist. # ZSNAP_LIN="zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh" cur_name=`awk -F: '$3 == 51 { print $1 }' $dest` cur_id=`awk -F: '$1 == "zfssnap" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "zfssnap" ]; then echo "ERROR: Reserved UID 51 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "51" ]; then echo "NOTE: zfssnap username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$ZSNAP_LIN" $dest > /dev/null 2>&1; then : else sed '/^gdm:x/ a\ '"$ZSNAP_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'upnp' user if it doesn't exist. # UPNP_LIN="upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh" cur_name=`awk -F: '$3 == 52 { print $1 }' $dest` cur_id=`awk -F: '$1 == "upnp" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "upnp" ]; then echo "ERROR: Reserved UID 52 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "52" ]; then echo "NOTE: upnp username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$UPNP_LIN" $dest > /dev/null 2>&1; then : else sed '/^zfssnap:x/ a\ '"$UPNP_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # # Add the 'unknown' user if it doesn't exist. # UNKNOWN_LIN="unknown:x:96:96:Unknown Remote UID:/:" cur_name=`awk -F: '$3 == 96 { print $1 }' $dest` cur_id=`awk -F: '$1 == "unknown" { print $3 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "unknown" ]; then echo "ERROR: Reserved UID 96 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif [ ! -z "$cur_id" -a "$cur_id" != "96" ]; then echo "NOTE: unknown username already assigned" \ "to id '$cur_id'" >> /tmp/CLEANUP elif grep "$UNKNOWN_LIN" $dest > /dev/null 2>&1; then : else sed '/^svctag:x/ a\ '"$UNKNOWN_LIN"'' $dest > $TEMPF mv -f $TEMPF $dest fi # Add the 'netadm' user if it doesn't exist. # NETADM_LIN="netadm:x:16:65:Network Admin:/:" cur_name=`awk -F: '$3 == 16 { print $1 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "netadm" ]; then echo "ERROR: Reserved UID 16 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$NETADM_LIN" $dest 2>&1 >/dev/null; then : else printf '/^dladm:x\na\n%s\n.\nw\nq\n' \ "$NETADM_LIN" | ed -s $dest > /dev/null fi # # Add the 'netcfg' user if it doesn't exist. # NETCFG_LIN="netcfg:x:17:65:Network Configuration Admin:/:" cur_name=`awk -F: '$3 == 17 { print $1 }' $dest` if [ ! -z "$cur_name" -a "$cur_name" != "netcfg" ]; then echo "ERROR: Reserved UID 17 already assigned" \ "to '$cur_name'" >> /tmp/CLEANUP elif grep "$NETCFG_LIN" $dest 2>&1 >/dev/null; then : else printf '/^netadm:x\na\n%s\n.\nw\nq\n' \ "$NETCFG_LIN" | ed -s $dest > /dev/null fi fi done exit 0