Matthew Burgess wrote: > # Please be aware that Debian's adduser defaults to "user groups" > # which means that one group is created for each user > # There is no way to achieve this with useradd which must remains a low > # level utility > # GROUP=100 > > If I get some time I'll figure out just how issuing `useradd' manages to > invoke `adduser' behaviour though!
Well, adduser is not part of shadow; it's a separate Debian program or script or something, which has its own configuration. Based on the configuration, adduser invokes useradd with the correct options (maybe even overriding most of the /etc/defaults/useradd file?). Do you know how useradd works if GROUP is commented out in the config file? I'd assume it either gives you an error or creates a group with the same name as the user, but I don't know for sure. My /etc/default/useradd doesn't have a GROUP line in it at all, and useradd creates a new group with the same name as the user (and the same GID as the user's UID). I *think* I have shadow 4.0.18.1, but I can't tell for sure because none of the binaries support --version. I also probably patched it to change the behavior of useradd and usermod regarding groups, but I'm not sure on that either. If I did, the patch I used is attached. This patch may be what makes my useradd do user-groups. > It's because of the 'CREATE_MAIL_SPOOL=yes' in /etc/default/useradd. I can't > see a way of changing this via the command line, unlike the default home > directory and gid (see below). So, I think the following will have to do: > > sed -i 's/yes/no/' /etc/default/useradd Or this (which is a bit more specific): sed -i '/CREATE_MAIL_SPOOL/s/yes/no/' /etc/default/useradd I don't know whether any other lines in the file will ever have a "yes" value set, but if so, this will skip everything except the one we want to change. The only issue is it's a lot of slashes. We might be able to get away with something like: sed -i 's/(CREATE_MAIL_SPOOL=)yes/\1no/' but that may be confusing. I suppose if we don't have any other instances of sed backreferences in the book, this might be a good way to show them to the reader too. Well, whatever. I think any of these will work for now. :-) > useradd -D -g 100 -b /home > > So, I'm thinking now of adding two new groups to LFS - mail=34 and users=100. > > Then, we'll use the `useradd -D' and `sed' commands above to change shadow's > defaults. Do we need the mail group if we turn off CREATE_MAIL_SPOOL? We may not need the users group either, if we remove the GROUP line from the config file, but maybe that should be a local policy decision. (I know what I'll decide, in any case... ;-) )
--- shadow-4.0.18.1.orig/src/useradd.c 2006-07-28 19:42:48.000000000 +0200 +++ shadow-4.0.18.1/src/useradd.c 2006-08-04 09:24:34.000000000 +0200 @@ -203,13 +203,17 @@ long gid; char *errptr; + struct group* grp = getgrnam (grname); + if (grp) + return grp; + gid = strtol (grname, &errptr, 10); if (*errptr || errno == ERANGE || gid < 0) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, grname); exit (E_BAD_ARG); } - return getgrnam (grname); + return getgrgid (gid); } static long get_number (const char *numstr) --- shadow-4.0.18.1.orig/src/usermod.c 2006-07-28 19:42:48.000000000 +0200 +++ shadow-4.0.18.1/src/usermod.c 2006-08-04 09:24:21.000000000 +0200 @@ -165,13 +165,17 @@ long val; char *errptr; + struct group* grp = getgrnam (grname); + if (grp) + return grp; + val = strtol (grname, &errptr, 10); if (*errptr || errno == ERANGE || val < 0) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, grname); exit (E_BAD_ARG); } - return getgrnam (grname); + return getgrgid (val); } /*
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page