diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/user/user.c | 36 | ||||
| -rw-r--r-- | usr.sbin/user/usermod.8 | 19 |
2 files changed, 46 insertions, 9 deletions
diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c index b75d7b0469e..84f8a56c806 100644 --- a/usr.sbin/user/user.c +++ b/usr.sbin/user/user.c @@ -1,4 +1,4 @@ -/* $OpenBSD: user.c,v 1.81 2011/04/16 07:41:08 sobrado Exp $ */ +/* $OpenBSD: user.c,v 1.82 2011/12/04 08:28:35 ajacoutot Exp $ */ /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ /* @@ -101,7 +101,8 @@ enum { F_SHELL = 0x0200, F_UID = 0x0400, F_USERNAME = 0x0800, - F_CLASS = 0x1000 + F_CLASS = 0x1000, + F_SETSECGROUP = 0x4000 }; #define CONFFILE "/etc/usermgmt.conf" @@ -1537,12 +1538,19 @@ moduser(char *login_name, char *newlogin, user_t *up) err(EXIT_FAILURE, "can't move `%s' to `%s'", homedir, pwp->pw_dir); } - if (up->u_groupc > 0 && - !append_group(newlogin, up->u_groupc, up->u_groupv)) { + if (up->u_groupc > 0) { + if ((up->u_flags & F_SETSECGROUP) && + !rm_user_from_groups(newlogin)) { + (void) close(ptmpfd); + pw_abort(); + errx(EXIT_FAILURE, "can't reset groups for `%s'", newlogin); + } + if (!append_group(newlogin, up->u_groupc, up->u_groupv)) { (void) close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't append `%s' to new groups", newlogin); + } } } (void) close(ptmpfd); @@ -1626,7 +1634,9 @@ usermgmt_usage(const char *prog) "[-G secondary-group[,group,...]]\n" " [-g gid | name | =uid] [-L login-class] " "[-l new-login]\n" - " [-p password] [-s shell] [-u uid] user\n", + " [-p password] " + "[-S secondary-group[,group,...]]\n" + " [-s shell] [-u uid] user\n", prog); } else if (strcmp(prog, "userdel") == 0) { (void) fprintf(stderr, "usage: %s -D [-p preserve-value]\n", @@ -1820,7 +1830,7 @@ usermod(int argc, char **argv) free(u.u_primgrp); u.u_primgrp = NULL; have_new_user = 0; - while ((c = getopt(argc, argv, "G:c:d:e:f:g:l:mos:u:" MOD_OPT_EXTENSIONS)) != -1) { + while ((c = getopt(argc, argv, "G:S:c:d:e:f:g:l:mos:u:" MOD_OPT_EXTENSIONS)) != -1) { switch(c) { case 'G': while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && @@ -1834,6 +1844,18 @@ usermod(int argc, char **argv) } u.u_flags |= F_SECGROUP; break; + case 'S': + while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && + u.u_groupc < NGROUPS_MAX - 2) { + if (u.u_groupv[u.u_groupc][0] != 0) { + u.u_groupc++; + } + } + if (optarg != NULL) { + warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX - 2); + } + u.u_flags |= F_SETSECGROUP; + break; case 'c': memsave(&u.u_comment, optarg, strlen(optarg)); u.u_flags |= F_COMMENT; @@ -1907,6 +1929,8 @@ usermod(int argc, char **argv) warnx("option 'm' useless without 'd' or 'l' -- ignored"); u.u_flags &= ~F_MKDIR; } + if ((u.u_flags & F_SECGROUP) && (u.u_flags & F_SETSECGROUP)) + errx(EXIT_FAILURE, "options 'G' and 'S' are mutually exclusive"); argc -= optind; argv += optind; if (argc != 1) { diff --git a/usr.sbin/user/usermod.8 b/usr.sbin/user/usermod.8 index 229b073be42..469df227f2f 100644 --- a/usr.sbin/user/usermod.8 +++ b/usr.sbin/user/usermod.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: usermod.8,v 1.26 2011/07/18 23:01:10 schwarze Exp $ +.\" $OpenBSD: usermod.8,v 1.27 2011/12/04 08:28:35 ajacoutot Exp $ .\" $NetBSD: usermod.8,v 1.17 2003/02/14 16:11:37 grant Exp $ .\" .\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. @@ -31,7 +31,7 @@ .\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" -.Dd $Mdocdate: July 18 2011 $ +.Dd $Mdocdate: December 4 2011 $ .Dt USERMOD 8 .Os .Sh NAME @@ -50,6 +50,7 @@ .Op Fl L Ar login-class .Op Fl l Ar new-login .Op Fl p Ar password +.Op Fl S Ar secondary-group Ns Op , Ns Ar group , Ns ... .Op Fl s Ar shell .Op Fl u Ar uid .Ar user @@ -101,9 +102,13 @@ See the .Fl e option. .It Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... -Sets the secondary groups the user will be a member of in the +Appends the user to the given groups in the .Pa /etc/group file. +.Fl G +and +.Fl S +are mutually exclusive. .It Xo .Fl g Ar gid | name | Li =uid .Xc @@ -171,6 +176,14 @@ file. See .Xr usermgmt.conf 5 for more details. +.It Fl S Ar secondary-group Ns Op , Ns Ar group , Ns ... +Sets the secondary groups the user will be a member of in the +.Pa /etc/group +file. +.Fl S +and +.Fl G +are mutually exclusive. .It Fl s Ar shell Specifies the login shell for the user. This value can be preset for all users |