f24ece2be933ab593606c5c2c97228770be44eec
1 #! /bin/sh
2 set -e
4 . /usr/share/debconf/confmodule
6 if [ "$1" ]; then
7 export LANG=C # avoid locale errors from perl
8 ROOT="$1"
9 chroot=chroot
10 log='log-output -t user-setup'
11 else
12 ROOT=
13 chroot=
14 log=
15 fi
17 . /usr/lib/user-setup/functions.sh
19 # Set a password, via chpasswd.
20 # Use a heredoc rather than echo, to avoid the password
21 # showing in the process table. (However, this is normally
22 # only called when first installing the system, when root has no
23 # password at all, so that should be an unnecessary precaution).
24 #
25 # Pass in three arguments: the user, the password, and 'true' if the
26 # password has been pre-crypted (by preseeding).
27 setpassword () {
28 local USER PASSWD
29 USER="$1"
30 PASSWD="$2"
32 local VERSION=$($chroot $ROOT dpkg-query -W -f '${Version}\n' passwd)
33 if $chroot $ROOT dpkg --compare-versions "$VERSION" ge "1:4.1.4-1"; then
34 # support for versions with PAM support (Squeeze)
35 if [ "$3" = true ]; then
36 $chroot $ROOT usermod --password=$PASSWD $USER
37 else
38 $chroot $ROOT chpasswd <<EOF
39 $USER:$PASSWD
40 EOF
41 fi
42 else
43 # compatibility support for versions without PAM support (Lenny)
44 local OPTS
45 if [ "$3" = true ]; then
46 OPTS=-e
47 else
48 OPTS=-m
49 fi
50 $chroot $ROOT chpasswd $OPTS <<EOF
51 $USER:$PASSWD
52 EOF
53 fi
54 }
56 # Enable/disable shadow passwords.
57 db_get passwd/shadow
58 if [ "$RET" = true ]; then
59 $log $chroot $ROOT shadowconfig on
60 else
61 $log $chroot $ROOT shadowconfig off
62 fi
64 if ! root_password; then
65 # Was the root password preseeded encrypted?
66 if db_get passwd/root-password-crypted && [ "$RET" ]; then
67 # The root password was preseeded encrypted.
68 ROOT_PW="$RET"
69 PRECRYPTED=true
70 else
71 db_get passwd/root-password
72 ROOT_PW="$RET"
73 PRECRYPTED=false
74 fi
75 # Clear the root password from the database, and set the password.
76 db_set passwd/root-password-crypted ''
77 db_set passwd/root-password ''
78 db_set passwd/root-password-again ''
79 if [ "$ROOT_PW" ]; then
80 setpassword root "$ROOT_PW" "$PRECRYPTED"
81 fi
82 ROOT_PW=
83 else
84 # Just in case, clear any preseeded root password from the database
85 # anyway.
86 db_set passwd/root-password-crypted ''
87 db_set passwd/root-password ''
88 db_set passwd/root-password-again ''
89 fi
91 db_get passwd/make-user
92 if [ "$RET" = true ] && ! is_system_user; then
93 if db_get passwd/user-password-crypted && [ "$RET" ]; then
94 USER_PW="$RET"
95 USER_PW_CRYPTED=true
96 else
97 db_get passwd/user-password
98 USER_PW="$RET"
99 USER_PW_CRYPTED=false
100 fi
102 if db_get passwd/user-uid && [ "$RET" ]; then
103 if [ -x $ROOT/usr/sbin/adduser ]; then
104 UIDOPT="--uid $RET"
105 else
106 UIDOPT="-u $RET"
107 fi
108 else
109 UIDOPT=
110 fi
112 # Add the user to the database, using adduser in noninteractive
113 # mode.
114 db_get passwd/username
115 USER="$RET"
116 db_get passwd/user-fullname
118 HOME_EXISTED=
119 if [ -d "$ROOT/home/$USER" ]; then
120 HOME_EXISTED=1
121 fi
123 if [ -x $ROOT/usr/sbin/adduser ]; then
124 $log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT "$USER" >/dev/null || true
125 else
126 $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true
127 fi
129 # Clear the user password from the database.
130 db_set passwd/user-password-crypted ''
131 db_set passwd/user-password ''
132 db_set passwd/user-password-again ''
133 setpassword "$USER" "$USER_PW" "$USER_PW_CRYPTED"
135 if [ "$HOME_EXISTED" ]; then
136 # The user's home directory already existed before we called
137 # adduser. This often means that a mount point under
138 # /home/$USER was selected in (and thus created by) partman,
139 # and the home directory may have ended up owned by root.
140 $log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
141 fi
143 if [ -n "$USER" ]; then
144 db_get passwd/user-default-groups
145 for group in $RET; do
146 $log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
147 done
148 fi
150 db_get passwd/root-login
151 if [ "$RET" = false ] && [ -n "$USER" ]; then
152 # Ensure sudo is installed, and set up the user to be able
153 # to use it.
154 if [ ! -e $ROOT/etc/sudoers ]; then
155 # try to work in d-i and out; it's better to
156 # use apt-install in d-i
157 apt-install sudo 2>/dev/null || $log $chroot $ROOT apt-get -q -y install sudo || true
158 fi
159 if [ -e $ROOT/etc/sudoers ]; then
160 # Test if we can add the user to the sudo group
161 # (possible if sudo >= 1.7.2-2 is installed on the target system)
162 # If we can, do it this way, otherwise add the user to sudoers
163 # See #597239
164 if ! $log $chroot $ROOT adduser "$USER" sudo >/dev/null 2>&1; then
165 echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers
166 fi
167 else
168 # sudo failed to install, system won't be usable
169 exit 1
170 fi
171 # Configure gksu to use sudo, via an alternative, if it's
172 # installed and the alternative is registered.
173 if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
174 $log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
175 $log $chroot $ROOT update-gconf-defaults || true
176 fi
177 # Configure aptitude to use sudo.
178 echo 'Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";' > $ROOT/etc/apt/apt.conf.d/00aptitude
179 fi
180 else
181 # Just in case, clear any preseeded user password from the database
182 # anyway.
183 db_set passwd/user-password-crypted ''
184 db_set passwd/user-password ''
185 db_set passwd/user-password-again ''
186 fi
188 exit 0