# dist: used on linux for the distro.
# LOGFILE: a log file we append to
# os: Linux, Darwin, SunOS, `uname`...
+# wanted_shell: Linux/SunOS/OSX all keep them in different places
# SYSCONFDIR: location of system config files (ie, /etc)
# LOGDIR: logging directory for amanda
case $os in
Linux|SunOS)
# Create the amanda user with a specific uid on deb systems
- if [ ${dist} = "Debian" -o ${dist} = "Ubuntu" ] ; then
+ if [ "x${dist}" = "xDebian" ] || [ "x${dist}" = "xUbuntu" ] ; then
uid_flag="-u ${deb_uid}"
else
uid_flag=
-g ${amanda_group} \
${uid_flag} \
-d ${AMANDAHOMEDIR} \
- -s /bin/bash ${amanda_user} || \
+ -s ${wanted_shell} ${amanda_user} || \
{ logger "WARNING: Could not create user ${amanda_user}. Installation will fail." ; return 1 ; }
- r=`uname -r`
- if [ "$os" = "Linux"] && [ ${dist} != "SuSE" ]; then
+ logger "Created ${amanda_user} with blank password."
+
+ if [ "x$os" = "xLinux" ] && [ "x${dist}" != "xSuSE" ]; then
# Lock the amanda account until admin sets password
- log_output_of passwd -l ${amanda_user} || { \
+ log_output_of passwd -l ${amanda_user} && { \
+ logger "${info_create_user_success}"
+ logger "${info_unlock_account}"
+ } || { \
logger "${warning_user_passwd}"; }
fi
- if [ "$os" = "SunOS" ]; then
+ if [ "x$os" = "xSunOS" ]; then
+ r=`uname -r`
case $r in
- 5.8|5.9) log_output_of passwd -l ${amanda_user};;
+ 5.8|5.9) log_output_of passwd -l ${amanda_user} ;;
5.10) # Special login-lock, while allowing execution.
- log_ouptut_of passwd -N ${amanda_user} || { \
+ log_output_of passwd -N ${amanda_user} && { \
+ logger "${info_create_user_success_sol}"
+ logger "${info_unlock_account}"
+ } || { \
logger "${warning_user_passwd}"; }
;;
esac
fi
- logger "${info_create_user_success}"
else
# The user already existed
- logger "${info_user_params}"
+ logger "The Amanda user '${amanda_user}' exists on this system."
fi
;;
Darwin) : #TODO
esac
}
+add_profiles() {
+ # Solaris only: Add a comma separated list of rights profiles to the
+ # $amanda_user. Replaces any existing profiles listed on the account.
+ log_output_of usermod -P "\"$*\"" ${amanda_user} || {
+ logger "Warning: Rights profiles were not added. Some types of backup may not work until these rights profiles are givent to ${amanda_backup}: '$*'"
+ return 1; }
+}
+
add_group() {
- # Try to add the group, detect via return code if it already exists.
- # This works on linux and solaris...
- log_output_of groupadd ${1}
+ # First, try to add the group, detect via return code if it
+ # already exists. Then add ${amanda_user} to the group without
+ # checking if account is already a member. (check_user should
+ # already have been called).
+ #
+ # Works on linux and solaris. OSX has different tools.
+
+ [ "x${1}" = "x" ] && { logger "Error: first argument was not a group to add." ; return 1 ; }
+ group_to_add=${1}
+ log_output_of groupadd ${group_to_add}
+ rc=$?
# return of 0 means group was added; 9 means group existed.
- if [ $? = "0" ] || [ $? = "9" ]; then
- logger "Adding ${amanda_user} to ${1}"
- case $os in
- Linux) um_flags="-a -G";;
- # Solaris does not have -a flag.
- SunOS) um_flags="-G `groups ${amanda_user}`";;
- esac
+ if [ $rc -eq 0 ] || [ $rc -eq 9 ]; then
+ logger "Adding ${amanda_user} to ${group_to_add}"
+ # Generate a comma separated list of existing supplemental groups.
+ # Linux prefaces output with '<username> : '.
+ existing_sup_groups=`groups ${amanda_user}|sed 's/.*: //;s/ /,/g'`
+ # usermod append is -A on Suse, all other linux use -a, and
+ # -A means something else entirely on solaris. So we just use
+ # -G, and append a list of the current groups from id.
# So far, all linux distros have usermod
- log_output_of usermod -a -G ${1} ${amanda_user} || \
- { logger "${error_group_member}" ; return 1 ; }
+ log_output_of usermod -G ${existing_sup_groups},${group_to_add} ${amanda_user} || { \
+ logger "Nonfatal ERROR: Failed to add ${group_to_add}."
+ logger "${error_group_member}" ; return 1 ; }
else
- logger "Error: groupadd failed in an unexpected way."
+ logger "Error: groupadd failed in an unexpected way. return code='$rc'"
return 1
fi
}
-check_user() {
- # Check parameters of ${amanda_user}'s account.
- # $1= user field $2= value to check
- # group, shell, homedir, UID are valid for $1.
- # group: checks the system group file for ${amanda_user}'s
- # membership in the group named $2.
- # shell: confirms the passwd file's shell field for
- # ${amanda_user} is $2
- # homedir: confirm the passwd file's homedir field for
- # ${amanda_user} is $2
- # UID: confirm that ${amanda_user}'s UID is $2.
- #
- # Extra information about the failed check is written to the log.
- #
- # Return codes:
- # 0 = success
- # 1 = error
- # 2 = usage error
+
+# All check_user_* functions check various parameters of ${amanda_user}'s
+# account. Return codes:
+# 0 = success
+# 1 = error
+# 2 = usage or other error. more info will be logged
+
+check_user_group() {
+ # checks the system group file for ${amanda_user}'s membership in
+ # the group named $1.
err=0
- if [ ! $# -eq 2 ]; then
- echo "check_user(): Wrong number of parameters"
- return 2
+ [ "x" = "x$1" ] && { logger "check_user_group: no group given"; return 1; }
+ logger "Verify ${amanda_user}'s primary group = $1 "
+ # Check if the group exists, disregarding membership.
+ group_entry=`grep "^${2}" ${SYSCONFDIR}/group 2> /dev/null`
+ if [ ! "x" = "x${group_entry}" ]; then
+ # Assume the user exists, and check the user's primary group.
+ GROUP=`id ${amanda_user} 2> /dev/null |\
+ cut -d " " -f 2 |\
+ sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'`
+ if [ ! "x${GROUP}" = "x${1}" ] ; then
+ logger "${amanda_user} not a member of ${1}"
+ err=1
+ fi
+ else
+ logger "User's primary group '${1}' does not exist"
+ err=1
fi
- logger "Verify ${amanda_user}'s $1 = $2 "
- case $1 in
- "group")
- # Check if the group exists, disregarding membership.
- if `grep "^${2}" ${SYSCONFDIR}/group > /dev/null` ; then
- # Assume the user exists, and check the user's primary group.
- GROUP=`id ${amanda_user} 2> /dev/null | sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'`
- if [ ! "x${GROUP}" = "x${2}" ] ; then
- logger "${amanda_user} not a member of ${2}"
- err=1
- fi
- else
- logger "User group '${2}' does not exist"
- err=1
- fi
- ;;
- "group-sup*")
- # Check if a supplementary group exists.
- SUP_MEM=`awk -F: "\$1 ~ ${2} { print \$4; }" 2> /dev/null`
- if [ -n "$SUP_MEM" ] ; then
- # Check if our user is a member.
- if echo "${SUP_MEM}"|grep "${amanda_user}" &> /dev/null ; then
- :
- else
- logger "${amanda_user} is not a member of supplemental group ${2}."
- err=1
- fi
- else
- logger "Supplemental group ${2} does not exist"
- err=1
- fi
+ return $err
+}
+
+check_user_supplemental_group() {
+ # Checks for the group ${1}, and adds ${amanda_user} if missing.
+ # Other groups are preserved.
+ err=0
+ [ "x" = "x$1" ] && { logger "check_user_supplemental_group: no supplemental group given"; return 1; }
+ sup_group=${1}
+ logger "Verify ${amanda_user} is a member of ${sup_group}."
+ # First, check if the supplementary group exists.
+ sup_group_entry=`grep "${sup_group}" ${SYSCONFDIR}/group 2>/dev/null`
+ if [ ! "x" = "x${sup_group_entry}" ]; then
+ SUP_MEM=`echo ${sup_group_entry} | cut -d: -f4`
+ # Check if our user is a member.
+ case ${SUP_MEM} in
+ *${amanda_user}*) : ;;
+ *)
+ logger "${amanda_user} is not a member of supplemental group ${sup_group}."
+ err=1
;;
- "shell")
- SHELL=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7`
- wanted_shell=$2; export wanted_shell
- if [ ! "x${SHELL}" = "x${2}" ] ; then
- logger "${warning_user_shell}"
- err=1
- fi
- ;;
- "homedir")
- HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6`
- if [ ! "x${HOMEDIR}" = "x${2}" ] ; then
- logger "${warning_user_homedir}"
- err=1
- fi
- ;;
- "UID")
- # Debian systems must use a specific UID
- ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'`
- if [ ! "${ID}" -eq "${2}" ] ; then
- checked_uid=${2}; export checked_uid
- logger "${warning_user_uid_debian}"
- err=1
- fi
- ;;
- *)
- echo "check_user(): unknown user parameter."
- err=2
- ;;
- esac
-
+ esac
+ else
+ logger "Supplemental group ${sup_group} does not exist"
+ err=1
+ fi
return $err
}
+check_user_shell() {
+ # Confirms the passwd file's shell field for ${amanda_user} is $1
+ [ "x" = "x$1" ] && { logger "check_user_shell: no shell given"; return 1; }
+ wanted_shell=$1; export wanted_shell
+ logger "Verify ${amanda_user}'s shell is ${wanted_shell}."
+ real_shell=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7`
+ export real_shell
+ if [ ! "x${real_shell}" = "x${wanted_shell}" ] ; then
+ logger "WARNING: ${amanda_user} default shell= ${wanted_shell}"
+ logger "WARNING: ${amanda_user} existing shell: ${real_shell}"
+ logger "${warning_user_shell}"
+ return 1
+ fi
+}
+
+check_user_homedir() {
+ # Confirm the passwd file's homedir field for ${amanda_user} is $1
+ [ "x" = "x$1" ] && { logger "check_user_homedir: no homedir given"; return 1; }
+ HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6`
+ if [ ! "x${HOMEDIR}" = "x${1}" ] ; then
+ logger "${warning_user_homedir}"
+ return 1
+ fi
+}
+
+check_user_uid() {
+ # Confirm that ${amanda_user}'s UID is $1.
+ # Debian systems must use a specific UID
+ [ "x" = "x$1" ] && { logger "check_user_uid: no uid given"; return 1; }
+ ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'`
+ if [ ! ${ID} -eq ${1} ] ; then
+ checked_uid=${1}; export checked_uid
+ logger "${warning_user_uid_debian}"
+ return 1
+ fi
+}
+
check_homedir() {
# Checks that the homedir has correct permissions and belongs to correct
# user. Uses $amanda_user and $amanda_group.
if [ -d ${AMANDAHOMEDIR} ] ; then
OWNER_GROUP=`ls -dl ${AMANDAHOMEDIR} | awk '{ print $3" "$4; }'`
- [ "$OWNER_GROUP" = "${amanda_user} ${amanda_group}" ] || \
+ [ "x$OWNER_GROUP" = "x${amanda_user} ${amanda_group}" ] || \
logger "${warning_homedir_owner}"
return $?
else
# Info, Warning, and Error strings used by the installer
-info_create_user_success="The '${amanda_user}' user account has been successfully created.
- Furthermore, the account has been automatically locked for you for security
- purposes. Once a password for the '${amanda_user}' account has been set,
- the user can be unlocked by issuing the following command as root.:
+info_create_user_success="NOTE: Set a password and unlock the ${amanda_user} account before
+ running Amanda."
+
+info_create_user_success_sol="NOTE: Account is set as non-login. If interactive login
+is required: a password must be set, and the account activated for login."
+
+info_unlock_account=" The superuser can unlock the account by running:
# passwd -u ${amanda_user}
+"
+
+info_existing_installs="Pre-existing Amanda installations must confirm:
+ -${SYSCONFDIR}/amanda/* should have 'dumpuser' set to '${amanda_user}'.
+ -${AMANDAHOMEDIR}/.amandahosts on client systems should allow connections by
+ '${amanda_user}'."
+
+warning_user_password="WARNING: '${amanda_user}' no password. An error occured when locking the
+ account. SET A PASSWORD NOW:
+
+ # passwd ${amanda_user}"
+
+error_group_member="Nonfatal ERROR: Amanda will not run until '${amanda_user}' is a member the
+ preceeding group. Install will continue..."
+
+warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell. Other shells have not been tested."
+
+warning_user_homedir="WARNING: The user '${amanda_user}' must have its home directory set to
+'${AMANDAHOMEDIR}' Please correct before using Amanda."
+
+warning_user_uid_debian="WARNING: Debian packages were built assuming that ${amanda_user}
+uid = ${checked_uid}. The uid of ${amanda_user} is different on this system. Files
+owned by ${checked_uid} must be chowned to ${amanda_user}."
- If this is not a new installation of Amanda and you have pre-existing Amanda
- configurations in ${SYSCONFDIR}/amanda you should ensure that 'dumpuser'
- is set to '${amanda_user}' in those configurations. Additionally, you
- should ensure that ${AMANDAHOMEDIR}/.amandahosts on your client systems
- is properly configured to allow connections for the user '${amanda_user}'."
-
-warning_user_password="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!!
-!!! !!!
-!!! The '${amanda_user}' user account for this system has been !!!
-!!! created, however the user has no password set. For !!!
-!!! security purposes this account is normally locked after !!!
-!!! creation. Unfortunately, when locking this account an !!!
-!!! error occurred. To ensure the security of your system, !!!
-!!! you should set a password for the user account !!!
-!!! '${amanda_user}' immediately! To set such a password, !!!
-!!! please issue the following command: !!!
-!!! !!!
-!!! # passwd ${amanda_user} !!!
-!!! !!!
-!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!"
-
-info_user_params="The Amanda backup software is configured to operate as the user
- '${amanda_user}'. This user exists on your system and has not been modified.
- To ensure that Amanda functions properly, please see that the following
- parameters are set for that user:
- SHELL: /bin/bash
- HOME: ${AMANDAHOMEDIR}
- Default group: ${amanda_group}"
-
-error_group_member="!!! Nonfatal ERROR. Nonfatal ERROR. !!!
-!!! user '${amanda_user}' is not part of the '${amanda_group}' group, !!!
-!!! Amanda will not run until '${amanda_user}' is a member of '${amanda_group}'. !!!
-!!! Nonfatal ERROR. Nonfatal ERROR. Nonfatal Error. !!!"
-
-warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell.
-the default shell is ${wanted_shell}. Other shells have not been tested."
-
-warning_user_homedir="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!!
-!!! The user '${amanda_user}' must have its home directory set to !!!
-!!! '${AMANDAHOMEDIR}' Please correct before using Amanda !!!
-!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!"
-
-warning_user_uid_debian="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!!
-!!! Debian packages were built assuming that ${amanda_user} !!!
-!!! uid = ${checked_uid}. The uid of ${amanda_user} is different !!!
-!!! different on this system. Files owned by ${checked_uid} must !!!
-!!! be chowned to ${amanda_user}. !!!
-!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!"
-
-warning_homedir_owner="!!! Please ensure that the directory '${AMANDAHOMEDIR}' is owned by !!!
-!!! the user '${amanda_user}' and group '${amanda_group}'. !!!"
+warning_homedir_owner="WARNING: The ${amanda_user}'s home directory,'${AMANDAHOMEDIR}' ownership must be changed to '${amanda_user}:${amanda_group}'. "
# --------------- End included Functions -----------------