X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=packaging%2Fcommon%2Fpre_inst_functions.sh;fp=packaging%2Fcommon%2Fpre_inst_functions.sh;h=c2aecac13daf17cf7a14861cba3d6a25833689d2;hb=949b8910a5e23c4285d0b1aedacfc82a14dc97a5;hp=878a8afd14b315fad9d0536b3608ab64f874a0a8;hpb=c6f0a88c567f8536c498f554285aed1f8150da18;p=debian%2Famanda diff --git a/packaging/common/pre_inst_functions.sh b/packaging/common/pre_inst_functions.sh index 878a8af..c2aecac 100644 --- a/packaging/common/pre_inst_functions.sh +++ b/packaging/common/pre_inst_functions.sh @@ -9,6 +9,7 @@ # dist: used on linux for the distro. # LOGFILE: a log file we append to # os: Linux, Darwin, SunOS, `uname`... +# wanted_shell: Linux/SunOS/OSX all keep them in different places # SYSCONFDIR: location of system config files (ie, /etc) # LOGDIR: logging directory for amanda @@ -21,7 +22,7 @@ create_user() { case $os in Linux|SunOS) # Create the amanda user with a specific uid on deb systems - if [ ${dist} = "Debian" -o ${dist} = "Ubuntu" ] ; then + if [ "x${dist}" = "xDebian" ] || [ "x${dist}" = "xUbuntu" ] ; then uid_flag="-u ${deb_uid}" else uid_flag= @@ -36,28 +37,35 @@ create_user() { -g ${amanda_group} \ ${uid_flag} \ -d ${AMANDAHOMEDIR} \ - -s /bin/bash ${amanda_user} || \ + -s ${wanted_shell} ${amanda_user} || \ { logger "WARNING: Could not create user ${amanda_user}. Installation will fail." ; return 1 ; } - r=`uname -r` - if [ "$os" = "Linux"] && [ ${dist} != "SuSE" ]; then + logger "Created ${amanda_user} with blank password." + + if [ "x$os" = "xLinux" ] && [ "x${dist}" != "xSuSE" ]; then # Lock the amanda account until admin sets password - log_output_of passwd -l ${amanda_user} || { \ + log_output_of passwd -l ${amanda_user} && { \ + logger "${info_create_user_success}" + logger "${info_unlock_account}" + } || { \ logger "${warning_user_passwd}"; } fi - if [ "$os" = "SunOS" ]; then + if [ "x$os" = "xSunOS" ]; then + r=`uname -r` case $r in - 5.8|5.9) log_output_of passwd -l ${amanda_user};; + 5.8|5.9) log_output_of passwd -l ${amanda_user} ;; 5.10) # Special login-lock, while allowing execution. - log_ouptut_of passwd -N ${amanda_user} || { \ + log_output_of passwd -N ${amanda_user} && { \ + logger "${info_create_user_success_sol}" + logger "${info_unlock_account}" + } || { \ logger "${warning_user_passwd}"; } ;; esac fi - logger "${info_create_user_success}" else # The user already existed - logger "${info_user_params}" + logger "The Amanda user '${amanda_user}' exists on this system." fi ;; Darwin) : #TODO @@ -66,120 +74,136 @@ create_user() { } add_group() { - # Try to add the group, detect via return code if it already exists. - # This works on linux and solaris... - log_output_of groupadd ${1} + # First, try to add the group, detect via return code if it + # already exists. Then add ${amanda_user} to the group without + # checking if account is already a member. (check_user should + # already have been called). + # + # Works on linux and solaris. OSX has different tools. + + [ "x${1}" = "x" ] && { logger "Error: first argument was not a group to add." ; return 1 ; } + group_to_add=${1} + log_output_of groupadd ${group_to_add} + rc=$? # return of 0 means group was added; 9 means group existed. - if [ $? = "0" ] || [ $? = "9" ]; then - logger "Adding ${amanda_user} to ${1}" - case $os in - Linux) um_flags="-a -G";; - # Solaris does not have -a flag. - SunOS) um_flags="-G `groups ${amanda_user}`";; - esac + if [ $rc -eq 0 ] || [ $rc -eq 9 ]; then + logger "Adding ${amanda_user} to ${group_to_add}" + # Generate a comma separated list of existing supplemental groups. + # Linux prefaces output with ' : '. + existing_sup_groups=`groups ${amanda_user}|sed 's/.*: //;s/ /,/g'` + # usermod append is -A on Suse, all other linux use -a, and + # -A means something else entirely on solaris. So we just use + # -G, and append a list of the current groups from id. # So far, all linux distros have usermod - log_output_of usermod -a -G ${1} ${amanda_user} || \ - { logger "${error_group_member}" ; return 1 ; } + log_output_of usermod -G ${existing_sup_groups},${group_to_add} ${amanda_user} || { \ + logger "Nonfatal ERROR: Failed to add ${group_to_add}." + logger "${error_group_member}" ; return 1 ; } else - logger "Error: groupadd failed in an unexpected way." + logger "Error: groupadd failed in an unexpected way. return code='$rc'" return 1 fi } -check_user() { - # Check parameters of ${amanda_user}'s account. - # $1= user field $2= value to check - # group, shell, homedir, UID are valid for $1. - # group: checks the system group file for ${amanda_user}'s - # membership in the group named $2. - # shell: confirms the passwd file's shell field for - # ${amanda_user} is $2 - # homedir: confirm the passwd file's homedir field for - # ${amanda_user} is $2 - # UID: confirm that ${amanda_user}'s UID is $2. - # - # Extra information about the failed check is written to the log. - # - # Return codes: - # 0 = success - # 1 = error - # 2 = usage error + +# All check_user_* functions check various parameters of ${amanda_user}'s +# account. Return codes: +# 0 = success +# 1 = error +# 2 = usage or other error. more info will be logged + +check_user_group() { + # checks the system group file for ${amanda_user}'s membership in + # the group named $1. err=0 - if [ ! $# -eq 2 ]; then - echo "check_user(): Wrong number of parameters" - return 2 + [ "x" = "x$1" ] && { logger "check_user_group: no group given"; return 1; } + logger "Verify ${amanda_user}'s primary group = $1 " + # Check if the group exists, disregarding membership. + group_entry=`grep "^${2}" ${SYSCONFDIR}/group 2> /dev/null` + if [ ! "x" = "x${group_entry}" ]; then + # Assume the user exists, and check the user's primary group. + GROUP=`id ${amanda_user} 2> /dev/null |\ + cut -d " " -f 2 |\ + sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'` + if [ ! "x${GROUP}" = "x${1}" ] ; then + logger "${amanda_user} not a member of ${1}" + err=1 + fi + else + logger "User's primary group '${1}' does not exist" + err=1 fi - logger "Verify ${amanda_user}'s $1 = $2 " - case $1 in - "group") - # Check if the group exists, disregarding membership. - if `grep "^${2}" ${SYSCONFDIR}/group > /dev/null` ; then - # Assume the user exists, and check the user's primary group. - GROUP=`id ${amanda_user} 2> /dev/null | sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'` - if [ ! "x${GROUP}" = "x${2}" ] ; then - logger "${amanda_user} not a member of ${2}" - err=1 - fi - else - logger "User group '${2}' does not exist" - err=1 - fi - ;; - "group-sup*") - # Check if a supplementary group exists. - SUP_MEM=`awk -F: "\$1 ~ ${2} { print \$4; }" 2> /dev/null` - if [ -n "$SUP_MEM" ] ; then - # Check if our user is a member. - if echo "${SUP_MEM}"|grep "${amanda_user}" &> /dev/null ; then - : - else - logger "${amanda_user} is not a member of supplemental group ${2}." - err=1 - fi - else - logger "Supplemental group ${2} does not exist" - err=1 - fi + return $err +} + +check_user_supplemental_group() { + # Checks for the group ${1}, and adds ${amanda_user} if missing. + # Other groups are preserved. + err=0 + [ "x" = "x$1" ] && { logger "check_user_supplemental_group: no supplemental group given"; return 1; } + sup_group=${1} + logger "Verify ${amanda_user} is a member of ${sup_group}." + # First, check if the supplementary group exists. + sup_group_entry=`grep "${sup_group}" ${SYSCONFDIR}/group 2>/dev/null` + if [ ! "x" = "x${sup_group_entry}" ]; then + SUP_MEM=`echo ${sup_group_entry} | cut -d: -f4` + # Check if our user is a member. + case ${SUP_MEM} in + *${amanda_user}*) : ;; + *) + logger "${amanda_user} is not a member of supplemental group ${sup_group}." + err=1 ;; - "shell") - SHELL=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7` - wanted_shell=$2; export wanted_shell - if [ ! "x${SHELL}" = "x${2}" ] ; then - logger "${warning_user_shell}" - err=1 - fi - ;; - "homedir") - HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6` - if [ ! "x${HOMEDIR}" = "x${2}" ] ; then - logger "${warning_user_homedir}" - err=1 - fi - ;; - "UID") - # Debian systems must use a specific UID - ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'` - if [ ! "${ID}" -eq "${2}" ] ; then - checked_uid=${2}; export checked_uid - logger "${warning_user_uid_debian}" - err=1 - fi - ;; - *) - echo "check_user(): unknown user parameter." - err=2 - ;; - esac - + esac + else + logger "Supplemental group ${sup_group} does not exist" + err=1 + fi return $err } +check_user_shell() { + # Confirms the passwd file's shell field for ${amanda_user} is $1 + [ "x" = "x$1" ] && { logger "check_user_shell: no shell given"; return 1; } + wanted_shell=$1; export wanted_shell + logger "Verify ${amanda_user}'s shell is ${wanted_shell}." + real_shell=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7` + export real_shell + if [ ! "x${real_shell}" = "x${wanted_shell}" ] ; then + logger "WARNING: ${amanda_user} default shell= ${wanted_shell}" + logger "WARNING: ${amanda_user} existing shell: ${real_shell}" + logger "${warning_user_shell}" + return 1 + fi +} + +check_user_homedir() { + # Confirm the passwd file's homedir field for ${amanda_user} is $1 + [ "x" = "x$1" ] && { logger "check_user_homedir: no homedir given"; return 1; } + HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6` + if [ ! "x${HOMEDIR}" = "x${1}" ] ; then + logger "${warning_user_homedir}" + return 1 + fi +} + +check_user_uid() { + # Confirm that ${amanda_user}'s UID is $1. + # Debian systems must use a specific UID + [ "x" = "x$1" ] && { logger "check_user_uid: no uid given"; return 1; } + ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'` + if [ ! ${ID} -eq ${1} ] ; then + checked_uid=${1}; export checked_uid + logger "${warning_user_uid_debian}" + return 1 + fi +} + check_homedir() { # Checks that the homedir has correct permissions and belongs to correct # user. Uses $amanda_user and $amanda_group. if [ -d ${AMANDAHOMEDIR} ] ; then OWNER_GROUP=`ls -dl ${AMANDAHOMEDIR} | awk '{ print $3" "$4; }'` - [ "$OWNER_GROUP" = "${amanda_user} ${amanda_group}" ] || \ + [ "x$OWNER_GROUP" = "x${amanda_user} ${amanda_group}" ] || \ logger "${warning_homedir_owner}" return $? else @@ -218,63 +242,39 @@ create_logdir() { # Info, Warning, and Error strings used by the installer -info_create_user_success="The '${amanda_user}' user account has been successfully created. - Furthermore, the account has been automatically locked for you for security - purposes. Once a password for the '${amanda_user}' account has been set, - the user can be unlocked by issuing the following command as root.: +info_create_user_success="NOTE: Set a password and unlock the ${amanda_user} account before + running Amanda." + +info_create_user_success_sol="NOTE: Account is set as non-login. If interactive login +is required: a password must be set, and the account activated for login." + +info_unlock_account=" The superuser can unlock the account by running: # passwd -u ${amanda_user} +" - If this is not a new installation of Amanda and you have pre-existing Amanda - configurations in ${SYSCONFDIR}/amanda you should ensure that 'dumpuser' - is set to '${amanda_user}' in those configurations. Additionally, you - should ensure that ${AMANDAHOMEDIR}/.amandahosts on your client systems - is properly configured to allow connections for the user '${amanda_user}'." +info_existing_installs="Pre-existing Amanda installations must confirm: + -${SYSCONFDIR}/amanda/* should have 'dumpuser' set to '${amanda_user}'. + -${AMANDAHOMEDIR}/.amandahosts on client systems should allow connections by + '${amanda_user}'." -warning_user_password="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!! -!!! !!! -!!! The '${amanda_user}' user account for this system has been !!! -!!! created, however the user has no password set. For !!! -!!! security purposes this account is normally locked after !!! -!!! creation. Unfortunately, when locking this account an !!! -!!! error occurred. To ensure the security of your system, !!! -!!! you should set a password for the user account !!! -!!! '${amanda_user}' immediately! To set such a password, !!! -!!! please issue the following command: !!! -!!! !!! -!!! # passwd ${amanda_user} !!! -!!! !!! -!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!" +warning_user_password="WARNING: '${amanda_user}' no password. An error occured when locking the + account. SET A PASSWORD NOW: -info_user_params="The Amanda backup software is configured to operate as the user - '${amanda_user}'. This user exists on your system and has not been modified. - To ensure that Amanda functions properly, please see that the following - parameters are set for that user: - SHELL: /bin/bash - HOME: ${AMANDAHOMEDIR} - Default group: ${amanda_group}" + # passwd ${amanda_user}" -error_group_member="!!! Nonfatal ERROR. Nonfatal ERROR. !!! -!!! user '${amanda_user}' is not part of the '${amanda_group}' group, !!! -!!! Amanda will not run until '${amanda_user}' is a member of '${amanda_group}'. !!! -!!! Nonfatal ERROR. Nonfatal ERROR. Nonfatal Error. !!!" +error_group_member="Nonfatal ERROR: Amanda will not run until '${amanda_user}' is a member the + preceeding group. Install will continue..." -warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell. -the default shell is ${wanted_shell}. Other shells have not been tested." +warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell. Other shells have not been tested." -warning_user_homedir="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!! -!!! The user '${amanda_user}' must have its home directory set to !!! -!!! '${AMANDAHOMEDIR}' Please correct before using Amanda !!! -!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!" +warning_user_homedir="WARNING: The user '${amanda_user}' must have its home directory set to +'${AMANDAHOMEDIR}' Please correct before using Amanda." -warning_user_uid_debian="!!! WARNING! WARNING! WARNING! WARNING! WARNING! !!! -!!! Debian packages were built assuming that ${amanda_user} !!! -!!! uid = ${checked_uid}. The uid of ${amanda_user} is different !!! -!!! different on this system. Files owned by ${checked_uid} must !!! -!!! be chowned to ${amanda_user}. !!! -!!! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! !!!" +warning_user_uid_debian="WARNING: Debian packages were built assuming that ${amanda_user} +uid = ${checked_uid}. The uid of ${amanda_user} is different on this system. Files +owned by ${checked_uid} must be chowned to ${amanda_user}." -warning_homedir_owner="!!! Please ensure that the directory '${AMANDAHOMEDIR}' is owned by !!! -!!! the user '${amanda_user}' and group '${amanda_group}'. !!!" +warning_homedir_owner="WARNING: The ${amanda_user}'s home directory,'${AMANDAHOMEDIR}' ownership must be changed to '${amanda_user}:${amanda_group}'. " # --------------- End included Functions -----------------