10
13
* 2. Redistributions in binary form must reproduce the above copyright
11
14
* notice, this list of conditions and the following disclaimer in the
12
15
* documentation and/or other materials provided with the distribution.
13
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
14
* may be used to endorse or promote products derived from this software
15
* without specific prior written permission.
16
* 3. The name of the copyright holders or contributors may not be used to
17
* endorse or promote products derived from this software without
18
* specific prior written permission.
17
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
18
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
21
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
33
#include <config.h>
32
#ident "$Id: useradd.c 1891 2008-03-08 22:44:53Z nekral-guest $"
35
#ident "$Id: useradd.c 2691 2009-04-15 21:14:08Z nekral-guest $"
34
37
#include <assert.h>
101
108
static const char *user_home = "";
102
109
static const char *user_shell = "";
103
110
static const char *create_mail_spool = "";
112
static const char *user_selinux = "";
105
115
static long user_expire = -1;
106
static int is_shadow_pwd;
116
static bool is_shadow_pwd;
109
static int is_shadow_grp;
110
static int gshadow_locked = 0;
119
static bool is_shadow_grp;
120
static bool sgr_locked = false;
112
static int passwd_locked = 0;
113
static int group_locked = 0;
114
static int shadow_locked = 0;
122
static bool pw_locked = false;
123
static bool gr_locked = false;
124
static bool spw_locked = false;
115
125
static char **user_groups; /* NULL-terminated list */
116
126
static long sys_ngroups;
117
static int do_grp_update = 0; /* group files need to be updated */
122
bflg = 0, /* new default root of home directory */
123
cflg = 0, /* comment (GECOS) field for new account */
124
dflg = 0, /* home directory for new account */
125
Dflg = 0, /* set/show new user default values */
126
eflg = 0, /* days since 1970-01-01 when account is locked */
127
fflg = 0, /* days until account with expired password is locked */
128
gflg = 0, /* primary group ID for new account */
129
Gflg = 0, /* secondary group set for new account */
130
kflg = 0, /* specify a directory to fill new user directory */
131
lflg = 0, /* do not add user to lastlog database file */
132
mflg = 0, /* create user's home directory if it doesn't exist */
133
Nflg = 0, /* do not create a group having the same name as the user, but add the user to def_group (or the group specified with -g) */
134
oflg = 0, /* permit non-unique user ID to be specified with -u */
135
rflg = 0, /* create a system account */
136
sflg = 0, /* shell program for new account */
137
uflg = 0, /* specify user ID for new account */
138
Uflg = 0; /* create a group having the same name as the user */
140
static int home_added;
127
static bool do_grp_update = false; /* group files need to be updated */
130
bflg = false, /* new default root of home directory */
131
cflg = false, /* comment (GECOS) field for new account */
132
dflg = false, /* home directory for new account */
133
Dflg = false, /* set/show new user default values */
134
eflg = false, /* days since 1970-01-01 when account is locked */
135
fflg = false, /* days until account with expired password is locked */
136
gflg = false, /* primary group ID for new account */
137
Gflg = false, /* secondary group set for new account */
138
kflg = false, /* specify a directory to fill new user directory */
139
lflg = false, /* do not add user to lastlog/faillog databases */
140
mflg = false, /* create user's home directory if it doesn't exist */
141
Mflg = false, /* do not create user's home directory even if CREATE_HOME is set */
142
Nflg = false, /* do not create a group having the same name as the user, but add the user to def_group (or the group specified with -g) */
143
oflg = false, /* permit non-unique user ID to be specified with -u */
144
rflg = false, /* create a system account */
145
sflg = false, /* shell program for new account */
146
uflg = false, /* specify user ID for new account */
147
Uflg = false, /* create a group having the same name as the user */
148
Zflg = false; /* new selinux user */
150
static bool home_added = false;
143
153
* exit status values
164
174
/* local function prototypes */
165
175
static void fail_exit (int);
166
static struct group *getgr_nam_gid (const char *);
167
static long get_number (const char *);
168
static uid_t get_uid (const char *);
169
176
static void get_defaults (void);
170
177
static void show_defaults (void);
171
178
static int set_defaults (void);
172
179
static int get_groups (char *);
173
180
static void usage (void);
174
181
static void new_pwent (struct passwd *);
183
static void selinux_update_mapping (void);
176
186
static long scale_age (long);
177
187
static void new_spent (struct spwd *);
192
202
static void fail_exit (int code)
195
205
rmdir (user_home);
209
if (spw_unlock () == 0) {
210
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
211
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
213
audit_logger (AUDIT_ADD_USER, Prog,
214
"unlocking shadow file",
215
user_name, AUDIT_NO_ID,
216
SHADOW_AUDIT_FAILURE);
222
if (pw_unlock () == 0) {
223
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
224
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
226
audit_logger (AUDIT_ADD_USER, Prog,
227
"unlocking passwd file",
228
user_name, AUDIT_NO_ID,
229
SHADOW_AUDIT_FAILURE);
235
if (gr_unlock () == 0) {
236
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
237
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
239
audit_logger (AUDIT_ADD_USER, Prog,
240
"unlocking group file",
241
user_name, AUDIT_NO_ID,
242
SHADOW_AUDIT_FAILURE);
207
if (gshadow_locked) {
249
if (sgr_unlock () == 0) {
250
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
251
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
253
audit_logger (AUDIT_ADD_USER, Prog,
254
"unlocking gshadow file",
255
user_name, AUDIT_NO_ID,
256
SHADOW_AUDIT_FAILURE);
212
263
#ifdef WITH_AUDIT
213
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
264
audit_logger (AUDIT_ADD_USER, Prog,
266
user_name, AUDIT_NO_ID,
267
SHADOW_AUDIT_FAILURE);
216
SYSLOG ((LOG_INFO, "failed adding user `%s', data deleted", user_name));
269
SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
220
static struct group *getgr_nam_gid (const char *grname)
225
gid = strtol (grname, &errptr, 10);
226
if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0)
227
return xgetgrgid (gid);
228
return xgetgrnam (grname);
231
static long get_number (const char *numstr)
236
val = strtol (numstr, &errptr, 10);
237
if (*errptr || errno == ERANGE) {
238
fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog,
245
static uid_t get_uid (const char *uidstr)
250
val = strtol (uidstr, &errptr, 10);
251
if (*errptr || errno == ERANGE || val < 0) {
253
_("%s: invalid numeric argument '%s'\n"), Prog,
260
273
#define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0)
276
289
* Open the defaults file for reading.
279
if (!(fp = fopen (def_file, "r")))
292
fp = fopen (def_file, "r");
283
298
* Read the file a line at a time. Only the lines that have relevant
284
299
* values are used, everything else can be ignored.
286
while (fgets (buf, sizeof buf, fp)) {
287
if ((cp = strrchr (buf, '\n')))
301
while (fgets (buf, (int) sizeof buf, fp) == buf) {
302
cp = strrchr (buf, '\n');
290
if (!(cp = strchr (buf, '=')))
307
cp = strchr (buf, '=');
296
315
* Primary GROUP identifier
298
317
if (MATCH (buf, DGROUP)) {
299
unsigned int val = (unsigned int) strtoul (cp, &ep, 10);
300
const struct group *grp;
302
if (*cp != '\0' && *ep == '\0') { /* valid number */
304
/* local, no need for xgetgrgid */
305
if ((grp = getgrgid (def_group))) {
306
def_gname = xstrdup (grp->gr_name);
309
_("%s: unknown GID %s\n"),
312
/* local, no need for xgetgrnam */
313
} else if ((grp = getgrnam (cp))) {
318
const struct group *grp = getgr_nam_gid (cp);
321
_("%s: group '%s' does not exist\n"),
324
_("%s: the %s configuration in %s will be ignored\n"),
325
Prog, DGROUP, def_file);
314
327
def_group = grp->gr_gid;
315
def_gname = xstrdup (cp);
318
_("%s: unknown group %s\n"), Prog, cp);
328
def_gname = xstrdup (grp->gr_name);
406
423
static char new_file[] = NEW_USER_FILE;
411
int out_inactive = 0;
415
int out_create_mail_spool = 0;
426
bool out_group = false;
427
bool out_home = false;
428
bool out_inactive = false;
429
bool out_expire = false;
430
bool out_shell = false;
431
bool out_skel = false;
432
bool out_create_mail_spool = false;
418
435
* Create a temporary file to copy the new output to.
420
if ((ofd = mkstemp (new_file)) == -1) {
437
ofd = mkstemp (new_file);
422
_("%s: cannot create new defaults file\n"), Prog);
440
_("%s: cannot create new defaults file\n"),
426
if (!(ofp = fdopen (ofd, "w"))) {
427
fprintf (stderr, _("%s: cannot open new defaults file\n"),
445
ofp = fdopen (ofd, "w");
448
_("%s: cannot open new defaults file\n"),
434
455
* temporary file, using any new values. Each line is checked
435
456
* to insure that it is not output more than once.
437
if (!(ifp = fopen (def_file, "r"))) {
458
ifp = fopen (def_file, "r");
438
460
fprintf (ofp, "# useradd defaults file\n");
442
while (fgets (buf, sizeof buf, ifp)) {
443
if ((cp = strrchr (buf, '\n')))
464
while (fgets (buf, (int) sizeof buf, ifp) == buf) {
465
cp = strrchr (buf, '\n');
446
470
if (!out_group && MATCH (buf, DGROUP)) {
447
471
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
449
473
} else if (!out_home && MATCH (buf, HOME)) {
450
474
fprintf (ofp, HOME "%s\n", def_home);
452
476
} else if (!out_inactive && MATCH (buf, INACT)) {
453
477
fprintf (ofp, INACT "%ld\n", def_inactive);
455
479
} else if (!out_expire && MATCH (buf, EXPIRE)) {
456
480
fprintf (ofp, EXPIRE "%s\n", def_expire);
458
482
} else if (!out_shell && MATCH (buf, SHELL)) {
459
483
fprintf (ofp, SHELL "%s\n", def_shell);
461
485
} else if (!out_skel && MATCH (buf, SKEL)) {
462
486
fprintf (ofp, SKEL "%s\n", def_template);
464
488
} else if (!out_create_mail_spool
465
489
&& MATCH (buf, CREATE_MAIL_SPOOL)) {
466
fprintf (ofp, CREATE_MAIL_SPOOL "%s\n",
467
def_create_mail_spool);
468
out_create_mail_spool++;
491
CREATE_MAIL_SPOOL "%s\n",
492
def_create_mail_spool);
493
out_create_mail_spool = true;
470
495
fprintf (ofp, "%s\n", buf);
518
545
* Rename the new default file to its correct name.
520
if (rename (new_file, def_file)) {
547
if (rename (new_file, def_file) != 0) {
521
548
snprintf (buf, sizeof buf, _("%s: rename: %s"), Prog, new_file);
525
552
#ifdef WITH_AUDIT
526
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing user defaults",
553
audit_logger (AUDIT_USYS_CONFIG, Prog,
554
"changing useradd defaults",
556
SHADOW_AUDIT_SUCCESS);
529
558
SYSLOG ((LOG_INFO,
530
"useradd defaults: GROUP=%u, HOME=%s, SHELL=%s, INACTIVE=%ld, "
531
"EXPIRE=%s, SKEL=%s, CREATE_MAIL_SPOOL=%s",
532
(unsigned int) def_group, def_home, def_shell,
533
def_inactive, def_expire, def_template,
534
def_create_mail_spool));
559
"useradd defaults: GROUP=%u, HOME=%s, SHELL=%s, INACTIVE=%ld, "
560
"EXPIRE=%s, SKEL=%s, CREATE_MAIL_SPOOL=%s",
561
(unsigned int) def_group, def_home, def_shell,
562
def_inactive, def_expire, def_template,
563
def_create_mail_spool));
649
684
" -h, --help display this help message and exit\n"
650
685
" -k, --skel SKEL_DIR specify an alternative skel directory\n"
651
686
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
652
" -l, do not add the user to the lastlog and\n"
687
" -l, --no-log-init do not add the user to the lastlog and\n"
653
688
" faillog databases\n"
654
689
" -m, --create-home create home directory for the new user\n"
691
" -M, --no-create-home do not create user's home directory\n"
692
" (overrides /etc/login.defs)\n"
656
693
" -N, --no-user-group do not create a group with the same name as\n"
658
695
" -o, --non-unique allow create user with duplicate\n"
708
754
memzero (spent, sizeof *spent);
709
755
spent->sp_namp = (char *) user_name;
710
756
spent->sp_pwdp = (char *) user_pass;
711
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
757
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
758
if (0 == spent->sp_lstchg) {
759
/* Better disable aging than requiring a password change */
760
spent->sp_lstchg = -1;
713
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
714
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
715
spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
716
spent->sp_inact = scale_age (def_inactive);
717
spent->sp_expire = scale_age (user_expire);
763
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
764
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
765
spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
766
spent->sp_inact = scale_age (def_inactive);
767
spent->sp_expire = scale_age (user_expire);
719
769
spent->sp_min = scale_age (-1);
720
770
spent->sp_max = scale_age (-1);
750
800
* Scan through the entire group file looking for the groups that
751
801
* the user is a member of.
753
for (gr_rewind (), grp = gr_next (); grp; grp = gr_next ()) {
803
for (gr_rewind (), grp = gr_next (); NULL != grp; grp = gr_next ()) {
756
806
* See if the user specified this group as one of their
757
807
* concurrent groups.
759
if (!is_on_list (user_groups, grp->gr_name))
809
if (!is_on_list (user_groups, grp->gr_name)) {
763
814
* Make a copy - gr_update() will free() everything
764
815
* from the old entry, and we need it later.
766
817
ngrp = __gr_dup (grp);
769
_("%s: Out of memory. Cannot update the group database.\n"),
820
_("%s: Out of memory. Cannot update %s.\n"),
822
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
824
audit_logger (AUDIT_ADD_USER, Prog,
825
"adding user to group",
826
user_name, AUDIT_NO_ID,
827
SHADOW_AUDIT_FAILURE);
771
829
fail_exit (E_GRP_UPDATE); /* XXX */
776
834
* update the group entry to reflect the change.
778
836
ngrp->gr_mem = add_list (ngrp->gr_mem, user_name);
779
if (!gr_update (ngrp)) {
837
if (gr_update (ngrp) == 0) {
781
_("%s: error adding new group entry\n"), Prog);
839
_("%s: failed to prepare the new %s entry '%s'\n"),
840
Prog, gr_dbname (), ngrp->gr_name);
841
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
843
audit_logger (AUDIT_ADD_USER, Prog,
844
"adding user to group",
845
user_name, AUDIT_NO_ID,
846
SHADOW_AUDIT_FAILURE);
782
848
fail_exit (E_GRP_UPDATE);
784
850
#ifdef WITH_AUDIT
785
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
786
"adding user to group", user_name, -1, 1);
851
audit_logger (AUDIT_ADD_USER, Prog,
852
"adding user to group",
853
user_name, AUDIT_NO_ID,
854
SHADOW_AUDIT_SUCCESS);
788
SYSLOG ((LOG_INFO, "add `%s' to group `%s'",
789
user_name, ngrp->gr_name));
857
"add '%s' to group '%s'",
858
user_name, ngrp->gr_name));
798
867
* that the user is a member of. The administrative list isn't
801
for (sgr_rewind (), sgrp = sgr_next (); sgrp; sgrp = sgr_next ()) {
870
for (sgr_rewind (), sgrp = sgr_next (); NULL != sgrp; sgrp = sgr_next ()) {
804
873
* See if the user specified this group as one of their
805
874
* concurrent groups.
807
if (!gr_locate (sgrp->sg_name))
876
if (gr_locate (sgrp->sg_name) == NULL) {
810
if (!is_on_list (user_groups, sgrp->sg_name))
880
if (!is_on_list (user_groups, sgrp->sg_name)) {
814
885
* Make a copy - sgr_update() will free() everything
815
886
* from the old entry, and we need it later.
817
888
nsgrp = __sgr_dup (sgrp);
820
_("%s: Out of memory. Cannot update the shadow group database.\n"),
891
_("%s: Out of memory. Cannot update %s.\n"),
892
Prog, sgr_dbname ());
893
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
895
audit_logger (AUDIT_ADD_USER, Prog,
896
"adding user to shadow group",
897
user_name, AUDIT_NO_ID,
898
SHADOW_AUDIT_FAILURE);
822
900
fail_exit (E_GRP_UPDATE); /* XXX */
827
905
* update the group entry to reflect the change.
829
907
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name);
830
if (!sgr_update (nsgrp)) {
908
if (sgr_update (nsgrp) == 0) {
832
_("%s: error adding new group entry\n"), Prog);
910
_("%s: failed to prepare the new %s entry '%s'\n"),
911
Prog, sgr_dbname (), nsgrp->sg_name);
912
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
914
audit_logger (AUDIT_ADD_USER, Prog,
915
"adding user to shadow group",
916
user_name, AUDIT_NO_ID,
917
SHADOW_AUDIT_FAILURE);
833
919
fail_exit (E_GRP_UPDATE);
835
921
#ifdef WITH_AUDIT
836
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
837
"adding user to shadow group", user_name, -1, 1);
922
audit_logger (AUDIT_ADD_USER, Prog,
923
"adding user to shadow group",
924
user_name, AUDIT_NO_ID,
925
SHADOW_AUDIT_SUCCESS);
839
SYSLOG ((LOG_INFO, "add `%s' to shadow group `%s'",
840
user_name, nsgrp->sg_name));
928
"add '%s' to shadow group '%s'",
929
user_name, nsgrp->sg_name));
842
931
#endif /* SHADOWGRP */
873
962
{"skel", required_argument, NULL, 'k'},
874
963
{"key", required_argument, NULL, 'K'},
875
964
{"create-home", no_argument, NULL, 'm'},
965
{"no-create-home", no_argument, NULL, 'M'},
966
{"no-log-init", no_argument, NULL, 'l'},
876
967
{"no-user-group", no_argument, NULL, 'N'},
877
968
{"non-unique", no_argument, NULL, 'o'},
878
969
{"password", required_argument, NULL, 'p'},
879
970
{"system", no_argument, NULL, 'r'},
880
971
{"shell", required_argument, NULL, 's'},
973
{"selinux-user", required_argument, NULL, 'Z'},
881
975
{"uid", required_argument, NULL, 'u'},
882
976
{"user-group", no_argument, NULL, 'U'},
883
977
{NULL, 0, NULL, '\0'}
886
getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
887
long_options, NULL)) != -1) {
979
while ((c = getopt_long (argc, argv,
981
"b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
983
"b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
985
long_options, NULL)) != -1) {
891
|| optarg[0] != '/') {
988
if ( ( !VALID (optarg) )
989
|| ( optarg[0] != '/' )) {
894
("%s: invalid base directory '%s'\n"),
991
_("%s: invalid base directory '%s'\n"),
896
993
exit (E_BAD_ARG);
898
995
def_home = optarg;
902
999
if (!VALID (optarg)) {
903
1000
fprintf (stderr,
905
("%s: invalid comment '%s'\n"),
1001
_("%s: invalid comment '%s'\n"),
907
1003
exit (E_BAD_ARG);
909
1005
user_comment = optarg;
914
|| optarg[0] != '/') {
1009
if ( ( !VALID (optarg) )
1010
|| ( optarg[0] != '/' )) {
915
1011
fprintf (stderr,
917
("%s: invalid home directory '%s'\n"),
1012
_("%s: invalid home directory '%s'\n"),
919
1014
exit (E_BAD_ARG);
921
1016
user_home = optarg;
1026
if ('\0' != *optarg) {
931
1027
user_expire = strtoday (optarg);
932
1028
if (user_expire == -1) {
933
1029
fprintf (stderr,
935
("%s: invalid date '%s'\n"),
1030
_("%s: invalid date '%s'\n"),
937
1032
exit (E_BAD_ARG);
940
1035
user_expire = -1;
943
1039
* -e "" is allowed - it's a no-op without /etc/shadow
945
if (*optarg && !is_shadow_pwd) {
1041
if (('\0' != *optarg) && !is_shadow_pwd) {
946
1042
fprintf (stderr,
948
("%s: shadow passwords required for -e\n"),
1043
_("%s: shadow passwords required for -e\n"),
953
1048
def_expire = optarg;
957
def_inactive = get_number (optarg);
1053
if ( (getlong (optarg, &def_inactive) == 0)
1054
|| (def_inactive < -1)) {
1056
_("%s: invalid numeric argument '%s'\n"),
959
* -f -1 is allowed - it's a no-op without /etc/shadow
1062
* it's a no-op without /etc/shadow
961
if (def_inactive != -1 && !is_shadow_pwd) {
1064
if ((-1 != def_inactive) && !is_shadow_pwd) {
962
1065
fprintf (stderr,
964
("%s: shadow passwords required for -f\n"),
1066
_("%s: shadow passwords required for -f\n"),
971
1073
grp = getgr_nam_gid (optarg);
973
1075
fprintf (stderr,
975
("%s: unknown group %s\n"),
1076
_("%s: group '%s' does not exist\n"),
977
1078
exit (E_NOTFOUND);
1005
1108
* note: -K UID_MIN=10,UID_MAX=499 doesn't work yet
1007
1110
cp = strchr (optarg, '=');
1009
1112
fprintf (stderr,
1011
("%s: -K requires KEY=VALUE\n"),
1113
_("%s: -K requires KEY=VALUE\n"),
1013
1115
exit (E_BAD_ARG);
1015
1117
/* terminate name, point to value */
1017
if (putdef_str (optarg, cp) < 0)
1120
if (putdef_str (optarg, cp) < 0) {
1018
1121
exit (E_BAD_ARG);
1032
1139
case 'p': /* set encrypted password */
1033
1140
if (!VALID (optarg)) {
1034
1141
fprintf (stderr,
1036
("%s: invalid field '%s'\n"),
1142
_("%s: invalid field '%s'\n"),
1038
1144
exit (E_BAD_ARG);
1040
1146
user_pass = optarg;
1048
&& (optarg[0] != '/'
1049
&& optarg[0] != '*'))) {
1152
if ( ( !VALID (optarg) )
1153
|| ( ('\0' != optarg[0])
1154
&& ('/' != optarg[0])
1155
&& ('*' != optarg[0]) )) {
1050
1156
fprintf (stderr,
1052
("%s: invalid shell '%s'\n"),
1157
_("%s: invalid shell '%s'\n"),
1054
1159
exit (E_BAD_ARG);
1056
1161
user_shell = optarg;
1057
1162
def_shell = optarg;
1061
user_id = get_uid (optarg);
1166
if ( (get_uid (optarg, &user_id) == 0)
1167
|| (user_id == (gid_t)-1)) {
1169
_("%s: invalid user ID '%s'\n"),
1180
if (is_selinux_enabled () > 0) {
1181
user_selinux = optarg;
1185
_("%s: -Z requires SELinux enabled kernel\n"),
1074
if (!gflg && !Nflg && ! Uflg) {
1199
if (!gflg && !Nflg && !Uflg) {
1075
1200
/* Get the settings from login.defs */
1076
1201
Uflg = getdef_bool ("USERGROUPS_ENAB");
1104
1229
Prog, "-U", "-N");
1234
_("%s: options %s and %s conflict\n"),
1109
1240
* Either -D or username is required. Defaults can be set with -D
1110
1241
* for the -b, -e, -f, -g, -s options only.
1244
if (optind != argc) {
1116
if (uflg || oflg || Gflg || dflg || cflg || mflg)
1248
if (uflg || oflg || Gflg || dflg || cflg || mflg) {
1119
if (optind != argc - 1)
1252
if (optind != argc - 1) {
1122
1256
user_name = argv[optind];
1123
if (!check_user_name (user_name)) {
1257
if (!is_valid_user_name (user_name)) {
1124
1258
fprintf (stderr,
1126
("%s: invalid user name '%s'\n"),
1259
_("%s: invalid user name '%s'\n"),
1128
1261
#ifdef WITH_AUDIT
1129
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
1262
audit_logger (AUDIT_ADD_USER, Prog,
1264
user_name, AUDIT_NO_ID,
1265
SHADOW_AUDIT_FAILURE);
1132
1267
exit (E_BAD_ARG);
1137
1272
uh = xmalloc (strlen (def_home) +
1138
strlen (user_name) + 2);
1273
strlen (user_name) + 2);
1139
1274
sprintf (uh, "%s/%s", def_home, user_name);
1140
1275
user_home = uh;
1145
1280
user_expire = strtoday (def_expire);
1148
1284
user_gid = def_group;
1151
1288
user_shell = def_shell;
1153
/* TODO: add handle change default spool mail creation by
1154
-K CREATE_MAIL_SPOOL={yes,no}. It need rewrite internal API for handle
1155
shadow tools configuration */
1156
1291
create_mail_spool = def_create_mail_spool;
1294
/* for system accounts defaults are ignored and we
1295
* do not create a home dir */
1296
if (getdef_bool("CREATE_HOME")) {
1302
/* absolutely sure that we do not create home dirs */
1165
1313
static void close_files (void)
1168
fprintf (stderr, _("%s: cannot rewrite password file\n"), Prog);
1315
if (pw_close () == 0) {
1316
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
1317
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
1169
1318
fail_exit (E_PW_UPDATE);
1171
if (is_shadow_pwd && !spw_close ()) {
1320
if (is_shadow_pwd && (spw_close () == 0)) {
1172
1321
fprintf (stderr,
1173
_("%s: cannot rewrite shadow password file\n"), Prog);
1322
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
1323
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
1174
1324
fail_exit (E_PW_UPDATE);
1176
1326
if (do_grp_update) {
1327
if (gr_close () == 0) {
1178
1328
fprintf (stderr,
1179
_("%s: cannot rewrite group file\n"), Prog);
1329
_("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
1330
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
1180
1331
fail_exit (E_GRP_UPDATE);
1182
1333
#ifdef SHADOWGRP
1183
if (is_shadow_grp && !sgr_close ()) {
1334
if (is_shadow_grp && (sgr_close () == 0)) {
1184
1335
fprintf (stderr,
1186
("%s: cannot rewrite shadow group file\n"),
1336
_("%s: failure while writing changes to %s\n"),
1337
Prog, sgr_dbname ());
1338
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
1188
1339
fail_exit (E_GRP_UPDATE);
1192
1343
if (is_shadow_pwd) {
1344
if (spw_unlock () == 0) {
1345
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
1346
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
1348
audit_logger (AUDIT_ADD_USER, Prog,
1349
"unlocking shadow file",
1350
user_name, AUDIT_NO_ID,
1351
SHADOW_AUDIT_FAILURE);
1357
if (pw_unlock () == 0) {
1358
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
1359
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
1361
audit_logger (AUDIT_ADD_USER, Prog,
1362
"unlocking passwd file",
1363
user_name, AUDIT_NO_ID,
1364
SHADOW_AUDIT_FAILURE);
1369
if (gr_unlock () == 0) {
1370
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
1371
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
1373
audit_logger (AUDIT_ADD_USER, Prog,
1374
"unlocking group file",
1375
user_name, AUDIT_NO_ID,
1376
SHADOW_AUDIT_FAILURE);
1200
1381
#ifdef SHADOWGRP
1201
1382
if (is_shadow_grp) {
1383
if (sgr_unlock () == 0) {
1384
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
1385
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
1387
audit_logger (AUDIT_ADD_USER, Prog,
1388
"unlocking gshadow file",
1389
user_name, AUDIT_NO_ID,
1390
SHADOW_AUDIT_FAILURE);
1213
1404
static void open_files (void)
1216
fprintf (stderr, _("%s: unable to lock password file\n"), Prog);
1218
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1219
"locking password file", user_name, user_id, 0);
1406
if (pw_lock () == 0) {
1408
_("%s: cannot lock %s; try again later.\n"),
1409
Prog, pw_dbname ());
1221
1410
exit (E_PW_UPDATE);
1224
if (!pw_open (O_RDWR)) {
1225
fprintf (stderr, _("%s: unable to open password file\n"), Prog);
1227
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1228
"opening password file", user_name, user_id, 0);
1413
if (pw_open (O_RDWR) == 0) {
1414
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
1230
1415
fail_exit (E_PW_UPDATE);
1232
1417
if (is_shadow_pwd) {
1418
if (spw_lock () == 0) {
1234
1419
fprintf (stderr,
1235
_("%s: cannot lock shadow password file\n"),
1238
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1239
"locking shadow password file", user_name,
1420
_("%s: cannot lock %s; try again later.\n"),
1421
Prog, spw_dbname ());
1242
1422
fail_exit (E_PW_UPDATE);
1245
if (!spw_open (O_RDWR)) {
1425
if (spw_open (O_RDWR) == 0) {
1246
1426
fprintf (stderr,
1247
_("%s: cannot open shadow password file\n"),
1250
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1251
"opening shadow password file", user_name,
1427
_("%s: cannot open %s\n"),
1428
Prog, spw_dbname ());
1254
1429
fail_exit (E_PW_UPDATE);
1259
1434
* Lock and open the group file.
1262
fprintf (stderr, _("%s: error locking group file\n"), Prog);
1436
if (gr_lock () == 0) {
1438
_("%s: cannot lock %s; try again later.\n"),
1439
Prog, gr_dbname ());
1263
1440
fail_exit (E_GRP_UPDATE);
1266
if (!gr_open (O_RDWR)) {
1267
fprintf (stderr, _("%s: error opening group file\n"), Prog);
1443
if (gr_open (O_RDWR) == 0) {
1444
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
1268
1445
fail_exit (E_GRP_UPDATE);
1270
1447
#ifdef SHADOWGRP
1271
1448
if (is_shadow_grp) {
1449
if (sgr_lock () == 0) {
1273
1450
fprintf (stderr,
1274
_("%s: error locking shadow group file\n"),
1451
_("%s: cannot lock %s; try again later.\n"),
1452
Prog, sgr_dbname ());
1276
1453
fail_exit (E_GRP_UPDATE);
1279
if (!sgr_open (O_RDWR)) {
1456
if (sgr_open (O_RDWR) == 0) {
1280
1457
fprintf (stderr,
1281
_("%s: error opening shadow group file\n"),
1458
_("%s: cannot open %s\n"),
1459
Prog, sgr_dbname ());
1283
1460
fail_exit (E_GRP_UPDATE);
1349
1526
* Write out the new group file entry.
1351
if (!gr_update (&grp)) {
1352
fprintf (stderr, _("%s: error adding new group entry\n"), Prog);
1528
if (gr_update (&grp) == 0) {
1530
_("%s: failed to prepare the new %s entry '%s'\n"),
1531
Prog, gr_dbname (), grp.gr_name);
1533
audit_logger (AUDIT_ADD_GROUP, Prog,
1535
grp.gr_name, AUDIT_NO_ID,
1536
SHADOW_AUDIT_FAILURE);
1353
1538
fail_exit (E_GRP_UPDATE);
1355
1540
#ifdef SHADOWGRP
1357
1542
* Write out the new shadow group entries as well.
1359
if (is_shadow_grp && !sgr_update (&sgrp)) {
1360
fprintf (stderr, _("%s: error adding new group entry\n"), Prog);
1544
if (is_shadow_grp && (sgr_update (&sgrp) == 0)) {
1546
_("%s: failed to prepare the new %s entry '%s'\n"),
1547
Prog, sgr_dbname (), sgrp.sg_name);
1549
audit_logger (AUDIT_ADD_GROUP, Prog,
1551
grp.gr_name, AUDIT_NO_ID,
1552
SHADOW_AUDIT_FAILURE);
1361
1554
fail_exit (E_GRP_UPDATE);
1363
1556
#endif /* SHADOWGRP */
1364
1557
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
1559
audit_logger (AUDIT_ADD_GROUP, Prog,
1561
grp.gr_name, AUDIT_NO_ID,
1562
SHADOW_AUDIT_SUCCESS);
1564
do_grp_update = true;
1368
1567
static void faillog_reset (uid_t uid)
1370
1569
struct faillog fl;
1571
off_t offset_uid = (off_t) (sizeof fl) * uid;
1573
if (access (FAILLOG_FILE, F_OK) != 0) {
1577
memzero (&fl, sizeof (fl));
1373
1579
fd = open (FAILLOG_FILE, O_RDWR);
1375
memzero (&fl, sizeof (fl));
1376
lseek (fd, (off_t) sizeof (fl) * uid, SEEK_SET);
1377
write (fd, &fl, sizeof (fl));
1581
|| (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1582
|| (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
1583
|| (fsync (fd) != 0)
1584
|| (close (fd) != 0)) {
1586
_("%s: failed to reset the faillog entry of UID %lu: %s\n"),
1587
Prog, (unsigned long) uid, strerror (errno));
1588
SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid));
1384
1595
struct lastlog ll;
1597
off_t offset_uid = (off_t) (sizeof ll) * uid;
1599
if (access (LASTLOG_FILE, F_OK) != 0) {
1603
memzero (&ll, sizeof (ll));
1387
1605
fd = open (LASTLOG_FILE, O_RDWR);
1389
memzero (&ll, sizeof (ll));
1390
lseek (fd, (off_t) sizeof (ll) * uid, SEEK_SET);
1391
write (fd, &ll, sizeof (ll));
1607
|| (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1608
|| (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
1609
|| (fsync (fd) != 0)
1610
|| (close (fd) != 0)) {
1612
_("%s: failed to reset the lastlog entry of UID %lu: %s\n"),
1613
Prog, (unsigned long) uid, strerror (errno));
1614
SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid));
1416
1639
* happens so we know what we were trying to accomplish.
1418
1641
SYSLOG ((LOG_INFO,
1419
"new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s",
1420
user_name, (unsigned int) user_id,
1421
(unsigned int) user_gid, user_home, user_shell));
1642
"new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s",
1643
user_name, (unsigned int) user_id,
1644
(unsigned int) user_gid, user_home, user_shell));
1424
1647
* Initialize faillog and lastlog entries for this UID in case
1436
1659
* Put the new (struct passwd) in the table.
1438
if (!pw_update (&pwent)) {
1661
if (pw_update (&pwent) == 0) {
1439
1662
fprintf (stderr,
1440
_("%s: error adding new password entry\n"), Prog);
1663
_("%s: failed to prepare the new %s entry '%s'\n"),
1664
Prog, pw_dbname (), pwent.pw_name);
1441
1665
fail_exit (E_PW_UPDATE);
1445
1669
* Put the new (struct spwd) in the table.
1447
if (is_shadow_pwd && !spw_update (&spent)) {
1671
if (is_shadow_pwd && (spw_update (&spent) == 0)) {
1448
1672
fprintf (stderr,
1450
("%s: error adding new shadow password entry\n"),
1673
_("%s: failed to prepare the new %s entry '%s'\n"),
1674
Prog, spw_dbname (), spent.sp_namp);
1452
1675
#ifdef WITH_AUDIT
1453
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1454
"adding shadow password", user_name, user_id, 0);
1676
audit_logger (AUDIT_ADD_USER, Prog,
1677
"adding shadow password",
1678
user_name, (unsigned int) user_id,
1679
SHADOW_AUDIT_FAILURE);
1456
1681
fail_exit (E_PW_UPDATE);
1458
1683
#ifdef WITH_AUDIT
1459
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
1684
audit_logger (AUDIT_ADD_USER, Prog,
1686
user_name, (unsigned int) user_id,
1687
SHADOW_AUDIT_SUCCESS);
1464
1691
* Do any group file updates for this user.
1693
if (do_grp_update) {
1699
static void selinux_update_mapping (void) {
1700
if (is_selinux_enabled () <= 0) return;
1702
if (*user_selinux) { /* must be done after passwd write() */
1703
const char *argv[7];
1704
argv[0] = "/usr/sbin/semanage";
1708
argv[4] = user_selinux;
1709
argv[5] = user_name;
1711
if (safe_system (argv[0], argv, NULL, 0)) {
1713
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
1714
Prog, user_name, user_selinux);
1716
audit_logger (AUDIT_ADD_USER, Prog,
1717
"adding SELinux user mapping",
1718
user_name, (unsigned int) user_id, 0);
1471
1725
* create_home - create the user's home directory
1477
1731
static void create_home (void)
1479
if (access (user_home, F_OK)) {
1733
if (access (user_home, F_OK) != 0) {
1735
selinux_file_context (user_home);
1480
1737
/* XXX - create missing parent directories. --marekm */
1481
if (mkdir (user_home, 0)) {
1738
if (mkdir (user_home, 0) != 0) {
1482
1739
fprintf (stderr,
1484
("%s: cannot create directory %s\n"),
1740
_("%s: cannot create directory %s\n"),
1486
1742
#ifdef WITH_AUDIT
1487
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1488
"adding home directory", user_name,
1743
audit_logger (AUDIT_ADD_USER, Prog,
1744
"adding home directory",
1745
user_name, (unsigned int) user_id,
1746
SHADOW_AUDIT_FAILURE);
1491
1748
fail_exit (E_HOMEDIR);
1493
1750
chown (user_home, user_id, user_gid);
1494
1751
chmod (user_home,
1495
1752
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1497
1754
#ifdef WITH_AUDIT
1498
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1499
"adding home directory", user_name, user_id, 1);
1755
audit_logger (AUDIT_ADD_USER, Prog,
1756
"adding home directory",
1757
user_name, (unsigned int) user_id,
1758
SHADOW_AUDIT_SUCCESS);
1761
/* Reset SELinux to create files with default contexts */
1762
setfscreatecon (NULL);
1590
1858
process_flags (argc, argv);
1860
#ifdef ACCT_TOOLS_SETUID
1593
retval = PAM_SUCCESS;
1596
1863
struct passwd *pampw;
1597
1864
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
1598
1865
if (pampw == NULL) {
1599
retval = PAM_USER_UNKNOWN;
1867
_("%s: Cannot determine your user name.\n"),
1602
if (retval == PAM_SUCCESS) {
1603
retval = pam_start ("useradd", pampw->pw_name,
1872
retval = pam_start ("useradd", pampw->pw_name, &conv, &pamh);
1608
if (retval == PAM_SUCCESS) {
1875
if (PAM_SUCCESS == retval) {
1609
1876
retval = pam_authenticate (pamh, 0);
1610
if (retval != PAM_SUCCESS) {
1611
pam_end (pamh, retval);
1615
if (retval == PAM_SUCCESS) {
1879
if (PAM_SUCCESS == retval) {
1616
1880
retval = pam_acct_mgmt (pamh, 0);
1617
if (retval != PAM_SUCCESS) {
1618
pam_end (pamh, retval);
1622
if (retval != PAM_SUCCESS) {
1884
(void) pam_end (pamh, retval);
1886
if (PAM_SUCCESS != retval) {
1623
1887
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
1626
1890
#endif /* USE_PAM */
1891
#endif /* ACCT_TOOLS_SETUID */
1629
1894
* See if we are messing with the defaults file, or creating
1633
if (gflg || bflg || fflg || eflg || sflg)
1634
exit (set_defaults ()? 1 : 0);
1898
if (gflg || bflg || fflg || eflg || sflg) {
1899
exit ((set_defaults () != 0) ? 1 : 0);
1636
1902
show_defaults ();
1637
1903
exit (E_SUCCESS);
1641
1907
* Start with a quick check to see if the user exists.
1643
if (getpwnam (user_name)) { /* local, no need for xgetpwnam */
1644
fprintf (stderr, _("%s: user %s exists\n"), Prog, user_name);
1909
if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
1910
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
1645
1911
#ifdef WITH_AUDIT
1646
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
1912
audit_logger (AUDIT_ADD_USER, Prog,
1914
user_name, AUDIT_NO_ID,
1915
SHADOW_AUDIT_FAILURE);
1649
1917
fail_exit (E_NAME_IN_USE);
1659
if (getgrnam (user_name)) { /* local, no need for xgetgrnam */
1927
/* local, no need for xgetgrnam */
1928
if (getgrnam (user_name) != NULL) {
1660
1929
fprintf (stderr,
1662
("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
1930
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
1664
1932
#ifdef WITH_AUDIT
1665
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
1666
"adding group", user_name, -1, 0);
1933
audit_logger (AUDIT_ADD_USER, Prog,
1935
user_name, AUDIT_NO_ID,
1936
SHADOW_AUDIT_FAILURE);
1668
1938
fail_exit (E_NAME_IN_USE);
1693
1963
if (getpwuid (user_id) != NULL) {
1694
fprintf (stderr, _("%s: UID %u is not unique\n"), Prog, (unsigned int) user_id);
1965
_("%s: UID %lu is not unique\n"),
1966
Prog, (unsigned long) user_id);
1695
1967
#ifdef WITH_AUDIT
1696
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
1968
audit_logger (AUDIT_ADD_USER, Prog,
1970
user_name, (unsigned int) user_id,
1971
SHADOW_AUDIT_FAILURE);
1698
1973
fail_exit (E_UID_IN_USE);
1718
1993
create_home ();
1720
1995
copy_tree (def_template, user_home, user_id, user_gid);
1722
1997
fprintf (stderr,
1724
("%s: warning: the home directory already exists.\n"
1725
"Not copying any file from skel directory into it.\n"),
1728
} else if (getdef_str ("CREATE_HOME")) {
1730
* RedHat added the CREATE_HOME option in login.defs in their
1731
* version of shadow-utils (which makes -m the default, with
1732
* new -M option to turn it off). Unfortunately, this
1733
* changes the way useradd works (it can be run by scripts
1734
* expecting some standard behaviour), compared to other
1735
* Unices and other Linux distributions, and also adds a lot
1737
* So we now recognize CREATE_HOME and give a warning here
1738
* (better than "configuration error ... notify administrator"
1739
* errors in every program that reads /etc/login.defs). -MM
1743
("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
1998
_("%s: warning: the home directory already exists.\n"
1999
"Not copying any file from skel directory into it.\n"),
2005
/* Do not create mail directory for system accounts */
1749
2010
close_files ();
2013
selinux_update_mapping ();
1751
2016
nscd_flush_cache ("passwd");
1752
2017
nscd_flush_cache ("group");
1755
if (retval == PAM_SUCCESS)
1756
pam_end (pamh, PAM_SUCCESS);
1757
#endif /* USE_PAM */
1759
2019
return E_SUCCESS;