diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2021-01-10 21:30:52 +0100 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2021-01-10 21:39:54 +0100 |
commit | bac0acaf404e150b064f74e3f6a572526455068a (patch) | |
tree | 29ff855cd0fbeca723f4b702444312b0d878b531 /eclass/acct-user.eclass | |
parent | acct-user.eclass: fix style (diff) | |
download | gentoo-bac0acaf404e150b064f74e3f6a572526455068a.tar.gz gentoo-bac0acaf404e150b064f74e3f6a572526455068a.tar.bz2 gentoo-bac0acaf404e150b064f74e3f6a572526455068a.zip |
acct-user.eclass: allow opt-out of user modification
In some setups where users are changed/managed not only via ebuilds,
for example through configuration management systems, it could be
problematic if acct-user.eclass will restore user/group settings
to values set in ebuild.
Setting ACCT_USER_NO_MODIFY to a non-zero value will allow system
administrator to disable modification of any existing user.
Note: Lock/unlock when acct-* package will be installed/removed
will still happen.
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'eclass/acct-user.eclass')
-rw-r--r-- | eclass/acct-user.eclass | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass index ba2fff43a191..ee4358b5c75c 100644 --- a/eclass/acct-user.eclass +++ b/eclass/acct-user.eclass @@ -73,6 +73,11 @@ readonly ACCT_USER_NAME # Overlays should set this to -1 to dynamically allocate UID. Using -1 # in ::gentoo is prohibited by policy. +# @ECLASS-VARIABLE: _ACCT_USER_ALREADY_EXISTS +# @INTERNAL +# @DESCRIPTION: +# Status variable which indicates if user already exists. + # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID # @DESCRIPTION: # If set to a non-null value, the eclass will require the user to have @@ -80,6 +85,13 @@ readonly ACCT_USER_NAME # the UID is taken by another user, the install will fail. : ${ACCT_USER_ENFORCE_ID:=} +# @ECLASS-VARIABLE: ACCT_USER_NO_MODIFY +# @DEFAULT_UNSET +# @DESCRIPTION: +# If set to a non-null value, the eclass will not make any changes +# to an already existing user. +: ${ACCT_USER_NO_MODIFY:=} + # @ECLASS-VARIABLE: ACCT_USER_SHELL # @DESCRIPTION: # The shell to use for the user. If not specified, a 'nologin' variant @@ -390,6 +402,13 @@ acct-user_src_install() { acct-user_pkg_preinst() { debug-print-function ${FUNCNAME} "${@}" + # check if user already exists + _ACCT_USER_ALREADY_EXISTS= + if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then + _ACCT_USER_ALREADY_EXISTS=1 + fi + readonly _ACCT_USER_ALREADY_EXISTS + enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \ "${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \ "${_ACCT_USER_GROUPS// /,}" @@ -425,6 +444,14 @@ acct-user_pkg_postinst() { return 0 fi + if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then + eunlockuser "${ACCT_USER_NAME}" + + ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user" + ewarn "due to set ACCT_USER_NO_MODIFY." + return 0 + fi + # NB: eset* functions check current value esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}" esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}" |