blob: 3734bc854a8164bc8f5f27dc19bb5b659e0ca260 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#!/bin/sh
config() {
NEW="$1"
OLD="`dirname $NEW`/`basename $NEW .new`"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
# First, make sure any new entries in passwd/shadow/group are added:
if [ -r etc/passwd -a -r etc/passwd.new ]; then
cat etc/passwd.new | while read line ; do
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/passwd ; then
echo $line >> etc/passwd
fi
done
fi
if [ -r etc/shadow -a -r etc/shadow.new ]; then
cat etc/shadow.new | while read line ; do
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/shadow ; then
echo $line >> etc/shadow
fi
done
fi
if [ -r etc/group -a -r etc/group.new ]; then
cat etc/group.new | while read line ; do
if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/group ; then
echo $line >> etc/group
fi
done
fi
config etc/mtab.new
config etc/motd.new
config etc/group.new
config etc/csh.login.new
config etc/ld.so.conf.new
config etc/profile.new
config etc/hosts.new
config etc/inputrc.new
config etc/shadow.new
config etc/passwd.new
config etc/printcap.new
config etc/networks.new
config etc/HOSTNAME.new
config etc/gshadow.new
config etc/issue.new
config etc/securetty.new
config etc/shells.new
config etc/services.new
config etc/issue.net.new
config etc/nsswitch.conf.new
config etc/profile.d/home-profile.d.csh.new
config etc/profile.d/home-profile.d.sh.new
config etc/profile.d/lang.csh.new
config etc/profile.d/lang.sh.new
config etc/profile.d/z-dot-in-non-root-path.csh.new
config etc/profile.d/z-dot-in-non-root-path.sh.new
config var/log/lastlog.new
config var/log/wtmp.new
config var/run/utmp.new
if [ -r etc/ld.so.conf.new -a -r etc/ld.so.conf ]; then
# Ensure that ld.so.conf contains the minimal set of paths:
# (eliminate ld.so.conf.d line when adding paths to avoid repeats)
cat etc/ld.so.conf | grep -v ld.so.conf.d | while read pathline ; do
if ! grep "^${pathline}$" etc/ld.so.conf.new 1> /dev/null 2> /dev/null ; then
echo "$pathline" >> etc/ld.so.conf.new
fi
done
cp etc/ld.so.conf.new etc/ld.so.conf
fi
# Clean up useless non-examples:
rm -f etc/mtab.new
rm -f etc/motd.new
rm -f etc/ld.so.conf.new
rm -f etc/hosts.new
rm -f etc/networks.new
rm -f etc/HOSTNAME.new
rm -f etc/shells.new
rm -f etc/printcap.new
#rm -f etc/issue.new
rm -f etc/issue.net.new
#rm -f etc/profile.d/lang.csh.new
#rm -f etc/profile.d/lang.sh.new
rm -f var/run/utmp.new
rm -f var/log/lastlog.new
rm -f var/log/wtmp.new
# These are just a hazard to keep around, honestly.
# There's no unique information in them anyway, as any new entries are merged
# into the existing files automatically.
rm -f etc/group.new
rm -f etc/gshadow.new
rm -f etc/passwd.new
rm -f etc/shadow.new
# We will add any missing entries to gshadow, but make no attempt to repair existing ones:
cat etc/group | while read line ; do
GRP="$(echo $line | cut -f 1 -d :)"
GMEMBERS="$(echo $line | rev | cut -f 1 -d : | rev)"
if ! grep -q "^${GRP}:" etc/gshadow ; then
echo "${GRP}:x::${GMEMBERS}" >> etc/gshadow
fi
done
# Make sure $HOME is correct for user sddm:
chroot . /usr/sbin/usermod -d /var/lib/sddm sddm > /dev/null 2> /dev/null
# Make sure that sddm is a member of group video:
chroot . /usr/sbin/usermod --groups video sddm > /dev/null 2> /dev/null
# Also ensure ownerships/perms:
chown root:utmp var/run/utmp var/log/wtmp
chmod 664 var/run/utmp var/log/wtmp
chown root:shadow etc/shadow etc/gshadow
chmod 640 etc/shadow etc/gshadow
# Match permissions on any leftover config z-dot-in-non-root-path scripts
# to prevent anyone who turned them on from accidentally losing that setting
# by moving the .new script into place:
if [ -r etc/profile.d/z-dot-in-non-root-path.csh.new ]; then
touch -r etc/profile.d/z-dot-in-non-root-path.csh etc/profile.d/z-dot-in-non-root-path.csh.new
fi
if [ -r etc/profile.d/z-dot-in-non-root-path.sh.new ]; then
touch -r etc/profile.d/z-dot-in-non-root-path.sh etc/profile.d/z-dot-in-non-root-path.sh.new
fi
|