sysusers: allow the shell to be specified

[thirdparty/systemd.git] / src / basic / user-util.c

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index ed54578a6602908a24d2684bd2102287531e0f85..db18ee31c00160f30207e8248e554c57fcd8a9d1 100644 (file)
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -117,15 +117,14 @@ int get_user_creds(
         assert(username);
         assert(*username);
 
-        /* We enforce some special rules for uid=0: in order to avoid
-         * NSS lookups for root we hardcode its data. */
+        /* We enforce some special rules for uid=0 and uid=65534: in order to avoid NSS lookups for root we hardcode
+         * their user record data. */
 
-        if (streq(*username, "root") || streq(*username, "0")) {
+        if (STR_IN_SET(*username, "root", "0")) {
                 *username = "root";
 
                 if (uid)
                         *uid = 0;
-
                 if (gid)
                         *gid = 0;
 
@@ -138,6 +137,24 @@ int get_user_creds(
                 return 0;
         }
 
+        if (synthesize_nobody() &&
+            STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
+                *username = NOBODY_USER_NAME;
+
+                if (uid)
+                        *uid = UID_NOBODY;
+                if (gid)
+                        *gid = GID_NOBODY;
+
+                if (home)
+                        *home = "/";
+
+                if (shell)
+                        *shell = "/sbin/nologin";
+
+                return 0;
+        }
+
         if (parse_uid(*username, &u) >= 0) {
                 errno = 0;
                 p = getpwuid(u);
@@ -218,7 +235,7 @@ int get_group_creds(const char **groupname, gid_t *gid) {
         /* We enforce some special rules for gid=0: in order to avoid
          * NSS lookups for root we hardcode its data. */
 
-        if (streq(*groupname, "root") || streq(*groupname, "0")) {
+        if (STR_IN_SET(*groupname, "root", "0")) {
                 *groupname = "root";
 
                 if (gid)
@@ -227,6 +244,16 @@ int get_group_creds(const char **groupname, gid_t *gid) {
                 return 0;
         }
 
+        if (synthesize_nobody() &&
+            STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
+                *groupname = NOBODY_GROUP_NAME;
+
+                if (gid)
+                        *gid = GID_NOBODY;
+
+                return 0;
+        }
+
         if (parse_gid(*groupname, &id) >= 0) {
                 errno = 0;
                 g = getgrgid(id);
@@ -258,6 +285,9 @@ char* uid_to_name(uid_t uid) {
         /* Shortcut things to avoid NSS lookups */
         if (uid == 0)
                 return strdup("root");
+        if (synthesize_nobody() &&
+            uid == UID_NOBODY)
+                return strdup(NOBODY_USER_NAME);
 
         if (uid_is_valid(uid)) {
                 long bufsize;
@@ -296,6 +326,9 @@ char* gid_to_name(gid_t gid) {
 
         if (gid == 0)
                 return strdup("root");
+        if (synthesize_nobody() &&
+            gid == GID_NOBODY)
+                return strdup(NOBODY_GROUP_NAME);
 
         if (gid_is_valid(gid)) {
                 long bufsize;
@@ -329,8 +362,9 @@ char* gid_to_name(gid_t gid) {
 }
 
 int in_gid(gid_t gid) {
+        long ngroups_max;
         gid_t *gids;
-        int ngroups_max, r, i;
+        int r, i;
 
         if (getgid() == gid)
                 return 1;
@@ -344,7 +378,7 @@ int in_gid(gid_t gid) {
         ngroups_max = sysconf(_SC_NGROUPS_MAX);
         assert(ngroups_max > 0);
 
-        gids = alloca(sizeof(gid_t) * ngroups_max);
+        gids = newa(gid_t, ngroups_max);
 
         r = getgroups(ngroups_max, gids);
         if (r < 0)
@@ -387,7 +421,7 @@ int get_home_dir(char **_h) {
                 return 0;
         }
 
-        /* Hardcode home directory for root to avoid NSS */
+        /* Hardcode home directory for root and nobody to avoid NSS */
         u = getuid();
         if (u == 0) {
                 h = strdup("/root");
@@ -397,6 +431,15 @@ int get_home_dir(char **_h) {
                 *_h = h;
                 return 0;
         }
+        if (synthesize_nobody() &&
+            u == UID_NOBODY) {
+                h = strdup("/");
+                if (!h)
+                        return -ENOMEM;
+
+                *_h = h;
+                return 0;
+        }
 
         /* Check the database... */
         errno = 0;
@@ -434,7 +477,7 @@ int get_shell(char **_s) {
                 return 0;
         }
 
-        /* Hardcode home directory for root to avoid NSS */
+        /* Hardcode shell for root and nobody to avoid NSS */
         u = getuid();
         if (u == 0) {
                 s = strdup("/bin/sh");
@@ -444,6 +487,15 @@ int get_shell(char **_s) {
                 *_s = s;
                 return 0;
         }
+        if (synthesize_nobody() &&
+            u == UID_NOBODY) {
+                s = strdup("/sbin/nologin");
+                if (!s)
+                        return -ENOMEM;
+
+                *_s = s;
+                return 0;
+        }
 
         /* Check the database... */
         errno = 0;
@@ -501,18 +553,18 @@ int take_etc_passwd_lock(const char *root) {
          * awfully racy, and thus we just won't do them. */
 
         if (root)
-                path = prefix_roota(root, "/etc/.pwd.lock");
+                path = prefix_roota(root, ETC_PASSWD_LOCK_PATH);
         else
-                path = "/etc/.pwd.lock";
+                path = ETC_PASSWD_LOCK_PATH;
 
         fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
         if (fd < 0)
-                return -errno;
+                return log_debug_errno(errno, "Cannot open %s: %m", path);
 
         r = fcntl(fd, F_SETLKW, &flock);
         if (r < 0) {
                 safe_close(fd);
-                return -errno;
+                return log_debug_errno(errno, "Locking %s failed: %m", path);
         }
 
         return fd;
@@ -593,6 +645,8 @@ bool valid_gecos(const char *d) {
 }
 
 bool valid_home(const char *p) {
+        /* Note that this function is also called by valid_shell(), any
+         * changes must account for that. */
 
         if (isempty(p))
                 return false;
@@ -644,3 +698,24 @@ int maybe_setgroups(size_t size, const gid_t *list) {
 
         return 0;
 }
+
+bool synthesize_nobody(void) {
+
+#ifdef NOLEGACY
+        return true;
+#else
+        /* Returns true when we shall synthesize the "nobody" user (which we do by default). This can be turned off by
+         * touching /etc/systemd/dont-synthesize-nobody in order to provide upgrade compatibility with legacy systems
+         * that used the "nobody" user name and group name for other UIDs/GIDs than 65534.
+         *
+         * Note that we do not employ any kind of synchronization on the following caching variable. If the variable is
+         * accessed in multi-threaded programs in the worst case it might happen that we initialize twice, but that
+         * shouldn't matter as each initialization should come to the same result. */
+        static int cache = -1;
+
+        if (cache < 0)
+                cache = access("/etc/systemd/dont-synthesize-nobody", F_OK) < 0;
+
+        return cache;
+#endif
+}