From: Michael Tremer Date: Thu, 10 Mar 2011 15:54:53 +0000 (+0100) Subject: setup: New package. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03bb3da937d3a4d00d35424a638efef16a738c0e;p=ipfire-3.x.git setup: New package. --- diff --git a/pkgs/setup/Makefile b/pkgs/setup/Makefile new file mode 100644 index 000000000..31dbb7fc5 --- /dev/null +++ b/pkgs/setup/Makefile @@ -0,0 +1,6 @@ + +check: + @echo Sanity checking selected files.... + bash -n bashrc + bash -n profile + ./uidgidlint ./uidgid diff --git a/pkgs/setup/aliases b/pkgs/setup/aliases new file mode 100644 index 000000000..1069e99e5 --- /dev/null +++ b/pkgs/setup/aliases @@ -0,0 +1,96 @@ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /bin/mail. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# + +# Basic system aliases -- these MUST be present. +mailer-daemon: postmaster +postmaster: root + +# General redirections for pseudo accounts. +bin: root +daemon: root +adm: root +lp: root +sync: root +shutdown: root +halt: root +mail: root +news: root +uucp: root +operator: root +games: root +gopher: root +ftp: root +nobody: root +radiusd: root +nut: root +dbus: root +vcsa: root +canna: root +wnn: root +rpm: root +nscd: root +pcap: root +apache: root +webalizer: root +dovecot: root +fax: root +quagga: root +radvd: root +pvm: root +amanda: root +privoxy: root +ident: root +named: root +xfs: root +gdm: root +mailnull: root +postgres: root +sshd: root +smmsp: root +postfix: root +netdump: root +ldap: root +squid: root +ntp: root +mysql: root +desktop: root +rpcuser: root +rpc: root +nfsnobody: root + +ingres: root +system: root +toor: root +manager: root +dumper: root +abuse: root + +newsadm: news +newsadmin: news +usenet: news +ftpadm: ftp +ftpadmin: ftp +ftp-adm: ftp +ftp-admin: ftp +www: webmaster +webmaster: root +noc: root +security: root +hostmaster: root +info: postmaster +marketing: postmaster +sales: postmaster +support: postmaster + + +# trap decode to catch security attacks +decode: root + +# Person who should get root's mail +#root: marc diff --git a/pkgs/setup/bashrc b/pkgs/setup/bashrc new file mode 100644 index 000000000..1d0dc1b44 --- /dev/null +++ b/pkgs/setup/bashrc @@ -0,0 +1,84 @@ +# /etc/bashrc + +# System wide functions and aliases +# Environment stuff goes in /etc/profile + +# It's NOT a good idea to change this file unless you know what you +# are doing. It's much better to create a custom.sh shell script in +# /etc/profile.d/ to make custom changes to your environment, as this +# will prevent the need for merging in future updates. + +# are we an interactive shell? +if [ "$PS1" ]; then + case $TERM in + xterm*) + if [ -e /etc/sysconfig/bash-prompt-xterm ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm + else + PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' + fi + ;; + screen) + if [ -e /etc/sysconfig/bash-prompt-screen ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen + else + PROMPT_COMMAND='printf "\033]0;%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' + fi + ;; + *) + [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default + ;; + esac + # Turn on checkwinsize + shopt -s checkwinsize + [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " + # You might want to have e.g. tty in prompt (e.g. more virtual machines) + # and console windows + # If you want to do so, just add e.g. + # if [ "$PS1" ]; then + # PS1="[\u@\h:\l \W]\\$ " + # fi + # to your custom modification shell script in /etc/profile.d/ directory +fi + +if ! shopt -q login_shell ; then # We're not a login shell + # Need to redefine pathmunge, it get's undefined at the end of /etc/profile + pathmunge () { + case ":${PATH}:" in + *:"$1":*) + ;; + *) + if [ "$2" = "after" ] ; then + PATH=$PATH:$1 + else + PATH=$1:$PATH + fi + esac + } + + # By default, we want umask to get set. This sets it for non-login shell. + # Current threshold for system reserved uid/gids is 200 + # You could check uidgid reservation validity in + # /usr/share/doc/setup-*/uidgid file + if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then + umask 002 + else + umask 022 + fi + + # Only display echos from profile.d scripts if we are no login shell + # and interactive - otherwise just process them to set envvars + for i in /etc/profile.d/*.sh; do + if [ -r "$i" ]; then + if [ "$PS1" ]; then + . "$i" + else + . "$i" >/dev/null 2>&1 + fi + fi + done + + unset i + unset pathmunge +fi +# vim:ts=4:sw=4 diff --git a/pkgs/setup/exports b/pkgs/setup/exports new file mode 100644 index 000000000..e69de29bb diff --git a/pkgs/setup/filesystems b/pkgs/setup/filesystems new file mode 100644 index 000000000..e31fe90fb --- /dev/null +++ b/pkgs/setup/filesystems @@ -0,0 +1,8 @@ +ext3 +ext2 +nodev proc +nodev devpts +iso9660 +vfat +hfs +hfsplus diff --git a/pkgs/setup/group b/pkgs/setup/group new file mode 100644 index 000000000..4330b8dd4 --- /dev/null +++ b/pkgs/setup/group @@ -0,0 +1,23 @@ +root::0:root +bin::1:root,bin,daemon +daemon::2:root,bin,daemon +sys::3:root,bin,adm +adm::4:root,adm,daemon +tty::5: +disk::6:root +lp::7:daemon,lp +mem::8: +kmem::9: +wheel::10:root +mail::12:mail +uucp::14:uucp +man::15: +games::20: +gopher::30: +video::39: +dip::40: +ftp::50: +lock::54: +audio::63: +nobody::99: +users::100: diff --git a/pkgs/setup/host.conf b/pkgs/setup/host.conf new file mode 100644 index 000000000..6cdfa5bb3 --- /dev/null +++ b/pkgs/setup/host.conf @@ -0,0 +1,2 @@ +multi on +order hosts,bind diff --git a/pkgs/setup/hosts b/pkgs/setup/hosts new file mode 100644 index 000000000..849c10d45 --- /dev/null +++ b/pkgs/setup/hosts @@ -0,0 +1,2 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 diff --git a/pkgs/setup/hosts.allow b/pkgs/setup/hosts.allow new file mode 100644 index 000000000..6d99ba38e --- /dev/null +++ b/pkgs/setup/hosts.allow @@ -0,0 +1,10 @@ +# +# hosts.allow This file contains access rules which are used to +# allow or deny connections to network services that +# either use the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# diff --git a/pkgs/setup/hosts.deny b/pkgs/setup/hosts.deny new file mode 100644 index 000000000..c9bde8ede --- /dev/null +++ b/pkgs/setup/hosts.deny @@ -0,0 +1,13 @@ +# +# hosts.deny This file contains access rules which are used to +# deny connections to network services that either use +# the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# The rules in this file can also be set up in +# /etc/hosts.allow with a 'deny' option instead. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# diff --git a/pkgs/setup/inputrc b/pkgs/setup/inputrc new file mode 100644 index 000000000..883686c59 --- /dev/null +++ b/pkgs/setup/inputrc @@ -0,0 +1,42 @@ +# do not bell on tab-completion +#set bell-style none + +set meta-flag on +set input-meta on +set convert-meta off +set output-meta on + +# Completed names which are symbolic links to +# directories have a slash appended. +set mark-symlinked-directories on + +$if mode=emacs + +# for linux console and RH/Debian xterm +"\e[1~": beginning-of-line +"\e[4~": end-of-line +# commented out keymappings for pgup/pgdown to reach begin/end of history +#"\e[5~": beginning-of-history +#"\e[6~": end-of-history +"\e[5~": history-search-backward +"\e[6~": history-search-forward +"\e[3~": delete-char +"\e[2~": quoted-insert +"\e[5C": forward-word +"\e[5D": backward-word +"\e[1;5C": forward-word +"\e[1;5D": backward-word + +# for rxvt +"\e[8~": end-of-line +"\eOc": forward-word +"\eOd": backward-word + +# for non RH/Debian xterm, can't hurt for RH/DEbian xterm +"\eOH": beginning-of-line +"\eOF": end-of-line + +# for freebsd console +"\e[H": beginning-of-line +"\e[F": end-of-line +$endif diff --git a/pkgs/setup/motd b/pkgs/setup/motd new file mode 100644 index 000000000..e69de29bb diff --git a/pkgs/setup/passwd b/pkgs/setup/passwd new file mode 100644 index 000000000..d8b0737c1 --- /dev/null +++ b/pkgs/setup/passwd @@ -0,0 +1,15 @@ +root:*:0:0:root:/root:/bin/bash +bin:*:1:1:bin:/bin:/sbin/nologin +daemon:*:2:2:daemon:/sbin:/sbin/nologin +adm:*:3:4:adm:/var/adm:/sbin/nologin +lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:*:5:0:sync:/sbin:/bin/sync +shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown +halt:*:7:0:halt:/sbin:/sbin/halt +mail:*:8:12:mail:/var/spool/mail:/sbin/nologin +uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin +operator:*:11:0:operator:/root:/sbin/nologin +games:*:12:100:games:/usr/games:/sbin/nologin +gopher:*:13:30:gopher:/var/gopher:/sbin/nologin +ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:*:99:99:Nobody:/:/sbin/nologin diff --git a/pkgs/setup/printcap b/pkgs/setup/printcap new file mode 100644 index 000000000..9f88f8279 --- /dev/null +++ b/pkgs/setup/printcap @@ -0,0 +1,7 @@ +# /etc/printcap +# +# Please don't edit this file directly unless you know what you are doing! +# This file will be automatically generated by cupsd(8) from the +# /etc/cups/printers.conf file. All changes to this file +# will be lost. + diff --git a/pkgs/setup/profile b/pkgs/setup/profile new file mode 100644 index 000000000..2d6668558 --- /dev/null +++ b/pkgs/setup/profile @@ -0,0 +1,78 @@ +# /etc/profile + +# System wide environment and startup programs, for login setup +# Functions and aliases go in /etc/bashrc + +# It's NOT a good idea to change this file unless you know what you +# are doing. It's much better to create a custom.sh shell script in +# /etc/profile.d/ to make custom changes to your environment, as this +# will prevent the need for merging in future updates. + +pathmunge () { + case ":${PATH}:" in + *:"$1":*) + ;; + *) + if [ "$2" = "after" ] ; then + PATH=$PATH:$1 + else + PATH=$1:$PATH + fi + esac +} + + +if [ -x /usr/bin/id ]; then + if [ -z "$EUID" ]; then + # ksh workaround + EUID=`id -u` + UID=`id -ru` + fi + USER="`id -un`" + LOGNAME=$USER + MAIL="/var/spool/mail/$USER" +fi + +# Path manipulation +if [ "$EUID" = "0" ]; then + pathmunge /sbin + pathmunge /usr/sbin + pathmunge /usr/local/sbin +else + pathmunge /usr/local/sbin after + pathmunge /usr/sbin after + pathmunge /sbin after +fi + +HOSTNAME=`/bin/hostname 2>/dev/null` +HISTSIZE=1000 +if [ "$HISTCONTROL" = "ignorespace" ] ; then + export HISTCONTROL=ignoreboth +else + export HISTCONTROL=ignoredups +fi + +export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL + +# By default, we want umask to get set. This sets it for login shell +# Current threshold for system reserved uid/gids is 200 +# You could check uidgid reservation validity in +# /usr/share/doc/setup-*/uidgid file +if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then + umask 002 +else + umask 022 +fi + +for i in /etc/profile.d/*.sh ; do + if [ -r "$i" ]; then + if [ "${-#*i}" != "$-" ]; then + . "$i" + else + . "$i" >/dev/null 2>&1 + fi + fi +done + +unset i +unset pathmunge diff --git a/pkgs/setup/securetty b/pkgs/setup/securetty new file mode 100644 index 000000000..525f4de1c --- /dev/null +++ b/pkgs/setup/securetty @@ -0,0 +1,23 @@ +console +vc/1 +vc/2 +vc/3 +vc/4 +vc/5 +vc/6 +vc/7 +vc/8 +vc/9 +vc/10 +vc/11 +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 diff --git a/pkgs/setup/setup.nm b/pkgs/setup/setup.nm new file mode 100644 index 000000000..583abdbc1 --- /dev/null +++ b/pkgs/setup/setup.nm @@ -0,0 +1,66 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = setup +PKG_VER = 3.0 +PKG_REL = 1 + +PKG_MAINTAINER = +PKG_GROUP = System/Base +PKG_URL = +PKG_LICENSE = Public Domain +PKG_SUMMARY = A set of system configuration and setup files. + +PKG_BUILD_DEPS = # Need no compiler. +PKG_DEPS += iana-etc + +define PKG_DESCRIPTION + The setup package contains a set of important system configuration and + setup files, such as passwd, group, and profile. +endef + +DIR_APP = $(DIR_SOURCE) + +define STAGE_BUILD + cd $(DIR_APP) && ./shadowconvert.sh +endef + +define STAGE_TEST + cd $(DIR_APP) && make check +endef + +define STAGE_INSTALL + -mkdir -pv $(BUILDROOT)/etc/profile.d $(BUILDROOT)/var/log + + for i in aliases bashrc exports filesystems group gshadow host.conf \ + hosts hosts.allow hosts.deny inputrc motd passwd printcap \ + profile securetty shadow shells; do \ + cp -vf $(DIR_APP)/$${i} $(BUILDROOT)/etc || exit 1; \ + done + + touch $(BUILDROOT)/etc/{environment,fstab} $(BUILDROOT)/var/log/lastlog + chmod -v 0400 $(BUILDROOT)/etc/{,g}shadow +endef diff --git a/pkgs/setup/shadowconvert.sh b/pkgs/setup/shadowconvert.sh new file mode 100755 index 000000000..4be13b6eb --- /dev/null +++ b/pkgs/setup/shadowconvert.sh @@ -0,0 +1,18 @@ +#!/bin/bash +if [ x`pwd` = "x/etc" ] +then + echo Cannot operate directly on \"/etc\". >&2 + exit 1 +fi + +#make prototype for /etc/shadow +sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" passwd >shadow + +#make prototype for /etc/gshadow +sed -e 's/:[0-9]\+:/::/g' group >gshadow + +#mark passwd and group files entries shadowed +sed -i -e 's/^\([^:]\+\):[^:]*:/\1:x:/' passwd group + +echo Converted successfully. +exit 0 diff --git a/pkgs/setup/shells b/pkgs/setup/shells new file mode 100644 index 000000000..e9214ad6f --- /dev/null +++ b/pkgs/setup/shells @@ -0,0 +1,3 @@ +/bin/sh +/bin/bash +/sbin/nologin diff --git a/pkgs/setup/uidgid b/pkgs/setup/uidgid new file mode 100644 index 000000000..2486675fb --- /dev/null +++ b/pkgs/setup/uidgid @@ -0,0 +1,130 @@ +NAME UID GID HOME SHELL PACKAGES +root 0 0 /root /bin/bash setup +bin 1 1 /bin /sbin/nologin setup +daemon 2 2 /sbin /sbin/nologin setup +sys - 3 - - setup +adm 3 4 /var/adm /bin/bash setup +tty - 5 - - setup +disk - 6 - - setup +lp 4 7 /var/spool/lpd /sbin/nologin setup +mem - 8 - - setup +kmem - 9 - - setup +wheel - 10 - - setup +cdrom - 11 - - udev,MAKEDEV +sync 5 (0) /sbin /bin/sync setup +shutdown 6 (0) /sbin /sbin/shutdown setup +halt 7 (0) /sbin /sbin/halt setup +mail 8 12 /var/spool/mail /sbin/nologin setup +news 9 13 /var/spool/news /sbin/nologin setup +uucp 10 14 /var/spool/uucp /sbin/nologin setup +operator 11 (0) /root /sbin/nologin setup +games 12 (100) /usr/games /sbin/nologin setup +gopher 13 30 /usr/lib/gopher-data /sbin/nologin setup +ftp 14 50 /var/ftp /sbin/nologin setup +man - 15 - - setup +oprofile 16 16 /home/oprofile /sbin/nologin oprofile +pkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-ca +dialout - 18 - - udev,MAKEDEV +floppy - 19 - - dev,MAKEDEV +games - 20 - - setup +slocate - 21 - - slocate +utmp - 22 - - initscripts,libutempter +squid 23 23 /var/spool/squid /dev/null squid +pvm 24 24 /usr/share/pvm3 /bin/bash pvm +named 25 25 /var/named /bin/false bind +postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server +mysql 27 27 /var/lib/mysql /bin/bash mysql +nscd 28 28 / /bin/false nscd +rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils +console - 31 - - dev +rpc 32 32 / /bin/false portmap +amanda 33 (6) /var/lib/amanda /bin/false amanda +tape - 33 - - udev,MAKEDEV +netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server +utempter - 35 - - libutempter +vdsm 36 - / /bin/bash kvm, vdsm +kvm - 36 - - kvm, vdsm, libvirt +rpm 37 37 /var/lib/rpm /bin/bash rpm +ntp 38 38 /etc/ntp /sbin/nologin ntp +video - 39 - - setup +dip - 40 - - setup +mailman 41 41 /var/mailman /bin/false mailman +gdm 42 42 /var/gdm /bin/bash gdm +xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs +pppusers - 44 - - linuxconf +popusers - 45 - - linuxconf +slipusers - 46 - - linuxconf +mailnull 47 47 /var/spool/mqueue /dev/null sendmail +apache 48 48 /var/www /bin/false apache +wnn 49 49 /home/wnn /bin/bash FreeWnn +smmsp 51 51 /var/spool/mqueue /dev/null sendmail +puppet 52 52 /var/lib/puppet /sbin/nologin puppet +tomcat 53 53 /var/lib/tomcat /sbin/nologin tomcat +lock - 54 - - lockdev +ldap 55 55 /var/lib/ldap /bin/false openldap-servers +frontpage 56 56 /var/www /bin/false mod_frontpage +nut 57 57 /var/lib/ups /bin/false nut +beagleindex 58 58 /var/cache/beagle /bin/false beagle +tss 59 59 - /sbin/nologin trousers +piranha 60 60 /etc/sysconfig/ha /dev/null piranha +prelude-manager 61 61 - /sbin/nologin prelude-manager +snortd 62 62 - /sbin/nologin snortd +audio - 63 - - setup +condor 64 64 /var/lib/condor /sbin/nologin condord +nslcd 65 (55) / /sbin/nologin nslcd +wine - 66 - - wine +pegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasus +webalizer 67 67 /var/www/html/usage /sbin/nologin webalizer +haldaemon 68 68 / /sbin/nologin hal +vcsa 69 69 - /sbin/nologin dev,MAKEDEV +avahi 70 70 /var/run/avahi-daemon /sbin/nologin avahi +realtime - 71 - - - +tcpdump 72 72 / /sbin/nologin tcpdump +privoxy 73 73 /etc/privoxy /bin/bash privoxy +sshd 74 74 /var/empty/sshd /sbin/nologin openssh-server +radvd 75 75 / /bin/false radvd +cyrus 76 (12) /var/imap /bin/bash cyrus-imapd +saslauth - 76 - - cyrus-imapd +arpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatch +fax 78 78 /var/spool/fax /sbin/nologin mgetty +nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse +desktop 80 80 - /sbin/nologin desktop-file-utils +dbus 81 81 / /sbin/nologin dbus +jonas 82 82 /var/lib/jonas /sbin/nologin jonas +clamav 83 83 /tmp /sbin/nologin clamav +screen - 84 - - screen +quaggavt - 85 - - quagga +sabayon 86 86 - /sbin/nologin sabayon +polkituser 87 87 / /sbin/nologin PolicyKit +wbpriv - 88 - - samba-common +postfix 89 89 /var/spool/postfix /bin/true postfix +postdrop - 90 - - postfix +majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo +quagga 92 92 / /sbin/nologin quagga +exim 93 93 /var/spool/exim /sbin/nologin exim +distcache 94 94 / /sbin/nologin distcache +radiusd 95 95 / /bin/false freeradius +hsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldb +dovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecot +ident 98 98 / /sbin/nologin ident +nobody 99 99 / /sbin/nologin setup +users - 100 - - setup +qemu 107 107 / /sbin/nologin libvirt +ovirt 108 108 / /sbin/nologin libvirt +rhevm 109 109 /home/rhevm /sbin/nologin vdsm-reg +saned 111 111 / /sbin/nologin sane-backends +vhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmd +usbmuxd 113 113 / /sbin/nologin usbmuxd +bacula 133 133 /var/spool/bacula /sbin/nologin bacula +ricci 140 140 /var/lib/ricci /sbin/nologin ricci +luci 141 141 /var/lib/luci /sbin/nologin luci +stap-server 155 155 /var/lib/stap-server /sbin/nologin systemtap +avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi +pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio +rtkit 172 172 /proc /sbin/nologin rtkit +abrt 173 173 /etc/abrt /sbin/nologin abrt +gnats ? ? ? ? gnats, gnats-db +listar ? ? ? ? listar +nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils + +# Note: nfsnobdy is 4294967294 on 64-bit platforms (-2) diff --git a/pkgs/setup/uidgidlint b/pkgs/setup/uidgidlint new file mode 100755 index 000000000..c1249ff99 --- /dev/null +++ b/pkgs/setup/uidgidlint @@ -0,0 +1,24 @@ +#!/bin/sh +# We need a file to look at. +if [ -z "$*" ] ; then + echo Usage: `basename $0` uidgid + exit 1 +fi +# The format of the file is (currently) +for infile in "$@" ; do + uidlist=`tail -n +2 "$infile" | awk '{print $2}' | grep -v '?' | grep -v -e - | sort -nu` + gidlist=`tail -n +2 "$infile" | awk '{print $3}' | grep -v '?' | grep -v -e - | sort -nu` + for uid in $uidlist ; do + if test `tail -n +2 "$infile" | awk '{print $2}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then + echo Duplicate UID: $uid + exit 1 + fi + done + for gid in $gidlist ; do + if test `tail -n +2 "$infile" | awk '{print $3}' | grep '^'"$gid"'$' | wc -l` -ne 1 ; then + echo Duplicate GID: $gid + exit 1 + fi + done +done +exit 0