1#!/bin/sh 2# These functions are included by various different installers. 3 4# We assume that the following variables are defined in the main script: 5# amanda_user: the amanda account username 6# amanda_group: the amanda account's group 7# amandahomedir: a directory to use as amanda's home 8# deb_uid: sepecific uid amanda_user should get on deb style systems. 9# dist: used on linux for the distro. 10# LOGFILE: a log file we append to 11# os: Linux, Darwin, SunOS, `uname`... 12# wanted_shell: Linux/SunOS/OSX all keep them in different places 13# SYSCONFDIR: location of system config files (ie, /etc) 14# LOGDIR: logging directory for amanda 15 16# These variables are defined, but null to allow checking names 17checked_uid= 18export checked_uid 19# PreInstall Functions 20 21create_user() { 22 case $os in 23 Linux|SunOS) 24 # Create the amanda user with a specific uid on deb systems 25 if [ "x${dist}" = "xDebian" ] || [ "x${dist}" = "xUbuntu" ] ; then 26 uid_flag="-u ${deb_uid}" 27 else 28 uid_flag= 29 fi 30 logger "Checking for user: ${amanda_user}" 31 # we want the output of id, but if the user doesn't exist, 32 # sterr output just confuses things 33 ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'` 34 if [ "${ID}x" = "x" ] ; then 35 logger "Adding ${amanda_user}." 36 log_output_of useradd -c "Amanda" \ 37 -g ${amanda_group} \ 38 ${uid_flag} \ 39 -d ${AMANDAHOMEDIR} \ 40 -s ${wanted_shell} ${amanda_user} || \ 41 { logger "WARNING: Could not create user ${amanda_user}. Installation will fail." ; return 1 ; } 42 logger "Created ${amanda_user} with blank password." 43 44 if [ "x$os" = "xLinux" ] && [ "x${dist}" != "xSuSE" ]; then 45 # Lock the amanda account until admin sets password 46 log_output_of passwd -l ${amanda_user} && { \ 47 logger "${info_create_user_success}" 48 logger "${info_unlock_account}" 49 } || { \ 50 logger "${warning_user_passwd}"; } 51 fi 52 if [ "x$os" = "xSunOS" ]; then 53 r=`uname -r` 54 case $r in 55 5.8|5.9) log_output_of passwd -l ${amanda_user} ;; 56 5.10) # Special login-lock, while allowing execution. 57 log_output_of passwd -N ${amanda_user} && { \ 58 logger "${info_create_user_success_sol}" 59 logger "${info_unlock_account}" 60 } || { \ 61 logger "${warning_user_passwd}"; } 62 ;; 63 esac 64 fi 65 66 else 67 # The user already existed 68 logger "The Amanda user '${amanda_user}' exists on this system." 69 fi 70 ;; 71 Darwin) : #TODO 72 ;; 73 esac 74} 75 76add_profiles() { 77 # Solaris only: Add a comma separated list of rights profiles to the 78 # $amanda_user. Replaces any existing profiles listed on the account. 79 log_output_of usermod -P "\"$*\"" ${amanda_user} || { 80 logger "Warning: Rights profiles were not added. Some types of backup may not work until these rights profiles are givent to ${amanda_backup}: '$*'" 81 return 1; } 82} 83 84add_group() { 85 # First, try to add the group, detect via return code if it 86 # already exists. Then add ${amanda_user} to the group without 87 # checking if account is already a member. (check_user should 88 # already have been called). 89 # 90 # Works on linux and solaris. OSX has different tools. 91 92 [ "x${1}" = "x" ] && { logger "Error: first argument was not a group to add." ; return 1 ; } 93 group_to_add=${1} 94 log_output_of groupadd ${group_to_add} 95 rc=$? 96 # return of 0 means group was added; 9 means group existed. 97 if [ $rc -eq 0 ] || [ $rc -eq 9 ]; then 98 logger "Adding ${amanda_user} to ${group_to_add}" 99 # Generate a comma separated list of existing supplemental groups. 100 # Linux prefaces output with '<username> : '. 101 existing_sup_groups=`groups ${amanda_user}|sed 's/.*: //;s/ /,/g'` 102 # usermod append is -A on Suse, all other linux use -a, and 103 # -A means something else entirely on solaris. So we just use 104 # -G, and append a list of the current groups from id. 105 # So far, all linux distros have usermod 106 log_output_of usermod -G ${existing_sup_groups},${group_to_add} ${amanda_user} || { \ 107 logger "Nonfatal ERROR: Failed to add ${group_to_add}." 108 logger "${error_group_member}" ; return 1 ; } 109 else 110 logger "Error: groupadd failed in an unexpected way. return code='$rc'" 111 return 1 112 fi 113} 114 115 116# All check_user_* functions check various parameters of ${amanda_user}'s 117# account. Return codes: 118# 0 = success 119# 1 = error 120# 2 = usage or other error. more info will be logged 121 122check_user_group() { 123 # checks the system group file for ${amanda_user}'s membership in 124 # the group named $1. 125 err=0 126 [ "x" = "x$1" ] && { logger "check_user_group: no group given"; return 1; } 127 logger "Verify ${amanda_user}'s primary group = $1 " 128 # Check if the group exists, disregarding membership. 129 group_entry=`grep "^${2}" ${SYSCONFDIR}/group 2> /dev/null` 130 if [ ! "x" = "x${group_entry}" ]; then 131 # Assume the user exists, and check the user's primary group. 132 GROUP=`id ${amanda_user} 2> /dev/null |\ 133 cut -d " " -f 2 |\ 134 sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'` 135 if [ ! "x${GROUP}" = "x${1}" ] ; then 136 logger "${amanda_user} not a member of ${1}" 137 err=1 138 fi 139 else 140 logger "User's primary group '${1}' does not exist" 141 err=1 142 fi 143 return $err 144} 145 146check_user_supplemental_group() { 147 # Checks for the group ${1}, and adds ${amanda_user} if missing. 148 # Other groups are preserved. 149 err=0 150 [ "x" = "x$1" ] && { logger "check_user_supplemental_group: no supplemental group given"; return 1; } 151 sup_group=${1} 152 logger "Verify ${amanda_user} is a member of ${sup_group}." 153 # First, check if the supplementary group exists. 154 sup_group_entry=`grep "${sup_group}" ${SYSCONFDIR}/group 2>/dev/null` 155 if [ ! "x" = "x${sup_group_entry}" ]; then 156 SUP_MEM=`echo ${sup_group_entry} | cut -d: -f4` 157 # Check if our user is a member. 158 case ${SUP_MEM} in 159 *${amanda_user}*) : ;; 160 *) 161 logger "${amanda_user} is not a member of supplemental group ${sup_group}." 162 err=1 163 ;; 164 esac 165 else 166 logger "Supplemental group ${sup_group} does not exist" 167 err=1 168 fi 169 return $err 170} 171 172check_user_shell() { 173 # Confirms the passwd file's shell field for ${amanda_user} is $1 174 [ "x" = "x$1" ] && { logger "check_user_shell: no shell given"; return 1; } 175 wanted_shell=$1; export wanted_shell 176 logger "Verify ${amanda_user}'s shell is ${wanted_shell}." 177 real_shell=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7` 178 export real_shell 179 if [ ! "x${real_shell}" = "x${wanted_shell}" ] ; then 180 logger "WARNING: ${amanda_user} default shell= ${wanted_shell}" 181 logger "WARNING: ${amanda_user} existing shell: ${real_shell}" 182 logger "${warning_user_shell}" 183 return 1 184 fi 185} 186 187check_user_homedir() { 188 # Confirm the passwd file's homedir field for ${amanda_user} is $1 189 [ "x" = "x$1" ] && { logger "check_user_homedir: no homedir given"; return 1; } 190 HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6` 191 if [ ! "x${HOMEDIR}" = "x${1}" ] ; then 192 logger "${warning_user_homedir}" 193 return 1 194 fi 195} 196 197check_user_uid() { 198 # Confirm that ${amanda_user}'s UID is $1. 199 # Debian systems must use a specific UID 200 [ "x" = "x$1" ] && { logger "check_user_uid: no uid given"; return 1; } 201 ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'` 202 if [ ! ${ID} -eq ${1} ] ; then 203 checked_uid=${1}; export checked_uid 204 logger "${warning_user_uid_debian}" 205 return 1 206 fi 207} 208 209check_homedir() { 210 # Checks that the homedir has correct permissions and belongs to correct 211 # user. Uses $amanda_user and $amanda_group. 212 if [ -d ${AMANDAHOMEDIR} ] ; then 213 OWNER_GROUP=`ls -dl ${AMANDAHOMEDIR} | awk '{ print $3" "$4; }'` 214 [ "x$OWNER_GROUP" = "x${amanda_user} ${amanda_group}" ] || \ 215 logger "${warning_homedir_owner}" 216 return $? 217 else 218 logger "homedir ${AMANDAHOMEDIR} does not exist." 219 return 1 220 fi 221} 222 223create_homedir() { 224 # Creates the homedir, if necessary, and fixes ownership. 225 if [ ! -d ${AMANDAHOMEDIR} ] ; then 226 logger "Creating ${AMANDAHOMEDIR}" 227 log_output_of mkdir -p -m 0750 ${AMANDAHOMEDIR} || 228 { logger "WARNING: Could not create ${AMANDAHOMEDIR}" ; return 1 ; } 229 fi 230 log_output_of chown -R ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR} || 231 { logger "WARNING: Could not chown ${AMANDAHOMEDIR}" ; return 1 ; } 232} 233 234create_logdir() { 235 if [ -d ${LOGDIR} ] || [ -f ${LOGDIR} ] ; then 236 logger "Found existing ${LOGDIR}" 237 log_output_of mv ${LOGDIR} ${LOGDIR}.save || \ 238 { logger "WARNING: Could not backup existing log directory: ${LOGDIR}" ; return 1 ; } 239 fi 240 logger "Creating ${LOGDIR}." 241 log_output_of mkdir -p -m 0750 ${LOGDIR} || \ 242 { logger "WARNING: Could not create ${LOGDIR}" ; return 1 ; } 243 if [ -d ${LOGDIR}.save ] || [ -f ${LOGDIR}.save ] ; then 244 # Move the saved log into the logdir. 245 log_output_of mv ${LOGDIR}.save ${LOGDIR} 246 fi 247 log_output_of chown -R ${amanda_user}:${amanda_group} ${LOGDIR} || \ 248 { logger "WARNING: Could not chown ${LOGDIR}" ; return 1 ; } 249} 250 251# Info, Warning, and Error strings used by the installer 252 253info_create_user_success="NOTE: Set a password and unlock the ${amanda_user} account before 254 running Amanda." 255 256info_create_user_success_sol="NOTE: Account is set as non-login. If interactive login 257is required: a password must be set, and the account activated for login." 258 259info_unlock_account=" The superuser can unlock the account by running: 260 261 # passwd -u ${amanda_user} 262" 263 264info_existing_installs="Pre-existing Amanda installations must confirm: 265 -${SYSCONFDIR}/amanda/* should have 'dumpuser' set to '${amanda_user}'. 266 -${AMANDAHOMEDIR}/.amandahosts on client systems should allow connections by 267 '${amanda_user}'." 268 269warning_user_password="WARNING: '${amanda_user}' no password. An error occured when locking the 270 account. SET A PASSWORD NOW: 271 272 # passwd ${amanda_user}" 273 274error_group_member="Nonfatal ERROR: Amanda will not run until '${amanda_user}' is a member the 275 preceeding group. Install will continue..." 276 277warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell. Other shells have not been tested." 278 279warning_user_homedir="WARNING: The user '${amanda_user}' must have its home directory set to 280'${AMANDAHOMEDIR}' Please correct before using Amanda." 281 282warning_user_uid_debian="WARNING: Debian packages were built assuming that ${amanda_user} 283uid = ${checked_uid}. The uid of ${amanda_user} is different on this system. Files 284owned by ${checked_uid} must be chowned to ${amanda_user}." 285 286warning_homedir_owner="WARNING: The ${amanda_user}'s home directory,'${AMANDAHOMEDIR}' ownership must be changed to '${amanda_user}:${amanda_group}'. " 287 288# --------------- End included Functions ----------------- 289