1#!/bin/sh
2# These functions are included by various different installers.
3
4# We assume that the following variables are defined in the main script:
5# amanda_user: the amanda account username
6# amanda_group: the amanda account's group
7# amandahomedir: a directory to use as amanda's home
8# deb_uid: sepecific uid amanda_user should get on deb style systems.
9# dist: used on linux for the distro.
10# LOGFILE: a log file we append to
11# os: Linux, Darwin, SunOS, `uname`...
12# wanted_shell:  Linux/SunOS/OSX all keep them in different places
13# SYSCONFDIR: location of system config files (ie, /etc)
14# LOGDIR: logging directory for amanda
15
16# These variables are defined, but null to allow checking names
17checked_uid=
18export checked_uid
19# PreInstall Functions
20
21create_user() {
22    case $os in
23        Linux|SunOS)
24            # Create the amanda user with a specific uid on deb systems
25            if [ "x${dist}" = "xDebian" ] || [ "x${dist}" = "xUbuntu" ] ; then
26                uid_flag="-u ${deb_uid}"
27            else
28                uid_flag=
29            fi
30            logger "Checking for user: ${amanda_user}"
31            # we want the output of id, but if the user doesn't exist,
32            # sterr output just confuses things
33            ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'`
34            if [ "${ID}x" = "x" ] ; then
35                logger "Adding ${amanda_user}."
36                log_output_of useradd -c "Amanda" \
37                            -g ${amanda_group} \
38                            ${uid_flag} \
39                            -d ${AMANDAHOMEDIR} \
40                            -s ${wanted_shell} ${amanda_user}  || \
41                { logger "WARNING:  Could not create user ${amanda_user}. Installation will fail." ; return 1 ; }
42                logger "Created ${amanda_user} with blank password."
43
44                if [ "x$os" = "xLinux" ] && [ "x${dist}" != "xSuSE" ]; then
45                    # Lock the amanda account until admin sets password
46                    log_output_of passwd -l ${amanda_user} && { \
47                        logger "${info_create_user_success}"
48                        logger "${info_unlock_account}"
49                    } || { \
50                        logger "${warning_user_passwd}"; }
51                fi
52                if [ "x$os" = "xSunOS" ]; then
53                    r=`uname -r`
54                    case $r in
55                        5.8|5.9) log_output_of passwd -l ${amanda_user} ;;
56                        5.10) # Special login-lock, while allowing execution.
57                            log_output_of passwd -N ${amanda_user} && { \
58                                logger "${info_create_user_success_sol}"
59                                logger "${info_unlock_account}"
60                            } || { \
61                                logger "${warning_user_passwd}"; }
62                        ;;
63                    esac
64                fi
65
66            else
67                # The user already existed
68                logger "The Amanda user '${amanda_user}' exists on this system."
69            fi
70        ;;
71        Darwin) : #TODO
72        ;;
73    esac
74}
75
76add_profiles() {
77    # Solaris only:  Add a comma separated list of rights profiles to the
78    # $amanda_user.  Replaces any existing profiles listed on the account.
79    log_output_of usermod -P "\"$*\"" ${amanda_user} || {
80        logger "Warning: Rights profiles were not added.  Some types of backup may not work until these rights profiles are givent to ${amanda_backup}: '$*'"
81        return 1; }
82}
83
84add_group() {
85    # First, try to add the group, detect via return code if it
86    # already exists. Then add ${amanda_user} to the group without
87    # checking if account is already a member.  (check_user should
88    # already have been called).
89    #
90    # Works on linux and solaris.  OSX has different tools.
91
92    [ "x${1}" = "x" ] && { logger "Error: first argument was not a group to add." ; return 1 ; }
93    group_to_add=${1}
94    log_output_of groupadd ${group_to_add}
95    rc=$?
96    # return of 0 means group was added; 9 means group existed.
97    if [ $rc -eq 0 ] || [ $rc -eq 9 ]; then
98        logger "Adding ${amanda_user} to ${group_to_add}"
99        # Generate a comma separated list of existing supplemental groups.
100        # Linux prefaces output with '<username> : '.
101        existing_sup_groups=`groups ${amanda_user}|sed 's/.*: //;s/ /,/g'`
102        # usermod append is -A on Suse, all other linux use -a, and
103        # -A means something else entirely on solaris. So we just use
104        # -G, and append a list of the current groups from id.
105        # So far, all linux distros have usermod
106        log_output_of usermod -G ${existing_sup_groups},${group_to_add} ${amanda_user} || { \
107            logger "Nonfatal ERROR: Failed to add ${group_to_add}."
108            logger "${error_group_member}" ; return 1 ; }
109    else
110        logger "Error: groupadd failed in an unexpected way. return code='$rc'"
111        return 1
112    fi
113}
114
115
116# All check_user_* functions check various parameters of ${amanda_user}'s
117# account. Return codes:
118# 0 = success
119# 1 = error
120# 2 = usage or other error.  more info will be logged
121
122check_user_group() {
123    # checks the system group file for ${amanda_user}'s membership in
124    # the group named $1.
125    err=0
126    [ "x" = "x$1" ] && { logger "check_user_group: no group given"; return 1; }
127    logger "Verify ${amanda_user}'s primary group = $1 "
128    # Check if the group exists, disregarding membership.
129    group_entry=`grep "^${2}" ${SYSCONFDIR}/group 2> /dev/null`
130    if [ ! "x" = "x${group_entry}" ]; then
131        # Assume the user exists, and check the user's primary group.
132        GROUP=`id ${amanda_user} 2> /dev/null |\
133            cut -d " " -f 2 |\
134            sed 's/.*gid=[0-9]*(\([^ ()]*\))/\1/'`
135        if [ ! "x${GROUP}" = "x${1}" ] ; then
136            logger "${amanda_user} not a member of ${1}"
137            err=1
138        fi
139    else
140        logger "User's primary group '${1}' does not exist"
141        err=1
142    fi
143    return $err
144}
145
146check_user_supplemental_group() {
147    # Checks for the group ${1}, and adds ${amanda_user} if missing.
148    # Other groups are preserved.
149    err=0
150    [ "x" = "x$1" ] && { logger "check_user_supplemental_group: no supplemental group given"; return 1; }
151    sup_group=${1}
152    logger "Verify ${amanda_user} is a member of ${sup_group}."
153    # First, check if the supplementary group exists.
154    sup_group_entry=`grep "${sup_group}" ${SYSCONFDIR}/group 2>/dev/null`
155    if [ ! "x" = "x${sup_group_entry}" ]; then
156        SUP_MEM=`echo ${sup_group_entry} | cut -d: -f4`
157        # Check if our user is a member.
158        case ${SUP_MEM} in
159            *${amanda_user}*) : ;;
160            *)
161            logger "${amanda_user} is not a member of supplemental group ${sup_group}."
162            err=1
163            ;;
164        esac
165    else
166        logger "Supplemental group ${sup_group} does not exist"
167        err=1
168    fi
169    return $err
170}
171
172check_user_shell() {
173    # Confirms the passwd file's shell field for ${amanda_user} is $1
174    [ "x" = "x$1" ] && { logger "check_user_shell: no shell given"; return 1; }
175    wanted_shell=$1; export wanted_shell
176    logger "Verify ${amanda_user}'s shell is ${wanted_shell}."
177    real_shell=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f7`
178    export real_shell
179    if [ ! "x${real_shell}" = "x${wanted_shell}" ] ; then
180        logger "WARNING:  ${amanda_user} default shell= ${wanted_shell}"
181        logger "WARNING: ${amanda_user} existing shell: ${real_shell}"
182        logger "${warning_user_shell}"
183        return 1
184    fi
185}
186
187check_user_homedir() {
188    # Confirm the passwd file's homedir field for ${amanda_user} is $1
189    [ "x" = "x$1" ] && { logger "check_user_homedir: no homedir given"; return 1; }
190    HOMEDIR=`grep "^${amanda_user}" ${SYSCONFDIR}/passwd | cut -d: -f6`
191    if [ ! "x${HOMEDIR}" = "x${1}" ] ; then
192        logger "${warning_user_homedir}"
193        return 1
194    fi
195}
196
197check_user_uid() {
198    # Confirm that ${amanda_user}'s UID is $1.
199    # Debian systems must use a specific UID
200    [ "x" = "x$1" ] && { logger "check_user_uid: no uid given"; return 1; }
201    ID=`id ${amanda_user} 2> /dev/null | sed 's/uid=\([0-9]*\).*/\1/'`
202    if [ ! ${ID} -eq ${1} ] ; then
203        checked_uid=${1}; export checked_uid
204        logger "${warning_user_uid_debian}"
205        return 1
206    fi
207}
208
209check_homedir() {
210	# Checks that the homedir has correct permissions and belongs to correct
211	# user.  Uses $amanda_user and  $amanda_group.
212	if [ -d ${AMANDAHOMEDIR} ] ; then
213	    OWNER_GROUP=`ls -dl ${AMANDAHOMEDIR} | awk '{ print $3" "$4; }'`
214	    [ "x$OWNER_GROUP" = "x${amanda_user} ${amanda_group}" ] || \
215		logger "${warning_homedir_owner}"
216	    return $?
217	else
218	    logger "homedir ${AMANDAHOMEDIR} does not exist."
219	    return 1
220	fi
221}
222
223create_homedir() {
224	# Creates the homedir, if necessary, and fixes ownership.
225	if [ ! -d ${AMANDAHOMEDIR} ] ; then
226		logger "Creating ${AMANDAHOMEDIR}"
227		log_output_of mkdir -p -m 0750 ${AMANDAHOMEDIR} ||
228			{ logger "WARNING:  Could not create ${AMANDAHOMEDIR}" ; return 1 ; }
229	fi
230	log_output_of chown -R ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR} ||
231		{ logger "WARNING:  Could not chown ${AMANDAHOMEDIR}" ; return 1 ; }
232}
233
234create_logdir() {
235    if [ -d ${LOGDIR} ] || [ -f ${LOGDIR} ] ; then
236        logger "Found existing ${LOGDIR}"
237        log_output_of mv ${LOGDIR} ${LOGDIR}.save || \
238            { logger "WARNING:  Could not backup existing log directory: ${LOGDIR}" ; return 1 ; }
239    fi
240    logger "Creating ${LOGDIR}."
241    log_output_of mkdir -p -m 0750 ${LOGDIR} || \
242        { logger "WARNING:  Could not create ${LOGDIR}" ; return 1 ; }
243    if [ -d ${LOGDIR}.save ] || [ -f ${LOGDIR}.save ] ; then
244        # Move the saved log into the logdir.
245        log_output_of mv ${LOGDIR}.save ${LOGDIR}
246    fi
247    log_output_of chown -R ${amanda_user}:${amanda_group} ${LOGDIR} || \
248        { logger "WARNING:  Could not chown ${LOGDIR}" ; return 1 ; }
249}
250
251# Info, Warning, and Error strings used by the installer
252
253info_create_user_success="NOTE: Set a password and unlock the ${amanda_user} account before
254 running Amanda."
255
256info_create_user_success_sol="NOTE: Account is set as non-login.  If interactive login
257is required: a password must be set, and the account activated for login."
258
259info_unlock_account=" The superuser can unlock the account by running:
260
261 # passwd -u ${amanda_user}
262"
263
264info_existing_installs="Pre-existing Amanda installations must confirm:
265  -${SYSCONFDIR}/amanda/* should have 'dumpuser' set to '${amanda_user}'.
266  -${AMANDAHOMEDIR}/.amandahosts on client systems should allow connections by
267   '${amanda_user}'."
268
269warning_user_password="WARNING:  '${amanda_user}' no password. An error occured when locking the
270 account.  SET A PASSWORD NOW:
271
272 # passwd ${amanda_user}"
273
274error_group_member="Nonfatal ERROR:  Amanda will not run until '${amanda_user}' is a member the
275 preceeding group.  Install will continue..."
276
277warning_user_shell="WARNING: The user '${amanda_user}' has a non-default shell. Other shells have not been tested."
278
279warning_user_homedir="WARNING: The user '${amanda_user}' must have its home directory set to
280'${AMANDAHOMEDIR}' Please correct before using Amanda."
281
282warning_user_uid_debian="WARNING: Debian packages were built assuming that ${amanda_user}
283uid = ${checked_uid}.  The uid of ${amanda_user} is different on this system.  Files
284owned by ${checked_uid} must be chowned to ${amanda_user}."
285
286warning_homedir_owner="WARNING: The ${amanda_user}'s home directory,'${AMANDAHOMEDIR}' ownership must be changed to '${amanda_user}:${amanda_group}'. "
287
288# --------------- End included Functions -----------------
289