1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#!/bin/sh
#
# $NetBSD: usergroup-check,v 1.1 2006/05/21 23:50:15 jlam Exp $
#
# Copyright (c) 2006 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Johnny C. Lam.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by the NetBSD
# Foundation, Inc. and its contributors.
# 4. Neither the name of The NetBSD Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
######################################################################
#
# NAME
# usergroup-check -- verify that users/groups match numeric IDs
#
# SYNOPSIS
# usergroup-check -g [group_entry ...]
# usergroup-check -u [user_entry ...]
#
# DESCRIPTION
# usergroup-check checks for the existence of users and groups
# and verifies that they match the requested numeric IDs if
# given. The group_entry format matches that of /etc/group and
# the user_entry format matches that of /etc/passwd, though the
# field contents may be empty.
#
# usergroup-check exits 0 if the users and groups exist and match
# the numeric IDs, and >0 otherwise.
#
# OPTIONS
# The following command line arguments are supported.
#
# -g Indicates that the subsequent arguments are group entries.
#
# -u Indicates that the subsequent arguments are user entries.
#
######################################################################
: ${PERL5=perl}
self="${0##*/}"
usage() {
echo 1>&2 "usage: $self -g [group_entry ...]"
echo 1>&2 " $self -u [user_entry ...]"
}
if test $# -lt 1; then
usage; exit 1
fi
check=
case "$1" in
-g) check=groups ;;
-u) check=users ;;
*) usage; exit 1 ;;
esac
shift
missing_groups=
missing_users=
case $check in
groups)
while test $# -gt 0; do
entry="$1"; shift
( SAVEIFS="$IFS"; IFS=":"
set -- $entry; group="$1"; groupid="$2"
IFS="$SAVEIFS"
gid=`${PERL5} -le 'print scalar getgrnam shift' $group`
test -n "$gid" || exit 1
case "$groupid" in
""|$gid) exit 0 ;;
*) exit 1 ;;
esac ) || missing_groups="$missing_groups $i"
done
;;
users)
missing_users=
while test $# -gt 0; do
entry="$1"; shift
( SAVEIFS="$IFS"; IFS=":"
set -- $entry; user="$1"; userid="$3"
IFS="$SAVEIFS"
gid=`${PERL5} -le 'print scalar getpwnam shift' $user`
test -n "$gid" || exit 1
case "$userid" in
""|$gid) exit 0 ;;
*) exit 1 ;;
esac ) || missing_users="$missing_users $i"
done
;;
esac
test -z "$missing_groups" -a -z "$missing_users" || exit 1
exit 0
|