commit: bac0acaf404e150b064f74e3f6a572526455068a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 10 20:30:52 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jan 10 20:39:54 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bac0acaf
acct-user.eclass: allow opt-out of user modification
In some setups where users are changed/managed not only via ebuilds,
for example through configuration management systems, it could be
problematic if acct-user.eclass will restore user/group settings
to values set in ebuild.
Setting ACCT_USER_NO_MODIFY to a non-zero value will allow system
administrator to disable modification of any existing user.
Note: Lock/unlock when acct-* package will be installed/removed
will still happen.
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
eclass/acct-user.eclass | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index ba2fff43a19..ee4358b5c75 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -73,6 +73,11 @@ readonly ACCT_USER_NAME
# Overlays should set this to -1 to dynamically allocate UID. Using -1
# in ::gentoo is prohibited by policy.
+# @ECLASS-VARIABLE: _ACCT_USER_ALREADY_EXISTS
+# @INTERNAL
+# @DESCRIPTION:
+# Status variable which indicates if user already exists.
+
# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
# @DESCRIPTION:
# If set to a non-null value, the eclass will require the user to have
@@ -80,6 +85,13 @@ readonly ACCT_USER_NAME
# the UID is taken by another user, the install will fail.
: ${ACCT_USER_ENFORCE_ID:=}
+# @ECLASS-VARIABLE: ACCT_USER_NO_MODIFY
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will not make any changes
+# to an already existing user.
+: ${ACCT_USER_NO_MODIFY:=}
+
# @ECLASS-VARIABLE: ACCT_USER_SHELL
# @DESCRIPTION:
# The shell to use for the user. If not specified, a 'nologin' variant
@@ -390,6 +402,13 @@ acct-user_src_install() {
acct-user_pkg_preinst() {
debug-print-function ${FUNCNAME} "${@}"
+ # check if user already exists
+ _ACCT_USER_ALREADY_EXISTS=
+ if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then
+ _ACCT_USER_ALREADY_EXISTS=1
+ fi
+ readonly _ACCT_USER_ALREADY_EXISTS
+
enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
"${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \
"${_ACCT_USER_GROUPS// /,}"
@@ -425,6 +444,14 @@ acct-user_pkg_postinst() {
return 0
fi
+ if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]];
then
+ eunlockuser "${ACCT_USER_NAME}"
+
+ ewarn "User ${ACCT_USER_NAME} already exists; Not touching
existing user"
+ ewarn "due to set ACCT_USER_NO_MODIFY."
+ return 0
+ fi
+
# NB: eset* functions check current value
esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"
esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"
