[gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user by default

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Thomas Deutschmann <whissi@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user by default
Date: Mon,  4 Jan 2021 02:35:58 +0100	[thread overview]
Message-ID: <20210104013558.20072-1-whissi@gentoo.org> (raw)

Modifying an existing user is a bad default and makes Gentoo
special because it is common for system administrators to make
modifications to user (i.e. putting an user into another service's
group to allow that user to access service in question) and it
would be unexpected to see these changes reverted during normal
world upgrade (which could break services).

This commit will make Gentoo behave like any other Linux distribution
by respecting any user modifications by default. However, we will retain
the functionality to reset system user and groups and users interested
in this feature can opt-in by setting
ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED to a non-zero value in
their make.conf.

Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
 eclass/acct-user.eclass | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index 22b0038fbff7..d60b1e53b4bb 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -72,6 +72,11 @@ readonly ACCT_USER_NAME
 # Overlays should set this to -1 to dynamically allocate UID.  Using -1
 # in ::gentoo is prohibited by policy.
 
+# @ECLASS-VARIABLE: ACCT_USER_ALREADY_EXISTS
+# @INTERNAL
+# @DESCRIPTION:
+# Status variable which indicates if user already exists.
+
 # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
 # @DESCRIPTION:
 # If set to a non-null value, the eclass will require the user to have
@@ -79,6 +84,13 @@ readonly ACCT_USER_NAME
 # the UID is taken by another user, the install will fail.
 : ${ACCT_USER_ENFORCE_ID:=}
 
+# @ECLASS-VARIABLE: ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED
+# @DESCRIPTION:
+# If set to a non-null value, the eclass is allowed to make changes
+# to an already existing user which will include overriding any
+# changes made by system administrator.
+: ${ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED:=}
+
 # @ECLASS-VARIABLE: ACCT_USER_SHELL
 # @DESCRIPTION:
 # The shell to use for the user.  If not specified, a 'nologin' variant
@@ -266,8 +278,8 @@ eunlockuser() {
 
 
 # << Phase functions >>
-EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
-	pkg_prerm
+EXPORT_FUNCTIONS pkg_pretend pkg_setup src_install pkg_preinst \
+	pkg_postinst pkg_prerm
 
 # @FUNCTION: acct-user_pkg_pretend
 # @DESCRIPTION:
@@ -309,6 +321,20 @@ acct-user_pkg_pretend() {
 	fi
 }
 
+# @FUNCTION: acct-user_pkg_setup
+# @DESCRIPTION:
+# Initialize internal environment variable(s).
+acct-user_pkg_setup() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	# check if user already exists
+	ACCT_USER_ALREADY_EXISTS=
+	if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then
+		ACCT_USER_ALREADY_EXISTS=yes
+	fi
+	readonly ACCT_USER_ALREADY_EXISTS
+}
+
 # @FUNCTION: acct-user_src_install
 # @DESCRIPTION:
 # Installs a keep-file into the user's home directory to ensure it is
@@ -379,6 +405,16 @@ acct-user_pkg_postinst() {
 		return 0
 	fi
 
+	if [[ -z ${ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED} && -n ${ACCT_USER_ALREADY_EXISTS} ]] ; then
+		eunlockuser "${ACCT_USER_NAME}"
+
+		einfo "User ${ACCT_USER_NAME} already exists; Not touching existing user."
+		einfo "NOTE: If you want to allow package manager to reset user settings"
+		einfo "      like home, shell, groups... set ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED"
+		einfo "      to a non-null value in your make.conf."
+		return 0
+	fi
+
 	# NB: eset* functions check current value
 	esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
 	esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
-- 
2.30.0

next             reply	other threads:[~2021-01-04  1:36 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-04  1:35 Thomas Deutschmann [this message]
2021-01-04  2:41 ` [gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user by default Mike Gilbert
2021-01-04  3:17   ` Alec Warner
2021-01-04  3:18 ` Michael Orlitzky
2021-01-04 14:46   ` Thomas Deutschmann
2021-01-04 15:24     ` Michael Orlitzky
2021-01-04 15:55       ` David Seifert
2021-01-04 16:18         ` Thomas Deutschmann
2021-01-04 16:28           ` Michał Górny
2021-01-04 16:30             ` Thomas Deutschmann
2021-01-04 16:34               ` Thomas Deutschmann
2021-01-04 16:38                 ` Michał Górny
2021-01-04 16:50                   ` Thomas Deutschmann
2021-01-04 16:56                     ` Michał Górny
2021-01-04 16:56                     ` Mike Gilbert
2021-01-04 16:54                 ` Mike Gilbert
2021-01-04  7:32 ` Robin H. Johnson
2021-01-04 16:45   ` [gentoo-dev] " James Cloos
2021-01-04 18:07     ` Michael Orlitzky
2021-01-04 18:20       ` Michał Górny
2021-01-04 18:38         ` Michael Orlitzky
2021-01-04 18:23       ` Thomas Deutschmann
2021-01-04 18:27         ` Michael Orlitzky
2021-01-04 18:32           ` Thomas Deutschmann
2021-01-04  9:23 ` [gentoo-dev] " Michał Górny
2021-01-04 14:05   ` Thomas Deutschmann
2021-01-04 16:10   ` Mike Gilbert
2021-01-04 16:14     ` Michał Górny
2021-01-04 16:20       ` Thomas Deutschmann
2021-01-08 18:11       ` Fabian Groffen
2021-01-08 18:14         ` Michał Górny
2021-01-08 18:23           ` Thomas Deutschmann
2021-01-08 18:32             ` Michał Górny
2021-01-08 15:48 ` Thomas Deutschmann
2021-01-08 16:03   ` Mike Gilbert
2021-01-08 16:29     ` Thomas Deutschmann
2021-01-08 16:50       ` Mike Gilbert
2021-01-08 17:06       ` Mike Gilbert
2021-01-08 18:10         ` Thomas Deutschmann
2021-01-08 18:31           ` Michał Górny
2021-01-08 19:15             ` Mike Gilbert
2021-01-08 17:16       ` Michał Górny

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:22b0038fbff dfblob:d60b1e53b4b )
 OR (
bs:"[gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user by default" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210104013558.20072-1-whissi@gentoo.org \
    --to=whissi@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox