Remove unused function hv_groupadd.
Remove hardcoded numerical group IDs when creating some system users.
sed -i "s!\(^${VARIABLE}.*\)!\1:${VALUE}!" ${FILE}
}
-# Adding a new group, checking if it already exist before.
-# Arguments: same arguments as for standard groupadd command.
-hv_groupadd()
-{
- arguments=${*}
-
- # The last argument is the group name
- while [ $# -ne 0 ]; do
- groupname=${*}
- shift
- done
-
- if ! cat /etc/group | egrep -q "^${groupname}:"; then
- groupadd ${arguments}
- fi
-}
-
# Adding a new user, checking if it already exist before
# Arguments: same arguments as for standard useradd command.
hv_useradd()
# In order for root to be able to login and for the name "root" to be
# recognized, there need to be relevant entries in the /etc/group file.
+#
+# Group 'mail' is used by MTAs (Mail Transport Agents)
cat > ${LFS}/etc/group << "EOF"
root:x:0:
bin:x:1:
tty:x:4:
tape:x:5:
daemon:x:6:
-floppy:x:7:
-disk:x:8:
-lp:x:9:
-dialout:x:10:
-audio:x:11:
-video:x:12:
-utmp:x:13:
-usb:x:14:
-cdrom:x:15:
-# Used by MTAs (Mail Transport Agents)
-mail:x:30:mail
-shutdown:x:999:
-# The default GID used by shadow for new users
+disk:x:7:
+lp:x:8:
+dialout:x:9:
+audio:x:10:
+video:x:11:
+utmp:x:12:
+usb:x:13:
+cdrom:x:14:
+mail:x:15:mail
+shutdown:x:17:
+plugdev:x:98:
+nogroup:x:99:
users:x:1000:
-# Default group used by some programs that do not require a group.
-nogroup:x:65533:
EOF
exit $?
# global mount options
ACTION=="add", ENV{mount_options}="relatime"
-# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
-ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
+# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
+ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=98,dmask=000,fmask=111,utf8"
# automount ntfs filesystems using ntfs-3g driver
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
ACTION=="add", ENV{mount_options}="relatime"
# Filesystem specific options
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
-ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"
+ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=98,umask=002"
# automount all other filesystems
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
sed -i -e "s/\(SYMLINK+=\"cdrom\)\"/\1 dvd\"/" \
/lib/udev/rules.d/60-cdrom_id.rules
+ # Remove obsolete rule
+ sed -i -e "/floppy/d" /lib/udev/rules.d/50-udev-default.rules
+
install -dv /lib/{firmware,udev/devices/{pts,shm}}
install -v -m740 ${SCRDIR}/bootscripts/udev /etc/rc.d/init.d
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
- # Instead of using the default crypt method, use the more secure SHA-512 method
- # of password encryption, which also allows passwords longer than 8 characters.
- # It is also necessary to change the obsolete /var/spool/mail location for user
- # mailboxes that Shadow uses by default to the /var/mail location used currently:
+ # Instead of using the default crypt method, use the more secure SHA-512
+ # method of password encryption, which also allows passwords longer than 8
+ #characters. It is also necessary to change the obsolete /var/spool/mail
+ # location for user mailboxes that Shadow uses by default to the /var/mail
+ # location used currently:
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-e 's@/var/spool/mail@/var/mail@' etc/login.defs
}
# To enable shadowed group passwords:
grpconv
+
+ # Set system group ID range from 1 to 90:
+ # 0 is reserved for group 'root'
+ # 99 is reserved for group 'nogroup'
+ sed -e "s/\(SYS_UID_MIN\s\+\)[0-9]\+/\1 1/" \
+ -e "s/\(SYS_UID_MAX\s\+\)[0-9]\+/\1 90/" \
+ -e "s/\(SYS_GID_MIN\s\+\)[0-9]\+/\1 1/" \
+ -e "s/\(SYS_GID_MAX\s\+\)[0-9]\+/\1 90/" \
+ -i /etc/login.defs
}
hvconfig_pre()
{
- groupadd -f named
- hv_useradd -c BindOwner -g named -s /bin/false named
+ groupadd --system -f named
+ hv_useradd --system -c BindOwner -g named -s /bin/false named
install -d -m770 -o named -g named /srv/named
}
hvconfig_pre()
{
- groupadd -f fcron
- hv_useradd -c fcron -g fcron fcron
+ groupadd --system -f fcron
+ hv_useradd --system -c fcron -g fcron fcron
# Create a dummy sendmail executable to fool fcron
DUMMY_SM_PATH=/usr/sbin/sendmail
hvconfig_pre()
{
- groupadd -f mysql
- hv_useradd -c mysql -d /dev/null -g mysql -s /bin/false mysql
+ groupadd --system -f mysql
+ hv_useradd --system -c mysql -d /dev/null -g mysql -s /bin/false mysql
}
hvconfig()
install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd
- groupadd -f sshd
- hv_useradd -c sshd-privsep -d /var/lib/sshd -g sshd -s /bin/false sshd
+ groupadd --system -f sshd
+ hv_useradd --system -c sshd-privsep -d /var/lib/sshd -g sshd \
+ -s /bin/false sshd
CONFIGURE_OPTS="\
${CONFIGURE_OPTS} \
hvbuild()
{
- groupadd -f smmsp
- groupadd -f mail
- hv_useradd -g smmsp -G mail smmsp
+ groupadd --system -f smmsp
+ groupadd --system -f mail
+ hv_useradd --system -g smmsp -G mail smmsp
chmod 1777 /var/mail
mkdir -p /var/spool/mqueue
mkdir -p /etc/mail
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
- # Instead of using the default crypt method, use the more secure SHA-512 method
- # of password encryption, which also allows passwords longer than 8 characters.
- # It is also necessary to change the obsolete /var/spool/mail location for user
- # mailboxes that Shadow uses by default to the /var/mail location used currently:
+ # Instead of using the default crypt method, use the more secure SHA-512
+ # method of password encryption, which also allows passwords longer than 8
+ # characters. It is also necessary to change the obsolete /var/spool/mail
+ # location for user mailboxes that Shadow uses by default to the /var/mail
+ # location used currently:
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-e 's@/var/spool/mail@/var/mail@' /etc/login.defs
}
# resources, Linux-PAM uses the pam_limits.so module along with the
# /etc/security/limits.conf file. Rename the /etc/limits file:
[ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}
+
+ # Set system group ID range from 1 to 90:
+ # 0 is reserved for group 'root'
+ # 99 is reserved for group 'nogroup'
+ sed -e "s/\(SYS_UID_MIN\s\+\)[0-9]\+/\1 1/" \
+ -e "s/\(SYS_UID_MAX\s\+\)[0-9]\+/\1 90/" \
+ -e "s/\(SYS_GID_MIN\s\+\)[0-9]\+/\1 1/" \
+ -e "s/\(SYS_GID_MAX\s\+\)[0-9]\+/\1 90/" \
+ -i /etc/login.defs
}
hvconfig_pre()
{
- hv_groupadd -g 18 messagebus
- hv_useradd -c D-BUS-Message-Daemon-User -d /dev/null \
- -u 18 -g messagebus -s /bin/false messagebus
+ groupadd --system -f messagebus
+ hv_useradd --system -c D-BUS-Message-Daemon-User -d /dev/null \
+ -g messagebus -s /bin/false messagebus
CONFIGURE_OPTS="\
${CONFIGURE_OPTS} \
</Layout>
EOF
- groupadd -f ${HTTPD_USER}
- hv_useradd -c WebServer -d /dev/null -g ${HTTPD_USER} -s /bin/false \
- ${HTTPD_USER}
+ groupadd --system -f ${HTTPD_USER}
+ hv_useradd --system -c WebServer -d /dev/null -g ${HTTPD_USER} \
+ -s /bin/false ${HTTPD_USER}
CONFIGURE_OPTS=" \
--enable-layout=FHS \
hvconfig_pre()
{
- groupadd -f clamav
- hv_useradd -g clamav -s /bin/false -c Clam-AntiVirus clamav
+ groupadd --system -f clamav
+ hv_useradd --system -g clamav -s /bin/false -c Clam-AntiVirus clamav
# Is this really necessary?
export SENDMAIL="/usr/sbin/sendmail"
hvconfig_pre()
{
- hv_useradd -c "Print_Service_User" -d /dev/null -g lp -s /bin/false -u 9 lp
+ hv_useradd --system -c "Print_Service_User" -d /dev/null -g lp \
+ -s /bin/false lp
CONFIGURE_OPTS="--libdir=/usr/lib --enable-pdftops"
}
hvconfig_pre()
{
- groupadd -f ${HTTPD_USER}
- hv_useradd -c WebServer -d /dev/null -g ${HTTPD_USER} -s /bin/false \
- ${HTTPD_USER}
+ groupadd --system -f ${HTTPD_USER}
+ hv_useradd --system -c WebServer -d /dev/null -g ${HTTPD_USER} \
+ -s /bin/false ${HTTPD_USER}
}
hvbuild_post()
{
[ -e /usr/lib/libcacard.so ] && chmod -v 755 /usr/lib/libcacard.so
- hv_groupadd kvm
+ groupadd --system -f kvm
# Add a Udev rule so that the KVM device gets correct permissions:
install -v -m644 ${SCRDIR}/misc/kvm-udev.rules \
fi
# Add group for UDEV rules
- hv_groupadd scanner
+ groupadd --system -f scanner
- hv_groupadd saned
- hv_useradd -c saned -d /dev/null -g saned -s /bin/false saned
+ groupadd --system -f saned
+ hv_useradd --system -c saned -d /dev/null -g saned -s /bin/false saned
# Fixes an obsolete udev parameter:
sed -i 's/SYSFS/ATTRS/g' ${LFS_TMP}/${PACKAGE}/tools/sane-desc.c
hvconfig_pre()
{
- groupadd -f ${SVN_USER}
- hv_useradd -c SvnServer -d /dev/null -g ${SVN_USER} -s /bin/false ${SVN_USER}
+ groupadd --system -f ${SVN_USER}
+ hv_useradd --system -c SvnServer -d /dev/null -g ${SVN_USER} \
+ -s /bin/false ${SVN_USER}
}
hvbuild_post()
projects / hvlinux.git / commitdiff