diff options
Diffstat (limited to 'debian/shadowconfig')
-rw-r--r-- | debian/shadowconfig | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/debian/shadowconfig b/debian/shadowconfig new file mode 100644 index 0000000..b462597 --- /dev/null +++ b/debian/shadowconfig @@ -0,0 +1,70 @@ +#!/bin/sh +# turn shadow passwords on or off on a Debian system + +set -e + +shadowon () { + set -e + + if [ -n "$DPKG_ROOT" ] \ + && cmp "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/usr/share/base-passwd/passwd.master" 2>/dev/null \ + && cmp "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/usr/share/base-passwd/group.master" 2>/dev/null; then + # If dpkg is run with --force-script-chrootless and if /etc/passwd + # and /etc/group are unchanged, we avoid the chroot() call by manually + # processing the files. This produces bit-by-bit identical results + # compared to the normal case as shown by the CI setup at + # https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs + for f in passwd group; do + cp -a "${DPKG_ROOT}/etc/$f" "${DPKG_ROOT}/etc/$f-" + done + chmod 600 "${DPKG_ROOT}/etc/passwd-" + sed -i 's/^\([^:]\+\):\*:/\1:x:/' "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/etc/passwd" + [ -n "$SOURCE_DATE_EPOCH" ] && epoch=$SOURCE_DATE_EPOCH || epoch=$(date +%s) + sed "s/^\([^:]\+\):.*/\1:*:$((epoch/60/60/24)):0:99999:7:::/" "${DPKG_ROOT}/etc/passwd" > "${DPKG_ROOT}/etc/shadow" + sed "s/^\([^:]\+\):.*/\1:*::/" "${DPKG_ROOT}/etc/group" > "${DPKG_ROOT}/etc/gshadow" + touch "${DPKG_ROOT}/etc/.pwd.lock" + chmod 600 "${DPKG_ROOT}/etc/.pwd.lock" + else + pwck -q -r + grpck -r + pwconv + grpconv + fi + chown root:root "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group" + chmod 644 "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group" + chown root:shadow "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow" + chmod 640 "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow" +} + +shadowoff () { + set -e + pwck -q -r + grpck -r + pwunconv + grpunconv + # sometimes the passwd perms get munged + chown root:root /etc/passwd /etc/group + chmod 644 /etc/passwd /etc/group +} + +case "$1" in + "on") + if shadowon ; then + echo Shadow passwords are now on. + else + echo Please correct the error and rerun \`$0 on\' + exit 1 + fi + ;; + "off") + if shadowoff ; then + echo Shadow passwords are now off. + else + echo Please correct the error and rerun \`$0 off\' + exit 1 + fi + ;; + *) + echo Usage: $0 on \| off + ;; +esac |