summaryrefslogtreecommitdiffstats
path: root/debian/shadowconfig
blob: b462597a6fd60008f843a7e9c3ab6387500e4930 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

#!/bin/sh
# turn shadow passwords on or off on a Debian system

set -e

shadowon () {
    set -e

    if [ -n "$DPKG_ROOT" ] \
        && cmp "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/usr/share/base-passwd/passwd.master" 2>/dev/null \
        && cmp "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/usr/share/base-passwd/group.master" 2>/dev/null; then
        # If dpkg is run with --force-script-chrootless and if /etc/passwd
        # and /etc/group are unchanged, we avoid the chroot() call by manually
        # processing the files. This produces bit-by-bit identical results
        # compared to the normal case as shown by the CI setup at
        # https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs
        for f in passwd group; do
            cp -a "${DPKG_ROOT}/etc/$f" "${DPKG_ROOT}/etc/$f-"
        done
        chmod 600 "${DPKG_ROOT}/etc/passwd-"
        sed -i 's/^\([^:]\+\):\*:/\1:x:/' "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/etc/passwd"
        [ -n "$SOURCE_DATE_EPOCH" ] && epoch=$SOURCE_DATE_EPOCH || epoch=$(date +%s)
        sed "s/^\([^:]\+\):.*/\1:*:$((epoch/60/60/24)):0:99999:7:::/" "${DPKG_ROOT}/etc/passwd" > "${DPKG_ROOT}/etc/shadow"
        sed "s/^\([^:]\+\):.*/\1:*::/" "${DPKG_ROOT}/etc/group" > "${DPKG_ROOT}/etc/gshadow"
        touch "${DPKG_ROOT}/etc/.pwd.lock"
        chmod 600 "${DPKG_ROOT}/etc/.pwd.lock"
    else
        pwck -q -r
        grpck -r
        pwconv
        grpconv
    fi
    chown root:root "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
    chmod 644 "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
    chown root:shadow "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
    chmod 640 "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
}

shadowoff () {
    set -e
    pwck -q -r
    grpck -r
    pwunconv
    grpunconv
    # sometimes the passwd perms get munged
    chown root:root /etc/passwd /etc/group
    chmod 644 /etc/passwd /etc/group
}

case "$1" in
    "on")
	if shadowon ; then
	    echo Shadow passwords are now on.
	else
	    echo Please correct the error and rerun \`$0 on\'
	    exit 1
	fi
	;;
    "off")
	if shadowoff ; then
	    echo Shadow passwords are now off.
	else
	    echo Please correct the error and rerun \`$0 off\'
	    exit 1
	fi
	;;
     *)
	echo Usage: $0 on \| off
	;;
esac
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 16:05:44 +0000