diff options
| author | Simon Rettberg | 2013-02-20 19:22:57 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2013-02-20 19:22:57 +0100 |
| commit | 80bd3332167a2a0b35690e87bf14b12199b88041 (patch) | |
| tree | 028a61fb3506578b9d2b54f4a35f0fc264417c9a /remote | |
| parent | Make mltk more good and less bad (diff) | |
| download | tm-scripts-80bd3332167a2a0b35690e87bf14b12199b88041.tar.gz tm-scripts-80bd3332167a2a0b35690e87bf14b12199b88041.tar.xz tm-scripts-80bd3332167a2a0b35690e87bf14b12199b88041.zip | |
[base module] clean passwd/group/shadow of host system: remove local users/groups
Diffstat (limited to 'remote')
| -rw-r--r-- | remote/tools/base/base.build | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/remote/tools/base/base.build b/remote/tools/base/base.build index 14fddcea..38435261 100644 --- a/remote/tools/base/base.build +++ b/remote/tools/base/base.build @@ -52,6 +52,32 @@ build() { (tar -cpv $(cat ${FILELIST}) | tar -xpv -C ${BUILDDIR}) &>/dev/null } +clean_users_and_groups() { + # Pass the root directory of the "system" you want to clean, eg '/' for your real machine (probably a bad idea) + [ $# -ne 1 ] && echo "Missing param to clean_users_and_groups" && exit 1 + local SYSBASE=$1 + local PASSWD=${SYSBASE}/etc/passwd + local GROUP=${SYSBASE}/etc/group + local SHADOW=${SYSBASE}/etc/shadow + # remove local users from group file (TODO: currently assumes users have ids 1000-1999) + local LOCALUSERS=$(grep -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" | awk -F ':' '{print $1}') + for USER in $LOCALUSERS; do + sed -r -i "s/([:,])${USER}/\1/g" "${GROUP}" + done + # fix syntax: remove trailing ',' in group file + sed -r -i 's/,+$//g' "${GROUP}" + sed -r -i 's/,+/,/g' "${GROUP}" + sed -i 's/:,/:/g' "${GROUP}" + # remove all non-system groups (also assumes users have 1000-1999, so nogroup will be kept) + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${GROUP}" > "${GROUP}.tmp" + mv "${GROUP}.tmp" "${GROUP}" + # same for users... + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" > "${PASSWD}.tmp" + mv "${PASSWD}.tmp" "${PASSWD}" + # generate fresh shadow file + awk -F ':' '{print $1":*:15555:0:99999:7:::"}' "${PASSWD}" > "${SHADOW}" +} + post_copy() { # make basic directory structure @@ -81,8 +107,11 @@ post_copy() { # quick fix for missing group in /etc/group echo "lock:x:128:" >> ${INIT_DIR}/etc/group + # clean passwd/group files (do BEFORE setting root pw) + clean_users_and_groups "${INIT_DIR}" + # setup root account - sed -i "s/root:.*/root:\$6\$QGcBjw6e\$sJvGXBfKuNd4Cx5\.aVxJT7PCq\/AWrP\/JLgvDHBGN164Rp2HRIENPQzieO\/2ctlQS7yRgWwaWTqJkZr7Uq37af1:15657:0:99999:7:::/g" ${INIT_DIR}/etc/shadow + sed -i "s/^root:.*/root:\$6\$QGcBjw6e\$sJvGXBfKuNd4Cx5\.aVxJT7PCq\/AWrP\/JLgvDHBGN164Rp2HRIENPQzieO\/2ctlQS7yRgWwaWTqJkZr7Uq37af1:15657:0:99999:7:::/g" ${INIT_DIR}/etc/shadow [ ! -d ${INIT_DIR}/root ] && mkdir ${INIT_DIR}/root echo "minibox" > ${INIT_DIR}/etc/hostname |