diff options
| -rw-r--r-- | remote/tools/base/base.build | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/remote/tools/base/base.build b/remote/tools/base/base.build index 14fddcea..38435261 100644 --- a/remote/tools/base/base.build +++ b/remote/tools/base/base.build @@ -52,6 +52,32 @@ build() { (tar -cpv $(cat ${FILELIST}) | tar -xpv -C ${BUILDDIR}) &>/dev/null } +clean_users_and_groups() { + # Pass the root directory of the "system" you want to clean, eg '/' for your real machine (probably a bad idea) + [ $# -ne 1 ] && echo "Missing param to clean_users_and_groups" && exit 1 + local SYSBASE=$1 + local PASSWD=${SYSBASE}/etc/passwd + local GROUP=${SYSBASE}/etc/group + local SHADOW=${SYSBASE}/etc/shadow + # remove local users from group file (TODO: currently assumes users have ids 1000-1999) + local LOCALUSERS=$(grep -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" | awk -F ':' '{print $1}') + for USER in $LOCALUSERS; do + sed -r -i "s/([:,])${USER}/\1/g" "${GROUP}" + done + # fix syntax: remove trailing ',' in group file + sed -r -i 's/,+$//g' "${GROUP}" + sed -r -i 's/,+/,/g' "${GROUP}" + sed -i 's/:,/:/g' "${GROUP}" + # remove all non-system groups (also assumes users have 1000-1999, so nogroup will be kept) + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${GROUP}" > "${GROUP}.tmp" + mv "${GROUP}.tmp" "${GROUP}" + # same for users... + grep -v -E '^[^:]+:x?:1[0-9]{3}:' "${PASSWD}" > "${PASSWD}.tmp" + mv "${PASSWD}.tmp" "${PASSWD}" + # generate fresh shadow file + awk -F ':' '{print $1":*:15555:0:99999:7:::"}' "${PASSWD}" > "${SHADOW}" +} + post_copy() { # make basic directory structure @@ -81,8 +107,11 @@ post_copy() { # quick fix for missing group in /etc/group echo "lock:x:128:" >> ${INIT_DIR}/etc/group + # clean passwd/group files (do BEFORE setting root pw) + clean_users_and_groups "${INIT_DIR}" + # setup root account - sed -i "s/root:.*/root:\$6\$QGcBjw6e\$sJvGXBfKuNd4Cx5\.aVxJT7PCq\/AWrP\/JLgvDHBGN164Rp2HRIENPQzieO\/2ctlQS7yRgWwaWTqJkZr7Uq37af1:15657:0:99999:7:::/g" ${INIT_DIR}/etc/shadow + sed -i "s/^root:.*/root:\$6\$QGcBjw6e\$sJvGXBfKuNd4Cx5\.aVxJT7PCq\/AWrP\/JLgvDHBGN164Rp2HRIENPQzieO\/2ctlQS7yRgWwaWTqJkZr7Uq37af1:15657:0:99999:7:::/g" ${INIT_DIR}/etc/shadow [ ! -d ${INIT_DIR}/root ] && mkdir ${INIT_DIR}/root echo "minibox" > ${INIT_DIR}/etc/hostname |