i.shadow revision 6ba597c56d749c61b4f783157f63196d7b2445f0
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
export PATH
#
# PASSREQ is enforced. We need to warn upgraders about the fact that
# they might be locked out if they don't have a root password or
# change PASSREQ
#
NOPASSWARN="Detected password-less accounts while PASSREQ=YES."
NOPASSWARN="${NOPASSWARN} Please examine ${BASEDIR}/etc/default/login before"
NOPASSWARN="${NOPASSWARN} rebooting."
else
fi
do
if [ ! -f $dest ] ; then
else
#
# 2.6 & earlier versions had an smtp entry; remove it.
#
# Some accounts used to be shipped with "NP" they are now
# shipped as "*LK*" since they shouldn't be able to run
# cron jobs or login.
sed ' /^smtp:/d;
/^nobody:/s/:NP:/:*LK*:/;
/^nobody4:/s/:NP:/:*LK*:/;
#
# Add the 'nobody' user from 4.x so that people don't
# assign it to a regular user and confuse themselves
#
NOBODY4_LINE="nobody4:*LK*:6445::::::"
:
else
printf '/^noaccess:*LK*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'smmsp' user for sendmail 8.12
#
SMMSP_LINE="smmsp:NP:6445::::::"
:
else
printf '/^nobody4:*LK*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'gdm' reserved user if it doesn't exist.
#
GDM_LINE="gdm:*LK*:::::::"
:
else
printf '/^listen:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'webservd' reserved user if it doesn't exist.
#
WEBSERVD_LINE="webservd:*LK*:::::::"
:
else
printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'postgres' reserved user if it doesn't exist.
#
POSTGRES_LINE="postgres:NP:::::::"
:
else
printf '/^webservd:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'mysql' reserved user if it doesn't exist.
#
MYSQL_LINE="mysql:NP:::::::"
:
else
printf '/^postgres:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'svctag' reserved user if it doesn't exist.
#
SVCTAG_LINE="svctag:*LK*:6445::::::"
:
else
printf '/^postgres:NP\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'unknown' reserved user if it doesn't exist.
#
UNKNOWN_LINE="unknown:*LK*:::::::"
:
else
printf '/^svctag:*LK*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'dladm' reserved user if it doesn't exist.
#
DLADM_LINE="dladm:*LK*:::::::"
:
else
printf '/^nuucp:NP\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'xvm' reserved user if it doesn't exist.
#
XVM_LINE="xvm:*LK*:::::::"
:
else
printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'zfssnap' reserved user if it doesn't exist.
#
ZFSSNAP_LINE="zfssnap:NP:::::::"
:
else
printf '/^gdm:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'upnp' reserved user if it doesn't exist.
#
UPNP_LINE="upnp:NP:::::::"
:
else
printf '/^zfssnap:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'openldap' reserved user if it doesn't exist.
#
OPENLDAP_LINE="openldap:*LK*:::::::"
:
else
printf '/^mysql:NP\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'netadm' reserved user if it doesn't exist.
#
NETADM_LINE="netadm:*LK*:::::::"
:
else
printf '/^dladm:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Add the 'netcfg' reserved user if it doesn't exist.
#
NETCFG_LINE="netcfg:*LK*:::::::"
:
else
printf '/^netadm:\*LK\*\na\n%s\n.\nw\nq\n' \
fi
#
# Warn the user if an empty password is found and
# PASSREQ is set to yes.
#
echo "${dest} $NOPASSWARN" >> ${CLEANUP_FILE}
warn_nopass=0;
fi
fi
fi
done
exit 0