// Copyright 2015 CoreOS, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package system import ( "fmt" "log" "os/exec" "strings" "github.com/coreos/coreos-cloudinit/config" ) func CreateUser(u *config.User) error { args := []string{} args = append(args, "useradd") if u.Name == "root" { args = append(args, "-b", "/") } else { args = append(args, "-b", "/home") } args = append(args, "-w", "no") if u.GECOS != "" { args = append(args, "-c", fmt.Sprintf("%q", u.GECOS)) } if u.Homedir != "" { args = append(args, "-d", u.Homedir) } if !u.NoCreateHome { args = append(args, "-m") } if u.PrimaryGroup != "" { args = append(args, "-g", u.PrimaryGroup) } if len(u.Groups) > 0 { args = append(args, "-G", strings.Join(u.Groups, ",")) } if u.Shell != "" { args = append(args, "-s", u.Shell) } args = append(args, "-n", u.Name) output, err := exec.Command("pw", args...).CombinedOutput() if err != nil { log.Printf("Command 'pw useradd %s' failed: %v\n%s", strings.Join(args, " "), err, output) return err } return nil } func LockUnlockUser(u *config.User) error { args := []string{} output, err := exec.Command("getent", "passwd", u.Name).CombinedOutput() if err != nil { return err } passwd := strings.Split(string(output), ":") if u.LockPasswd { if strings.HasPrefix(passwd[1], "*LOCKED*") { return nil } args = append(args, "C", "no") } else { if !strings.HasPrefix(passwd[1], "*LOCKED*") { return nil } args = append(args, "-C", "yes") } args = append(args, u.Name) output, err = exec.Command("usermod", args...).CombinedOutput() if err != nil { log.Printf("Command 'usermod %s' failed: %v\n%s", strings.Join(args, " "), err, output) } return err } func SetUserPassword(user, hash string) error { cmd := exec.Command("passwd", user) stdin, err := cmd.StdinPipe() if err != nil { return err } err = cmd.Start() if err != nil { log.Fatal(err) } _, err = stdin.Write([]byte(hash)) if err != nil { return err } _, err = stdin.Write([]byte("\n")) if err != nil { return err } _, err = stdin.Write([]byte(hash)) if err != nil { return err } _, err = stdin.Write([]byte("\n")) if err != nil { return err } stdin.Close() err = cmd.Wait() if err != nil { return err } return nil }