Add merge-passwd.pl
This commit is contained in:
87
merge-passwd.pl
Normal file
87
merge-passwd.pl
Normal file
@@ -0,0 +1,87 @@
|
||||
#! /usr/bin/perl
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
if (scalar @ARGV < 1) {
|
||||
die "Usage: $0 <lowest_uid>";
|
||||
}
|
||||
|
||||
my $LOWEST_PVV_UID = int($ARGV[0]);
|
||||
|
||||
my @passwd = ();
|
||||
my %passwd_idx = ();
|
||||
my %shadow = ();
|
||||
|
||||
my %filter = (
|
||||
"nobody" => 1,
|
||||
"news" => 1,
|
||||
);
|
||||
|
||||
my $seen_nobody = 0;
|
||||
open(PASSWD_IN, "/etc/passwd") || die "Unable to open /etc/passwd: $!";
|
||||
while(<PASSWD_IN>) {
|
||||
my @parts = split(":");
|
||||
if ($parts[2] ne '' && $parts[2] < $LOWEST_PVV_UID || defined $filter{$parts[0]} && $filter{$parts[0]} == 1) {
|
||||
push @passwd, $_;
|
||||
$passwd_idx{$parts[0]} = $#passwd;
|
||||
}
|
||||
if (defined $filter{$parts[0]} && $filter{$parts[0]} == 1) {
|
||||
$filter{$parts[0]}++;
|
||||
}
|
||||
}
|
||||
close PASSWD_IN || die "Unable to close /etc/passwd: $!";
|
||||
|
||||
open(SHADOW_IN, "/etc/shadow") || die "Unable to open /etc/shadow: $!";
|
||||
while(<SHADOW_IN>) {
|
||||
my @parts = split(":");
|
||||
if (defined $passwd_idx{$parts[0]}) {
|
||||
$shadow{$parts[0]} = $_;
|
||||
}
|
||||
}
|
||||
close SHADOW_IN || die "Unable to close /etc/shadow: $!";
|
||||
|
||||
open(PVV, "/etc/passwd.pvv") || die "Unable to open /etc/passwd.pvv: $!";
|
||||
my $usercount = 0;
|
||||
while(<PVV>) {
|
||||
++$usercount;
|
||||
my @parts = split(":");
|
||||
my $user = $parts[0];
|
||||
my $hash = $parts[1];
|
||||
$parts[1] = "x";
|
||||
push @passwd, join(":", @parts);
|
||||
$passwd_idx{$parts[0]} = $#passwd;
|
||||
$shadow{$parts[0]} = "$user:$hash:13777:0:99999:7:::\n";
|
||||
}
|
||||
close PVV || die "Unable to close /etc/passwd.pvv: $!";
|
||||
|
||||
if ($usercount < 1500) {
|
||||
die "/etc/passwd.pvv has less than 1500 users, something went wrong";
|
||||
}
|
||||
|
||||
# Passwd skal være world readable
|
||||
umask 022;
|
||||
|
||||
open(PASSWD, ">/etc/passwd.tmp") || die "Unable to open /etc/passwd.tmp for writing: $!";
|
||||
foreach (@passwd) {
|
||||
print PASSWD $_ || die "Can't write to /etc/passwd.tmp: $!";
|
||||
}
|
||||
close PASSWD || die "Unable to close /etc/passwd.tmp: $!";
|
||||
|
||||
# Shadow skal IKKE være world readable
|
||||
umask 027;
|
||||
|
||||
open(SHADOW, ">/etc/shadow.tmp") || die "Unable to open /etc/shadow.tmp for writing: $!";
|
||||
foreach (keys %passwd_idx) {
|
||||
if (exists($shadow{$_})) {
|
||||
print SHADOW $shadow{$_};
|
||||
} else {
|
||||
print SHADOW "$_:*:12849:0:99999:7:::\n";
|
||||
}
|
||||
}
|
||||
close SHADOW || die "Unable to close /etc/shadow.tmp: $!";
|
||||
|
||||
# Chown shadowfilen til root:Debian-exim
|
||||
chown 0, scalar getgrnam("shadow"), "/etc/shadow.tmp";
|
||||
|
||||
rename "/etc/passwd.tmp", "/etc/passwd" || die "Unable to move /etc/passwd.tmp to /etc/passwd: $!";
|
||||
rename "/etc/shadow.tmp", "/etc/shadow" || die "Unable to move /etc/shadow.tmp to /etc/shadow: $!";
|
||||
Reference in New Issue
Block a user