Tree - rpms/systemd - CentOS Git server

rpms / systemd

Blame SOURCES/purge-nobody-user

Blob History Raw

		a3e2b5	`#!/bin/bash -eu`
		a3e2b5
		a3e2b5	`if [ $UID -ne 0 ]; then`
		a3e2b5	`echo "WARNING: This script needs to run as root to be effective"`
		a3e2b5	`exit 1`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`export SYSTEMD_NSS_BYPASS_SYNTHETIC=1`
		a3e2b5
		a3e2b5	`if [ "${1:-}" = "--ignore-journal" ]; then`
		a3e2b5	`shift`
		a3e2b5	`ignore_journal=1`
		a3e2b5	`else`
		a3e2b5	`ignore_journal=0`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`echo "Checking processes..."`
		a3e2b5	`if ps h -u 99 \| grep .; then`
		a3e2b5	`echo "ERROR: ps reports processes with UID 99!"`
		a3e2b5	`exit 2`
		a3e2b5	`fi`
		a3e2b5	`echo "... not found"`
		a3e2b5
		a3e2b5	`echo "Checking UTMP..."`
		a3e2b5	`if w -h 199 \| grep . ; then`
		a3e2b5	`echo "ERROR: w reports UID 99 as active!"`
		a3e2b5	`exit 2`
		a3e2b5	`fi`
		a3e2b5	`if w -h nobody \| grep . ; then`
		a3e2b5	`echo "ERROR: w reports user nobody as active!"`
		a3e2b5	`exit 2`
		a3e2b5	`fi`
		a3e2b5	`echo "... not found"`
		a3e2b5
		a3e2b5	`echo "Checking the journal..."`
		a3e2b5	`if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 \| grep . ; then`
		a3e2b5	`echo "ERROR: journalctl reports messages from UID 99 in current boot!"`
		a3e2b5	`exit 2`
		a3e2b5	`fi`
		a3e2b5	`echo "... not found"`
		a3e2b5
		a3e2b5	`echo "Looking for files in /etc, /run, /tmp, and /var..."`
		a3e2b5	`if find /etc /run /tmp /var -uid 99 -print \| grep -m 10 . ; then`
		a3e2b5	`echo "ERROR: found files belonging to UID 99"`
		a3e2b5	`exit 2`
		a3e2b5	`fi`
		a3e2b5	`echo "... not found"`
		a3e2b5
		a3e2b5	`echo "Checking if nobody is defined correctly..."`
		a3e2b5	`if getent passwd nobody \|`
		a3e2b5	`grep '^nobody:[x]:65534:65534:.:/:/sbin/nologin';`
		a3e2b5	`then`
		a3e2b5	`echo "OK, nothing to do."`
		a3e2b5	`exit 0`
		a3e2b5	`else`
		a3e2b5	`echo "NOTICE: User nobody is not defined correctly"`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`echo "Checking if nfsnobody or something else is using the uid..."`
		a3e2b5	`if getent passwd 65534 \| grep . ; then`
		a3e2b5	`echo "NOTICE: will have to remove this user"`
		a3e2b5	`else`
		a3e2b5	`echo "... not found"`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`if [ "${1:-}" = "-x" ]; then`
		a3e2b5	`if getent passwd nobody >/dev/null; then`
		a3e2b5	`# this will remove both the user and the group.`
		a3e2b5	`( set -x`
		a3e2b5	`userdel nobody`
		a3e2b5	`)`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`if getent passwd 65534 >/dev/null; then`
		a3e2b5	`# Make sure the uid is unused. This should free gid too.`
		a3e2b5	`name="$(getent passwd 65534 \| cut -d: -f1)"`
		a3e2b5	`( set -x`
		a3e2b5	`userdel "$name"`
		a3e2b5	`)`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`if grep -qE '^(passwd\|group):.*\bsss\b' /etc/nsswitch.conf; then`
		a3e2b5	`echo "Sleeping, so sss can catch up"`
		a3e2b5	`sleep 3`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`if getent group 65534; then`
		a3e2b5	`# Make sure the gid is unused, even if uid wasn't.`
		a3e2b5	`name="$(getent group 65534 \| cut -d: -f1)"`
		a3e2b5	`( set -x`
		a3e2b5	`groupdel "$name"`
		a3e2b5	`)`
		a3e2b5	`fi`
		a3e2b5
		a3e2b5	`# systemd-sysusers uses the same gid and uid`
		a3e2b5	`( set -x`
		a3e2b5	`systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'`
		a3e2b5	`)`
		a3e2b5	`else`
		a3e2b5	`echo "Pass '-x' to perform changes"`
		a3e2b5	`fi`

rpms / systemd

Source Code

Blame SOURCES/purge-nobody-user