2 * Copyright (c) 1991 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2000 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2009, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #ident "$Id: useradd.c 3015 2009-06-05 22:16:56Z nekral-guest $"
45 #ifdef ACCT_TOOLS_SETUID
49 #endif /* ACCT_TOOLS_SETUID */
53 #include <sys/types.h>
61 #include "prototypes.h"
70 #define SKEL_DIR "/etc/skel"
72 #ifndef USER_DEFAULTS_FILE
73 #define USER_DEFAULTS_FILE "/etc/default/useradd"
74 #define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
77 * Needed for MkLinux DR1/2/2.1 - J.
80 #define LASTLOG_FILE "/var/log/lastlog"
88 * These defaults are used if there is no defaults file.
90 static gid_t def_group = 100;
91 static const char *def_gname = "other";
92 static const char *def_home = "/home";
93 static const char *def_shell = "";
94 static const char *def_template = SKEL_DIR;
95 static const char *def_create_mail_spool = "no";
97 static long def_inactive = -1;
98 static const char *def_expire = "";
100 static char def_file[] = USER_DEFAULTS_FILE;
102 #define VALID(s) (strcspn (s, ":\n") == strlen (s))
104 static const char *user_name = "";
105 static const char *user_pass = "!";
106 static uid_t user_id;
107 static gid_t user_gid;
108 static const char *user_comment = "";
109 static const char *user_home = "";
110 static const char *user_shell = "";
111 static const char *create_mail_spool = "";
113 static const char *user_selinux = "";
116 static long user_expire = -1;
117 static bool is_shadow_pwd;
120 static bool is_shadow_grp;
121 static bool sgr_locked = false;
123 static bool pw_locked = false;
124 static bool gr_locked = false;
125 static bool spw_locked = false;
126 static char **user_groups; /* NULL-terminated list */
127 static long sys_ngroups;
128 static bool do_grp_update = false; /* group files need to be updated */
131 bflg = false, /* new default root of home directory */
132 cflg = false, /* comment (GECOS) field for new account */
133 dflg = false, /* home directory for new account */
134 Dflg = false, /* set/show new user default values */
135 eflg = false, /* days since 1970-01-01 when account is locked */
136 fflg = false, /* days until account with expired password is locked */
137 gflg = false, /* primary group ID for new account */
138 Gflg = false, /* secondary group set for new account */
139 kflg = false, /* specify a directory to fill new user directory */
140 lflg = false, /* do not add user to lastlog/faillog databases */
141 mflg = false, /* create user's home directory if it doesn't exist */
142 Mflg = false, /* do not create user's home directory even if CREATE_HOME is set */
143 Nflg = false, /* do not create a group having the same name as the user, but add the user to def_group (or the group specified with -g) */
144 oflg = false, /* permit non-unique user ID to be specified with -u */
145 rflg = false, /* create a system account */
146 sflg = false, /* shell program for new account */
147 uflg = false, /* specify user ID for new account */
148 Uflg = false, /* create a group having the same name as the user */
149 Zflg = false; /* new selinux user */
151 static bool home_added = false;
157 #define E_SUCCESS 0 /* success */
158 #define E_PW_UPDATE 1 /* can't update password file */
159 #define E_USAGE 2 /* invalid command syntax */
160 #define E_BAD_ARG 3 /* invalid argument to option */
161 #define E_UID_IN_USE 4 /* UID already in use (and no -o) */
162 #define E_NOTFOUND 6 /* specified group doesn't exist */
163 #define E_NAME_IN_USE 9 /* username already in use */
164 #define E_GRP_UPDATE 10 /* can't update group file */
165 #define E_HOMEDIR 12 /* can't create home directory */
166 #define E_MAIL_SPOOL 13 /* can't create mail spool */
168 #define DGROUP "GROUP="
170 #define SHELL "SHELL="
171 #define INACT "INACTIVE="
172 #define EXPIRE "EXPIRE="
174 #define CREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
176 /* local function prototypes */
177 static void fail_exit (int);
178 static void get_defaults (void);
179 static void show_defaults (void);
180 static int set_defaults (void);
181 static int get_groups (char *);
182 static void usage (void);
183 static void new_pwent (struct passwd *);
185 static void selinux_update_mapping (void);
188 static long scale_age (long);
189 static void new_spent (struct spwd *);
190 static void grp_update (void);
192 static void process_flags (int argc, char **argv);
193 static void close_files (void);
194 static void open_files (void);
195 static void faillog_reset (uid_t);
196 static void lastlog_reset (uid_t);
197 static void usr_update (void);
198 static void create_home (void);
199 static void create_mail (void);
202 * fail_exit - undo as much as possible
204 static void fail_exit (int code)
211 if (spw_unlock () == 0) {
212 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
213 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
215 audit_logger (AUDIT_ADD_USER, Prog,
216 "unlocking shadow file",
217 user_name, AUDIT_NO_ID,
218 SHADOW_AUDIT_FAILURE);
224 if (pw_unlock () == 0) {
225 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
226 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
228 audit_logger (AUDIT_ADD_USER, Prog,
229 "unlocking passwd file",
230 user_name, AUDIT_NO_ID,
231 SHADOW_AUDIT_FAILURE);
237 if (gr_unlock () == 0) {
238 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
239 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
241 audit_logger (AUDIT_ADD_USER, Prog,
242 "unlocking group file",
243 user_name, AUDIT_NO_ID,
244 SHADOW_AUDIT_FAILURE);
251 if (sgr_unlock () == 0) {
252 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
253 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
255 audit_logger (AUDIT_ADD_USER, Prog,
256 "unlocking gshadow file",
257 user_name, AUDIT_NO_ID,
258 SHADOW_AUDIT_FAILURE);
266 audit_logger (AUDIT_ADD_USER, Prog,
268 user_name, AUDIT_NO_ID,
269 SHADOW_AUDIT_FAILURE);
271 SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
275 #define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0)
278 * get_defaults - read the defaults file
280 * get_defaults() reads the defaults file for this command. It sets the
281 * various values from the file, or uses built-in default values if the
282 * file does not exist.
284 static void get_defaults (void)
291 * Open the defaults file for reading.
294 fp = fopen (def_file, "r");
300 * Read the file a line at a time. Only the lines that have relevant
301 * values are used, everything else can be ignored.
303 while (fgets (buf, (int) sizeof buf, fp) == buf) {
304 cp = strrchr (buf, '\n');
309 cp = strchr (buf, '=');
317 * Primary GROUP identifier
319 if (MATCH (buf, DGROUP)) {
320 const struct group *grp = getgr_nam_gid (cp);
323 _("%s: group '%s' does not exist\n"),
326 _("%s: the %s configuration in %s will be ignored\n"),
327 Prog, DGROUP, def_file);
329 def_group = grp->gr_gid;
330 def_gname = xstrdup (grp->gr_name);
335 * Default HOME filesystem
337 else if (MATCH (buf, HOME)) {
338 def_home = xstrdup (cp);
342 * Default Login Shell command
344 else if (MATCH (buf, SHELL)) {
345 def_shell = xstrdup (cp);
349 * Default Password Inactive value
351 else if (MATCH (buf, INACT)) {
352 if ( (getlong (cp, &def_inactive) == 0)
353 || (def_inactive < -1)) {
355 _("%s: invalid numeric argument '%s'\n"),
358 _("%s: the %s configuration in %s will be ignored\n"),
359 Prog, INACT, def_file);
365 * Default account expiration date
367 else if (MATCH (buf, EXPIRE)) {
368 def_expire = xstrdup (cp);
372 * Default Skeleton information
374 else if (MATCH (buf, SKEL)) {
376 cp = SKEL_DIR; /* XXX warning: const */
379 def_template = xstrdup (cp);
383 * Create by default user mail spool or not ?
385 else if (MATCH (buf, CREATE_MAIL_SPOOL)) {
387 cp = CREATE_MAIL_SPOOL; /* XXX warning: const */
390 def_create_mail_spool = xstrdup (cp);
397 * show_defaults - show the contents of the defaults file
399 * show_defaults() displays the values that are used from the default
400 * file and the built-in values.
402 static void show_defaults (void)
404 printf ("GROUP=%u\n", (unsigned int) def_group);
405 printf ("HOME=%s\n", def_home);
406 printf ("INACTIVE=%ld\n", def_inactive);
407 printf ("EXPIRE=%s\n", def_expire);
408 printf ("SHELL=%s\n", def_shell);
409 printf ("SKEL=%s\n", def_template);
410 printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
414 * set_defaults - write new defaults file
416 * set_defaults() re-writes the defaults file using the values that
417 * are currently set. Duplicated lines are pruned, missing lines are
418 * added, and unrecognized lines are copied as is.
420 static int set_defaults (void)
425 static char new_file[] = NEW_USER_FILE;
429 bool out_group = false;
430 bool out_home = false;
431 bool out_inactive = false;
432 bool out_expire = false;
433 bool out_shell = false;
434 bool out_skel = false;
435 bool out_create_mail_spool = false;
438 * Create a temporary file to copy the new output to.
440 ofd = mkstemp (new_file);
443 _("%s: cannot create new defaults file\n"),
448 ofp = fdopen (ofd, "w");
451 _("%s: cannot open new defaults file\n"),
457 * Open the existing defaults file and copy the lines to the
458 * temporary file, using any new values. Each line is checked
459 * to insure that it is not output more than once.
461 ifp = fopen (def_file, "r");
463 fprintf (ofp, "# useradd defaults file\n");
467 while (fgets (buf, (int) sizeof buf, ifp) == buf) {
468 cp = strrchr (buf, '\n');
472 /* A line which does not end with \n is only valid
473 * at the end of the file.
475 if (feof (ifp) == 0) {
477 _("%s: line too long in %s: %s..."),
478 Prog, def_file, buf);
483 if (!out_group && MATCH (buf, DGROUP)) {
484 fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
486 } else if (!out_home && MATCH (buf, HOME)) {
487 fprintf (ofp, HOME "%s\n", def_home);
489 } else if (!out_inactive && MATCH (buf, INACT)) {
490 fprintf (ofp, INACT "%ld\n", def_inactive);
492 } else if (!out_expire && MATCH (buf, EXPIRE)) {
493 fprintf (ofp, EXPIRE "%s\n", def_expire);
495 } else if (!out_shell && MATCH (buf, SHELL)) {
496 fprintf (ofp, SHELL "%s\n", def_shell);
498 } else if (!out_skel && MATCH (buf, SKEL)) {
499 fprintf (ofp, SKEL "%s\n", def_template);
501 } else if (!out_create_mail_spool
502 && MATCH (buf, CREATE_MAIL_SPOOL)) {
504 CREATE_MAIL_SPOOL "%s\n",
505 def_create_mail_spool);
506 out_create_mail_spool = true;
508 fprintf (ofp, "%s\n", buf);
514 * Check each line to insure that every line was output. This
515 * causes new values to be added to a file which did not previously
516 * have an entry for that value.
519 fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
521 fprintf (ofp, HOME "%s\n", def_home);
523 fprintf (ofp, INACT "%ld\n", def_inactive);
525 fprintf (ofp, EXPIRE "%s\n", def_expire);
527 fprintf (ofp, SHELL "%s\n", def_shell);
529 fprintf (ofp, SKEL "%s\n", def_template);
531 if (!out_create_mail_spool)
532 fprintf (ofp, CREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
535 * Flush and close the file. Check for errors to make certain
536 * the new file is intact.
539 if ( (ferror (ofp) != 0)
540 || (fsync (fileno (ofp)) != 0)
541 || (fclose (ofp) != 0)) {
547 * Rename the current default file to its backup name.
549 wlen = snprintf (buf, sizeof buf, "%s-", def_file);
550 assert (wlen < (int) sizeof buf);
551 if ((rename (def_file, buf) != 0) && (ENOENT != errno)) {
554 _("%s: rename: %s: %s"),
555 Prog, def_file, strerror (err));
561 * Rename the new default file to its correct name.
563 if (rename (new_file, def_file) != 0) {
566 _("%s: rename: %s: %s"),
567 Prog, new_file, strerror (err));
571 audit_logger (AUDIT_USYS_CONFIG, Prog,
572 "changing useradd defaults",
574 SHADOW_AUDIT_SUCCESS);
577 "useradd defaults: GROUP=%u, HOME=%s, SHELL=%s, INACTIVE=%ld, "
578 "EXPIRE=%s, SKEL=%s, CREATE_MAIL_SPOOL=%s",
579 (unsigned int) def_group, def_home, def_shell,
580 def_inactive, def_expire, def_template,
581 def_create_mail_spool));
586 * get_groups - convert a list of group names to an array of group IDs
588 * get_groups() takes a comma-separated list of group names and
589 * converts it to a NULL-terminated array. Any unknown group
590 * names are reported as errors.
592 static int get_groups (char *list)
595 const struct group *grp;
604 * So long as there is some data to be converted, strip off
605 * each name and look it up. A mix of numerical and string
606 * values for group identifiers is permitted.
610 * Strip off a single name from the list
612 cp = strchr (list, ',');
618 * Names starting with digits are treated as numerical
619 * GID values, otherwise the string is looked up as is.
621 grp = getgr_nam_gid (list);
624 * There must be a match, either by GID value or by
629 _("%s: group '%s' does not exist\n"),
636 * If the group doesn't exist, don't dump core...
637 * Instead, try the next one. --marekm
645 * Don't add this group if they are an NIS group. Tell
646 * the user to go to the server for this group.
650 _("%s: group '%s' is a NIS group.\n"),
656 if (ngroups == sys_ngroups) {
658 _("%s: too many groups specified (max %d).\n"),
664 * Add the group name to the user's list of groups.
666 user_groups[ngroups++] = xstrdup (grp->gr_name);
667 } while (NULL != list);
669 user_groups[ngroups] = (char *) 0;
672 * Any errors in finding group names are fatal
682 * usage - display usage message and exit
684 static void usage (void)
686 (void) fprintf (stderr,
687 _("Usage: useradd [options] LOGIN\n"
691 (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
692 " new account\n"), stderr);
693 (void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), stderr);
694 (void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), stderr);
695 (void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), stderr);
696 (void) fputs (_(" -e, --expiredate EXPIRE_DATE expiration date of the new account\n"), stderr);
697 (void) fputs (_(" -f, --inactive INACTIVE password inactivity period of the new account\n"), stderr);
698 (void) fputs (_(" -g, --gid GROUP name or ID of the primary group of the new\n"
699 " account\n"), stderr);
700 (void) fputs (_(" -G, --groups GROUPS list of supplementary groups of the new\n"
701 " account\n"), stderr);
702 (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
703 (void) fputs (_(" -k, --skel SKEL_DIR use this alternative skeleton directory\n"), stderr);
704 (void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), stderr);
705 (void) fputs (_(" -l, --no-log-init do not add the user to the lastlog and\n"
706 " faillog databases\n"), stderr);
707 (void) fputs (_(" -m, --create-home create the user's home directory\n"), stderr);
708 (void) fputs (_(" -M, --no-create-home do not create the user's home directory\n"), stderr);
709 (void) fputs (_(" -N, --no-user-group do not create a group with the same name as\n"
710 " the user\n"), stderr);
711 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
712 " (non-unique) UID\n"), stderr);
713 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr);
714 (void) fputs (_(" -r, --system create a system account\n"), stderr);
715 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr);
716 (void) fputs (_(" -u, --uid UID user ID of the new account\n"), stderr);
717 (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), stderr);
719 (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), stderr);
721 (void) fputs ("\n", stderr);
726 * new_pwent - initialize the values in a password file entry
728 * new_pwent() takes all of the values that have been entered and
729 * fills in a (struct passwd) with them.
731 static void new_pwent (struct passwd *pwent)
733 memzero (pwent, sizeof *pwent);
734 pwent->pw_name = (char *) user_name;
736 pwent->pw_passwd = (char *) SHADOW_PASSWD_STRING;
738 pwent->pw_passwd = (char *) user_pass;
741 pwent->pw_uid = user_id;
742 pwent->pw_gid = user_gid;
743 pwent->pw_gecos = (char *) user_comment;
744 pwent->pw_dir = (char *) user_home;
745 pwent->pw_shell = (char *) user_shell;
748 static long scale_age (long x)
754 return x * (DAY / SCALE);
758 * new_spent - initialize the values in a shadow password file entry
760 * new_spent() takes all of the values that have been entered and
761 * fills in a (struct spwd) with them.
763 static void new_spent (struct spwd *spent)
765 memzero (spent, sizeof *spent);
766 spent->sp_namp = (char *) user_name;
767 spent->sp_pwdp = (char *) user_pass;
768 spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
769 if (0 == spent->sp_lstchg) {
770 /* Better disable aging than requiring a password change */
771 spent->sp_lstchg = -1;
774 spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
775 spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
776 spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
777 spent->sp_inact = scale_age (def_inactive);
778 spent->sp_expire = scale_age (user_expire);
780 spent->sp_min = scale_age (-1);
781 spent->sp_max = scale_age (-1);
782 spent->sp_warn = scale_age (-1);
783 spent->sp_inact = scale_age (-1);
784 spent->sp_expire = scale_age (-1);
786 spent->sp_flag = SHADOW_SP_FLAG_UNSET;
790 * grp_update - add user to secondary group set
792 * grp_update() takes the secondary group set given in user_groups
793 * and adds the user to each group given by that set.
795 * The group files are opened and locked in open_files().
797 * close_files() should be called afterwards to commit the changes
798 * and unlocking the group files.
800 static void grp_update (void)
802 const struct group *grp;
806 const struct sgrp *sgrp;
811 * Scan through the entire group file looking for the groups that
812 * the user is a member of.
814 for (gr_rewind (), grp = gr_next (); NULL != grp; grp = gr_next ()) {
817 * See if the user specified this group as one of their
820 if (!is_on_list (user_groups, grp->gr_name)) {
825 * Make a copy - gr_update() will free() everything
826 * from the old entry, and we need it later.
828 ngrp = __gr_dup (grp);
831 _("%s: Out of memory. Cannot update %s.\n"),
833 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
835 audit_logger (AUDIT_ADD_USER, Prog,
836 "adding user to group",
837 user_name, AUDIT_NO_ID,
838 SHADOW_AUDIT_FAILURE);
840 fail_exit (E_GRP_UPDATE); /* XXX */
844 * Add the username to the list of group members and
845 * update the group entry to reflect the change.
847 ngrp->gr_mem = add_list (ngrp->gr_mem, user_name);
848 if (gr_update (ngrp) == 0) {
850 _("%s: failed to prepare the new %s entry '%s'\n"),
851 Prog, gr_dbname (), ngrp->gr_name);
852 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
854 audit_logger (AUDIT_ADD_USER, Prog,
855 "adding user to group",
856 user_name, AUDIT_NO_ID,
857 SHADOW_AUDIT_FAILURE);
859 fail_exit (E_GRP_UPDATE);
862 audit_logger (AUDIT_ADD_USER, Prog,
863 "adding user to group",
864 user_name, AUDIT_NO_ID,
865 SHADOW_AUDIT_SUCCESS);
868 "add '%s' to group '%s'",
869 user_name, ngrp->gr_name));
877 * Scan through the entire shadow group file looking for the groups
878 * that the user is a member of. The administrative list isn't
881 for (sgr_rewind (), sgrp = sgr_next (); NULL != sgrp; sgrp = sgr_next ()) {
884 * See if the user specified this group as one of their
887 if (gr_locate (sgrp->sg_name) == NULL) {
891 if (!is_on_list (user_groups, sgrp->sg_name)) {
896 * Make a copy - sgr_update() will free() everything
897 * from the old entry, and we need it later.
899 nsgrp = __sgr_dup (sgrp);
902 _("%s: Out of memory. Cannot update %s.\n"),
903 Prog, sgr_dbname ());
904 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
906 audit_logger (AUDIT_ADD_USER, Prog,
907 "adding user to shadow group",
908 user_name, AUDIT_NO_ID,
909 SHADOW_AUDIT_FAILURE);
911 fail_exit (E_GRP_UPDATE); /* XXX */
915 * Add the username to the list of group members and
916 * update the group entry to reflect the change.
918 nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name);
919 if (sgr_update (nsgrp) == 0) {
921 _("%s: failed to prepare the new %s entry '%s'\n"),
922 Prog, sgr_dbname (), nsgrp->sg_name);
923 SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
925 audit_logger (AUDIT_ADD_USER, Prog,
926 "adding user to shadow group",
927 user_name, AUDIT_NO_ID,
928 SHADOW_AUDIT_FAILURE);
930 fail_exit (E_GRP_UPDATE);
933 audit_logger (AUDIT_ADD_USER, Prog,
934 "adding user to shadow group",
935 user_name, AUDIT_NO_ID,
936 SHADOW_AUDIT_SUCCESS);
939 "add '%s' to shadow group '%s'",
940 user_name, nsgrp->sg_name));
942 #endif /* SHADOWGRP */
946 * process_flags - perform command line argument setting
948 * process_flags() interprets the command line arguments and sets
949 * the values that the user will be created with accordingly. The
950 * values are checked for sanity.
952 static void process_flags (int argc, char **argv)
954 const struct group *grp;
955 bool anyflag = false;
960 * Parse the command line options.
963 static struct option long_options[] = {
964 {"base-dir", required_argument, NULL, 'b'},
965 {"comment", required_argument, NULL, 'c'},
966 {"home-dir", required_argument, NULL, 'd'},
967 {"defaults", no_argument, NULL, 'D'},
968 {"expiredate", required_argument, NULL, 'e'},
969 {"inactive", required_argument, NULL, 'f'},
970 {"gid", required_argument, NULL, 'g'},
971 {"groups", required_argument, NULL, 'G'},
972 {"help", no_argument, NULL, 'h'},
973 {"skel", required_argument, NULL, 'k'},
974 {"key", required_argument, NULL, 'K'},
975 {"create-home", no_argument, NULL, 'm'},
976 {"no-create-home", no_argument, NULL, 'M'},
977 {"no-log-init", no_argument, NULL, 'l'},
978 {"no-user-group", no_argument, NULL, 'N'},
979 {"non-unique", no_argument, NULL, 'o'},
980 {"password", required_argument, NULL, 'p'},
981 {"system", no_argument, NULL, 'r'},
982 {"shell", required_argument, NULL, 's'},
984 {"selinux-user", required_argument, NULL, 'Z'},
986 {"uid", required_argument, NULL, 'u'},
987 {"user-group", no_argument, NULL, 'U'},
988 {NULL, 0, NULL, '\0'}
990 while ((c = getopt_long (argc, argv,
992 "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
994 "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
996 long_options, NULL)) != -1) {
999 if ( ( !VALID (optarg) )
1000 || ( optarg[0] != '/' )) {
1002 _("%s: invalid base directory '%s'\n"),
1010 if (!VALID (optarg)) {
1012 _("%s: invalid comment '%s'\n"),
1016 user_comment = optarg;
1020 if ( ( !VALID (optarg) )
1021 || ( optarg[0] != '/' )) {
1023 _("%s: invalid home directory '%s'\n"),
1037 if ('\0' != *optarg) {
1038 user_expire = strtoday (optarg);
1039 if (user_expire == -1) {
1041 _("%s: invalid date '%s'\n"),
1050 * -e "" is allowed - it's a no-op without /etc/shadow
1052 if (('\0' != *optarg) && !is_shadow_pwd) {
1054 _("%s: shadow passwords required for -e\n"),
1059 def_expire = optarg;
1064 if ( (getlong (optarg, &def_inactive) == 0)
1065 || (def_inactive < -1)) {
1067 _("%s: invalid numeric argument '%s'\n"),
1073 * it's a no-op without /etc/shadow
1075 if ((-1 != def_inactive) && !is_shadow_pwd) {
1077 _("%s: shadow passwords required for -f\n"),
1084 grp = getgr_nam_gid (optarg);
1087 _("%s: group '%s' does not exist\n"),
1092 def_group = grp->gr_gid;
1095 user_gid = grp->gr_gid;
1100 if (get_groups (optarg) != 0) {
1103 if (NULL != user_groups[0]) {
1104 do_grp_update = true;
1112 def_template = optarg;
1117 * override login.defs defaults (-K name=value)
1118 * example: -K UID_MIN=100 -K UID_MAX=499
1119 * note: -K UID_MIN=10,UID_MAX=499 doesn't work yet
1121 cp = strchr (optarg, '=');
1124 _("%s: -K requires KEY=VALUE\n"),
1128 /* terminate name, point to value */
1131 if (putdef_str (optarg, cp) < 0) {
1150 case 'p': /* set encrypted password */
1151 if (!VALID (optarg)) {
1153 _("%s: invalid field '%s'\n"),
1163 if ( ( !VALID (optarg) )
1164 || ( ('\0' != optarg[0])
1165 && ('/' != optarg[0])
1166 && ('*' != optarg[0]) )) {
1168 _("%s: invalid shell '%s'\n"),
1172 user_shell = optarg;
1177 if ( (get_uid (optarg, &user_id) == 0)
1178 || (user_id == (gid_t)-1)) {
1180 _("%s: invalid user ID '%s'\n"),
1191 if (is_selinux_enabled () > 0) {
1192 user_selinux = optarg;
1196 _("%s: -Z requires SELinux enabled kernel\n"),
1210 if (!gflg && !Nflg && !Uflg) {
1211 /* Get the settings from login.defs */
1212 Uflg = getdef_bool ("USERGROUPS_ENAB");
1216 * Certain options are only valid in combination with others.
1217 * Check it here so that they can be specified in any order.
1219 if (oflg && !uflg) {
1221 _("%s: %s flag is only allowed with the %s flag\n"),
1225 if (kflg && !mflg) {
1227 _("%s: %s flag is only allowed with the %s flag\n"),
1233 _("%s: options %s and %s conflict\n"),
1239 _("%s: options %s and %s conflict\n"),
1245 _("%s: options %s and %s conflict\n"),
1251 * Either -D or username is required. Defaults can be set with -D
1252 * for the -b, -e, -f, -g, -s options only.
1255 if (optind != argc) {
1259 if (uflg || oflg || Gflg || dflg || cflg || mflg) {
1263 if (optind != argc - 1) {
1267 user_name = argv[optind];
1268 if (!is_valid_user_name (user_name)) {
1270 _("%s: invalid user name '%s'\n"),
1273 audit_logger (AUDIT_ADD_USER, Prog,
1275 user_name, AUDIT_NO_ID,
1276 SHADOW_AUDIT_FAILURE);
1282 size_t len = strlen (def_home) + strlen (user_name) + 2;
1286 wlen = snprintf (uh, len, "%s/%s", def_home, user_name);
1287 assert (wlen == (int) len -1);
1294 user_expire = strtoday (def_expire);
1298 user_gid = def_group;
1302 user_shell = def_shell;
1305 create_mail_spool = def_create_mail_spool;
1308 /* for system accounts defaults are ignored and we
1309 * do not create a home dir */
1310 if (getdef_bool("CREATE_HOME")) {
1316 /* absolutely sure that we do not create home dirs */
1322 * close_files - close all of the files that were opened
1324 * close_files() closes all of the files that were opened for this
1325 * new user. This causes any modified entries to be written out.
1327 static void close_files (void)
1329 if (pw_close () == 0) {
1330 fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
1331 SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
1332 fail_exit (E_PW_UPDATE);
1334 if (is_shadow_pwd && (spw_close () == 0)) {
1336 _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
1337 SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
1338 fail_exit (E_PW_UPDATE);
1340 if (do_grp_update) {
1341 if (gr_close () == 0) {
1343 _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
1344 SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
1345 fail_exit (E_GRP_UPDATE);
1348 if (is_shadow_grp && (sgr_close () == 0)) {
1350 _("%s: failure while writing changes to %s\n"),
1351 Prog, sgr_dbname ());
1352 SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
1353 fail_exit (E_GRP_UPDATE);
1357 if (is_shadow_pwd) {
1358 if (spw_unlock () == 0) {
1359 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
1360 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
1362 audit_logger (AUDIT_ADD_USER, Prog,
1363 "unlocking shadow file",
1364 user_name, AUDIT_NO_ID,
1365 SHADOW_AUDIT_FAILURE);
1371 if (pw_unlock () == 0) {
1372 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
1373 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
1375 audit_logger (AUDIT_ADD_USER, Prog,
1376 "unlocking passwd file",
1377 user_name, AUDIT_NO_ID,
1378 SHADOW_AUDIT_FAILURE);
1383 if (gr_unlock () == 0) {
1384 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
1385 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
1387 audit_logger (AUDIT_ADD_USER, Prog,
1388 "unlocking group file",
1389 user_name, AUDIT_NO_ID,
1390 SHADOW_AUDIT_FAILURE);
1396 if (is_shadow_grp) {
1397 if (sgr_unlock () == 0) {
1398 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
1399 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
1401 audit_logger (AUDIT_ADD_USER, Prog,
1402 "unlocking gshadow file",
1403 user_name, AUDIT_NO_ID,
1404 SHADOW_AUDIT_FAILURE);
1414 * open_files - lock and open the password files
1416 * open_files() opens the two password files.
1418 static void open_files (void)
1420 if (pw_lock () == 0) {
1422 _("%s: cannot lock %s; try again later.\n"),
1423 Prog, pw_dbname ());
1427 if (pw_open (O_RDWR) == 0) {
1428 fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
1429 fail_exit (E_PW_UPDATE);
1431 if (is_shadow_pwd) {
1432 if (spw_lock () == 0) {
1434 _("%s: cannot lock %s; try again later.\n"),
1435 Prog, spw_dbname ());
1436 fail_exit (E_PW_UPDATE);
1439 if (spw_open (O_RDWR) == 0) {
1441 _("%s: cannot open %s\n"),
1442 Prog, spw_dbname ());
1443 fail_exit (E_PW_UPDATE);
1448 * Lock and open the group file.
1450 if (gr_lock () == 0) {
1452 _("%s: cannot lock %s; try again later.\n"),
1453 Prog, gr_dbname ());
1454 fail_exit (E_GRP_UPDATE);
1457 if (gr_open (O_RDWR) == 0) {
1458 fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
1459 fail_exit (E_GRP_UPDATE);
1462 if (is_shadow_grp) {
1463 if (sgr_lock () == 0) {
1465 _("%s: cannot lock %s; try again later.\n"),
1466 Prog, sgr_dbname ());
1467 fail_exit (E_GRP_UPDATE);
1470 if (sgr_open (O_RDWR) == 0) {
1472 _("%s: cannot open %s\n"),
1473 Prog, sgr_dbname ());
1474 fail_exit (E_GRP_UPDATE);
1480 static char *empty_list = NULL;
1483 * new_grent - initialize the values in a group file entry
1485 * new_grent() takes all of the values that have been entered and fills
1486 * in a (struct group) with them.
1489 static void new_grent (struct group *grent)
1491 memzero (grent, sizeof *grent);
1492 grent->gr_name = (char *) user_name;
1493 grent->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
1494 grent->gr_gid = user_gid;
1495 grent->gr_mem = &empty_list;
1500 * new_sgent - initialize the values in a shadow group file entry
1502 * new_sgent() takes all of the values that have been entered and fills
1503 * in a (struct sgrp) with them.
1506 static void new_sgent (struct sgrp *sgent)
1508 memzero (sgent, sizeof *sgent);
1509 sgent->sg_name = (char *) user_name;
1510 sgent->sg_passwd = "!"; /* XXX warning: const */
1511 sgent->sg_adm = &empty_list;
1512 sgent->sg_mem = &empty_list;
1514 #endif /* SHADOWGRP */
1518 * grp_add - add new group file entries
1520 * grp_add() writes the new records to the group files.
1523 static void grp_add (void)
1529 #endif /* SHADOWGRP */
1532 * Create the initial entries for this new group.
1537 #endif /* SHADOWGRP */
1540 * Write out the new group file entry.
1542 if (gr_update (&grp) == 0) {
1544 _("%s: failed to prepare the new %s entry '%s'\n"),
1545 Prog, gr_dbname (), grp.gr_name);
1547 audit_logger (AUDIT_ADD_GROUP, Prog,
1549 grp.gr_name, AUDIT_NO_ID,
1550 SHADOW_AUDIT_FAILURE);
1552 fail_exit (E_GRP_UPDATE);
1556 * Write out the new shadow group entries as well.
1558 if (is_shadow_grp && (sgr_update (&sgrp) == 0)) {
1560 _("%s: failed to prepare the new %s entry '%s'\n"),
1561 Prog, sgr_dbname (), sgrp.sg_name);
1563 audit_logger (AUDIT_ADD_GROUP, Prog,
1565 grp.gr_name, AUDIT_NO_ID,
1566 SHADOW_AUDIT_FAILURE);
1568 fail_exit (E_GRP_UPDATE);
1570 #endif /* SHADOWGRP */
1571 SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
1573 audit_logger (AUDIT_ADD_GROUP, Prog,
1575 grp.gr_name, AUDIT_NO_ID,
1576 SHADOW_AUDIT_SUCCESS);
1578 do_grp_update = true;
1581 static void faillog_reset (uid_t uid)
1585 off_t offset_uid = (off_t) (sizeof fl) * uid;
1587 if (access (FAILLOG_FILE, F_OK) != 0) {
1591 memzero (&fl, sizeof (fl));
1593 fd = open (FAILLOG_FILE, O_RDWR);
1595 || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1596 || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
1597 || (fsync (fd) != 0)
1598 || (close (fd) != 0)) {
1600 _("%s: failed to reset the faillog entry of UID %lu: %s\n"),
1601 Prog, (unsigned long) uid, strerror (errno));
1602 SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid));
1607 static void lastlog_reset (uid_t uid)
1611 off_t offset_uid = (off_t) (sizeof ll) * uid;
1613 if (access (LASTLOG_FILE, F_OK) != 0) {
1617 memzero (&ll, sizeof (ll));
1619 fd = open (LASTLOG_FILE, O_RDWR);
1621 || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
1622 || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
1623 || (fsync (fd) != 0)
1624 || (close (fd) != 0)) {
1626 _("%s: failed to reset the lastlog entry of UID %lu: %s\n"),
1627 Prog, (unsigned long) uid, strerror (errno));
1628 SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid));
1634 * usr_update - create the user entries
1636 * usr_update() creates the password file entries for this user
1637 * and will update the group entries if required.
1639 static void usr_update (void)
1641 struct passwd pwent;
1645 * Fill in the password structure with any new fields, making
1646 * copies of strings.
1652 * Create a syslog entry. We need to do this now in case anything
1653 * happens so we know what we were trying to accomplish.
1656 "new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s",
1657 user_name, (unsigned int) user_id,
1658 (unsigned int) user_gid, user_home, user_shell));
1661 * Initialize faillog and lastlog entries for this UID in case
1662 * it belongs to a previously deleted user. We do it only if
1663 * no user with this UID exists yet (entries for shared UIDs
1664 * are left unchanged). --marekm
1666 /* local, no need for xgetpwuid */
1667 if ((!lflg) && (getpwuid (user_id) == NULL)) {
1668 faillog_reset (user_id);
1669 lastlog_reset (user_id);
1673 * Put the new (struct passwd) in the table.
1675 if (pw_update (&pwent) == 0) {
1677 _("%s: failed to prepare the new %s entry '%s'\n"),
1678 Prog, pw_dbname (), pwent.pw_name);
1679 fail_exit (E_PW_UPDATE);
1683 * Put the new (struct spwd) in the table.
1685 if (is_shadow_pwd && (spw_update (&spent) == 0)) {
1687 _("%s: failed to prepare the new %s entry '%s'\n"),
1688 Prog, spw_dbname (), spent.sp_namp);
1690 audit_logger (AUDIT_ADD_USER, Prog,
1691 "adding shadow password",
1692 user_name, (unsigned int) user_id,
1693 SHADOW_AUDIT_FAILURE);
1695 fail_exit (E_PW_UPDATE);
1698 audit_logger (AUDIT_ADD_USER, Prog,
1700 user_name, (unsigned int) user_id,
1701 SHADOW_AUDIT_SUCCESS);
1705 * Do any group file updates for this user.
1707 if (do_grp_update) {
1713 static void selinux_update_mapping (void) {
1714 if (is_selinux_enabled () <= 0) return;
1716 if (*user_selinux) { /* must be done after passwd write() */
1717 const char *argv[7];
1718 argv[0] = "/usr/sbin/semanage";
1722 argv[4] = user_selinux;
1723 argv[5] = user_name;
1725 if (safe_system (argv[0], argv, NULL, 0)) {
1727 _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
1728 Prog, user_name, user_selinux);
1730 audit_logger (AUDIT_ADD_USER, Prog,
1731 "adding SELinux user mapping",
1732 user_name, (unsigned int) user_id, 0);
1739 * create_home - create the user's home directory
1741 * create_home() creates the user's home directory if it does not
1742 * already exist. It will be created mode 755 owned by the user
1743 * with the user's default group.
1745 static void create_home (void)
1747 if (access (user_home, F_OK) != 0) {
1749 selinux_file_context (user_home);
1751 /* XXX - create missing parent directories. --marekm */
1752 if (mkdir (user_home, 0) != 0) {
1754 _("%s: cannot create directory %s\n"),
1757 audit_logger (AUDIT_ADD_USER, Prog,
1758 "adding home directory",
1759 user_name, (unsigned int) user_id,
1760 SHADOW_AUDIT_FAILURE);
1762 fail_exit (E_HOMEDIR);
1764 chown (user_home, user_id, user_gid);
1766 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1769 audit_logger (AUDIT_ADD_USER, Prog,
1770 "adding home directory",
1771 user_name, (unsigned int) user_id,
1772 SHADOW_AUDIT_SUCCESS);
1775 /* Reset SELinux to create files with default contexts */
1776 setfscreatecon (NULL);
1782 * create_mail - create the user's mail spool
1784 * create_mail() creates the user's mail spool if it does not already
1785 * exist. It will be created mode 660 owned by the user and group
1788 static void create_mail (void)
1796 if (strcasecmp (create_mail_spool, "yes") == 0) {
1797 spool = getdef_str ("MAIL_DIR");
1798 if (NULL == spool) {
1799 spool = "/var/mail";
1801 file = alloca (strlen (spool) + strlen (user_name) + 2);
1802 sprintf (file, "%s/%s", spool, user_name);
1803 fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
1805 perror (_("Creating mailbox file"));
1809 gr = getgrnam ("mail"); /* local, no need for xgetgrnam */
1811 fputs (_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"),
1820 if ( (fchown (fd, user_id, gid) != 0)
1821 || (fchmod (fd, mode) != 0)) {
1822 perror (_("Setting mailbox file permissions"));
1831 * main - useradd command
1833 int main (int argc, char **argv)
1835 #ifdef ACCT_TOOLS_SETUID
1837 pam_handle_t *pamh = NULL;
1839 #endif /* USE_PAM */
1840 #endif /* ACCT_TOOLS_SETUID */
1847 * Get my name so that I can use it to report errors.
1849 Prog = Basename (argv[0]);
1851 (void) setlocale (LC_ALL, "");
1852 (void) bindtextdomain (PACKAGE, LOCALEDIR);
1853 (void) textdomain (PACKAGE);
1855 OPENLOG ("useradd");
1857 sys_ngroups = sysconf (_SC_NGROUPS_MAX);
1858 user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
1860 * Initialize the list to be empty
1862 user_groups[0] = (char *) 0;
1865 is_shadow_pwd = spw_file_present ();
1867 is_shadow_grp = sgr_file_present ();
1872 process_flags (argc, argv);
1874 #ifdef ACCT_TOOLS_SETUID
1877 struct passwd *pampw;
1878 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
1879 if (pampw == NULL) {
1881 _("%s: Cannot determine your user name.\n"),
1886 retval = pam_start ("useradd", pampw->pw_name, &conv, &pamh);
1889 if (PAM_SUCCESS == retval) {
1890 retval = pam_authenticate (pamh, 0);
1893 if (PAM_SUCCESS == retval) {
1894 retval = pam_acct_mgmt (pamh, 0);
1898 (void) pam_end (pamh, retval);
1900 if (PAM_SUCCESS != retval) {
1901 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
1904 #endif /* USE_PAM */
1905 #endif /* ACCT_TOOLS_SETUID */
1908 * See if we are messing with the defaults file, or creating
1912 if (gflg || bflg || fflg || eflg || sflg) {
1913 exit ((set_defaults () != 0) ? 1 : 0);
1921 * Start with a quick check to see if the user exists.
1923 if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
1924 fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
1926 audit_logger (AUDIT_ADD_USER, Prog,
1928 user_name, AUDIT_NO_ID,
1929 SHADOW_AUDIT_FAILURE);
1931 fail_exit (E_NAME_IN_USE);
1935 * Don't blindly overwrite a group when a user is added...
1936 * If you already have a group username, and want to add the user
1937 * to that group, use useradd -g username username.
1941 /* local, no need for xgetgrnam */
1942 if (getgrnam (user_name) != NULL) {
1944 _("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
1947 audit_logger (AUDIT_ADD_USER, Prog,
1949 user_name, AUDIT_NO_ID,
1950 SHADOW_AUDIT_FAILURE);
1952 fail_exit (E_NAME_IN_USE);
1957 * Do the hard stuff:
1959 * - create the user entries,
1960 * - create the home directory,
1961 * - create user mail spool,
1962 * - flush nscd caches for passwd and group services,
1963 * - then close and update the files.
1968 /* first, seek for a valid uid to use for this user.
1969 * We do this because later we can use the uid we found as
1970 * gid too ... --gafton */
1972 if (find_new_uid (rflg, &user_id, NULL) < 0) {
1973 fprintf (stderr, _("%s: can't create user\n"), Prog);
1974 fail_exit (E_UID_IN_USE);
1977 if (getpwuid (user_id) != NULL) {
1979 _("%s: UID %lu is not unique\n"),
1980 Prog, (unsigned long) user_id);
1982 audit_logger (AUDIT_ADD_USER, Prog,
1984 user_name, (unsigned int) user_id,
1985 SHADOW_AUDIT_FAILURE);
1987 fail_exit (E_UID_IN_USE);
1992 /* do we have to add a group for that user? This is why we need to
1993 * open the group files in the open_files() function --gafton */
1995 if (find_new_gid (rflg, &user_gid, &user_id) < 0) {
1997 _("%s: can't create group\n"),
2009 copy_tree (def_template, user_home, user_id, user_gid);
2012 _("%s: warning: the home directory already exists.\n"
2013 "Not copying any file from skel directory into it.\n"),
2019 /* Do not create mail directory for system accounts */
2027 selinux_update_mapping ();
2030 nscd_flush_cache ("passwd");
2031 nscd_flush_cache ("group");