Account-creation script.

diff --git a/sync-accounts/sync-accounts b/sync-accounts/sync-accounts
index d83f6f7002050213b834ca6a7c36856177c5a9ab..a1b149340ab0b7a49619aec251d3ffcb26a00ce5 100755 (executable)
--- a/sync-accounts/sync-accounts
+++ b/sync-accounts/sync-accounts
@@ -127,6 +127,10 @@
 #      This directive has no effect on `sync-accounts'.  However, it
 #      is used as a placeholder by `grab-account': new accounts for
 #      creation are inserted just before `addhere'.
+#
+# Finally, the config file must finish with:
+# 
+#  end
 
 use POSIX;
 
@@ -199,6 +203,9 @@ sub diag ($) {
 }
 
 sub regroupglobs () {
+    $nogroups= (@groupglobs == 1 &&
+               $groupglobs[0]->[0] eq '.*' &&
+               !$groupglobs[0]->[1]);
     $ggfunc= "sub wantsyncgroup {\n  \$_= \$_[0];\n  return\n";
     for $e (@groupglobs) { $ggfunc.= "    m/^$e->[0]\$/ ? $e->[1] :\n"; }
     $ggfunc.= "    die;\n};\n1;\n";
@@ -413,28 +420,30 @@ sub syncuser ($$) {
     copyfield('passwd',$lu,4, $rempasswd{$ru}->[4]); # comment
     copyfield('passwd',$lu,6, $rempasswd{$ru}->[6]); # shell
 
-    for $e (@owngroup) {
-       $tgroup= $e->[0];
+    if (!$nogroups) {
+       for $e (@owngroup) {
+           $tgroup= $e->[0];
 #print STDERR "syncuser($lu,$ru) group $tgroup\n";
-       next unless &wantsyncgroup($tgroup);
+           next unless &wantsyncgroup($tgroup);
 #print STDERR "syncuser($lu,$ru) group $tgroup yes\n";
-       fetchgroup();
-       if (!exists $remgroup{$tgroup}) {
-           diag("group $tgroup: not on remote host");
-           next;
-       }
-       $inremote= grep($_ eq $ru, split(/\,/,$remgroup{$tgroup}->[3]));
-       $cusers= $e->[3]; $inlocal= grep($_ eq $lu, split(/\,/,$cusers));
-       if ($inremote && !$inlocal) {
-           $cusers.= ',' if length $cusers;
-           $cusers.= $lu;
-       } elsif ($inlocal && !$inremote) {
-           $cusers= join(',', grep($_ ne $lu, split(/\,/, $cusers)));
-       } else {
-           next;
+           fetchgroup();
+           if (!exists $remgroup{$tgroup}) {
+               diag("group $tgroup: not on remote host");
+               next;
+           }
+           $inremote= grep($_ eq $ru, split(/\,/,$remgroup{$tgroup}->[3]));
+           $cusers= $e->[3]; $inlocal= grep($_ eq $lu, split(/\,/,$cusers));
+           if ($inremote && !$inlocal) {
+               $cusers.= ',' if length $cusers;
+               $cusers.= $lu;
+           } elsif ($inlocal && !$inremote) {
+               $cusers= join(',', grep($_ ne $lu, split(/\,/, $cusers)));
+           } else {
+               next;
+           }
+           $e->[3]= $cusers;
+           $modifiedgroup= 1;
        }
-       $e->[3]= $cusers;
-       $modifiedgroup= 1;
     }
 }
 
@@ -517,7 +526,7 @@ while (<CF>) {
     } elsif (m/^(no|)(sameuid|usergroups)$/) {
        eval "\$opt_$2= ".($1 eq 'no' ? 0 : 1)."; 1;" or die $@;
     } elsif (m/^(no|)group\s+([-+.0-9a-zA-Z*?]+)$/) {
-       $yes= $1 ne 'no';
+       $yes= $1 eq 'no' ? 0 : 1;
        $_= $2;
        @groupglobs=() if $_ eq '*';
        s/[-+._]/\\$1/g;
@@ -539,6 +548,7 @@ while (<CF>) {
            next if $tuid<$1 or $tuid>$2;
            syncuser($k,$k);
        }
+    } elsif (m/^addhere$/) {
     } else {
        die "$configfile:$.: unknown directive\n";
     }

diff --git a/sync-accounts/sync-accounts-createuser b/sync-accounts/sync-accounts-createuser
new file mode 100755 (executable)
index 0000000..4959dbe
--- /dev/null
+++ b/sync-accounts/sync-accounts-createuser
@@ -0,0 +1,10 @@
+#!/bin/sh
+# default user-creation script for sync-accounts
+
+set -e
+mkdir -p $SYNCUSER_CREATE_HOME
+cp -a /etc/skel/. $SYNCUSER_CREATE_HOME
+chown -R $SYNCUSER_CREATE_UID.$SYNCUSER_CREATE_GID $SYNCUSER_CREATE_HOME
+chmod 2755 $SYNCUSER_CREATE_HOME
+rm -f /home/$SYNCUSER_CREATE_USER
+ln -s ..$SYNCUSER_CREATE_HOME /home/$SYNCUSER_CREATE_USER