X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=docker-build%2Fregistry%2Fsecurity-utils%2Fset-nologin-shell-to-system-users.sh;fp=docker-build%2Fregistry%2Fsecurity-utils%2Fset-nologin-shell-to-system-users.sh;h=0965bd0ef8af15d469bd19a19b02954691abff53;hb=2ed671c54dad28dd81763928b28cd17d5c76df66;hp=0000000000000000000000000000000000000000;hpb=2c8d12e674aa66af96cd6d2d750f061092db95df;p=ta%2Fcaas-registry.git

diff --git a/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh b/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh
new file mode 100755
index 0000000..0965bd0
--- /dev/null
+++ b/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh
@@ -0,0 +1,76 @@
+#!/bin/sh
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+. $(dirname "$0")/utils.sh
+
+is_nologin_shell () {
+    shell=$1
+
+    set -- "/sbin/nologin" "/bin/sync" "/sbin/halt" "/sbin/shutdown"
+    for no_login_shell
+    do
+        if [ "$no_login_shell" = "$shell" ]
+        then
+            return 1;
+        fi
+    done
+    return 0;
+}
+
+set_nologin_shell () {
+    account=$1
+
+    name=$(echo "$account" | cut -d: -f1)
+    uid=$(echo "$account" | cut -d: -f3)
+    gid=$(echo "$account" | cut -d: -f4)
+    gecos=$(echo "$account" | cut -d: -f5)
+    home_dir=$(echo "$account" | cut -d: -f6)
+
+    del_user "$name" > /dev/null 2&>1
+    group_name=$(get_group_name "$gid")
+    if [ -z $group_name ]
+    then
+        group_command=""
+    else
+        group_command="-G $group_name"
+    fi
+    adduser -D -h "$home_dir" -g "$gecos" -s /sbin/nologin $group_command -u "$uid" "$name"
+
+}
+
+main () {
+    while read -r account
+    do
+        name=$(echo "$account" | cut -d: -f1)
+        if [ "$name" = "root" ]
+        then
+            continue;
+        fi
+
+        shell=$(echo "$account" | cut -d: -f7)
+        if is_nologin_shell "$shell"
+        then
+            set_nologin_shell "$account"
+        fi
+    done < /etc/passwd
+
+    if [[ `ls -ld /root | awk '{print $3"\n"$4}' | grep -v root` ]]
+    then
+        chown root:root /root
+    fi
+
+}
+
+main