#!/usr/bin/env python3 """Suggest {user,group}{mod,add} commands based on .pacnew files. When this script runs, it prints the differences between /etc/passwd and /etc/passwd.pacnew regardless of the order of lines in the files. It does the same for /etc/group and /etc/group.pacnew. Additionally, it prints suggested commands to make the real files match the pacnew files. Nothing is printed for users and groups which exist in the real files only, which are assumed to have been added by the administrator. """ # Copyright (c) 2014, George Macon # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # 1. Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. import collections import os.path import shlex PasswordEntry = collections.namedtuple('PasswordEntry', 'name pw uid gid comment home shell') GroupEntry = collections.namedtuple('GroupEntry', 'name pw gid members') Field = collections.namedtuple('Field', 'attr name option id') PASSWORD_FIELDS = [ Field('name', 'Name', None, 'uid'), Field('gid', 'GID', '--gid', 'name'), Field('comment', 'Comment', '--comment', 'name'), Field('home', 'Home directory', '--home', 'name'), Field('shell', 'Shell', '--shell', 'name'), ] def read_file(fd, entry_class, key_field): result = {} for line in fd: e = entry_class._make(line.strip().split(':')) result[getattr(e, key_field)] = e return result def by_name(ents): return {e.name: e for e in ents} def groups_by_uid(users, groups): users_by_name = by_name(users.values()) result = collections.defaultdict(set) for user in users.values(): result[user.uid].add(groups[user.gid]) for group in groups.values(): if group.members: for username in group.members.split(','): user = users_by_name[username] result[user.uid].add(group) return result def suggest_changes(current_passwd_file, new_passwd_file, current_group_file, new_group_file): current_users = read_file(current_passwd_file, PasswordEntry, 'uid') new_users = read_file(new_passwd_file, PasswordEntry, 'uid') current_groups = read_file(current_group_file, GroupEntry, 'gid') new_groups = read_file(new_group_file, GroupEntry, 'gid') current_groups_by_uid = groups_by_uid(current_users, current_groups) new_groups_by_uid = groups_by_uid(new_users, new_groups) for gid in current_groups.keys() & new_groups.keys(): cur_ent = current_groups[gid] new_ent = new_groups[gid] if cur_ent.name != new_ent.name: print("# Name differs in {}: {!r} -> {!r}".format( gid, cur_ent.name, new_ent.name)) for gid in new_groups.keys() - current_groups.keys(): new_ent = new_groups[gid] print('groupadd', '--gid', gid, new_ent.name) for uid in current_users.keys() & new_users.keys(): cur_ent = current_users[uid] new_ent = new_users[uid] suggestions = [] for field in PASSWORD_FIELDS: cur_field = getattr(cur_ent, field.attr) new_field = getattr(new_ent, field.attr) if cur_field != new_field: print("# {} differs in {}: {!r} -> {!r}".format( field.name, getattr(cur_ent, field.id), cur_field, new_field)) if field.option: suggestions.append(field.option) suggestions.append(shlex.quote(new_field)) cur_grp = current_groups_by_uid[uid] new_grp = new_groups_by_uid[uid] if cur_grp != new_grp: print("# Groups differ in {}: Add {}, remove {}".format( cur_ent.name, ', '.join(new_grp - cur_grp), ', '.join(cur_grp - new_grp))) suggestions.append('--groups') suggestions.append(shlex.quote(','.join(g.name for g in new_grp if g.gid != new_ent.gid))) if suggestions: print('usermod', ' '.join(suggestions), cur_ent.name) for uid in new_users.keys() - current_users.keys(): new_ent = new_users[uid] suggestions = ['--uid', new_ent.uid] for field in PASSWORD_FIELDS: if field.option: suggestions.append(field.option) suggestions.append(shlex.quote(getattr(new_ent, field.attr))) suggestions.append('--groups') suggestions.append(shlex.quote(','.join(g.name for g in new_groups[uid] if g.gid != new_ent.gid))) print('useradd', ' '.join(suggestions), new_ent.name) def main(): current_passwd_filename = '/etc/passwd' if os.path.exists('/etc/passwd.pacnew'): new_passwd_filename = '/etc/passwd.pacnew' else: new_passwd_filename = '/etc/passwd' current_group_filename = '/etc/group' if os.path.exists('/etc/group.pacnew'): new_group_filename = '/etc/group.pacnew' else: new_group_filename = '/etc/group' with open(current_passwd_filename, 'rt') as current_passwd_file, \ open(new_passwd_filename, 'rt') as new_passwd_file, \ open(current_group_filename, 'rt') as current_group_file, \ open(new_group_filename, 'rt') as new_group_file: suggest_changes(current_passwd_file, new_passwd_file, current_group_file, new_group_file) if __name__ == '__main__': main()