Setze die die UIDs und GIDs standartmässig auf 2000 bei der erstellung

von neuen Benutzern und Gruppen

arch-graphical-install-auto.sh

@@ -34,8 +34,8 @@ do
     shift
 done
 
-if cat /etc/passwd | grep "x:2000" > /dev/null; then
-    tempuser=$(cat /etc/passwd | grep "x:2000" | awk '{print $1}')
+if cat /etc/passwd | grep "x:1000" > /dev/null; then
+    tempuser=$(cat /etc/passwd | grep "x:1000" | awk '{print $1}')
     user=${tempuser%%:*}
 #else
 #    user=$(whoami)
@@ -106,7 +106,7 @@ function standartinstallation() {
 
 function addusers() {
     # Erstelle Gruppen
-    groupid=2000
+    groupid=1000
     for wort in master users wheel audio input power storage video sys optical adm lp scanner sddm kvm fuse autologin network wireshark docker libvirt libvirtdbus; do
         if ! cat /etc/group | grep ${wort}; then
             while cat /etc/group | grep ${groupid}; do
@@ -116,7 +116,7 @@ function addusers() {
         fi
     done
 
-    useruid=2000
+    useruid=1000
     while cat /etc/passwd | grep ${useruid}; do
         useruid=$((${useruid} + 1))
     done
@@ -257,7 +257,7 @@ pacmanconf
 if [ "$1" == "adduser" ]; then
     user="$2"
     userpass="$3"
-    if cat /etc/passwd | grep "x:2000" > /dev/null; then
+    if cat /etc/passwd | grep "x:1000" > /dev/null; then
         echo "${user} existiert bereits!!!"
     else
         addusers
@@ -292,8 +292,12 @@ echo "root:root" | chpasswd
 echo "Lege $SUDOERS neu an!!!"
 
 echo "root ALL=(ALL) NOPASSWD: ALL" > $SUDOERS
-
 echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> $SUDOERS
+echo "%master ALL=(ALL) NOPASSWD: ALL" >> $SUDOERS
+
+# Setze die die UIDs und GIDs standartmässig auf 2000 bei der erstellung von neuen Benutzern und Gruppen
+sed -i 's/UID_MIN=.*$/UID_MIN=2000/' /etc/login.defs
+sed -i 's/GID_MIN=.*$/GID_MIN=2000/' /etc/login.defs
 
 # systemaktualisierung
 

arch-install.sh

@@ -11,8 +11,8 @@ repo1=shell-scripte-code
 cache=/var/cache/pacman/pkg/
 repo_url="https://git.spectreos.de/simono41/SpectreOS/raw/master/repo.sh"
 
-if cat /etc/passwd | grep "x:2000" > /dev/null; then
-    tempuser=$(cat /etc/passwd | grep "x:2000" | awk '{print $1}')
+if cat /etc/passwd | grep "x:1000" > /dev/null; then
+    tempuser=$(cat /etc/passwd | grep "x:1000" | awk '{print $1}')
     user=${tempuser%%:*}
 else
     user=$(whoami)

configs/login.defs

@@ -0,0 +1,272 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+#	$Id$
+#
+# NOTE: This file is adapted for the use on Arch Linux!
+#       Unsupported options due to the use of util-linux or PAM are removed.
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
+#       pam_unix(8) enforces a 2s delay)
+#
+FAIL_DELAY		3
+
+#
+# Enable display of unknown usernames when login(1) failures are recorded.
+#
+LOG_UNKFAIL_ENAB	no
+
+#
+# Limit the highest user ID number for which the lastlog entries should
+# be updated.
+#
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+# lastlog entries.
+#
+#LASTLOG_UID_MAX
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login.
+#
+MOTD_FILE
+#MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+
+#
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR	/var/spool/mail
+#MAIL_FILE	.mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ENV_PATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a write(1) program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP as the number of such group
+# and TTYPERM as 0620.  Otherwise leave TTYGROUP commented out and
+# set TTYPERM to either 622 or 600.
+#
+TTYGROUP	tty
+TTYPERM		0600
+
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK		077
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+#HOME_MODE	0700
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd(8)
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+SYS_UID_MIN		  500
+SYS_UID_MAX		  999
+# Extra per user uids
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		    65536
+
+#
+# Min/max values for automatic gid selection in groupadd(8)
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+SYS_GID_MIN		  500
+SYS_GID_MAX		  999
+# Extra per user group ids
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		    65536
+
+#
+# Max number of login(1) retries if password is bad
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login(1)
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn(1) - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT		rwh
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, the libc will choose the default number of rounds (5000),
+# which is orders of magnitude too low for modern hardware.
+# The values must be within the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 13
+
+#
+# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+#
+# Define the YESCRYPT cost factor.
+# With a higher cost factor, it is more difficult to brute-force the password.
+# However, more CPU time and more memory will be needed to authenticate users
+# if this value is increased.
+#
+# If not specified, a cost factor of 5 will be used.
+# The value must be within the 1-11 range.
+#
+#YESCRYPT_COST_FACTOR 5
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist.  Some system accounts intentionally do
+# not have a home directory.  Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT	/nonexistent
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel(8) to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-zero number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permits to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP	0
+
+#
+# If useradd(8) should create home directories for users by default (non
+# system users only).
+# This option is overridden with the -M or -m flags on the useradd(8)
+# command-line.
+#
+#CREATE_HOME     yes
+
+#
+# Force use shadow, even if shadow passwd & shadow group files are
+# missing.
+#
+#FORCE_SHADOW    yes
+
+#
+# Allow newuidmap and newgidmap when running under an alternative
+# primary group.
+#
+#GRANT_AUX_GROUP_SUBIDS yes
+
+#
+# Select the HMAC cryptography algorithm.
+# Used in pam_timestamp module to calculate the keyed-hash message
+# authentication code.
+#
+# Note: It is recommended to check hmac(3) to see the possible algorithms
+# that are available in your system.
+#
+#HMAC_CRYPTO_ALGO SHA512

scripts/aurinstall.sh

@@ -2,8 +2,8 @@
 
 set -x
 
-if cat /etc/passwd | grep "x:2000" > /dev/null; then
-    tempuser=$(cat /etc/passwd | grep "x:2000" | awk '{print $1}')
+if cat /etc/passwd | grep "x:1000" > /dev/null; then
+    tempuser=$(cat /etc/passwd | grep "x:1000" | awk '{print $1}')
     user=${tempuser%%:*}
 else
     user=$(whoami)

scripts/aurupdater.sh

@@ -2,8 +2,8 @@
 
 set -x
 
-if cat /etc/passwd | grep "x:2000" > /dev/null; then
-    tempuser=$(cat /etc/passwd | grep "x:2000" | awk '{print $1}')
+if cat /etc/passwd | grep "x:1000" > /dev/null; then
+    tempuser=$(cat /etc/passwd | grep "x:1000" | awk '{print $1}')
     user=${tempuser%%:*}
 else
     user=$(whoami)

scripts/startup-script.sh

@@ -6,8 +6,8 @@ cmdlineparameter=$(cat /proc/cmdline)
 repo=SpectreOS
 user=user1
 
-if cat /etc/passwd | grep "x:2000" > /dev/null; then
-    tempuser=$(cat /etc/passwd | grep "x:2000" | awk '{print $1}')
+if cat /etc/passwd | grep "x:1000" > /dev/null; then
+    tempuser=$(cat /etc/passwd | grep "x:1000" | awk '{print $1}')
     user=${tempuser%%:*}
 #else
 #    user=$(whoami)