diff options
author | Bertrand Jacquin <beber@meleeweb.net> | 2013-05-28 20:50:27 +0200 |
---|---|---|
committer | Bertrand Jacquin <beber@meleeweb.net> | 2013-05-28 23:30:14 +0200 |
commit | 199d754a696c67bec366116a297525c7b793d812 (patch) | |
tree | e796791ff40f29d50f6fb0986bfa19d58cd57d57 | |
parent | dev-libs/libgcrypt: update SRC_URI to only use thirdpartymirrors (diff) | |
download | portage-199d754a696c67bec366116a297525c7b793d812.tar.xz |
delete old net-misc/scponly (remove --with-default-chdir="/")
-rw-r--r-- | net-misc/scponly/Manifest | 4 | ||||
-rw-r--r-- | net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch | 15 | ||||
-rw-r--r-- | net-misc/scponly/files/scponly-4.8-rsync.patch | 212 | ||||
-rw-r--r-- | net-misc/scponly/scponly-4.8-r4.ebuild | 299 |
4 files changed, 0 insertions, 530 deletions
diff --git a/net-misc/scponly/Manifest b/net-misc/scponly/Manifest deleted file mode 100644 index 6be8deb4..00000000 --- a/net-misc/scponly/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -AUX scponly-4.8-gcc4.4.0.patch 571 RMD160 acb834c4fba11b7f412c930b74ffba6782acf579 SHA1 6b1e6dc884121709d0490dd8b37507826ee1779a SHA256 bf89c4b56552654140c93b5cf3090370c24ee20e5870f0cf0df76218e52e15b2 -AUX scponly-4.8-rsync.patch 7838 RMD160 fc7464eeab781ed51ba85b8120489e10b9db1442 SHA1 992e58ddc5ea7334cf9b72324a96f149b298c210 SHA256 bfab1408ad8cfdfd8fc7f9b583c57a5c6b73be36cb3955db46e4c892acd7e55e -DIST scponly-4.8.tgz 101687 RMD160 de6b58fcb8108d42a1576c69003e9136b9417869 SHA1 154de34901ce22fd9d406f6e02cddc440c435afc SHA256 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf -EBUILD scponly-4.8-r4.ebuild 9070 RMD160 51830293482a2b0bc70568bd270c91d391638ea6 SHA1 e43c4b4f7683ffb9be074939fef52e0b1d174a91 SHA256 5c4be4b1f38db95ae1d6a8ce57d5088c716694dd254be9336466081a3a69cb12 diff --git a/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch b/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch deleted file mode 100644 index d08ce28b..00000000 --- a/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- helper.c.orig 2009-05-11 00:33:08.000000000 -0600 -+++ helper.c 2009-05-11 00:39:59.000000000 -0600 -@@ -259,11 +259,11 @@ - PROG_RSYNC, logstamp()); - return 1; - } - #endif /* RSYNC_COMPAT */ - --#elif /* HAVE_GETOPT */ -+#else /* HAVE_GETOPT */ - /* - * make sure that processing doesn't continue if we can't validate a rsync check - * and if the getopt flag is set. - */ - syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]); diff --git a/net-misc/scponly/files/scponly-4.8-rsync.patch b/net-misc/scponly/files/scponly-4.8-rsync.patch deleted file mode 100644 index 40ca5e44..00000000 --- a/net-misc/scponly/files/scponly-4.8-rsync.patch +++ /dev/null @@ -1,212 +0,0 @@ -diff -Naur scponly-4.8.orig/CHANGELOG scponly-4.8/CHANGELOG ---- scponly-4.8.orig/CHANGELOG 2008-01-15 15:26:13.000000000 +0900 -+++ scponly-4.8/CHANGELOG 2009-03-18 21:29:48.000000000 +0900 -@@ -1,3 +1,9 @@ -+CVS -+ Update the SECURITY document to include a reference to /etc/popt and ~/.popt as -+ they relate to rsync. -+ Fix for rsync-3.0 which now uses a short -e option, with an optional argument as -+ a server side option indicating protocol compatibility. -+ - scponly v4.8 - jan 14 2008 - fix support for quota and passwd when running within the chroot (exec pre-chroot) - disallow rsync and svnserve from being run as daemons that listen on a port -diff -Naur scponly-4.8.orig/SECURITY scponly-4.8/SECURITY ---- scponly-4.8.orig/SECURITY 2008-01-15 15:26:13.000000000 +0900 -+++ scponly-4.8/SECURITY 2009-03-18 21:29:48.000000000 +0900 -@@ -28,6 +28,10 @@ - - svn, svnserve, rsync, and unison - -+ Note specifically that rsync uses popt for parsing command line arguments -+ and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus, -+ users can likely bypass argument checking for rsync. -+ - 4) Make sure that all files required for the chroot have the IMMUTABLE and - UNDELETABLE bits set. Other bits might also be prudent. See: man 1 chattr. - -@@ -39,13 +43,16 @@ - ~/.ssh, ~/.unison, ~/.subversion - - NOTE: depending on file permissions in the above, ssh, unison, and -- subversion may not work correctly. -+ subversion may not work correctly. Also note that the location of the -+ above directories is sometimes system dependent, so please check the -+ documentation specific to your system. - - 7) Make sure that every directory the users have write permissions to are - on a filesystem that is mounted NODEV, NOEXEC. Eg. Make sure that they - cannot execute files that they have permissions to upload. They should - also not need permissions to create any devices. If the user can't execute -- any files that he has access to upload, then you need not worry about the -+ any files that he has access to upload and the executable files on the -+ system are not considered harmful, then you need not worry about the - security problems referencing svn/svnserve above! - - 8) Monitor your logs! If you start to see something funny, odd, or strange in -diff -Naur scponly-4.8.orig/helper.c scponly-4.8/helper.c ---- scponly-4.8.orig/helper.c 2008-01-15 15:26:13.000000000 +0900 -+++ scponly-4.8/helper.c 2009-03-18 21:29:48.000000000 +0900 -@@ -6,17 +6,15 @@ - #include <sys/types.h> /* for stat, getpwuid */ - #include <sys/stat.h> /* for stat */ - #include <unistd.h> /* for exit, access, getpwuid, execve, getopt */ --#ifdef HAVE_GETOPT_H --#include <getopt.h> /* for getopt */ --#endif - #include <errno.h> /* for debugging */ - #include <pwd.h> /* to get username for config parsing */ - #include <time.h> /* time */ - #include <libgen.h> /* basename */ - #include <stdlib.h> /* realloc */ - #include <syslog.h> --#include "scponly.h" -+ - #include "config.h" -+#include "scponly.h" /* includes getopt */ - - #ifdef HAVE_GLOB - #include <glob.h> /* for glob() */ -@@ -26,6 +24,11 @@ - #endif - #endif - -+#ifdef RSYNC_COMPAT -+#define RSYNC_ARG_SERVER 0x01 -+#define RSYNC_ARG_EXECUTE 0x02 -+#endif -+ - #define MAX(x,y) ( ( x > y ) ? x : y ) - #define MIN(x,y) ( ( x < y ) ? x : y ) - -@@ -164,6 +167,13 @@ - int ch; - int ac=0; - int longopt_index = 0; -+#ifdef RSYNC_COMPAT -+ /* -+ * bitwise flag: 0x01 = server, 0x02 = -e. -+ * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed -+ */ -+ int rsync_flags = 0; -+#endif /* RSYNC_COMPAT */ - - while (cmdarg != NULL) - { -@@ -207,7 +217,7 @@ - * otherwise, try a glibc-style reset of the global getopt vars - */ - optind=0; --#endif -+#endif /* HAVE_OPTRESET */ - /* - * tell getopt to only be strict if the 'opts' is well defined - */ -@@ -216,28 +226,49 @@ - - debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp()); - -+#ifdef RSYNC_COMPAT -+ if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' || ch == 'e')) { -+ if (ch == 's') -+ rsync_flags |= RSYNC_ARG_SERVER; -+ else -+ /* -e */ -+ rsync_flags |= RSYNC_ARG_EXECUTE; -+ debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags); -+ } -+ else -+#endif /* RSYNC_COMPAT */ -+ - /* if the character is found in badarg, then it's not a permitted option */ - if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL)) - { - syslog(LOG_ERR, "option '%c' or a related long option is not permitted for use with %s (arg was %s) (%s))", -- ch, cmdarg->name, optarg, logstamp()); -+ ch, cmdarg->name, (optarg!=NULL ? optarg : "<NULL>"), logstamp()); - return 1; - } - else if (cmdarg->strict && ch == '?') - { - syslog(LOG_ERR, "an unrecognized option was encountered while processing cmd %s (arg was %s) (%s))", -- cmdarg->name, optarg, logstamp()); -+ cmdarg->name, (optarg!=NULL ? optarg : "<NULL>"), logstamp()); - return 1; - } - } --#elif -+#ifdef RSYNC_COMPAT -+ /* it's not safe if the execute flag was set and server was not set */ -+ if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) { -+ syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)", -+ PROG_RSYNC, logstamp()); -+ return 1; -+ } -+#endif /* RSYNC_COMPAT */ -+ -+#elif /* HAVE_GETOPT */ - /* - * make sure that processing doesn't continue if we can't validate a rsync check - * and if the getopt flag is set. - */ - syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]); - return 1; --#endif -+#endif /* HAVE_GETOPT */ - } - else - /* -diff -Naur scponly-4.8.orig/scponly.c scponly-4.8/scponly.c ---- scponly-4.8.orig/scponly.c 2008-01-15 15:28:24.000000000 +0900 -+++ scponly-4.8/scponly.c 2009-03-18 21:29:48.000000000 +0900 -@@ -91,16 +91,18 @@ - - #ifdef RSYNC_COMPAT - struct option rsync_longopts[] = { -+ /* options we need to know about that are safe */ -+ {"server", 0, 0, (int)'s'}, - /* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg */ -- {"rsh", 1, 0, (int)'e'}, -+ {"rsh", 1, 0, (int)'r'}, - /* the following are disabled because they use daemon mode */ -- {"daemon", 0, 0, (int)'e'}, -- {"rsync-path", 1, 0, (int)'e'}, -- {"address", 1, 0, (int)'e'}, -- {"port", 1, 0, (int)'e'}, -- {"sockopts", 1, 0, (int)'e'}, -- {"config", 1, 0, (int)'e'}, -- {"no-detach", 0, 0, (int)'e'}, -+ {"daemon", 0, 0, (int)'d'}, -+ {"rsync-path", 1, 0, (int)'d'}, -+ {"address", 1, 0, (int)'d'}, -+ {"port", 1, 0, (int)'d'}, -+ {"sockopts", 1, 0, (int)'d'}, -+ {"config", 1, 0, (int)'d'}, -+ {"no-detach", 0, 0, (int)'d'}, - { NULL, 0, NULL, 0 }, - }; - #endif -@@ -157,7 +159,7 @@ - { PROG_SCP, 1, 1, "SoF", "dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts }, - #endif - #ifdef RSYNC_COMPAT -- { PROG_RSYNC, 1, 0, "e", "e:", rsync_longopts }, -+ { PROG_RSYNC, 1, 0, "rde", "e::", rsync_longopts }, - #endif - #ifdef UNISON_COMPAT - { PROG_UNISON, 0, 0, "-rshcmd", NULL, empty_longopts }, -diff -Naur scponly-4.8.orig/scponly.h scponly-4.8/scponly.h ---- scponly-4.8.orig/scponly.h 2008-01-15 15:26:13.000000000 +0900 -+++ scponly-4.8/scponly.h 2009-03-18 21:29:48.000000000 +0900 -@@ -1,6 +1,9 @@ - #include <stdio.h> /* FILENAME_MAX */ --#include <getopt.h> /* struct option */ --#include "config.h" -+#include "config.h" /* include before most other files */ -+ -+#ifdef HAVE_GETOPT_H -+#include <getopt.h> /* for struct option for getopt */ -+#endif - - #define MAX_USERNAME 32 - #define MAX_REQUEST (1024) /* any request exceeding this is truncated */ diff --git a/net-misc/scponly/scponly-4.8-r4.ebuild b/net-misc/scponly/scponly-4.8-r4.ebuild deleted file mode 100644 index 31d37c98..00000000 --- a/net-misc/scponly/scponly-4.8-r4.ebuild +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/scponly/scponly-4.8-r4.ebuild,v 1.5 2010/04/11 11:16:27 nixnut Exp $ - -EAPI="1" -inherit eutils multilib toolchain-funcs - -DESCRIPTION="A tiny pseudoshell which only permits scp and sftp" -HOMEPAGE="http://www.sublimation.org/scponly/" -SRC_URI="mirror://sourceforge/scponly/${P}.tgz" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="amd64 ~mips ppc sparc x86" -IUSE="+sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging" - -RDEPEND="sys-apps/sed - net-misc/openssh - quota? ( sys-fs/quota ) - !mips? ( passwd? ( sys-apps/shadow ) ) - rsync? ( net-misc/rsync ) - !mips? ( unison? ( net-misc/unison ) ) - subversion? ( dev-vcs/subversion )" -DEPEND="${RDEPEND}" - -myuser="scponly" -myhome="/home/${myuser}" -mysubdir="/pub" - -pkg_setup() { - if use mips; then - if use unison || use passwd; then - eerror - eerror "unison and passwd use-flags are not supported on mips yet!" - die "unsupported use-flags for your arch" - fi - fi - - if use unison; then - if [ ! -e "${ROOT}usr/bin/unison" ]; then - eerror - eerror "please run 'eselect unison set <version>' first!" - die "can't find /usr/bin/unison" - fi - fi - - if ! use subversion && ! use unison && ! use rsync && \ - ! use sftp && ! use scp && ! use winscp; then - eerror - eerror "you have to enable at least one of the following use-flags:" - eerror "sftp scp winscp rsync unison subversion" - die "your build will quite useless without any compatibility mode" - fi - - if use subversion || use unison || use rsync || use wildcards || use scp || use winscp; then - ewarn - ewarn "NOTE THE FOLLOWING SECURITY RISKS:" - ewarn - if use wildcards; then - ewarn "-- by enabling wildcards, there is a slightly higher chance of an exploit" - fi - if use scp || use winscp; then - ewarn "-- by enabling scp and/or winscp compatibility, more programs will need" - ewarn " to be installed in the chroot which increases the risk." - fi - if use subversion; then - ewarn "-- CAUTION: by enabling subversion the user WILL BE ABLE TO EXECUTE" - ewarn " SCRIPTS OR PROGRAMS INDIRECTLY! svn and svnserve will try to execute" - ewarn " pre-commit, post-commit hooks, as well as a few others. These files" - ewarn " have specific filenames at specific locations relative to the svn" - ewarn " repository root. Thus, unless you are *very* careful about security," - ewarn " the user WILL BE ABLE TO EXECUTE SCRIPTS OR PROGRAMS INDIRECTLY!" - ewarn " This can be prevented by a careful configuration." - fi - if use subversion || use unison || use rsync; then - ewarn "-- The following programs use configuration files that might allow the" - ewarn " user to bypass security restrictions placed on command line arguments:" - ewarn " svn, svnserve, rsync, unison" - fi - ewarn - ewarn "please read /usr/share/doc/${PF}/SECURITY* after install!" - ewarn - ebeep 5 - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}/${P}-rsync.patch" - # bug #269242 - epatch "${FILESDIR}/${P}-gcc4.4.0.patch" -} - -src_compile() { - CFLAGS="${CFLAGS} ${LDFLAGS}" econf \ - --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \ - --disable-restrictive-names \ - --enable-chrooted-binary \ - --enable-chroot-checkdir \ - $(use_enable winscp winscp-compat) \ - $(use_enable gftp gftp-compat) \ - $(use_enable scp scp-compat) \ - $(use_enable sftp sftp) \ - $(use_enable quota quota-compat) \ - $(use_enable passwd passwd-compat) \ - $(use_enable rsync rsync-compat) \ - $(use_enable unison unison-compat) \ - $(use_enable subversion svn-compat) \ - $(use_enable subversion svnserv-compat) \ - $(use_enable logging sftp-logging-compat) \ - $(use_enable wildcards wildcards) \ - || die "econf failed" - emake CC=$(tc-getCC) || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die - - dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO - - # don't compress setup-script, so it is usable if necessary - insinto /usr/share/doc/${PF}/chroot - doins setup_chroot.sh config.h -} - -pkg_postinst() { - elog - elog "You might want to run" - elog " emerge --config =${CATEGORY}/${PF}" - elog "to setup the chroot. Otherwise you will have to setup chroot manually." - elog - elog "Please read the docs in /usr/share/doc/${PF} for more informations!" - elog - - # two slashes ('//') are used by scponlyc to determine the chroot point. - enewgroup "${myuser}" - enewuser "${myuser}" -1 /usr/sbin/scponlyc "${myhome}//" "${myuser}" -} - -pkg_config() { - # pkg_postinst is based on ${S}/setup_chroot.sh. - - einfo "Collecting binaries and libraries..." - - # Binaries launched in sftp compat mode - if built_with_use =${CATEGORY}/${PF} sftp; then - BINARIES="/usr/$(get_libdir)/misc/sftp-server" - fi - - # Binaries launched by vanilla- and WinSCP modes - if built_with_use =${CATEGORY}/${PF} scp || \ - built_with_use =${CATEGORY}/${PF} winscp; then - BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv" - BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir" - fi - - # Binaries launched in WinSCP compatibility mode - if built_with_use =${CATEGORY}/${PF} winscp; then - BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo" - fi - - # Rsync compatability mode - if built_with_use =${CATEGORY}/${PF} rsync; then - BINARIES="${BINARIES} /usr/bin/rsync" - fi - - # Unison compatability mode - if built_with_use =${CATEGORY}/${PF} unison; then - BINARIES="${BINARIES} /usr/bin/unison" - fi - - # subversion cli/svnserv compatibility - if built_with_use =${CATEGORY}/${PF} subversion; then - BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve" - fi - - # passwd compatibility - if built_with_use =${CATEGORY}/${PF} passwd; then - BINARIES="${BINARIES} /bin/passwd" - fi - - # quota compatibility - if built_with_use =${CATEGORY}/${PF} quota; then - BINARIES="${BINARIES} /usr/bin/quota" - fi - - # build lib dependencies - LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u) - - # search and add ld*.so - for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \ - /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do - [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" - done - - # search and add libnss_*.so - for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do - [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" - done - - # create base dirs - if [ ! -d "${myhome}" ]; then - einfo "Creating ${myhome}" - install -o0 -g0 -m0755 -d "${myhome}" - else - einfo "Setting owner for ${myhome}" - chown 0:0 "${myhome}" - fi - - if [ ! -d "${myhome}/etc" ]; then - einfo "Creating ${myhome}/etc" - install -o0 -g0 -m0755 -d "${myhome}/etc" - fi - - if [ ! -d "${myhome}/$(get_libdir)" ]; then - einfo "Creating ${myhome}/$(get_libdir)" - install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)" - fi - - if [ ! -e "${myhome}/lib" ]; then - einfo "Creating ${myhome}/lib" - ln -snf $(get_libdir) "${myhome}/lib" - fi - - if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then - einfo "Creating ${myhome}/usr/$(get_libdir)" - install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)" - fi - - if [ ! -e "${myhome}/usr/lib" ]; then - einfo "Creating ${myhome}/usr/lib" - ln -snf $(get_libdir) "${myhome}/usr/lib" - fi - - if [ ! -d "${myhome}${mysubdir}" ]; then - einfo "Creating ${myhome}${mysubdir} directory for uploading files" - install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}" - fi - - # create /dev/null (Bug 135505) - if [ ! -e "${myhome}/dev/null" ]; then - install -o0 -g0 -m0755 -d "${myhome}/dev" - mknod -m0777 "${myhome}/dev/null" c 1 3 - fi - - # install binaries - for BIN in ${BINARIES}; do - einfo "Install ${BIN}" - install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})" - if [ "${BIN}" = "/bin/passwd" ]; then # needs suid - install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}" - else - install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}" - fi - done - - # install libs - for LIB in ${LIB_LIST}; do - einfo "Install ${LIB}" - install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})" - install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}" - done - - # create ld.so.conf - einfo "Creating /etc/ld.so.conf" - for LIB in ${LIB_LIST}; do - dirname ${LIB} - done | sort -u | while read DIR; do - if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then - echo "${DIR}" >> "${myhome}/etc/ld.so.conf" - fi - done - ldconfig -r "${myhome}" - - # update shells - einfo "Updating /etc/shells" - grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \ - || echo "/usr/bin/scponly" >> /etc/shells - - grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \ - || echo "/usr/sbin/scponlyc" >> /etc/shells - - # create /etc/passwd - if [ ! -e "${myhome}/etc/passwd" ]; then - ( - echo "root:x:0:0:root:/:/bin/sh" - sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd - ) > "${myhome}/etc/passwd" - fi - - # create /etc/group - if [ ! -e "${myhome}/etc/group" ]; then - ( - echo "root:x:0:" - sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group - ) > "${myhome}/etc/group" - fi -} |