- next unless system("useradd", "-m",
- "-c", l[:username],
- "-s", "/bin/bash",
- "-G", groups.join(","),
- l[:username],
- out: devnull)
+ unless system("useradd", "-m",
+ "-c", username,
+ "-s", "/bin/bash",
+ username)
+ STDERR.puts "Account creation failed for #{l[:username]}: #{$?}"
+ next
+ end
+ begin
+ pwnam[username] = Etc.getpwnam(username)
+ rescue => e
+ STDERR.puts "Created account but then getpwnam() failed for #{l[:username]}: #{e}"
+ raise
+ end
+ end
+
+ existing_groups = current_user_groups[username] || []
+ groups = l[:groups] || []
+ # Adding users to the FUSE group has long been hardcoded behavior.
+ groups << "fuse"
+ groups << username
+ groups.select! { |g| Etc.getgrnam(g) rescue false }
+
+ groups.each do |addgroup|
+ if existing_groups.index(addgroup).nil?
+ # User should be in group, but isn't, so add them.
+ STDERR.puts "Add user #{username} to #{addgroup} group"
+ system("adduser", username, addgroup)
+ end
+ end
+
+ existing_groups.each do |removegroup|
+ if groups.index(removegroup).nil?
+ # User is in a group, but shouldn't be, so remove them.
+ STDERR.puts "Remove user #{username} from #{removegroup} group"
+ system("deluser", username, removegroup)
+ end