#!/bin/bash ############################################################################# # System Authentication - User, group, and auth file paths # Provides standard paths for /etc/passwd, /etc/shadow, sudoers, and user/group IDs # Must be sourced AFTER lib/system-detect.sh has set SYS_* variables ############################################################################# # Source guard if [ -n "${_SYSTEM_AUTHENTICATION_LOADED:-}" ]; then return 0 fi readonly _SYSTEM_AUTHENTICATION_LOADED=1 ############################################################################# # SYSTEM AUTHENTICATION FILES ############################################################################# derive_system_auth_files() { # Standard system auth files (same on all Linux systems) export SYS_AUTH_PASSWD_FILE="/etc/passwd" export SYS_AUTH_SHADOW_FILE="/etc/shadow" export SYS_AUTH_GROUP_FILE="/etc/group" export SYS_AUTH_GSHADOW_FILE="/etc/gshadow" export SYS_AUTH_SUDOERS_FILE="/etc/sudoers" export SYS_AUTH_SUDOERS_DIR="/etc/sudoers.d" # PAM and authentication export SYS_AUTH_PAM_DIR="/etc/pam.d" export SYS_AUTH_SSH_CONFIG="/etc/ssh/sshd_config" export SYS_AUTH_HOSTS_ALLOW="/etc/hosts.allow" export SYS_AUTH_HOSTS_DENY="/etc/hosts.deny" # Cron and scheduled tasks export SYS_AUTH_CRONTAB_DIR="/var/spool/cron" if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then export SYS_AUTH_CRONTAB_DIR="/var/spool/cron/crontabs" fi export SYS_LOG_CRON="/var/log/cron" if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then export SYS_LOG_CRON="/var/log/syslog" # Debian/Ubuntu cron logs go to syslog fi } ############################################################################# # WEB SERVER USER & GROUP IDS ############################################################################# derive_web_server_ids() { case "$SYS_WEB_SERVER" in apache|httpd) if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then export SYS_WEB_UID=$(id -u www-data 2>/dev/null || echo "33") export SYS_WEB_GID=$(id -g www-data 2>/dev/null || echo "33") else export SYS_WEB_UID=$(id -u apache 2>/dev/null || echo "48") export SYS_WEB_GID=$(id -g apache 2>/dev/null || echo "48") fi ;; nginx) export SYS_WEB_UID=$(id -u nginx 2>/dev/null || echo "998") export SYS_WEB_GID=$(id -g nginx 2>/dev/null || echo "998") ;; litespeed|openlitespeed) export SYS_WEB_UID=$(id -u nobody 2>/dev/null || echo "65534") export SYS_WEB_GID=$(id -g nobody 2>/dev/null || echo "65534") ;; *) export SYS_WEB_UID="" export SYS_WEB_GID="" ;; esac } ############################################################################# # DATABASE USER & GROUP IDS ############################################################################# derive_database_user_ids() { case "$SYS_DB_TYPE" in mysql) export SYS_DB_UID=$(id -u mysql 2>/dev/null || echo "986") export SYS_DB_GID=$(id -g mysql 2>/dev/null || echo "986") ;; postgresql) export SYS_DB_UID=$(id -u postgres 2>/dev/null || echo "999") export SYS_DB_GID=$(id -g postgres 2>/dev/null || echo "999") ;; *) export SYS_DB_UID="" export SYS_DB_GID="" ;; esac } ############################################################################# # MAIL SYSTEM USER & GROUP IDS ############################################################################# derive_mail_user_ids() { case "$SYS_MAIL_SYSTEM" in exim) # Exim typically runs as Debian-mail or mail user if id mail &>/dev/null; then export SYS_MAIL_UID=$(id -u mail 2>/dev/null || echo "8") export SYS_MAIL_GID=$(id -g mail 2>/dev/null || echo "12") else export SYS_MAIL_UID=$(id -u Debian-exim 2>/dev/null || echo "101") export SYS_MAIL_GID=$(id -g Debian-exim 2>/dev/null || echo "104") fi ;; postfix) export SYS_MAIL_UID=$(id -u postfix 2>/dev/null || echo "89") export SYS_MAIL_GID=$(id -g postfix 2>/dev/null || echo "89") ;; sendmail) export SYS_MAIL_UID=$(id -u smmsp 2>/dev/null || echo "209") export SYS_MAIL_GID=$(id -g smmsp 2>/dev/null || echo "209") ;; *) export SYS_MAIL_UID="" export SYS_MAIL_GID="" ;; esac } ############################################################################# # CONTROL PANEL USER IDS ############################################################################# derive_control_panel_user_ids() { case "$SYS_CONTROL_PANEL" in cpanel) # cPanel system user (usually nobody on cPanel) export SYS_CPANEL_SYSTEM_UID=$(id -u nobody 2>/dev/null || echo "65534") export SYS_CPANEL_SYSTEM_GID=$(id -g nobody 2>/dev/null || echo "65534") ;; plesk) # Plesk system user export SYS_PLESK_SYSTEM_UID=$(id -u psaadm 2>/dev/null || echo "52") export SYS_PLESK_SYSTEM_GID=$(id -g psaadm 2>/dev/null || echo "52") ;; interworx) # InterWorx system user export SYS_INTERWORX_SYSTEM_UID=$(id -u iworx 2>/dev/null || echo "99") export SYS_INTERWORX_SYSTEM_GID=$(id -g iworx 2>/dev/null || echo "99") ;; *) export SYS_CPANEL_SYSTEM_UID="" export SYS_CPANEL_SYSTEM_GID="" export SYS_PLESK_SYSTEM_UID="" export SYS_PLESK_SYSTEM_GID="" export SYS_INTERWORX_SYSTEM_UID="" export SYS_INTERWORX_SYSTEM_GID="" ;; esac } ############################################################################# # MAIN DERIVATION FUNCTION ############################################################################# derive_all_system_authentication() { derive_system_auth_files derive_web_server_ids derive_database_user_ids derive_mail_user_ids derive_control_panel_user_ids } # Auto-run if sourced with detection complete if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then derive_all_system_authentication fi