[lmi-commits] [lmi] master c7016ba 05/12: Add all groups before adding any user

[Greg Chicares]

branch: master
commit c7016baa337d0ff0f3c3ba59a7c43d895c7512fa
Author: Gregory W. Chicares <gchicares@sbcglobal.net>
Commit: Gregory W. Chicares <gchicares@sbcglobal.net>

    Add all groups before adding any user
    
    Refactored in anticipation of adding multiple users.
    
    Incidentally added an "lmi" group for centos, and added normal centos
    user to it.
---
 lmi_setup_24.sh  | 13 +++++++------
 lmi_setup_24c.sh | 10 ++++++++--
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/lmi_setup_24.sh b/lmi_setup_24.sh
index 0f50f1c..abc1225 100755
--- a/lmi_setup_24.sh
+++ b/lmi_setup_24.sh
@@ -29,7 +29,12 @@ set -evx
 assert_su
 assert_chrooted
 
-# Add a normal user, and a corresponding group.
+groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
+
+# Add an 'lmi' group, which may be useful in a multi-user chroot.
+getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
+
+# Add a normal user, setting its shell and groups.
 #
 # No attempt is made to set a real password, because that can't be
 # done securely in a script. A better password can be set later,
@@ -43,7 +48,6 @@ assert_chrooted
 # identical results, to avoid gratuitous regressions when comparing
 # successive logs.
 
-groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
 useradd \
   --gid="${NORMAL_GROUP_GID}" \
   --uid="${NORMAL_USER_UID}" \
@@ -52,12 +56,9 @@ useradd \
   --password="$(openssl passwd -1 --salt '' expired)" \
   "${NORMAL_USER}"
 
+usermod -aG lmi  "${NORMAL_USER}" || echo "Oops."
 usermod -aG sudo "${NORMAL_USER}" || echo "Oops."
 
-# Add an 'lmi' group, which may be useful in a multi-user chroot.
-getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
-usermod -aG lmi "${NORMAL_USER}" || echo "Oops."
-
 chsh -s /bin/zsh "${NORMAL_USER}"
 
 stamp=$(date -u +'%Y%m%dT%H%M%SZ')
diff --git a/lmi_setup_24c.sh b/lmi_setup_24c.sh
index b033e1f..08941af 100755
--- a/lmi_setup_24c.sh
+++ b/lmi_setup_24c.sh
@@ -29,11 +29,15 @@ set -evx
 assert_su
 assert_not_chrooted
 
-# Add a normal user, and a corresponding group.
+groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
+
+# Add an 'lmi' group, which may be useful in a multi-user chroot.
+getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
+
+# Add a normal user, setting its shell and groups.
 #
 # This minimal centos chroot lacks openssl, so hardcode a password.
 
-groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
 useradd \
   --gid="${NORMAL_GROUP_GID}" \
   --uid="${NORMAL_USER_UID}" \
@@ -42,6 +46,8 @@ useradd \
   --password="\$1\$\$AYD8bMyx6ho3BnmO3jjb60" \
   "${NORMAL_USER}"
 
+usermod -aG lmi  "${NORMAL_USER}" || echo "Oops."
+
 # Where debian has a 'sudo' group, redhat has a 'wheel' group.
 # The difference seems to be nominal; neither is GID 0.
 usermod -aG wheel "${NORMAL_USER}"