This file is indexed.

/usr/share/blends/unixgroups/blend-actions is in blends-common 0.6.16.4ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# $Id$
#
# Backend dependant functions for blends package
#
# For error codes check in /usr/include/sysexits.h

# CHECK Functions

#checkBlend() is backend indep, and is defined in ${SHAREDIR}/blend-actions

# Read adduser config to find out from which ID normal users start
# Default = 1000
FIRST_UID=1000
[ -s /etc/adduser.conf ] && . /etc/adduser.conf

# checks if User $1 exists as a system user
checkUser() {
	RET=0
	BLENDUSER=$1
	if [ $# -ne 1 ]; then
		RET=64 # EX_USAGE
	elif ! getent passwd "${BLENDUSER}" > /dev/null; then
		RET=67 # EX_NOUSER
	fi
	return ${RET}
}

# checks if Role $1 is registered into system
# actually a mere check if Unix group, named like the Blend, exists
checkRole() {
	RET=0
	ROLE=$1
	if [ "$#" -ne 1 ]; then
		RET=64 # EX_USAGE
	elif ! getent group "${ROLE}" > /dev/null; then
		RET=67 # EX_NOUSER
	fi
	return ${RET}
}


# check if Blend ($1) has registered Role ($2) 
# (or, in other words, if Role has been registerd as Debian Pure Blend)
checkRoleInBlend() {
	RET=0
	BLEND=$1
	ROLE=$2
	if [ "$#" -ne 2 ]; then 
		RET=64 # EX_USAGE
	# currently there is no way to extract a Role from a Blend if
	# they're named differently, using unixgroups backend
	elif [ "${BLEND}" != "${ROLE}" ]; then
		RET=69 # EX_UNAVAILABLE
	fi
	return ${RET}
}

# checks if user $2 is registered in Blend $1
checkUserInBlend() {
	RET=0
	BLEND=$1
	BLENDUSER=$2
	if [ "$#" -ne 2 ]; then 
		RET=64 # EX_USAGE
	# currently the only way to check if user is registered in a Blend
        # is check he covers any role the Blend, using unixgroups backend
	elif [ -z "`getUserRoles ${BLEND} ${BLENDUSER}`" ]; then
		RET=1 # user has no role, so is not registered in Blend
	fi
	return ${RET}
}

# GET Functions

# getBlendList() is backend indep and is defined in ${SHAREDIR}/blend-actions

# echos the roles registered by Blend
# for Unix groups backend, it's actually the identity function
getBlendRoleList() {
	RET=0
	BLEND=$1
	if [ "$#" -ne 1 ]; then
		RET=64 # EX_USAGE
	else
		checkRole ${BLEND} && echo ${BLEND}
	fi
	return ${RET}
}

# echoes list of users having role $2 in Blend $1
# if $4 exists use ',' as separator between user names
getUsersInRole() {
	RET=0
	BLEND=$1
	ROLE=$2
	SIMPLE=$3
	USERS=""
	if [ "$#" -ne 3 -a "$#" -ne 4 ]; then
		return RET=64 # EX_USAGE
	fi
	for user in `getent group ${ROLE} | sed -ne "s/.*:\(.*\)$/\1/p" | tr "," " "` ; do
		REALNAME=" "
		if [ $SIMPLE -ne 1 ] ; then
			REALNAME=" (`grep \"^$user:\" /etc/passwd | sed \"s/^$user:[^:]\+:[0-9]\+:[0-9]\+:\([^:]\+\):.*/\1/\" | sed \"s/,.*//\"`)"
		fi
		if [ "$#" -eq 4 ]; then
			if [ "$USERS" != "" ] ; then
				USERS="${USERS},"
			fi
		fi
		if [ "$USERS" != "" ] ; then
			USERS="${USERS} "
		fi
		USERS="${USERS}${user}${REALNAME}"
	done
	echo $USERS
	return ${RET}
}

# echoes list of all users of the system
# $1 = 1 - simply login names, $1 = 0 (or anything else) - login names and real name
# if $2 exists use ',' as separator between user names
getAllUsers() {
	RET=0
	if [ "$#" -ne 1 -a "$#" -ne 2 ]; then
		RET=64 # EX_USAGE
	else
		SIMPLE=$1
		TMPFILE=`tempfile`
		(IFS=":"
			while read user pass uid gid name rest ; do
				if [ "$uid" != "" ] ; then
					# in case NIS is used on the machine $uid remains
					# empty and breaks the following condition.
					if [ $uid -ge $FIRST_UID -a "$user" != "nobody" ] ; then
        					name=`echo $name | sed "s/,.*//"`
					        if [ $SIMPLE -eq 1 ] ; then
					                echo "$user" >> ${TMPFILE}
					        else
				        	        echo "$user ($name)" >> ${TMPFILE}
						fi
					fi
				fi
			done < /etc/passwd
		)
		# Append ',' if second argument is given
		if [ "$#" -eq 2 ]; then
		    sort -u "${TMPFILE}" | tr '\n' ',' | sed 's/,/&\ /g' | sed 's/, *$//g'
		else
		    sort -u "${TMPFILE}"
		fi
		rm -f "${TMPFILE}"
	fi
	return ${RET}
}
# echo all Role covered by user $2 in Blend $1
getUserRoles() {
	RET=0
	BLEND=$1
	BLENDUSER=$2
	if [ "$#" -ne 2 ]; then
		RET=64 # EX_USAGE
	else
		BLENDROLES=`getBlendRoleList ${BLEND}`
		ROLES=""
		for ROLE in ${BLENDROLES}; do
			for USER in `getUsersInRole ${BLEND} ${ROLE} 1`; do
				test "${USER}" == "${BLENDUSER}" && \
					ROLES="${ROLES} ${ROLE}"
			done
		done
		blendDebug "getUserRoles(): roles covered by user ${BLENDUSER} in Debian Pure Blend ${BLEND}: ${ROLES}"
		echo ${ROLES}
	fi
	return ${RET}
}


# echos the home directory of the system user
getUserHome() {
	RET=0
	BLENDUSER=$1
	if [ "$#" -ne 1 ]; then
		RET=64 # EX_USAGE
	else
		if checkUser ${BLENDUSER}; then
			getent passwd ${BLENDUSER} | sed "s/.*:\([^:]*\):[^:]*$/\1/"
			RET=$?
		else
			RET=67 # EX_NOUSER
		fi
	fi

	return ${RET}
}



# ADD/SET functions

# adds role $2 to current unix groups for the specified Blend $1, as a system
# dynamic allocated group
addRole() {
	RET=0
	BLEND=$1
	ROLE=$2
	if [ "$#" -ne 2 ]; then 
		RET=64 # EX_USAGE
	else
		# Check whether group yet exists
		TESTGROUP="`getent group ${ROLE}`" || true
		if [ -z "${TESTGROUP}" ] ; then
			${DRYRUN} addgroup --system "${ROLE}" || true
		fi
		RET=$?
	fi
	return ${RET}
}

# set user $2 to have role $3, for the specified Blend $1
setUserRole() {
	RET=0
	BLEND=$1
	USER=$2
	ROLE=$3
	if [ "$#" -ne 3 ]; then 
		RET=64 # EX_USAGE
	else
		${DRYRUN} adduser ${USER} ${ROLE}
		RET=$?
	fi
	return ${RET}
}

# DEL/USET Functions

# remove role $2 for the specified Blend $1 from current unix groups, as a
# system dynamic allocated group
delRole() {
	RET=0
	BLEND=$1
	ROLE=$2
	if [ "$#" -ne 2 ]; then 
		RET=64 # EX_USAGE
	else
		if checkRole "${ROLE}"; then
			${DRYRUN} delgroup "${ROLE}"
			RET=$?
		else
			RET=67 # EX_NOUSER
		fi
	fi
	return ${RET}
}


# unset user $2 from having role $3, for the specified Blend $1
unsetUserRole() {
	RET=0
	BLEND=$1
	BLENDUSER=$2
	ROLE=$3
	# Make sure BLENDUSER and ROLE are BOTH defined, 
	# to avoid disasters using deluser
	if [ "$#" -ne 3 ]; then 
		RET=64 # EX_USAGE
	else
		if checkUser "${BLENDUSER}"; then
			${DRYRUN} deluser "${BLENDUSER}" "${ROLE}"
			RET=$?
		else
			RET=67 # EX_NOUSER
		fi
	fi
	return ${RET}
}