Return to lcuserdel CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lcuserdel between versions 1.1 and 1.7

-version 1.1, 2000/10/27 23:42:33
+version 1.7, 2000/10/29 22:07:20
  Line 3
  # lcuserdel
  #
  # Scott Harrison
- # October 27, 2000
+ # SH: October 27, 2000
+ # SH: October 28, 2000
+ # SH: October 29, 2000
  use strict;
- # This script is a setuid script that should
+ # This script is a setuid script (chmod 6755) that should
  # be run by user 'www'.  It DOES NOT delete directories.
  # All it does is remove a user's entries from
  # /etc/passwd, /etc/groups, and /etc/smbpasswd.
+ # It also disables user directory access by making the directory
+ # to be owned by user=www (as opposed to the former "username").
+ # It also removes group membership from www (via the groupdel command).
+ # This command only returns an error if it is
+ # invoked incorrectly (by passing bad command-line arguments, etc).
+ # This script works under the same process control mechanism
+ # as lcuseradd and lcpasswd, to make sure that only one of these
+ # processes is running at any one time on the system.
  # Standard input usage
  # First line is USERNAME
- Line 21  use strict;
+ Line 30  use strict;
  # Yes, but be very careful here (don't pass shell commands)
  # and this is only supported to allow perl-system calls.
+ # Usage within code
+ #
+ # $exitcode=system("/home/httpd/perl/lcuserdel","NAME")/256;
+ # print "uh-oh" if $exitcode;
+ # These are the exit codes.
  # Security
  $ENV{'PATH'}=""; # Nullify path information.
  $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
+ # Do not print error messages if there are command-line arguments
+ my $noprint=0;
+ if (@ARGV) {
+     $noprint=1;
+ }
+ # Read in /etc/passwd, and make sure this process is running from user=www
+ open (IN, "</etc/passwd");
+ my @lines=<IN>;
+ close IN;
+ my $wwwid;
+ for my $l (@lines) {
+     chop $l;
+     my @F=split(/\:/,$l);
+     if ($F[0] eq 'www') {$wwwid=$F[2];}
+ }
+ if ($wwwid!=$<) {
+     print("User ID mismatch.  This program must be run as user 'www'\n") unless $noprint;
+     exit 1;
+ }
+ &disable_root_capability;
+ # Handle case of another lcpasswd process
+ unless (&try_to_lock("/tmp/lock_lcpasswd")) {
+     print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
+     exit 4;
+ }
+ # Gather input.  Should only be 1 value (user name).
+ my @input;
+ if (@ARGV==1) {
+     @input=@ARGV;
+ }
+ elsif (@ARGV) {
+     print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
+     exit 2;
+ }
+ else {
+     @input=<>;
+     if (@input!=1) {
+ 	print("Error. Only one line should be entered into standard input.\n") unless $noprint;
+ 	exit 3;
+     }
+     map {chop} @input;
+ }
+ my ($username)=@input;
+ $username=~/^(\w+)$/;
+ my $safeusername=$1;
+ &enable_root_capability;
+ # By using the system userdel command:
+ # Remove entry from /etc/passwd if it exists
+ # Remove entry from /etc/groups if it exists
+ system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message
+ system('/usr/sbin/userdel 2>/dev/null',$safeusername); # ignore error message
+ # Remove entry from /etc/smbpasswd if it exists
+ my $oldsmbpasswd=`/bin/cat /etc/smbpasswd`;
+ my $newsmbpasswd=`/bin/grep -v '^${safeusername}:' /etc/smbpasswd`;
+ if ($oldsmbpasswd ne $newsmbpasswd) {
+     open OUT,">/etc/smbpasswd";
+     print OUT $newsmbpasswd;
+     close OUT;
+ }
+ # Change ownership on directory from username:username to www:www
+ # This prevents subsequently added users from having access.
+ system('/bin/chown','-R','www:www',"/home/$safeusername");
+ &disable_root_capability;
+ unlink("/tmp/lock_lcpasswd");
+ exit 0;
+ # ----------------------------------------------------------- have setuid script run as root
+ sub enable_root_capability {
+     if ($wwwid==$>) {
+ 	($<,$>)=($>,$<);
+ 	($(,$))=($),$();
+     }
+     else {
+ 	# root capability is already enabled
+     }
+     return $>;
+ }
+ # ----------------------------------------------------------- have setuid script run as www
+ sub disable_root_capability {
+     if ($wwwid==$<) {
+ 	($<,$>)=($>,$<);
+ 	($(,$))=($),$();
+     }
+     else {
+ 	# root capability is already disabled
+     }
+ }
+ # ----------------------------------- make sure that another lcpasswd process isn't running
+ sub try_to_lock {
+     my ($lockfile)=@_;
+     my $currentpid;
+     my $lastpid;
+     # Do not manipulate lock file as root
+     if ($>==0) {
+ 	return 0;
+     }
+     # Try to generate lock file.
+     # Wait 3 seconds.  If same process id is in
+     # lock file, then assume lock file is stale, and
+     # go ahead.  If process id's fluctuate, try
+     # for a maximum of 10 times.
+     for (0..10) {
+ 	if (-e $lockfile) {
+ 	    open(LOCK,"<$lockfile");
+ 	    $currentpid=<LOCK>;
+ 	    close LOCK;
+ 	    if ($currentpid==$lastpid) {
+ 		last;
+ 	    }
+ 	    sleep 3;
+ 	    $lastpid=$currentpid;
+ 	}
+ 	else {
+ 	    last;
+ 	}
+ 	if ($_==10) {
+ 	    return 0;
+ 	}
+     }
+     open(LOCK,">$lockfile");
+     print LOCK $$;
+     close LOCK;
+     return 1;
+ }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.1
changed lines
	Added in v.1.7