--- loncom/lcuserdel 2000/10/28 19:22:19 1.4
+++ loncom/lcuserdel 2000/10/30 03:08:28 1.11
@@ -5,6 +5,7 @@
# Scott Harrison
# SH: October 27, 2000
# SH: October 28, 2000
+# SH: October 29, 2000
use strict;
@@ -12,6 +13,10 @@ use strict;
# be run by user 'www'. It DOES NOT delete directories.
# All it does is remove a user's entries from
# /etc/passwd, /etc/groups, and /etc/smbpasswd.
+# It also disables user directory access by making the directory
+# to be owned by user=www (as opposed to the former "username").
+# This command only returns an error if it is
+# invoked incorrectly (by passing bad command-line arguments, etc).
# This script works under the same process control mechanism
# as lcuseradd and lcpasswd, to make sure that only one of these
@@ -20,6 +25,11 @@ use strict;
# Standard input usage
# First line is USERNAME
+# Valid user names must consist of ascii
+# characters that are alphabetical characters
+# (A-Z,a-z), numeric (0-9), or the underscore
+# mark (_). (Essentially, the perl regex \w).
+
# Command-line arguments [USERNAME]
# Yes, but be very careful here (don't pass shell commands)
# and this is only supported to allow perl-system calls.
@@ -30,6 +40,12 @@ use strict;
# print "uh-oh" if $exitcode;
# These are the exit codes.
+# ( (0,"ok"),
+# (1,"User ID mismatch. This program must be run as user 'www'"),
+# (2,"Error. This program needs just 1 command-line argument (username).") )
+# (3,"Error. Only one line should be entered into standard input."),
+# (4,"Error. Too many other simultaneous password change requests being made."),
+# (5,"Error. The user name specified has invalid characters.") )
# Security
$ENV{'PATH'}=""; # Nullify path information.
@@ -70,12 +86,14 @@ if (@ARGV==1) {
}
elsif (@ARGV) {
print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
+ unlink('/tmp/lock_lcpasswd');
exit 2;
}
else {
@input=<>;
if (@input!=1) {
print("Error. Only one line should be entered into standard input.\n") unless $noprint;
+ unlink('/tmp/lock_lcpasswd');
exit 3;
}
map {chop} @input;
@@ -84,19 +102,36 @@ else {
my ($username)=@input;
$username=~/^(\w+)$/;
my $safeusername=$1;
+if ($username ne $safeusername) {
+ print "Error. The user name specified has invalid characters.\n";
+ unlink('/tmp/lock_lcpasswd');
+ exit 5;
+}
+
+&enable_root_capability;
# By using the system userdel command:
# Remove entry from /etc/passwd if it exists
# Remove entry from /etc/groups if it exists
-system('/usr/sbin/userdel',$safeusername);
+# I surround with groupdel command to make absolutely sure the group definition disappears.
+system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message
+system('/usr/sbin/userdel 2>/dev/null',$safeusername); # ignore error message
+system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message
# Remove entry from /etc/smbpasswd if it exists
+my $oldsmbpasswd=`/bin/cat /etc/smbpasswd`;
+my $newsmbpasswd=`/bin/grep -v '^${safeusername}:' /etc/smbpasswd`;
-# Move directory from /home/username to /home/username.1
+if ($oldsmbpasswd ne $newsmbpasswd) {
+ open OUT,">/etc/smbpasswd";
+ print OUT $newsmbpasswd;
+ close OUT;
+}
# Change ownership on directory from username:username to www:www
# This prevents subsequently added users from having access.
+system('/bin/chown','-R','www:www',"/home/$safeusername");
&disable_root_capability;
unlink("/tmp/lock_lcpasswd");
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.