--- loncom/lcuserdel	2000/10/29 19:36:54	1.6
+++ loncom/lcuserdel	2000/10/30 02:31:45	1.10
@@ -25,6 +25,11 @@ use strict;
 # Standard input usage
 # First line is USERNAME
 
+# Valid user names must consist of ascii
+# characters that are alphabetical characters
+# (A-Z,a-z), numeric (0-9), or the underscore
+# mark (_). (Essentially, the perl regex \w).
+
 # Command-line arguments [USERNAME]
 # Yes, but be very careful here (don't pass shell commands)
 # and this is only supported to allow perl-system calls.
@@ -35,6 +40,11 @@ use strict;
 # print "uh-oh" if $exitcode;
 
 # These are the exit codes.
+# ( (0,"ok"),
+#   (1,"User ID mismatch.  This program must be run as user 'www'"),
+#   (2,"Error. Too many other simultaneous password change requests being made."),
+#   (3,"Error. Only one line should be entered into standard input."),
+#   (4,"Error. This program needs just 1 command-line argument (username).") )
 
 # Security
 $ENV{'PATH'}=""; # Nullify path information.
@@ -75,12 +85,14 @@ if (@ARGV==1) {
 }
 elsif (@ARGV) {
     print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
+    unlink('/tmp/lock_lcpasswd');
     exit 2;
 }
 else {
     @input=<>;
     if (@input!=1) {
 	print("Error. Only one line should be entered into standard input.\n") unless $noprint;
+	unlink('/tmp/lock_lcpasswd');
 	exit 3;
     }
     map {chop} @input;
@@ -89,12 +101,19 @@ else {
 my ($username)=@input;
 $username=~/^(\w+)$/;
 my $safeusername=$1;
+if ($username ne $safeusername) {
+    print "Error. The user name specified has invalid characters.\n";
+    unlink('/tmp/lock_lcpasswd');
+    exit 9;
+}
 
 &enable_root_capability;
 
 # By using the system userdel command:
 # Remove entry from /etc/passwd if it exists
 # Remove entry from /etc/groups if it exists
+# I surround with groupdel command to make absolutely sure the group definition disappears.
+system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message
 system('/usr/sbin/userdel 2>/dev/null',$safeusername); # ignore error message
 system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message
 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>