loncom/lcuseradd - diff

Return to lcuseradd CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.20 and 1.25.2.2

version 1.20, 2002/04/27 13:10:47	version 1.25.2.2, 2004/09/02 19:04:53
Line 5	Line 5
# lcuseradd - LON-CAPA setuid script to coordinate all actions	# lcuseradd - LON-CAPA setuid script to coordinate all actions
# with adding a user with filesystem privileges (e.g. author)	# with adding a user with filesystem privileges (e.g. author)
#	#
# YEAR=2000
# 10/27,10/29,10/30 Scott Harrison
# YEAR=2001
# 10/21,11/13,11/15 Scott Harrison
# YEAR=2002	# YEAR=2002
# May 19, 2002 Ron Fox	# May 19, 2002 Ron Fox
# - Removed creation of the pulic_html directory. This directory	# - Removed creation of the pulic_html directory. This directory
Line 120 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}	Line 116 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
# Do not print error messages.	# Do not print error messages.
my $noprint=1;	my $noprint=1;

	print "In lcuseradd\n" unless $noprint;

# ----------------------------- Make sure this process is running from user=www	# ----------------------------- Make sure this process is running from user=www
my $wwwid=getpwnam('www');	my $wwwid=getpwnam('www');
&disable_root_capability;	&disable_root_capability;
Line 162 else {	Line 160 else {
}	}

my ($username,$password1,$password2)=@input;	my ($username,$password1,$password2)=@input;
	print "Username = ".$username."\n" unless $noprint;
$username=~/^(\w+)$/;	$username=~/^(\w+)$/;
	print "Username after substitution - ".$username unless $noprint;
my $safeusername=$1;	my $safeusername=$1;
	print "Safe username = $safeusername \n" unless $noprint;

if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {	if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {
print "Error. The user name specified has invalid characters.\n"	print "Error. The user name specified $username $safeusername has invalid characters.\n"
unless $noprint;	unless $noprint;
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
exit 9;	exit 9;
Line 187 if (-e "/home/$safeusername") {	Line 189 if (-e "/home/$safeusername") {
}	}

# -- Only add user if the two password arguments match.	# -- Only add user if the two password arguments match.

if ($password1 ne $password2) {	if ($password1 ne $password2) {
print "Error. Password mismatch.\n" unless $noprint;	print "Error. Password mismatch.\n" unless $noprint;
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
exit 13;	exit 13;
}	}
	print "enabling root\n" unless $noprint;
# ---------------------------------- Start running script with root permissions	# ---------------------------------- Start running script with root permissions
&enable_root_capability;	&enable_root_capability;

# ------------------- Add user and make www a member of the user-specific group	# ------------------- Add user and make www a member of the user-specific group
# -- Add user	# -- Add user
if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
	print "adding user: $safeusername \n" unless $noprint;
	my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);
	if ($status) {
print "Error. Something went wrong with the addition of user ".	print "Error. Something went wrong with the addition of user ".
"\"$safeusername\".\n" unless $noprint;	"\"$safeusername\".\n" unless $noprint;
	print "Final status of useradd = $status";
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
exit 12;	exit 12;
}	}
	print "Done adding user\n" unless $noprint;
# Make www a member of that user group.	# Make www a member of that user group.
my $groups=`/usr/bin/groups www` or exit(6);	my $groups=`/usr/bin/groups www` or exit(6);
	# untaint
	my ($safegroups)=($groups=~/:\s*([\s\w]+)/);
	$groups=$safegroups;
chomp $groups; $groups=~s/^\S+\s+\:\s+//;	chomp $groups; $groups=~s/^\S+\s+\:\s+//;
my @grouplist=split(/\s+/,$groups);	my @grouplist=split(/\s+/,$groups);
my @ugrouplist=grep {!/www\|$safeusername/} @grouplist;	my @ugrouplist=grep {!/www\|$safeusername/} @grouplist;
my $gl=join(',',(@ugrouplist,$safeusername));	my $gl=join(',',(@ugrouplist,$safeusername));
	print "Putting user in its own group\n" unless $noprint;
if (system('/usr/sbin/usermod','-G',$gl,'www')) {	if (system('/usr/sbin/usermod','-G',$gl,'www')) {
print "Error. Could not make www a member of the group ".	print "Error. Could not make www a member of the group ".
"\"$safeusername\".\n" unless $noprint;	"\"$safeusername\".\n" unless $noprint;
Line 224 if (system('/usr/sbin/usermod','-G',$gl,	Line 235 if (system('/usr/sbin/usermod','-G',$gl,
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
&disable_root_capability;	&disable_root_capability;
($>,$<)=($wwwid,$wwwid);	($>,$<)=($wwwid,$wwwid);
	print "Opening lcpasswd pipeline\n" unless $noprint;
open OUT,"\|/home/httpd/perl/lcpasswd";	open OUT,"\|/home/httpd/perl/lcpasswd";
print OUT $safeusername;	print OUT $safeusername;
print OUT "\n";	print OUT "\n";
Line 233 print OUT $password1;	Line 245 print OUT $password1;
print OUT "\n";	print OUT "\n";
close OUT;	close OUT;
if ($?) {	if ($?) {
	print "abnormal exit from close lcpasswd\n" unless $noprint;
exit 8;	exit 8;
}	}
($>,$<)=($wwwid,0);	($>,$<)=($wwwid,0);
Line 244 if ($?) {	Line 257 if ($?) {
# ------------------------------ Make final modifications to the user directory	# ------------------------------ Make final modifications to the user directory
# -- Add a public_html file with a stand-in index.html file	# -- Add a public_html file with a stand-in index.html file

# system('/bin/chmod','-R','0660',"/home/$safeusername");	system('/bin/chmod','-R','0660',"/home/$safeusername");
#system('/bin/chmod','0710',"/home/$safeusername");	system('/bin/chmod','0710',"/home/$safeusername");
#mkdir "/home/$safeusername/public_html",0755;	mkdir "/home/$safeusername/public_html",0755;
#system('/bin/chmod','02770',"/home/$safeusername/public_html");	system('/bin/chmod','02770',"/home/$safeusername/public_html");
#open OUT,">/home/$safeusername/public_html/index.html";	open OUT,">/home/$safeusername/public_html/index.html";
#print OUT<<END;	print OUT<<END;
#<html>	<html>
#<head>	<head>
#<title>$safeusername</title>	<title>$safeusername</title>
#</head>	</head>
#<body>	<body>
#<h1>$safeusername</h1>	<h1>Construction Space</h1>
#<p>	<h3>$safeusername</h3>
#Learning Online Network	</body>
#</p>	</html>
#<p>	END
#This area provides for:	close OUT;
#</p>
#<ul>
#<li>resource construction</li>
#<li>resource publication</li>
#<li>record-keeping</li>
#</ul>
#</body>
#</html>
#END
#close OUT;

	print "lcuseradd ownership\n" unless $noprint;
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");	system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
	# ---------------------------------------------------- Gracefull Apache Restart
	if (-e '/var/run/httpd.pid') {
	print "lcuseradd Apache restart\n" unless $noprint;
	open(PID,'/var/run/httpd.pid');
	my $pid=<PID>;
	close(PID);
	my ($safepid)=($pid=~s/(\D+)//g);
	if ($pid) {
	system('kill','-USR1',"$safepid");
	}
	}
# -------------------------------------------------------- Exit script	# -------------------------------------------------------- Exit script
	print "lcuseradd exiting\n" unless $noprint;
&disable_root_capability;	&disable_root_capability;
exit 0;	exit 0;

# ---------------------------------------------- Have setuid script run as root	# ---------------------------------------------- Have setuid script run as root
sub enable_root_capability {	sub enable_root_capability {
if ($wwwid==$>) {	if ($wwwid==$>) {
($<,$>)=($>,$<);	($<,$>)=($>,0);
($(,$))=($),$();	($(,$))=($),0);
}	}
else {	else {
# root capability is already enabled	# root capability is already enabled

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.20
changed lines
	Added in v.1.25.2.2