[BACK]Return to lcuseradd CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.16 and 1.25.2.1

version 1.16, 2001/11/15 19:08:00 version 1.25.2.1, 2004/08/05 21:01:20
Line 5 Line 5
 # lcuseradd - LON-CAPA setuid script to coordinate all actions  # lcuseradd - LON-CAPA setuid script to coordinate all actions
 #             with adding a user with filesystem privileges (e.g. author)  #             with adding a user with filesystem privileges (e.g. author)
 #  #
 # YEAR=2000  # YEAR=2002
 # 10/27,10/29,10/30 Scott Harrison  #   May 19, 2002 Ron Fox
 # YEAR=2001  #      - Removed creation of the pulic_html directory.  This directory
 # 10/21,11/13,11/15 Scott Harrison  #        can now be added in two ways:
   #        o The user can add it themselves if they want some local web
   #          space which may or may not contain construction items.
   #        o LonCapa will add it if/when the user is granted an Author
   #          role.
 #  #
 # $Id$  # $Id$
 ###  ###
Line 40  use strict; Line 44  use strict;
 # ------------------------------------------------------- Description of script  # ------------------------------------------------------- Description of script
 #  #
 # This script is a setuid script that should  # This script is a setuid script that should
 # be run by user 'www'.  It creates a /home/USERNAME directory  # be run by user 'www'.  It creates a /home/USERNAME directory.
 # as well as a /home/USERNAME/public_html directory.  
 # It adds a user to the unix system.  # It adds a user to the unix system.
 # Passwords are set with lcpasswd.  # Passwords are set with lcpasswd.
 # www becomes a member of this user group.  # www becomes a member of this user group.
Line 113  delete @ENV{qw(IFS CDPATH ENV BASH_ENV)} Line 116  delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
 # Do not print error messages.  # Do not print error messages.
 my $noprint=1;  my $noprint=1;
   
   print "In lcuseradd\n" unless $noprint;
   
 # ----------------------------- Make sure this process is running from user=www  # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');  my $wwwid=getpwnam('www');
 &disable_root_capability;  &disable_root_capability;
Line 151  else { Line 156  else {
  unlink('/tmp/lock_lcpasswd');   unlink('/tmp/lock_lcpasswd');
  exit 3;   exit 3;
     }      }
     map {chomp} @input;      foreach (@input) {chomp;}
 }  }
   
 my ($username,$password1,$password2)=@input;  my ($username,$password1,$password2)=@input;
   print "Username = ".$username."\n" unless $noprint;
 $username=~/^(\w+)$/;  $username=~/^(\w+)$/;
   print "Username after substitution - ".$username unless $noprint;
 my $safeusername=$1;  my $safeusername=$1;
   print "Safe username = $safeusername \n" unless $noprint;
   
 if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {  if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {
     print "Error. The user name specified has invalid characters.\n"      print "Error. The user name specified $username $safeusername  has invalid characters.\n"
  unless $noprint;   unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 9;      exit 9;
 }  }
 my $pbad=0;  my $pbad=0;
 map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password1));  foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password2));  foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 if ($pbad) {  if ($pbad) {
     print "Error. A password entry had an invalid character.\n";      print "Error. A password entry had an invalid character.\n";
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
Line 180  if (-e "/home/$safeusername") { Line 189  if (-e "/home/$safeusername") {
 }  }
   
 # -- Only add user if the two password arguments match.  # -- Only add user if the two password arguments match.
   
 if ($password1 ne $password2) {  if ($password1 ne $password2) {
     print "Error. Password mismatch.\n" unless $noprint;      print "Error. Password mismatch.\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 13;      exit 13;
 }  }
   print "enabling root\n" unless $noprint;
 # ---------------------------------- Start running script with root permissions  # ---------------------------------- Start running script with root permissions
 &enable_root_capability;  &enable_root_capability;
   
 # ------------------- Add user and make www a member of the user-specific group  # ------------------- Add user and make www a member of the user-specific group
 # -- Add user  # -- Add user
 if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {  
   print "adding user: $safeusername \n" unless $noprint;
   my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);
   if ($status) {
     print "Error.  Something went wrong with the addition of user ".      print "Error.  Something went wrong with the addition of user ".
   "\"$safeusername\".\n" unless $noprint;    "\"$safeusername\".\n" unless $noprint;
       print "Final status of useradd = $status";
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
     exit 12;      exit 12;
 }  }
   print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.  # Make www a member of that user group.
 if (system('/usr/sbin/usermod','-G',$safeusername,'www')) {  my $groups=`/usr/bin/groups www` or exit(6);
   # untaint
   my ($safegroups)=($groups=~/([\s\w]+)/);
   $groups=$safegroups;
   chomp $groups; $groups=~s/^\S+\s+\:\s+//;
   my @grouplist=split(/\s+/,$groups);
   my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
   my $gl=join(',',(@ugrouplist,$safeusername));
   print "Putting user in its own group\n" unless $noprint;
   if (system('/usr/sbin/usermod','-G',$gl,'www')) {
     print "Error. Could not make www a member of the group ".      print "Error. Could not make www a member of the group ".
   "\"$safeusername\".\n" unless $noprint;    "\"$safeusername\".\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');      unlink('/tmp/lock_lcpasswd');
Line 212  if (system('/usr/sbin/usermod','-G',$saf Line 235  if (system('/usr/sbin/usermod','-G',$saf
 unlink('/tmp/lock_lcpasswd');  unlink('/tmp/lock_lcpasswd');
 &disable_root_capability;  &disable_root_capability;
 ($>,$<)=($wwwid,$wwwid);  ($>,$<)=($wwwid,$wwwid);
   print "Opening lcpasswd pipeline\n" unless $noprint;
 open OUT,"|/home/httpd/perl/lcpasswd";  open OUT,"|/home/httpd/perl/lcpasswd";
 print OUT $safeusername;  print OUT $safeusername;
 print OUT "\n";  print OUT "\n";
Line 220  print OUT "\n"; Line 244  print OUT "\n";
 print OUT $password1;  print OUT $password1;
 print OUT "\n";  print OUT "\n";
 close OUT;  close OUT;
 ($>,$<)=($wwwid,0);  
 if ($?) {  if ($?) {
       print "abnormal exit from close lcpasswd\n" unless $noprint;
     exit 8;      exit 8;
 }  }
   ($>,$<)=($wwwid,0);
 &enable_root_capability;  &enable_root_capability;
   
   # -- Don't add public_html... that can be added either by the user
   #    or by lchtmldir when the user is granted an authorship role.
   
 # ------------------------------ Make final modifications to the user directory  # ------------------------------ Make final modifications to the user directory
 # -- Add a public_html file with a stand-in index.html file  # -- Add a public_html file with a stand-in index.html file
   
 # system('/bin/chmod','-R','0660',"/home/$safeusername");   system('/bin/chmod','-R','0660',"/home/$safeusername");
 system('/bin/chmod','0710',"/home/$safeusername");  system('/bin/chmod','0710',"/home/$safeusername");
 mkdir "/home/$safeusername/public_html",2760;  mkdir "/home/$safeusername/public_html",0755;
   system('/bin/chmod','02770',"/home/$safeusername/public_html");
 open OUT,">/home/$safeusername/public_html/index.html";  open OUT,">/home/$safeusername/public_html/index.html";
 print OUT<<END;  print OUT<<END;
 <html>  <html>
Line 239  print OUT<<END; Line 268  print OUT<<END;
 <title>$safeusername</title>  <title>$safeusername</title>
 </head>  </head>
 <body>  <body>
 <h1>$safeusername</h1>  <h1>Construction Space</h1>
 <p>  <h3>$safeusername</h3>
 Learning Online Network  </body>
 </p>  </html>
 <p>  
 This area provides for:  
 </p>  
 <ul>  
 <li>resource construction</li>  
 <li>resource publication</li>  
 <li>record-keeping</li>  
 </UL>  
 </BODY>  
 </HTML>  
 END  END
 close OUT;  close OUT;
 system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");  
   
   print "lcuseradd ownership\n" unless $noprint;
   system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
   # ---------------------------------------------------- Gracefull Apache Restart
   if (-e '/var/run/httpd.pid') {
       print "lcuseradd Apache restart\n" unless $noprint;
       open(PID,'/var/run/httpd.pid');
       my $pid=<PID>;
       close(PID);
       my ($safepid)=($pid=~s/(\D+)//g);
       if ($pid) {
    system('kill','-USR1',"$safepid");
       }
   }
 # -------------------------------------------------------- Exit script  # -------------------------------------------------------- Exit script
   print "lcuseradd exiting\n" unless $noprint;
 &disable_root_capability;  &disable_root_capability;
 exit 0;  exit 0;
   
 # ---------------------------------------------- Have setuid script run as root  # ---------------------------------------------- Have setuid script run as root
 sub enable_root_capability {  sub enable_root_capability {
     if ($wwwid==$>) {      if ($wwwid==$>) {
  ($<,$>)=($>,$<);   ($<,$>)=($>,0);
  ($(,$))=($),$();   ($(,$))=($),0);
     }      }
     else {      else {
  # root capability is already enabled   # root capability is already enabled
Removed from v.1.16  
changed lines
  Added in v.1.25.2.1

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>