loncom/lcuseradd - diff

Return to lcuseradd CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.27 and 1.35

version 1.27, 2004/08/05 20:47:27	version 1.35, 2005/01/27 11:52:46
Line 32	Line 32
###############################################################################	###############################################################################

use strict;	use strict;
	use File::Find;


# ------------------------------------------------------- Description of script	# ------------------------------------------------------- Description of script
#	#
Line 147 unless (&try_to_lock("/tmp/lock_lcpasswd	Line 149 unless (&try_to_lock("/tmp/lock_lcpasswd
my @input;	my @input;
if (@ARGV>=3) {	if (@ARGV>=3) {
@input=@ARGV;	@input=@ARGV;
}	} elsif (@ARGV) {
elsif (@ARGV) {
print("Error. This program needs at least 3 command-line arguments (username, ".	print("Error. This program needs at least 3 command-line arguments (username, ".
"password 1, password 2 [errorfile]).\n") unless $noprint;	"password 1, password 2 [errorfile]).\n") unless $noprint;
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
&Exit(2);	&Exit(2);
}	} else {
else {
@input=<>;	@input=<>;
if (@input < 3) {	if (@input < 3) {
print("Error. At least three lines should be entered into standard input.\n")	print("Error. At least three lines should be entered into standard input.\n")
Line 208 if($error_file) {	Line 208 if($error_file) {
Exit(14);	Exit(14);
}	}

}	} else {
else {
$error_file="";	$error_file="";
print "Invalid error filename\n" unless $noprint;	print "Invalid error filename\n" unless $noprint;
Exit(14);	Exit(14);
Line 217 if($error_file) {	Line 216 if($error_file) {
}	}


# -- Only add user if we can create a brand new home directory (/home/username)	# -- Only add the user if they are >not< in /etc/passwd.
if (-e "/home/$safeusername") {	# Used to look for the ability to create a new directory for the
print "Error. User already exists.\n" unless $noprint;	# user, however that disallows authentication changes from i
	# internal->fs.. so just check the passwd file instead.
	#
	my $not_found = system("cut -d: -f1 /etc/passwd \| grep -q \"^$safeusername\$\" ");
	if (!$not_found) {
	print "Error user already exists\n" unless $noprint;
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
&Exit(11);	&Exit(11);
}	}



# -- Only add user if the two password arguments match.	# -- Only add user if the two password arguments match.

if ($password1 ne $password2) {	if ($password1 ne $password2) {
Line 251 print "Done adding user\n" unless $nopri	Line 257 print "Done adding user\n" unless $nopri
# Make www a member of that user group.	# Make www a member of that user group.
my $groups=`/usr/bin/groups www` or &Exit(6);	my $groups=`/usr/bin/groups www` or &Exit(6);
# untaint	# untaint
my ($safegroups)=($groups=~/([\s\w]+)/);	my ($safegroups)=($groups=~/:\s*([\s\w]+)/);
$groups=$safegroups;	$groups=$safegroups;
chomp $groups; $groups=~s/^\S+\s+\:\s+//;	chomp $groups; $groups=~s/^\S+\s+\:\s+//;
my @grouplist=split(/\s+/,$groups);	my @grouplist=split(/\s+/,$groups);
Line 296 if ($?) {	Line 302 if ($?) {
system('/bin/chmod','-R','0660',"/home/$safeusername");	system('/bin/chmod','-R','0660',"/home/$safeusername");
system('/bin/chmod','0710',"/home/$safeusername");	system('/bin/chmod','0710',"/home/$safeusername");
mkdir "/home/$safeusername/public_html",0755;	mkdir "/home/$safeusername/public_html",0755;
system('/bin/chmod','02770',"/home/$safeusername/public_html");
open OUT,">/home/$safeusername/public_html/index.html";	open OUT,">/home/$safeusername/public_html/index.html";
print OUT<<END;	print OUT<<END;
<html>	<html>
Line 311 print OUT<<END;	Line 316 print OUT<<END;
END	END
close OUT;	close OUT;

	#
	# In order to allow the loncapa daemons appropriate access
	# to public_html, Top level and public_html directories should
	# be owned by safeusername:safeusername as should the smaple index.html..
print "lcuseradd ownership\n" unless $noprint;	print "lcuseradd ownership\n" unless $noprint;
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");	system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything.
	&set_public_html_permissions("/home/$safeusername/public_html");
	# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level...
	# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir.
# ---------------------------------------------------- Gracefull Apache Restart	# ---------------------------------------------------- Gracefull Apache Restart
if (-e '/var/run/httpd.pid') {	if (-e '/var/run/httpd.pid') {
print "lcuseradd Apache restart\n" unless $noprint;	print "lcuseradd Apache restart\n" unless $noprint;
open(PID,'/var/run/httpd.pid');	open(PID,'/var/run/httpd.pid');
my $pid=<PID>;	my $pid=<PID>;
close(PID);	close(PID);
my ($safepid)=($pid=~s/(\D+)//g);	my $pid=~ /(\D+)/;
	my $safepid = $1;
if ($pid) {	if ($pid) {
system('kill','-USR1',"$safepid");	system('kill','-USR1',"$safepid");
}	}
Line 334 sub enable_root_capability {	Line 347 sub enable_root_capability {
if ($wwwid==$>) {	if ($wwwid==$>) {
($<,$>)=($>,0);	($<,$>)=($>,0);
($(,$))=($),0);	($(,$))=($),0);
}	} else {
else {
# root capability is already enabled	# root capability is already enabled
}	}
return $>;	return $>;
Line 346 sub disable_root_capability {	Line 358 sub disable_root_capability {
if ($wwwid==$<) {	if ($wwwid==$<) {
($<,$>)=($>,$<);	($<,$>)=($>,$<);
($(,$))=($),$();	($(,$))=($),$();
}	} else {
else {
# root capability is already disabled	# root capability is already disabled
}	}
}	}
Line 376 sub try_to_lock {	Line 387 sub try_to_lock {
}	}
sleep 3;	sleep 3;
$lastpid=$currentpid;	$lastpid=$currentpid;
}	} else {
else {
last;	last;
}	}
if ($_==10) {	if ($_==10) {
Line 389 sub try_to_lock {	Line 399 sub try_to_lock {
close LOCK;	close LOCK;
return 1;	return 1;
}	}
	# Called by File::Find::find for each file examined.
	#
	# Untaint the file and, if it is a directory,
	# chmod it to 02770
	#
	sub set_permission {
	$File::Find::name =~ /^(.*)$/;
	my $safe_name = $1; # Untainted filename...

	print "$safe_name" unless $noprint;
	if(-d $safe_name) {
	print " - directory" unless $noprint;
	chmod(02770, $safe_name);
	}
	print "\n" unless $noprint;

	}
	#
	# Set up the correct permissions for all files in the
	# user's public htmldir. We just do a chmod -R 0660 ... for
	# the ordinary files. The we use File::Find
	# to pop through the directory tree changing directories only
	# to 02770:
	#
	sub set_public_html_permissions {
	my ($topdir) = @_;

	# Set the top level dir permissions (I'm not sure if find
	# will enumerate it specifically), correctly and all
	# files and dirs to the 'ordinary' file permissions:

	system("chmod -R 0660 $topdir");
	chmod(02770, $topdir);

	# Now use find to locate all directories under $topdir
	# and set their modes to 02770...
	#
	print "Find file\n " unless $noprint;
	File::Find::find({"untaint" => 1,
	"untaint_pattern" => qr(/^(.*)$/),
	"untaint_skip" => 1,
	"no_chdir" => 1,
	"wanted" => \&set_permission }, "$topdir");


	}

#-------------------------- Exit...	#-------------------------- Exit...
#	#
# Write the file if the error_file is defined. Regardless	# Write the file if the error_file is defined. Regardless

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.27
changed lines
	Added in v.1.35