loncom/lcuseradd - diff

Return to lcuseradd CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/Attic/lcuseradd between versions 1.34 and 1.39

version 1.34, 2005/01/26 12:13:58	version 1.39, 2006/08/25 21:25:22
Line 32	Line 32
###############################################################################	###############################################################################

use strict;	use strict;
	use File::Find;


# ------------------------------------------------------- Description of script	# ------------------------------------------------------- Description of script
#	#
Line 107 use strict;	Line 109 use strict;
# (12,"Error. Something went wrong with the addition of user ".	# (12,"Error. Something went wrong with the addition of user ".
# "\"$safeusername\"."),	# "\"$safeusername\"."),
# (13,"Error. Password mismatch."),	# (13,"Error. Password mismatch."),
# (14, "Error filename is invalid")	# (14, "Error filename is invalid"),
	# (15, "Error. Could not add home directory.")

# ------------------------------------------------------------- Initializations	# ------------------------------------------------------------- Initializations
# Security	# Security
Line 118 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}	Line 121 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
# Do not print error messages.	# Do not print error messages.
my $noprint=1;	my $noprint=1;

# Error file:

my $error_file; # This is either the error file name or undef.

print "In lcuseradd\n" unless $noprint;	print "In lcuseradd\n" unless $noprint;

# ----------------------------- Make sure this process is running from user=www	# ----------------------------- Make sure this process is running from user=www
Line 239 print "enabling root\n" unless $noprint;	Line 238 print "enabling root\n" unless $noprint;
# ---------------------------------- Start running script with root permissions	# ---------------------------------- Start running script with root permissions
&enable_root_capability;	&enable_root_capability;

# ------------------- Add user and make www a member of the user-specific group	# ------------------- Add group and user, and make www a member of the group
	# -- Add group

	print "adding group: $safeusername \n" unless $noprint;
	my $status = system('/usr/sbin/groupadd', $safeusername);
	if ($status) {
	print "Error. Something went wrong with the addition of group ".
	"\"$safeusername\".\n" unless $noprint;
	print "Final status of groupadd = $status\n";
	unlink('/tmp/lock_lcpasswd');
	&Exit(12);
	}
	my $gid = getgrnam($safeusername);

# -- Add user	# -- Add user

print "adding user: $safeusername \n" unless $noprint;	print "adding user: $safeusername \n" unless $noprint;
my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);	my $status = system('/usr/sbin/useradd','-c','LON-CAPA user','-g',$gid,$safeusername);
if ($status) {	if ($status) {
print "Error. Something went wrong with the addition of user ".	print "Error. Something went wrong with the addition of user ".
"\"$safeusername\".\n" unless $noprint;	"\"$safeusername\".\n" unless $noprint;
print "Final status of useradd = $status";	system("/usr/sbin/groupdel $safeusername");
	print "Final status of useradd = $status\n";
unlink('/tmp/lock_lcpasswd');	unlink('/tmp/lock_lcpasswd');
&Exit(12);	&Exit(12);
}	}

print "Done adding user\n" unless $noprint;	print "Done adding user\n" unless $noprint;
# Make www a member of that user group.	# Make www a member of that user group.
my $groups=`/usr/bin/groups www` or &Exit(6);	my $groups=`/usr/bin/groups www` or &Exit(6);
Line 261 chomp $groups; $groups=~s/^\S+\s+\:\s+//	Line 275 chomp $groups; $groups=~s/^\S+\s+\:\s+//
my @grouplist=split(/\s+/,$groups);	my @grouplist=split(/\s+/,$groups);
my @ugrouplist=grep {!/www\|$safeusername/} @grouplist;	my @ugrouplist=grep {!/www\|$safeusername/} @grouplist;
my $gl=join(',',(@ugrouplist,$safeusername));	my $gl=join(',',(@ugrouplist,$safeusername));
print "Putting user in its own group\n" unless $noprint;	print "Putting www in user's group\n" unless $noprint;
if (system('/usr/sbin/usermod','-G',$gl,'www')) {	if (system('/usr/sbin/usermod','-G',$gl,'www')) {
print "Error. Could not make www a member of the group ".	print "Error. Could not make www a member of the group ".
"\"$safeusername\".\n" unless $noprint;	"\"$safeusername\".\n" unless $noprint;
Line 291 if ($?) {	Line 305 if ($?) {
($>,$<)=($wwwid,0);	($>,$<)=($wwwid,0);
&enable_root_capability;	&enable_root_capability;

# -- Don't add public_html... that can be added either by the user	# Check if home directory exists for user
# or by lchtmldir when the user is granted an authorship role.	# If not, create one.
	if (!-e "/home/$safeusername") {
	if (!mkdir("/home/$safeusername",0710)) {
	print "Error. Could not add home directory for ".
	"\"$safeusername\".\n" unless $noprint;
	unlink('/tmp/lock_lcpasswd');
	&Exit(15);
	}
	}

# ------------------------------ Make final modifications to the user directory	# ------------------------------ Make final modifications to the user directory
# -- Add a public_html file with a stand-in index.html file	# -- Add a public_html file with a stand-in index.html file

system('/bin/chmod','-R','0660',"/home/$safeusername");	if (-d "/home/$safeusername") {
system('/bin/chmod','0710',"/home/$safeusername");	system('/bin/chmod','-R','0660',"/home/$safeusername");
mkdir "/home/$safeusername/public_html",0755;	system('/bin/chmod','0710',"/home/$safeusername");
system('/bin/chmod','02770',"/home/$safeusername/public_html");	mkdir "/home/$safeusername/public_html",0755;
open OUT,">/home/$safeusername/public_html/index.html";	open OUT,">/home/$safeusername/public_html/index.html";
print OUT<<END;	print OUT<<END;
<html>	<html>
<head>	<head>
<title>$safeusername</title>	<title>$safeusername</title>
Line 314 print OUT<<END;	Line 336 print OUT<<END;
</html>	</html>
END	END
close OUT;	close OUT;
system('/bin/chmod','0660', "/home/$safeusername/public_html/index.html");	}

#	#
# In order to allow the loncapa daemons appropriate access	# In order to allow the loncapa daemons appropriate access
# to public_html, Top level and public_html directories should	# to public_html, Top level and public_html directories should
# be owned by safeusername:safeusername as should the smaple index.html..	# be owned by safeusername:safeusername as should the smaple index.html..
print "lcuseradd ownership\n" unless $noprint;	print "lcuseradd ownership\n" unless $noprint;
system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything.	system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything.
	&set_public_html_permissions("/home/$safeusername/public_html");
# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level...	# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level...
# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir.	# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir.
# ---------------------------------------------------- Gracefull Apache Restart	# ---------------------------------------------------- Gracefull Apache Restart
Line 329 if (-e '/var/run/httpd.pid') {	Line 353 if (-e '/var/run/httpd.pid') {
open(PID,'/var/run/httpd.pid');	open(PID,'/var/run/httpd.pid');
my $pid=<PID>;	my $pid=<PID>;
close(PID);	close(PID);
my ($safepid)= $pid=~ /(\D+)/;	$pid=~ /(\D+)/;
	my $safepid = $1;
if ($pid) {	if ($pid) {
system('kill','-USR1',"$safepid");	system('kill','-USR1',"$safepid");
}	}
Line 396 sub try_to_lock {	Line 421 sub try_to_lock {
close LOCK;	close LOCK;
return 1;	return 1;
}	}
	# Called by File::Find::find for each file examined.
	#
	# Untaint the file and, if it is a directory,
	# chmod it to 02770
	#
	sub set_permission {
	$File::Find::name =~ /^(.*)$/;
	my $safe_name = $1; # Untainted filename...

	print "$safe_name" unless $noprint;
	if(-d $safe_name) {
	print " - directory" unless $noprint;
	chmod(02770, $safe_name);
	}
	print "\n" unless $noprint;

	}
	#
	# Set up the correct permissions for all files in the
	# user's public htmldir. We just do a chmod -R 0660 ... for
	# the ordinary files. The we use File::Find
	# to pop through the directory tree changing directories only
	# to 02770:
	#
	sub set_public_html_permissions {
	my ($topdir) = @_;

	# Set the top level dir permissions (I'm not sure if find
	# will enumerate it specifically), correctly and all
	# files and dirs to the 'ordinary' file permissions:

	system("chmod -R 0660 $topdir");
	chmod(02770, $topdir);

	# Now use find to locate all directories under $topdir
	# and set their modes to 02770...
	#
	print "Find file\n " unless $noprint;
	File::Find::find({"untaint" => 1,
	"untaint_pattern" => qr(/^(.*)$/),
	"untaint_skip" => 1,
	"no_chdir" => 1,
	"wanted" => \&set_permission }, "$topdir");


	}

#-------------------------- Exit...	#-------------------------- Exit...
#	#
# Write the file if the error_file is defined. Regardless	# Write the file if the error_file is defined. Regardless
Line 404 sub try_to_lock {	Line 476 sub try_to_lock {
sub Exit {	sub Exit {
my ($code) = @_; # Status code.	my ($code) = @_; # Status code.

	# TODO: Ensure the error file is owned/deletable by www:www:

	&disable_root_capability(); # We run unprivileged to write the error file.

print "Exiting with status $code error file is $error_file\n" unless $noprint;	print "Exiting with status $code error file is $error_file\n" unless $noprint;
if($error_file) {	if($error_file) {
open(FH, ">$error_file");	open(FH, ">$error_file");

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.34
changed lines
	Added in v.1.39