|
version 1.4, 2000/10/28 19:22:19
|
version 1.16, 2007/08/22 19:53:22
|
|
Line 2
|
Line 2
|
| # |
# |
| # lcuserdel |
# lcuserdel |
| # |
# |
| # Scott Harrison |
|
| # SH: October 27, 2000 |
|
| # SH: October 28, 2000 |
|
| |
|
| use strict; |
use strict; |
| |
|
| |
# $Id$ |
| |
|
| # This script is a setuid script (chmod 6755) that should |
# This script is a setuid script (chmod 6755) that should |
| # be run by user 'www'. It DOES NOT delete directories. |
# be run by user 'www'. It DOES NOT delete directories. |
| # All it does is remove a user's entries from |
# All it does is remove a user's entries from |
| # /etc/passwd, /etc/groups, and /etc/smbpasswd. |
# /etc/passwd, /etc/groups, and /etc/smbpasswd. |
| |
# It also disables user directory access by making the directory |
| |
# to be owned by user=www (as opposed to the former "username"). |
| |
# This command only returns an error if it is |
| |
# invoked incorrectly (by passing bad command-line arguments, etc). |
| |
|
| # This script works under the same process control mechanism |
# This script works under the same process control mechanism |
| # as lcuseradd and lcpasswd, to make sure that only one of these |
# as lcuseradd and lcpasswd, to make sure that only one of these |
|
Line 20 use strict;
|
Line 23 use strict;
|
| # Standard input usage |
# Standard input usage |
| # First line is USERNAME |
# First line is USERNAME |
| |
|
| |
# Valid user names must consist of ascii |
| |
# characters that are alphabetical characters |
| |
# (A-Z,a-z), numeric (0-9), or the underscore |
| |
# mark (_). (Essentially, the perl regex \w). |
| |
|
| # Command-line arguments [USERNAME] |
# Command-line arguments [USERNAME] |
| # Yes, but be very careful here (don't pass shell commands) |
# Yes, but be very careful here (don't pass shell commands) |
| # and this is only supported to allow perl-system calls. |
# and this is only supported to allow perl-system calls. |
|
Line 30 use strict;
|
Line 38 use strict;
|
| # print "uh-oh" if $exitcode; |
# print "uh-oh" if $exitcode; |
| |
|
| # These are the exit codes. |
# These are the exit codes. |
| |
# ( (0,"ok"), |
| |
# (1,"User ID mismatch. This program must be run as user 'www'"), |
| |
# (2,"Error. This program needs just 1 command-line argument (username).") ) |
| |
# (3,"Error. Only one line should be entered into standard input."), |
| |
# (4,"Error. Too many other simultaneous password change requests being made."), |
| |
# (5,"Error. The user name specified has invalid characters.") ) |
| |
|
| # Security |
# Security |
| $ENV{'PATH'}=""; # Nullify path information. |
$ENV{'PATH'}=""; # Nullify path information. |
|
Line 70 if (@ARGV==1) {
|
Line 84 if (@ARGV==1) {
|
| } |
} |
| elsif (@ARGV) { |
elsif (@ARGV) { |
| print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint; |
print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint; |
| |
unlink('/tmp/lock_lcpasswd'); |
| exit 2; |
exit 2; |
| } |
} |
| else { |
else { |
| @input=<>; |
@input=<>; |
| if (@input!=1) { |
if (@input!=1) { |
| print("Error. Only one line should be entered into standard input.\n") unless $noprint; |
print("Error. Only one line should be entered into standard input.\n") unless $noprint; |
| |
unlink('/tmp/lock_lcpasswd'); |
| exit 3; |
exit 3; |
| } |
} |
| map {chop} @input; |
map {chop} @input; |
|
Line 84 else {
|
Line 100 else {
|
| my ($username)=@input; |
my ($username)=@input; |
| $username=~/^(\w+)$/; |
$username=~/^(\w+)$/; |
| my $safeusername=$1; |
my $safeusername=$1; |
| |
if ($username ne $safeusername) { |
| |
print "Error. The user name specified has invalid characters.\n"; |
| |
unlink('/tmp/lock_lcpasswd'); |
| |
exit 5; |
| |
} |
| |
|
| |
&enable_root_capability; |
| |
|
| # By using the system userdel command: |
# By using the system userdel command: |
| # Remove entry from /etc/passwd if it exists |
# Remove entry from /etc/passwd if it exists |
| # Remove entry from /etc/groups if it exists |
# Remove entry from /etc/groups if it exists |
| system('/usr/sbin/userdel',$safeusername); |
# I surround with groupdel command to make absolutely sure the group definition disappears. |
| |
system('/usr/sbin/groupdel',$safeusername); # ignore error message |
| |
system('/usr/sbin/userdel',$safeusername); # ignore error message |
| |
system('/usr/sbin/groupdel',$safeusername); # ignore error message |
| |
|
| # Remove entry from /etc/smbpasswd if it exists |
# Remove entry from /etc/smbpasswd if it exists |
| |
# the safest way to do this is with smbpasswd -x |
| |
# as that's independent of location of the smbpasswd file. |
| |
# |
| |
if (-e '/usr/bin/smbpasswd') { |
| |
($>,$<) = (0,0); # fool smbpasswd to think this is not setuid. |
| |
system('/usr/bin/smbpasswd -x '.$safeusername); |
| |
$< = $wwwid; |
| |
} |
| |
|
| # Move directory from /home/username to /home/username.1 |
|
| |
|
| # Change ownership on directory from username:username to www:www |
# Change ownership on directory from username:username to www:www |
| # This prevents subsequently added users from having access. |
# This prevents subsequently added users from having access. |
| |
|
| |
system('/bin/chown','-R','www:www',"/home/$safeusername"); |
| |
|
| &disable_root_capability; |
&disable_root_capability; |
| unlink("/tmp/lock_lcpasswd"); |
unlink("/tmp/lock_lcpasswd"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to lcuserdel CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom