File:
[LON-CAPA] /
loncom /
lcuserdel
Revision
1.4:
download - view:
text,
annotated -
select for diffs
Sat Oct 28 19:22:19 2000 UTC (23 years, 8 months ago) by
harris41
Branches:
MAIN
CVS tags:
HEAD
lcpasswd should be in a workable mode now. I replaced some "'s with ' characters
to make code more efficient (avoid interpolation). the outline of lcuserdel is in place
now. -Scott
1: #!/usr/bin/perl
2: #
3: # lcuserdel
4: #
5: # Scott Harrison
6: # SH: October 27, 2000
7: # SH: October 28, 2000
8:
9: use strict;
10:
11: # This script is a setuid script (chmod 6755) that should
12: # be run by user 'www'. It DOES NOT delete directories.
13: # All it does is remove a user's entries from
14: # /etc/passwd, /etc/groups, and /etc/smbpasswd.
15:
16: # This script works under the same process control mechanism
17: # as lcuseradd and lcpasswd, to make sure that only one of these
18: # processes is running at any one time on the system.
19:
20: # Standard input usage
21: # First line is USERNAME
22:
23: # Command-line arguments [USERNAME]
24: # Yes, but be very careful here (don't pass shell commands)
25: # and this is only supported to allow perl-system calls.
26:
27: # Usage within code
28: #
29: # $exitcode=system("/home/httpd/perl/lcuserdel","NAME")/256;
30: # print "uh-oh" if $exitcode;
31:
32: # These are the exit codes.
33:
34: # Security
35: $ENV{'PATH'}=""; # Nullify path information.
36: $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
37:
38: # Do not print error messages if there are command-line arguments
39: my $noprint=0;
40: if (@ARGV) {
41: $noprint=1;
42: }
43:
44: # Read in /etc/passwd, and make sure this process is running from user=www
45: open (IN, "</etc/passwd");
46: my @lines=<IN>;
47: close IN;
48: my $wwwid;
49: for my $l (@lines) {
50: chop $l;
51: my @F=split(/\:/,$l);
52: if ($F[0] eq 'www') {$wwwid=$F[2];}
53: }
54: if ($wwwid!=$<) {
55: print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint;
56: exit 1;
57: }
58: &disable_root_capability;
59:
60: # Handle case of another lcpasswd process
61: unless (&try_to_lock("/tmp/lock_lcpasswd")) {
62: print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint;
63: exit 4;
64: }
65:
66: # Gather input. Should only be 1 value (user name).
67: my @input;
68: if (@ARGV==1) {
69: @input=@ARGV;
70: }
71: elsif (@ARGV) {
72: print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
73: exit 2;
74: }
75: else {
76: @input=<>;
77: if (@input!=1) {
78: print("Error. Only one line should be entered into standard input.\n") unless $noprint;
79: exit 3;
80: }
81: map {chop} @input;
82: }
83:
84: my ($username)=@input;
85: $username=~/^(\w+)$/;
86: my $safeusername=$1;
87:
88: # By using the system userdel command:
89: # Remove entry from /etc/passwd if it exists
90: # Remove entry from /etc/groups if it exists
91: system('/usr/sbin/userdel',$safeusername);
92:
93: # Remove entry from /etc/smbpasswd if it exists
94:
95: # Move directory from /home/username to /home/username.1
96:
97: # Change ownership on directory from username:username to www:www
98: # This prevents subsequently added users from having access.
99:
100:
101: &disable_root_capability;
102: unlink("/tmp/lock_lcpasswd");
103: exit 0;
104:
105: # ----------------------------------------------------------- have setuid script run as root
106: sub enable_root_capability {
107: if ($wwwid==$>) {
108: ($<,$>)=($>,$<);
109: ($(,$))=($),$();
110: }
111: else {
112: # root capability is already enabled
113: }
114: return $>;
115: }
116:
117: # ----------------------------------------------------------- have setuid script run as www
118: sub disable_root_capability {
119: if ($wwwid==$<) {
120: ($<,$>)=($>,$<);
121: ($(,$))=($),$();
122: }
123: else {
124: # root capability is already disabled
125: }
126: }
127:
128: # ----------------------------------- make sure that another lcpasswd process isn't running
129: sub try_to_lock {
130: my ($lockfile)=@_;
131: my $currentpid;
132: my $lastpid;
133: # Do not manipulate lock file as root
134: if ($>==0) {
135: return 0;
136: }
137: # Try to generate lock file.
138: # Wait 3 seconds. If same process id is in
139: # lock file, then assume lock file is stale, and
140: # go ahead. If process id's fluctuate, try
141: # for a maximum of 10 times.
142: for (0..10) {
143: if (-e $lockfile) {
144: open(LOCK,"<$lockfile");
145: $currentpid=<LOCK>;
146: close LOCK;
147: if ($currentpid==$lastpid) {
148: last;
149: }
150: sleep 3;
151: $lastpid=$currentpid;
152: }
153: else {
154: last;
155: }
156: if ($_==10) {
157: return 0;
158: }
159: }
160: open(LOCK,">$lockfile");
161: print LOCK $$;
162: close LOCK;
163: return 1;
164: }
165:
166:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>