--- loncom/Attic/lcuseradd	2001/11/15 19:08:00	1.16
+++ loncom/Attic/lcuseradd	2004/08/05 21:01:20	1.25.2.1
@@ -5,12 +5,16 @@
 # lcuseradd - LON-CAPA setuid script to coordinate all actions
 #             with adding a user with filesystem privileges (e.g. author)
 #
-# YEAR=2000
-# 10/27,10/29,10/30 Scott Harrison
-# YEAR=2001
-# 10/21,11/13,11/15 Scott Harrison
+# YEAR=2002
+#   May 19, 2002 Ron Fox
+#      - Removed creation of the pulic_html directory.  This directory
+#        can now be added in two ways:
+#        o The user can add it themselves if they want some local web
+#          space which may or may not contain construction items.
+#        o LonCapa will add it if/when the user is granted an Author
+#          role.
 #
-# $Id: lcuseradd,v 1.16 2001/11/15 19:08:00 harris41 Exp $
+# $Id: lcuseradd,v 1.25.2.1 2004/08/05 21:01:20 albertel Exp $
 ###
 
 ###############################################################################
@@ -40,8 +44,7 @@ use strict;
 # ------------------------------------------------------- Description of script
 #
 # This script is a setuid script that should
-# be run by user 'www'.  It creates a /home/USERNAME directory
-# as well as a /home/USERNAME/public_html directory.
+# be run by user 'www'.  It creates a /home/USERNAME directory.
 # It adds a user to the unix system.
 # Passwords are set with lcpasswd.
 # www becomes a member of this user group.
@@ -113,6 +116,8 @@ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
 # Do not print error messages.
 my $noprint=1;
 
+print "In lcuseradd\n" unless $noprint;
+
 # ----------------------------- Make sure this process is running from user=www
 my $wwwid=getpwnam('www');
 &disable_root_capability;
@@ -151,21 +156,25 @@ else {
 	unlink('/tmp/lock_lcpasswd');
 	exit 3;
     }
-    map {chomp} @input;
+    foreach (@input) {chomp;}
 }
 
 my ($username,$password1,$password2)=@input;
+print "Username = ".$username."\n" unless $noprint;
 $username=~/^(\w+)$/;
+print "Username after substitution - ".$username unless $noprint;
 my $safeusername=$1;
+print "Safe username = $safeusername \n" unless $noprint;
+
 if (($username ne $safeusername) or ($safeusername!~/^[A-Za-z]/)) {
-    print "Error. The user name specified has invalid characters.\n"
+    print "Error. The user name specified $username $safeusername  has invalid characters.\n"
 	unless $noprint;
     unlink('/tmp/lock_lcpasswd');
     exit 9;
 }
 my $pbad=0;
-map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password1));
-map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password2));
+foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
+foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 if ($pbad) {
     print "Error. A password entry had an invalid character.\n";
     unlink('/tmp/lock_lcpasswd');
@@ -180,26 +189,40 @@ if (-e "/home/$safeusername") {
 }
 
 # -- Only add user if the two password arguments match.
+
 if ($password1 ne $password2) {
     print "Error. Password mismatch.\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');
     exit 13;
 }
-
+print "enabling root\n" unless $noprint;
 # ---------------------------------- Start running script with root permissions
 &enable_root_capability;
 
 # ------------------- Add user and make www a member of the user-specific group
 # -- Add user
-if (system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername)) {
+
+print "adding user: $safeusername \n" unless $noprint;
+my $status = system('/usr/sbin/useradd','-c','LON-CAPA user',$safeusername);
+if ($status) {
     print "Error.  Something went wrong with the addition of user ".
 	  "\"$safeusername\".\n" unless $noprint;
+    print "Final status of useradd = $status";
     unlink('/tmp/lock_lcpasswd');
     exit 12;
 }
-
+print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.
-if (system('/usr/sbin/usermod','-G',$safeusername,'www')) {
+my $groups=`/usr/bin/groups www` or exit(6);
+# untaint
+my ($safegroups)=($groups=~/([\s\w]+)/);
+$groups=$safegroups;
+chomp $groups; $groups=~s/^\S+\s+\:\s+//;
+my @grouplist=split(/\s+/,$groups);
+my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
+my $gl=join(',',(@ugrouplist,$safeusername));
+print "Putting user in its own group\n" unless $noprint;
+if (system('/usr/sbin/usermod','-G',$gl,'www')) {
     print "Error. Could not make www a member of the group ".
 	  "\"$safeusername\".\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');
@@ -212,6 +235,7 @@ if (system('/usr/sbin/usermod','-G',$saf
 unlink('/tmp/lock_lcpasswd');
 &disable_root_capability;
 ($>,$<)=($wwwid,$wwwid);
+print "Opening lcpasswd pipeline\n" unless $noprint;
 open OUT,"|/home/httpd/perl/lcpasswd";
 print OUT $safeusername;
 print OUT "\n";
@@ -220,18 +244,23 @@ print OUT "\n";
 print OUT $password1;
 print OUT "\n";
 close OUT;
-($>,$<)=($wwwid,0);
 if ($?) {
+    print "abnormal exit from close lcpasswd\n" unless $noprint;
     exit 8;
 }
+($>,$<)=($wwwid,0);
 &enable_root_capability;
 
+# -- Don't add public_html... that can be added either by the user
+#    or by lchtmldir when the user is granted an authorship role.
+
 # ------------------------------ Make final modifications to the user directory
 # -- Add a public_html file with a stand-in index.html file
 
-# system('/bin/chmod','-R','0660',"/home/$safeusername");
+ system('/bin/chmod','-R','0660',"/home/$safeusername");
 system('/bin/chmod','0710',"/home/$safeusername");
-mkdir "/home/$safeusername/public_html",2760;
+mkdir "/home/$safeusername/public_html",0755;
+system('/bin/chmod','02770',"/home/$safeusername/public_html");
 open OUT,">/home/$safeusername/public_html/index.html";
 print OUT<<END;
 <html>
@@ -239,33 +268,36 @@ print OUT<<END;
 <title>$safeusername</title>
 </head>
 <body>
-<h1>$safeusername</h1>
-<p>
-Learning Online Network
-</p>
-<p>
-This area provides for:
-</p>
-<ul>
-<li>resource construction</li>
-<li>resource publication</li>
-<li>record-keeping</li>
-</UL>
-</BODY>
-</HTML>
+<h1>Construction Space</h1>
+<h3>$safeusername</h3>
+</body>
+</html>
 END
 close OUT;
-system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
 
+print "lcuseradd ownership\n" unless $noprint;
+system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
+# ---------------------------------------------------- Gracefull Apache Restart
+if (-e '/var/run/httpd.pid') {
+    print "lcuseradd Apache restart\n" unless $noprint;
+    open(PID,'/var/run/httpd.pid');
+    my $pid=<PID>;
+    close(PID);
+    my ($safepid)=($pid=~s/(\D+)//g);
+    if ($pid) {
+	system('kill','-USR1',"$safepid");
+    }
+}
 # -------------------------------------------------------- Exit script
+print "lcuseradd exiting\n" unless $noprint;
 &disable_root_capability;
 exit 0;
 
 # ---------------------------------------------- Have setuid script run as root
 sub enable_root_capability {
     if ($wwwid==$>) {
-	($<,$>)=($>,$<);
-	($(,$))=($),$();
+	($<,$>)=($>,0);
+	($(,$))=($),0);
     }
     else {
 	# root capability is already enabled