--- loncom/Attic/lcuseradd	2001/10/23 03:42:30	1.15
+++ loncom/Attic/lcuseradd	2002/04/27 13:10:47	1.20
@@ -1,12 +1,25 @@
 #!/usr/bin/perl
+
+# The Learning Online Network with CAPA
 #
-# lcuseradd
+# lcuseradd - LON-CAPA setuid script to coordinate all actions
+#             with adding a user with filesystem privileges (e.g. author)
 #
-# Scott Harrison
-# SH: October 27, 2000
-# SH: October 29, 2000
+# YEAR=2000
+# 10/27,10/29,10/30 Scott Harrison
 # YEAR=2001
-# Scott Harrison 10/21
+# 10/21,11/13,11/15 Scott Harrison
+# YEAR=2002
+#   May 19, 2002 Ron Fox
+#      - Removed creation of the pulic_html directory.  This directory
+#        can now be added in two ways:
+#        o The user can add it themselves if they want some local web
+#          space which may or may not contain construction items.
+#        o LonCapa will add it if/when the user is granted an Author
+#          role.
+#
+# $Id: lcuseradd,v 1.20 2002/04/27 13:10:47 foxr Exp $
+###
 
 ###############################################################################
 ##                                                                           ##
@@ -35,8 +48,7 @@ use strict;
 # ------------------------------------------------------- Description of script
 #
 # This script is a setuid script that should
-# be run by user 'www'.  It creates a /home/USERNAME directory
-# as well as a /home/USERNAME/public_html directory.
+# be run by user 'www'.  It creates a /home/USERNAME directory.
 # It adds a user to the unix system.
 # Passwords are set with lcpasswd.
 # www becomes a member of this user group.
@@ -103,7 +115,7 @@ use strict;
 # Security
 $ENV{'PATH'}='/bin/:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                                                                 # information
-$ENV{'BASH_ENV'}=""; # Nullify shell environment information.
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
 
 # Do not print error messages.
 my $noprint=1;
@@ -146,7 +158,7 @@ else {
 	unlink('/tmp/lock_lcpasswd');
 	exit 3;
     }
-    map {chomp} @input;
+    foreach (@input) {chomp;}
 }
 
 my ($username,$password1,$password2)=@input;
@@ -159,8 +171,8 @@ if (($username ne $safeusername) or ($sa
     exit 9;
 }
 my $pbad=0;
-map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password1));
-map {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} (split(//,$password2));
+foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
+foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 if ($pbad) {
     print "Error. A password entry had an invalid character.\n";
     unlink('/tmp/lock_lcpasswd');
@@ -194,7 +206,12 @@ if (system('/usr/sbin/useradd','-c','LON
 }
 
 # Make www a member of that user group.
-if (system('/usr/sbin/usermod','-G',$safeusername,'www')) {
+my $groups=`/usr/bin/groups www` or exit(6);
+chomp $groups; $groups=~s/^\S+\s+\:\s+//;
+my @grouplist=split(/\s+/,$groups);
+my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
+my $gl=join(',',(@ugrouplist,$safeusername));
+if (system('/usr/sbin/usermod','-G',$gl,'www')) {
     print "Error. Could not make www a member of the group ".
 	  "\"$safeusername\".\n" unless $noprint;
     unlink('/tmp/lock_lcpasswd');
@@ -206,8 +223,8 @@ if (system('/usr/sbin/usermod','-G',$saf
 
 unlink('/tmp/lock_lcpasswd');
 &disable_root_capability;
-($>,$<)=(500,500);
-open OUT,"|lcpasswd";
+($>,$<)=($wwwid,$wwwid);
+open OUT,"|/home/httpd/perl/lcpasswd";
 print OUT $safeusername;
 print OUT "\n";
 print OUT $password1;
@@ -215,41 +232,46 @@ print OUT "\n";
 print OUT $password1;
 print OUT "\n";
 close OUT;
-($>,$<)=(500,0);
 if ($?) {
     exit 8;
 }
+($>,$<)=($wwwid,0);
 &enable_root_capability;
 
+# -- Don't add public_html... that can be added either by the user
+#    or by lchtmldir when the user is granted an authorship role.
+
 # ------------------------------ Make final modifications to the user directory
 # -- Add a public_html file with a stand-in index.html file
 
 # system('/bin/chmod','-R','0660',"/home/$safeusername");
-system('/bin/chmod','0710',"/home/$safeusername");
-mkdir "/home/$safeusername/public_html",2760;
-open OUT,">/home/$safeusername/public_html/index.html";
-print OUT<<END;
-<html>
-<head>
-<title>$safeusername</title>
-</head>
-<body>
-<h1>$safeusername</h1>
-<p>
-Learning Online Network
-</p>
-<p>
-This area provides for:
-</p>
-<ul>
-<li>resource construction</li>
-<li>resource publication</li>
-<li>record-keeping</li>
-</UL>
-</BODY>
-</HTML>
-END
-close OUT;
+#system('/bin/chmod','0710',"/home/$safeusername");
+#mkdir "/home/$safeusername/public_html",0755;
+#system('/bin/chmod','02770',"/home/$safeusername/public_html");
+#open OUT,">/home/$safeusername/public_html/index.html";
+#print OUT<<END;
+#<html>
+#<head>
+#<title>$safeusername</title>
+#</head>
+#<body>
+#<h1>$safeusername</h1>
+#<p>
+#Learning Online Network
+#</p>
+#<p>
+#This area provides for:
+#</p>
+#<ul>
+#<li>resource construction</li>
+#<li>resource publication</li>
+#<li>record-keeping</li>
+#</ul>
+#</body>
+#</html>
+#END
+#close OUT;
+
 system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername");
 
 # -------------------------------------------------------- Exit script
@@ -316,3 +338,32 @@ sub try_to_lock {
     close LOCK;
     return 1;
 }
+
+=head1 NAME
+
+lcuseradd - LON-CAPA setuid script to coordinate all actions
+            with adding a user with filesystem privileges (e.g. author)
+
+=head1 DESCRIPTION
+
+lcuseradd - LON-CAPA setuid script to coordinate all actions
+            with adding a user with filesystem privileges (e.g. author)
+
+=head1 README
+
+lcuseradd - LON-CAPA setuid script to coordinate all actions
+            with adding a user with filesystem privileges (e.g. author)
+
+=head1 PREREQUISITES
+
+=head1 COREQUISITES
+
+=pod OSNAMES
+
+linux
+
+=pod SCRIPT CATEGORIES
+
+LONCAPA/Administrative
+
+=cut