--- loncom/Attic/lcuseradd 2004/08/05 20:47:27 1.27 +++ loncom/Attic/lcuseradd 2005/01/26 10:38:13 1.33 @@ -6,7 +6,7 @@ # with adding a user with filesystem privileges (e.g. author) # # -# $Id: lcuseradd,v 1.27 2004/08/05 20:47:27 albertel Exp $ +# $Id: lcuseradd,v 1.33 2005/01/26 10:38:13 foxr Exp $ ### ############################################################################### @@ -147,14 +147,12 @@ unless (&try_to_lock("/tmp/lock_lcpasswd my @input; if (@ARGV>=3) { @input=@ARGV; -} -elsif (@ARGV) { +} elsif (@ARGV) { print("Error. This program needs at least 3 command-line arguments (username, ". "password 1, password 2 [errorfile]).\n") unless $noprint; unlink('/tmp/lock_lcpasswd'); &Exit(2); -} -else { +} else { @input=<>; if (@input < 3) { print("Error. At least three lines should be entered into standard input.\n") @@ -208,8 +206,7 @@ if($error_file) { Exit(14); } - } - else { + } else { $error_file=""; print "Invalid error filename\n" unless $noprint; Exit(14); @@ -217,13 +214,20 @@ if($error_file) { } -# -- Only add user if we can create a brand new home directory (/home/username) -if (-e "/home/$safeusername") { - print "Error. User already exists.\n" unless $noprint; +# -- Only add the user if they are >not< in /etc/passwd. +# Used to look for the ability to create a new directory for the +# user, however that disallows authentication changes from i +# internal->fs.. so just check the passwd file instead. +# +my $not_found = system("grep -q $safeusername: /etc/passwd"); +if (!$not_found) { + print "Error user already exists\n" unless $noprint; unlink('/tmp/lock_lcpasswd'); &Exit(11); } + + # -- Only add user if the two password arguments match. if ($password1 ne $password2) { @@ -251,7 +255,7 @@ print "Done adding user\n" unless $nopri # Make www a member of that user group. my $groups=`/usr/bin/groups www` or &Exit(6); # untaint -my ($safegroups)=($groups=~/([\s\w]+)/); +my ($safegroups)=($groups=~/:\s*([\s\w]+)/); $groups=$safegroups; chomp $groups; $groups=~s/^\S+\s+\:\s+//; my @grouplist=split(/\s+/,$groups); @@ -310,9 +314,15 @@ print OUT< END close OUT; - +system('/bin/chmod','0660', "/home/$safeusername/public_html/index.html"); +# +# In order to allow the loncapa daemons appropriate access +# to public_html, Top level and public_html directories should +# be owned by safeusername:www as should the smaple index.html.. print "lcuseradd ownership\n" unless $noprint; -system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); +system('/bin/chown','-R',"$safeusername:$safeusername","/home/$safeusername"); # First set std ownership on everything. +# system('/bin/chown',"$safeusername:www","/home/$safeusername"); # Now adust top level... +# system('/bin/chown','-R',"$safeusername:www","/home/$safeusername/public_html"); # And web dir. # ---------------------------------------------------- Gracefull Apache Restart if (-e '/var/run/httpd.pid') { print "lcuseradd Apache restart\n" unless $noprint; @@ -334,8 +344,7 @@ sub enable_root_capability { if ($wwwid==$>) { ($<,$>)=($>,0); ($(,$))=($),0); - } - else { + } else { # root capability is already enabled } return $>; @@ -346,8 +355,7 @@ sub disable_root_capability { if ($wwwid==$<) { ($<,$>)=($>,$<); ($(,$))=($),$(); - } - else { + } else { # root capability is already disabled } } @@ -376,8 +384,7 @@ sub try_to_lock { } sleep 3; $lastpid=$currentpid; - } - else { + } else { last; } if ($_==10) {