--- loncom/lcuserdel 2000/10/27 23:42:33 1.1 +++ loncom/lcuserdel 2000/10/30 03:08:28 1.11 @@ -3,25 +3,199 @@ # lcuserdel # # Scott Harrison -# October 27, 2000 +# SH: October 27, 2000 +# SH: October 28, 2000 +# SH: October 29, 2000 use strict; -# This script is a setuid script that should +# This script is a setuid script (chmod 6755) that should # be run by user 'www'. It DOES NOT delete directories. # All it does is remove a user's entries from # /etc/passwd, /etc/groups, and /etc/smbpasswd. - - +# It also disables user directory access by making the directory +# to be owned by user=www (as opposed to the former "username"). +# This command only returns an error if it is +# invoked incorrectly (by passing bad command-line arguments, etc). + +# This script works under the same process control mechanism +# as lcuseradd and lcpasswd, to make sure that only one of these +# processes is running at any one time on the system. # Standard input usage # First line is USERNAME +# Valid user names must consist of ascii +# characters that are alphabetical characters +# (A-Z,a-z), numeric (0-9), or the underscore +# mark (_). (Essentially, the perl regex \w). + # Command-line arguments [USERNAME] # Yes, but be very careful here (don't pass shell commands) # and this is only supported to allow perl-system calls. +# Usage within code +# +# $exitcode=system("/home/httpd/perl/lcuserdel","NAME")/256; +# print "uh-oh" if $exitcode; + +# These are the exit codes. +# ( (0,"ok"), +# (1,"User ID mismatch. This program must be run as user 'www'"), +# (2,"Error. This program needs just 1 command-line argument (username).") ) +# (3,"Error. Only one line should be entered into standard input."), +# (4,"Error. Too many other simultaneous password change requests being made."), +# (5,"Error. The user name specified has invalid characters.") ) + # Security $ENV{'PATH'}=""; # Nullify path information. $ENV{'BASH_ENV'}=""; # Nullify shell environment information. +# Do not print error messages if there are command-line arguments +my $noprint=0; +if (@ARGV) { + $noprint=1; +} + +# Read in /etc/passwd, and make sure this process is running from user=www +open (IN, "; +close IN; +my $wwwid; +for my $l (@lines) { + chop $l; + my @F=split(/\:/,$l); + if ($F[0] eq 'www') {$wwwid=$F[2];} +} +if ($wwwid!=$<) { + print("User ID mismatch. This program must be run as user 'www'\n") unless $noprint; + exit 1; +} +&disable_root_capability; + +# Handle case of another lcpasswd process +unless (&try_to_lock("/tmp/lock_lcpasswd")) { + print "Error. Too many other simultaneous password change requests being made.\n" unless $noprint; + exit 4; +} + +# Gather input. Should only be 1 value (user name). +my @input; +if (@ARGV==1) { + @input=@ARGV; +} +elsif (@ARGV) { + print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint; + unlink('/tmp/lock_lcpasswd'); + exit 2; +} +else { + @input=<>; + if (@input!=1) { + print("Error. Only one line should be entered into standard input.\n") unless $noprint; + unlink('/tmp/lock_lcpasswd'); + exit 3; + } + map {chop} @input; +} + +my ($username)=@input; +$username=~/^(\w+)$/; +my $safeusername=$1; +if ($username ne $safeusername) { + print "Error. The user name specified has invalid characters.\n"; + unlink('/tmp/lock_lcpasswd'); + exit 5; +} + +&enable_root_capability; + +# By using the system userdel command: +# Remove entry from /etc/passwd if it exists +# Remove entry from /etc/groups if it exists +# I surround with groupdel command to make absolutely sure the group definition disappears. +system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message +system('/usr/sbin/userdel 2>/dev/null',$safeusername); # ignore error message +system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message + +# Remove entry from /etc/smbpasswd if it exists +my $oldsmbpasswd=`/bin/cat /etc/smbpasswd`; +my $newsmbpasswd=`/bin/grep -v '^${safeusername}:' /etc/smbpasswd`; + +if ($oldsmbpasswd ne $newsmbpasswd) { + open OUT,">/etc/smbpasswd"; + print OUT $newsmbpasswd; + close OUT; +} + +# Change ownership on directory from username:username to www:www +# This prevents subsequently added users from having access. + +system('/bin/chown','-R','www:www',"/home/$safeusername"); + +&disable_root_capability; +unlink("/tmp/lock_lcpasswd"); +exit 0; + +# ----------------------------------------------------------- have setuid script run as root +sub enable_root_capability { + if ($wwwid==$>) { + ($<,$>)=($>,$<); + ($(,$))=($),$(); + } + else { + # root capability is already enabled + } + return $>; +} + +# ----------------------------------------------------------- have setuid script run as www +sub disable_root_capability { + if ($wwwid==$<) { + ($<,$>)=($>,$<); + ($(,$))=($),$(); + } + else { + # root capability is already disabled + } +} + +# ----------------------------------- make sure that another lcpasswd process isn't running +sub try_to_lock { + my ($lockfile)=@_; + my $currentpid; + my $lastpid; + # Do not manipulate lock file as root + if ($>==0) { + return 0; + } + # Try to generate lock file. + # Wait 3 seconds. If same process id is in + # lock file, then assume lock file is stale, and + # go ahead. If process id's fluctuate, try + # for a maximum of 10 times. + for (0..10) { + if (-e $lockfile) { + open(LOCK,"<$lockfile"); + $currentpid=; + close LOCK; + if ($currentpid==$lastpid) { + last; + } + sleep 3; + $lastpid=$currentpid; + } + else { + last; + } + if ($_==10) { + return 0; + } + } + open(LOCK,">$lockfile"); + print LOCK $$; + close LOCK; + return 1; +} + +