--- loncom/lcuserdel 2000/10/28 18:25:47 1.3 +++ loncom/lcuserdel 2000/10/30 03:08:28 1.11 @@ -3,8 +3,9 @@ # lcuserdel # # Scott Harrison -# October 27, 2000 -# October 28, 2000 +# SH: October 27, 2000 +# SH: October 28, 2000 +# SH: October 29, 2000 use strict; @@ -12,6 +13,10 @@ use strict; # be run by user 'www'. It DOES NOT delete directories. # All it does is remove a user's entries from # /etc/passwd, /etc/groups, and /etc/smbpasswd. +# It also disables user directory access by making the directory +# to be owned by user=www (as opposed to the former "username"). +# This command only returns an error if it is +# invoked incorrectly (by passing bad command-line arguments, etc). # This script works under the same process control mechanism # as lcuseradd and lcpasswd, to make sure that only one of these @@ -20,6 +25,11 @@ use strict; # Standard input usage # First line is USERNAME +# Valid user names must consist of ascii +# characters that are alphabetical characters +# (A-Z,a-z), numeric (0-9), or the underscore +# mark (_). (Essentially, the perl regex \w). + # Command-line arguments [USERNAME] # Yes, but be very careful here (don't pass shell commands) # and this is only supported to allow perl-system calls. @@ -30,6 +40,12 @@ use strict; # print "uh-oh" if $exitcode; # These are the exit codes. +# ( (0,"ok"), +# (1,"User ID mismatch. This program must be run as user 'www'"), +# (2,"Error. This program needs just 1 command-line argument (username).") ) +# (3,"Error. Only one line should be entered into standard input."), +# (4,"Error. Too many other simultaneous password change requests being made."), +# (5,"Error. The user name specified has invalid characters.") ) # Security $ENV{'PATH'}=""; # Nullify path information. @@ -70,17 +86,53 @@ if (@ARGV==1) { } elsif (@ARGV) { print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint; + unlink('/tmp/lock_lcpasswd'); exit 2; } else { @input=<>; if (@input!=1) { print("Error. Only one line should be entered into standard input.\n") unless $noprint; + unlink('/tmp/lock_lcpasswd'); exit 3; } map {chop} @input; } +my ($username)=@input; +$username=~/^(\w+)$/; +my $safeusername=$1; +if ($username ne $safeusername) { + print "Error. The user name specified has invalid characters.\n"; + unlink('/tmp/lock_lcpasswd'); + exit 5; +} + +&enable_root_capability; + +# By using the system userdel command: +# Remove entry from /etc/passwd if it exists +# Remove entry from /etc/groups if it exists +# I surround with groupdel command to make absolutely sure the group definition disappears. +system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message +system('/usr/sbin/userdel 2>/dev/null',$safeusername); # ignore error message +system('/usr/sbin/groupdel 2>/dev/null',$safeusername); # ignore error message + +# Remove entry from /etc/smbpasswd if it exists +my $oldsmbpasswd=`/bin/cat /etc/smbpasswd`; +my $newsmbpasswd=`/bin/grep -v '^${safeusername}:' /etc/smbpasswd`; + +if ($oldsmbpasswd ne $newsmbpasswd) { + open OUT,">/etc/smbpasswd"; + print OUT $newsmbpasswd; + close OUT; +} + +# Change ownership on directory from username:username to www:www +# This prevents subsequently added users from having access. + +system('/bin/chown','-R','www:www',"/home/$safeusername"); + &disable_root_capability; unlink("/tmp/lock_lcpasswd"); exit 0;