--- loncom/lcuserdel	2000/10/28 19:22:19	1.4
+++ loncom/lcuserdel	2003/02/03 18:03:52	1.15
@@ -2,9 +2,6 @@
 #
 # lcuserdel
 #
-# Scott Harrison
-# SH: October 27, 2000
-# SH: October 28, 2000
 
 use strict;
 
@@ -12,6 +9,10 @@ use strict;
 # be run by user 'www'.  It DOES NOT delete directories.
 # All it does is remove a user's entries from
 # /etc/passwd, /etc/groups, and /etc/smbpasswd.
+# It also disables user directory access by making the directory
+# to be owned by user=www (as opposed to the former "username").
+# This command only returns an error if it is
+# invoked incorrectly (by passing bad command-line arguments, etc).
 
 # This script works under the same process control mechanism
 # as lcuseradd and lcpasswd, to make sure that only one of these
@@ -20,6 +21,11 @@ use strict;
 # Standard input usage
 # First line is USERNAME
 
+# Valid user names must consist of ascii
+# characters that are alphabetical characters
+# (A-Z,a-z), numeric (0-9), or the underscore
+# mark (_). (Essentially, the perl regex \w).
+
 # Command-line arguments [USERNAME]
 # Yes, but be very careful here (don't pass shell commands)
 # and this is only supported to allow perl-system calls.
@@ -30,6 +36,12 @@ use strict;
 # print "uh-oh" if $exitcode;
 
 # These are the exit codes.
+# ( (0,"ok"),
+#   (1,"User ID mismatch.  This program must be run as user 'www'"),
+#   (2,"Error. This program needs just 1 command-line argument (username).") )
+#   (3,"Error. Only one line should be entered into standard input."),
+#   (4,"Error. Too many other simultaneous password change requests being made."),
+#   (5,"Error. The user name specified has invalid characters.") )
 
 # Security
 $ENV{'PATH'}=""; # Nullify path information.
@@ -70,12 +82,14 @@ if (@ARGV==1) {
 }
 elsif (@ARGV) {
     print("Error. This program needs just 1 command-line argument (username).\n") unless $noprint;
+    unlink('/tmp/lock_lcpasswd');
     exit 2;
 }
 else {
     @input=<>;
     if (@input!=1) {
 	print("Error. Only one line should be entered into standard input.\n") unless $noprint;
+	unlink('/tmp/lock_lcpasswd');
 	exit 3;
     }
     map {chop} @input;
@@ -84,19 +98,37 @@ else {
 my ($username)=@input;
 $username=~/^(\w+)$/;
 my $safeusername=$1;
+if ($username ne $safeusername) {
+    print "Error. The user name specified has invalid characters.\n";
+    unlink('/tmp/lock_lcpasswd');
+    exit 5;
+}
+
+&enable_root_capability;
 
 # By using the system userdel command:
 # Remove entry from /etc/passwd if it exists
 # Remove entry from /etc/groups if it exists
-system('/usr/sbin/userdel',$safeusername);
+# I surround with groupdel command to make absolutely sure the group definition disappears.
+system('/usr/sbin/groupdel',$safeusername); # ignore error message
+system('/usr/sbin/userdel',$safeusername); # ignore error message
+system('/usr/sbin/groupdel',$safeusername); # ignore error message
 
 # Remove entry from /etc/smbpasswd if it exists
+#  the safest way to do this is with smbpasswd -x
+#  as that's independent of location of the smbpasswd file.
+#
+if (-e '/usr/bin/smbpasswd') {
+  ($>,$<) = (0,0);		# fool smbpasswd to think this is not setuid.
+  system('/usr/bin/smbpasswd -x '.$safeusername);
+  $< = $wwwid;
+}
 
-# Move directory from /home/username to /home/username.1
 
 # Change ownership on directory from username:username to www:www
 # This prevents subsequently added users from having access.
 
+system('/bin/chown','-R','www:www',"/home/$safeusername");
 
 &disable_root_capability;
 unlink("/tmp/lock_lcpasswd");