--- loncom/lond	2004/03/16 20:57:49	1.185
+++ loncom/lond	2004/04/29 07:18:10	1.187
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.185 2004/03/16 20:57:49 albertel Exp $
+# $Id: lond,v 1.187 2004/04/29 07:18:10 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -53,7 +53,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.185 $'; #' stupid emacs
+my $VERSION='$Revision: 1.187 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -1872,6 +1872,37 @@ sub make_new_child {
 		    } else {
 			Reply($client, "refused\n", $userinput);
 		    }
+# --------------------------------------------------------- remove a user file 
+		} elsif ($userinput =~ /^removeuserfile/) { # Client clear or enc.
+		    if(isClient) {
+			my ($cmd,$fname)=split(/:/,$userinput);
+			my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
+			&logthis("$udom - $uname - $ufile");
+			if ($ufile =~m|/\.\./|) {
+			    # any files paths with /../ in them refuse 
+                            # to deal with
+			    print $client "refused\n";
+			} else {
+			    my $udir=propath($udom,$uname);
+			    if (-e $udir) {
+				my $file=$udir.'/userfiles/'.$ufile;
+				if (-e $file) {
+				    unlink($file);
+				    if (-e $file) {
+					print $client "failed\n";
+				    } else {
+					print $client "ok\n";
+				    }
+				} else {
+				    print $client "not_found\n";
+				}
+			    } else {
+				print $client "not_home\n";
+			    }
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    }
 # ------------------------------------------ authenticate access to a user file
 		} elsif ($userinput =~ /^tokenauthuserfile/) { # Client only
 		    if(isClient) {
@@ -3141,6 +3172,16 @@ sub make_passwd_file {
 	}
     } elsif ($umode eq 'unix') {
 	{
+	    #
+	    #  Don't allow the creation of privileged accounts!!! that would
+	    #  be real bad!!!
+	    #
+	    my $uid = getpwnam($uname);
+	    if((defined $uid) && ($uid == 0)) {
+		&logthis(">>>Attempted to create privilged account blocked");
+		return "no_priv_account_error\n";
+	    }
+
 	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
 	    {
 		&Debug("Executing external: ".$execpath);