summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login/User.pm
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Vyatta/Login/User.pm')
-rwxr-xr-xlib/Vyatta/Login/User.pm34
1 files changed, 25 insertions, 9 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index 7012403a..a94b8d08 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -40,6 +40,9 @@ my %level_map = (
'operator' => [ 'quaggavty', 'vyattaop', 'operator', 'adm', 'dip', ],
);
+# Users who MUST not use vbash
+my @protected = ( 'root', 'www-data' );
+
# Construct a map from existing users to group membership
sub get_groups {
my %group_map;
@@ -57,6 +60,21 @@ sub get_groups {
return \%group_map;
}
+# make list of vyatta users (ie. users of vbash)
+sub _vyatta_users {
+ my @vusers;
+ setpwent();
+ # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
+ # = getpw*
+ while ( my ($name, undef, undef, undef, undef, undef,
+ undef, undef, $shell) = getpwent() ) {
+ push @vusers, $name if ($shell eq '/bin/vbash');
+ }
+ endpwent();
+
+ return @vusers;
+}
+
sub update {
my $membership = get_groups();
my $uconfig = new Vyatta::Config;
@@ -137,15 +155,13 @@ sub update {
# Remove any vyatta users that do not exist in current configuration
# This can happen if user added but configuration not saved
- foreach my $grp (qw(vyattacfg vyattaop)) {
- my (undef, undef, undef, $members) = getgrnam($grp);
- next unless $members;
-
- foreach my $user (split / /, $members) {
- next if ($user eq 'root');
- next if ($user eq 'www-data'); # webgui
- next if defined $users{$user};
-
+ my %protected = map { $_ => 1 } @protected;
+ foreach my $user (_vyatta_users()) {
+ if ($protected{$user}) {
+ warn "User $user should not being using vbash - fixed\n";
+ system ("usermod -s /bin/bash $user") == 0
+ or die "Attemp to modify user $user shell failed: $!";
+ } elsif (! defined $users{$user}) {
warn "User $user not listed in current configuration\n";
system ("userdel --remove $user") == 0
or die "Attempt to delete user $user failed: $!";