From 7ae751c28bd1c0b3dfd4453469ca1a9ea6b6f3f3 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 11 Sep 2009 14:43:18 -0700
Subject: Delete vyatta users not in configuration

This implements rollback for users that were added during a previous
configuration (and committed), but were never saved into configuration.

Bug: 4528
---
 lib/Vyatta/Login/User.pm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'lib/Vyatta/Login')

diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index e38b7f6e..7012403a 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -134,6 +134,23 @@ sub update {
             die "Attempt to change user $user failed: $reason\n";
         }
     }
+
+    # Remove any vyatta users that do not exist in current configuration
+    # This can happen if user added but configuration not saved
+    foreach my $grp (qw(vyattacfg vyattaop)) {
+	my (undef, undef, undef, $members) = getgrnam($grp);
+	next unless $members;
+
+	foreach my $user (split / /, $members) {
+	    next if ($user eq 'root');
+	    next if ($user eq 'www-data');	# webgui
+	    next if defined $users{$user};
+
+	    warn "User $user not listed in current configuration\n";
+	    system ("userdel --remove $user") == 0
+		or die "Attempt to delete user $user failed: $!";
+	}
+    }
 }
 
 1;
-- 
cgit v1.2.3