diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-09-23 13:10:17 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-09-23 13:12:13 -0700 |
| commit | cb4148dea58b59d35a721eb7f8f529a22637a3e4 (patch) | |
| tree | 7abcf7fcf5ff29893661caf74d816f61a36755d7 | |
| parent | 6ddb79e6db276f18cabc0a63aec2109ad44d28e6 (diff) | |
| download | vyatta-cfg-system-cb4148dea58b59d35a721eb7f8f529a22637a3e4.tar.gz vyatta-cfg-system-cb4148dea58b59d35a721eb7f8f529a22637a3e4.zip | |
Cleanup all vbash users
This is an alternative version of the rollback for unsaved vyatta
user changes. Instead of identifying users by group, assume all users
whose login shell is vbash must exist in configuration.
| -rwxr-xr-x | lib/Vyatta/Login/User.pm | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index fc890e73..32f31c98 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -40,6 +40,9 @@ my %level_map = ( 'operator' => [ 'quaggavty', 'vyattaop', 'operator', 'adm', 'dip', ], ); +# Users who MUST not use vbash +my @protected = ( 'root', 'www-data' ); + # Construct a map from existing users to group membership sub get_groups { my %group_map; @@ -57,6 +60,21 @@ sub get_groups { return \%group_map; } +# make list of vyatta users (ie. users of vbash) +sub _vyatta_users { + my @vusers; + setpwent(); + # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire) + # = getpw* + while ( my ($name, undef, undef, undef, undef, undef, + undef, undef, $shell) = getpwent() ) { + push @vusers, $name if ($shell eq '/bin/vbash'); + } + endpwent(); + + return @vusers; +} + sub update { my $membership = get_groups(); my $uconfig = new Vyatta::Config; @@ -138,15 +156,13 @@ sub update { # Remove any vyatta users that do not exist in current configuration # This can happen if user added but configuration not saved - foreach my $grp (qw(vyattacfg vyattaop)) { - my (undef, undef, undef, $members) = getgrnam($grp); - next unless $members; - - foreach my $user (split / /, $members) { - next if ($user eq 'root'); - next if ($user eq 'www-data'); # webgui - next if defined $users{$user}; - + my %protected = map { $_ => 1 } @protected; + foreach my $user (_vyatta_users()) { + if ($protected{$user}) { + warn "User $user should not being using vbash - fixed\n"; + system ("usermod -s /bin/bash $user") == 0 + or die "Attemp to modify user $user shell failed: $!"; + } elsif (! defined $users{$user}) { warn "User $user not listed in current configuration\n"; system ("userdel --remove $user") == 0 or die "Attempt to delete user $user failed: $!"; |