summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login/User.pm
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-09-23 13:10:17 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-09-23 13:10:17 -0700
commit063143ab7737442bbc460c5465923f5f7bcd41c3 (patch)
tree67b5550af67ee27bedf1e69065ffeec60e42a07c /lib/Vyatta/Login/User.pm
parent88747654fc7d92a85548461b08649b2752657ad6 (diff)
downloadvyatta-cfg-system-063143ab7737442bbc460c5465923f5f7bcd41c3.tar.gz
vyatta-cfg-system-063143ab7737442bbc460c5465923f5f7bcd41c3.zip
Cleanup all vbash users
This is an alternative version of the rollback for unsaved vyatta user changes. Instead of identifying users by group, assume all users whose login shell is vbash must exist in configuration.
Diffstat (limited to 'lib/Vyatta/Login/User.pm')
-rwxr-xr-xlib/Vyatta/Login/User.pm34
1 files changed, 25 insertions, 9 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index 7012403a..a94b8d08 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -40,6 +40,9 @@ my %level_map = (
'operator' => [ 'quaggavty', 'vyattaop', 'operator', 'adm', 'dip', ],
);
+# Users who MUST not use vbash
+my @protected = ( 'root', 'www-data' );
+
# Construct a map from existing users to group membership
sub get_groups {
my %group_map;
@@ -57,6 +60,21 @@ sub get_groups {
return \%group_map;
}
+# make list of vyatta users (ie. users of vbash)
+sub _vyatta_users {
+ my @vusers;
+ setpwent();
+ # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
+ # = getpw*
+ while ( my ($name, undef, undef, undef, undef, undef,
+ undef, undef, $shell) = getpwent() ) {
+ push @vusers, $name if ($shell eq '/bin/vbash');
+ }
+ endpwent();
+
+ return @vusers;
+}
+
sub update {
my $membership = get_groups();
my $uconfig = new Vyatta::Config;
@@ -137,15 +155,13 @@ sub update {
# Remove any vyatta users that do not exist in current configuration
# This can happen if user added but configuration not saved
- foreach my $grp (qw(vyattacfg vyattaop)) {
- my (undef, undef, undef, $members) = getgrnam($grp);
- next unless $members;
-
- foreach my $user (split / /, $members) {
- next if ($user eq 'root');
- next if ($user eq 'www-data'); # webgui
- next if defined $users{$user};
-
+ my %protected = map { $_ => 1 } @protected;
+ foreach my $user (_vyatta_users()) {
+ if ($protected{$user}) {
+ warn "User $user should not being using vbash - fixed\n";
+ system ("usermod -s /bin/bash $user") == 0
+ or die "Attemp to modify user $user shell failed: $!";
+ } elsif (! defined $users{$user}) {
warn "User $user not listed in current configuration\n";
system ("userdel --remove $user") == 0
or die "Attempt to delete user $user failed: $!";