diff options
Diffstat (limited to '')
-rw-r--r-- | deluser | 512 | ||||
-rw-r--r-- | deluser.conf | 20 |
2 files changed, 532 insertions, 0 deletions
@@ -0,0 +1,512 @@ +#!/usr/bin/perl + +# deluser -- a utility to remove users from the system +# delgroup -- a utilty to remove groups from the system +my $version = "VERSION"; + +# Copyright (C) 2000 Roland Bauerschmidt <rb@debian.org> +# Based on 'adduser' as pattern by +# Guy Maor <maor@debian.org> +# Ted Hajek <tedhajek@boombox.micro.umn.edu> +# Ian A. Murdock <imurdock@gnu.ai.mit.edu> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +#################### +# See the usage subroutine for explanation about how the program can be called +#################### + +use warnings; +use strict; +use Getopt::Long; +use Debian::AdduserCommon; + +my $install_more_packages ; + +BEGIN { + local $ENV{PERL_DL_NONLAZY}=1; + eval 'use File::Find'; + if ($@) { + $install_more_packages = 1; + } + #no warnings "File::Find"; + eval 'use File::Temp'; + if ($@) { + $install_more_packages = 1; + } +} + + +BEGIN { + eval 'use Locale::gettext'; + if ($@) { + *gettext = sub { shift }; + *textdomain = sub { "" }; + *LC_MESSAGES = sub { 5 }; + } + eval { + require POSIX; + import POSIX qw(setlocale); + }; + if ($@) { + *setlocale = sub { return 1 }; + } +} + +setlocale(LC_MESSAGES, ""); +textdomain("adduser"); + +my $action = $0 =~ /delgroup$/ ? "delgroup" : "deluser"; +our $verbose = 1; +my %pconfig = (); +my %config = (); +my $configfile; +my @defaults; +my $force; + + +unless ( GetOptions ("quiet|q" => sub {$verbose = 0; }, + "debug" => sub {$verbose = 2; }, + "version|v" => sub { &version(); exit 0; }, + "help|h" => sub { &usage(); exit 0;}, + "group" => sub { $action = "delgroup";}, + "conf=s" => \$configfile, + "system" => \$pconfig{"system"}, + "only-if-empty" => \$pconfig{"only_if_empty"}, + "remove-home" => \$pconfig{"remove_home"}, + "remove-all-files" => \$pconfig{"remove_all_files"}, + "backup" => \$pconfig{"backup"}, + "backup-to=s" => \$pconfig{"backup_to"}, + "force" => \$force + ) ) { + &usage; + exit 1; +} + +# everyone can issue "--help" and "--version", but only root can go on +dief (gtx("Only root may remove a user or group from the system.\n")) if ($> != 0); + +if (!defined($configfile)) { + @defaults = ("/etc/adduser.conf", "/etc/deluser.conf"); +} else { + @defaults = ($configfile); +} + +# explicitly set PATH, because super (1) cleans up the path and makes deluser unusable; +# this is also a good idea for sudo (which doesn't clean up) +$ENV{"PATH"}="/bin:/usr/bin:/sbin:/usr/sbin"; + +my @names = (); +my ($user,$group); + +###################### +# handling of @names # +###################### + +while (defined(my $arg = shift(@ARGV))) { + if (defined($names[0]) && $arg =~ /^--/) { + dief (gtx("No options allowed after names.\n")); + } else { # it's a username + push (@names, $arg); + } +} + +if(@names == 0) { + if($action eq "delgroup") { + print (gtx("Enter a group name to remove: ")); + } else { + print (gtx("Enter a user name to remove: ")); + } + chomp(my $answer=<STDIN>); + push(@names, $answer); +} + +if (length($names[0]) == 0 || @names > 2) { + dief (gtx("Only one or two names allowed.\n")); +} + +if(@names == 2) { # must be deluserfromgroup + $action = "deluserfromgroup"; + $user = shift(@names); + $group = shift(@names); +} else { + if($action eq "delgroup") { + $group = shift(@names); + } else { + $user = shift(@names); + } +} + +undef(@names); + + +########################################################## +# (1) preseed the config +# (2) read the default /etc/adduser.conf configuration. +# (3) read the default /etc/deluser.conf configuration. +# (4) process commmand line settings +# last match wins +########################################################## + +preseed_config (\@defaults,\%config); + +foreach(keys(%pconfig)) { + $config{$_} = $pconfig{$_} if ($pconfig{$_}); +} + +if (($config{remove_home} || $config{remove_all_files} || $config{backup}) && ($install_more_packages)) { + fail (8, gtx("In order to use the --remove-home, --remove-all-files, and --backup features, +you need to install the `perl' package. To accomplish that, run +apt-get install perl.\n")); +} + + +my ($pw_uid, $pw_gid, $pw_homedir, $gr_gid, $maingroup); + +if(defined($user)) { + my @passwd = getpwnam($user); + $pw_uid = $passwd[2]; + $pw_gid = $passwd[3]; + $pw_homedir = $passwd[7]; + + $maingroup = $pw_gid ? getgrgid($pw_gid) : ""; +} +if(defined($group)) { + #($gr_name,$gr_passwd,$gr_gid,$gr_members) = getgrnam($group); + my @group = getgrnam($group); + $gr_gid = $group[2]; +} + +# arguments are processed: +# +# $action = "deluser" +# $user name of the user to remove +# +# $action = "delgroup" +# $group name of the group to remove +# +# $action = "deluserfromgroup" +# $user the user to be remove +# $group the group to remove him/her from + + +if($action eq "deluser") { + &invalidate_nscd(); + + my($dummy1,$dummy2,$uid); + + + + # Don't allow a non-system user to be deleted when --system is given + # Also, "user does not exist" is only a warning with --system, but an + # error without --system. + if( $config{"system"} ) { + if( ($dummy1,$dummy2,$uid) = getpwnam($user) ) { + if ( ($uid < $config{"first_system_uid"} || + $uid > $config{"last_system_uid" } ) ) { + printf (gtx("The user `%s' is not a system user. Exiting.\n"), $user) if $verbose; + exit 1; + } + } else { + printf (gtx("The user `%s' does not exist, but --system was given. Exiting.\n"), $user) if $verbose; + exit 0; + } + } + + unless(exist_user($user)) { + fail (2,gtx("The user `%s' does not exist.\n"),$user); + } + + # Warn in any case if you want to remove the root account + if ((defined($pw_uid)) && ($pw_uid == 0) && (!defined($force))) { + printf (gtx("WARNING: You are just about to delete the root account (uid 0)\n")); + printf (gtx("Usually this is never required as it may render the whole system unusable\n")); + printf (gtx("If you really want this, call deluser with parameter --force\n")); + printf (gtx("Stopping now without having performed any action\n")); + exit 9; + } + + # consistency check + # if --backup-to is specified, --backup should be set too + if ($pconfig{"backup_to"}) { + $config{"backup"} = 1; + } + + if($config{"remove_home"} || $config{"remove_all_files"}) { + s_print (gtx("Looking for files to backup/remove ...\n")); + my @mountpoints; + open(MOUNT, "mount |") + || fail (4 ,gtx("fork for `mount' to parse mount points failed: %s\n", $!)); + while (<MOUNT>) { + my @temparray = split; + my $fstype = $temparray[4]; + my $exclude_fstypes = $config{"exclude_fstypes"}; + if (defined($exclude_fstypes)) { + next if ($fstype =~ /$exclude_fstypes/); + } + push @mountpoints,$temparray[2]; + } + close(MOUNT) or dief (gtx("pipe of command `mount' could not be closed: %s\n",$!)); + my(@files,@dirs); + if($config{"remove_home"} && ! $config{"remove_all_files"}) { + + # collect all files in user home + sub home_match { + # according to the manpage + foreach my $mount (@mountpoints) { + if( $File::Find::name eq $mount ) { + s_printf (gtx("Not backing up/removing `%s', it is a mount point.\n"),$File::Find::name); + $File::Find::prune=1; + return; + } + } + foreach my $re ( split ' ', $config{"no_del_paths"} ) { + if( $File::Find::name =~ qr/$re/ ) { + s_printf (gtx("Not backing up/removing `%s', it matches %s.\n"),$File::Find::name,$re); + $File::Find::prune=1; + return; + } + } + + push(@files, $File::Find::name) + if(-f $File::Find::name || -l $File::Find::name); + push(@dirs, $File::Find::name) + if(-d $File::Find::name); + } # sub home_match + + File::Find::find({wanted => \&home_match, untaint => 1, no_chdir => 1}, $pw_homedir) + if(-d "$pw_homedir"); + push(@files, "/var/mail/$user") + if(-e "/var/mail/$user"); + } else { + + # collect all files on system belonging to that user + sub find_match { + my ($dev,$ino,$mode,$nlink,$uid,$gid); + (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && + ($uid == $pw_uid) && + ( + ($File::Find::name =~ /^\/proc\// && ($File::Find::prune = 1)) || + (-f $File::Find::name && push(@files, $File::Find::name)) || + (-l $File::Find::name && push(@files, $File::Find::name)) || + (-d $File::Find::name && push(@dirs, $File::Find::name)) || + (-S $File::Find::name && push(@dirs, $File::Find::name)) || + (-p $File::Find::name && push(@dirs, $File::Find::name)) + ); + if ( -b $File::Find::name || -c $File::Find::name ) { + warnf (gtx("Cannot handle special file %s\n"),$File::Find::name); + } + } # sub find_match + + File::Find::find({wanted => \&find_match, untaint => 1, no_chdir => 1}, '/'); + } + + if($config{"backup"}) { + s_printf (gtx("Backing up files to be removed to %s ...\n"),$config{"backup_to"}); + my $filesfile = new File::Temp(TEMPLATE=>"deluser.XXXXX", DIR=>"/tmp"); + my $filesfilename = $filesfile->filename; + my $backup_name = $config{"backup_to"} . "/$user.tar"; + print "backup_name = $backup_name\n"; + print $filesfile join("\n",@files); + $filesfile->close(); + my $tar = &which('tar'); + my $bzip2 = &which('bzip2', 1); + my $gzip = &which('gzip', 1); + my $options = ''; + if($bzip2) { + $backup_name = "$backup_name.bz2"; + $options = "--bzip2"; + } elsif($gzip) { + $backup_name = "$backup_name.gz"; + $options = "--gzip"; + } + &systemcall($tar, $options, "-cf", $backup_name, "--files-from", $filesfilename); + chmod 0600, $backup_name; + my $rootid = 0; + chown $rootid, $rootid, $backup_name; + unlink($filesfilename); + } + + if(@files || @dirs) { + s_print (gtx("Removing files ...\n")); + unlink(@files) if(@files); + foreach(reverse(sort(@dirs))) { + rmdir($_); + } + } + } + + s_printf (gtx("Removing user `%s' ...\n"),$user); + my @members = get_group_members($maingroup); + if (@members == 0) { + s_printf (gtx("Warning: group `%s' has no more members.\n"), $maingroup); + } + my $userdel = &which('userdel'); + &systemcall($userdel, $user); + &invalidate_nscd(); + + systemcall('/usr/local/sbin/deluser.local', $user, $pw_uid, + $pw_gid, $pw_homedir) if (-x "/usr/local/sbin/deluser.local"); + + s_print (gtx("Done.\n")); + exit 0; +} + + +if($action eq "delgroup") { + &invalidate_nscd(); + unless(exist_group($group)) { + printf( gtx("The group `%s' does not exist.\n"),$group) if $verbose; + exit 3; + } + my($dummy,$gid,$members); + if( !(($dummy, $dummy, $gid, $members ) = getgrnam($group)) ) { + fail (4 ,gtx("getgrnam `%s' failed. This shouldn't happen.\n"), $group); + } + if( $config{"system"} && + ($gid < $config{"first_system_gid"} || + $gid > $config{"last_system_gid" } )) { + printf (gtx("The group `%s' is not a system group. Exiting.\n"), $group) if $verbose; + exit 3; + } + if( $config{"only_if_empty"} && $members ne "") { + fail (5, gtx("The group `%s' is not empty!\n"),$group); + } + + setpwent; + while ((my $acctname,my $primgrp) = (getpwent)[0,3]) { + if( $primgrp eq $gr_gid ) { + fail (7, gtx("`%s' still has `%s' as their primary group!\n"),$acctname,$group); + } + } + endpwent; + + s_printf (gtx("Removing group `%s' ...\n"),$group); + my $groupdel = &which('groupdel'); + &systemcall($groupdel,$group); + &invalidate_nscd(); + s_print (gtx("Done.\n")); + exit 0; +} + + +if($action eq "deluserfromgroup") +{ + &invalidate_nscd(); + unless(exist_user($user)) { + fail (2, gtx("The user `%s' does not exist.\n"),$user); + } + unless(exist_group($group)) { + fail (3, gtx("The group `%s' does not exist.\n"),$group); + } + if($maingroup eq $group) { + fail (7, gtx("You may not remove the user from their primary group.\n")); + } + + my @members = get_group_members($group); + my $ismember = 0; + + for(my $i = 0; $i <= $#members; $i++) { + if($members[$i] eq $user) { + $ismember = 1; + splice(@members,$i,1); + } + } + + unless($ismember) { + fail (6, gtx("The user `%s' is not a member of group `%s'.\n"),$user,$group); + } + + s_printf (gtx("Removing user `%s' from group `%s' ...\n"),$user,$group); + #systemcall("usermod","-G", join(",",@groups), $user ); + my $gpasswd = &which('gpasswd'); + &systemcall($gpasswd,'-M', join(',',@members), $group); + &invalidate_nscd(); + s_print (gtx("Done.\n")); +} + + +###### + +sub fail { + my ($errorcode, $format, @args) = @_; + printf STDERR "$0: $format",@args; + exit $errorcode; + +} + +sub version { + printf (gtx("deluser version %s\n\n"), $version); + printf (gtx("Removes users and groups from the system.\n")); + + printf gtx("Copyright (C) 2000 Roland Bauerschmidt <roland\@copyleft.de>\n\n"); + + printf gtx("deluser is based on adduser by Guy Maor <maor\@debian.org>, Ian Murdock\n". + "<imurdock\@gnu.ai.mit.edu> and Ted Hajek <tedhajek\@boombox.micro.umn.edu>\n\n"); + + printf gtx("This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License, /usr/share/common-licenses/GPL, for more details.\n"); +} + +sub usage { + printf gtx( +"deluser USER + remove a normal user from the system + example: deluser mike + + --remove-home remove the users home directory and mail spool + --remove-all-files remove all files owned by user + --backup backup files before removing. + --backup-to <DIR> target directory for the backups. + Default is the current directory. + --system only remove if system user + +delgroup GROUP +deluser --group GROUP + remove a group from the system + example: deluser --group students + + --system only remove if system group + --only-if-empty only remove if no members left + +deluser USER GROUP + remove the user from a group + example: deluser mike students + +general options: + --quiet | -q don't give process information to stdout + --help | -h usage message + --version | -v version number and copyright + --conf | -c FILE use FILE as configuration file\n\n"); +} + +sub exist_user { + my $exist_user = shift; + return(defined getpwnam($exist_user)); +} + +sub exist_group { + my $exist_group = shift; + return(defined getgrnam($exist_group)); +} + +# vim:set ai et sts=4 sw=4 tw=0: diff --git a/deluser.conf b/deluser.conf new file mode 100644 index 0000000..fff8d81 --- /dev/null +++ b/deluser.conf @@ -0,0 +1,20 @@ +# /etc/deluser.conf: `deluser' configuration. + +# Remove home directory and mail spool when user is removed +REMOVE_HOME = 0 + +# Remove all files on the system owned by the user to be removed +REMOVE_ALL_FILES = 0 + +# Backup files before removing them. This options has only an effect if +# REMOVE_HOME or REMOVE_ALL_FILES is set. +BACKUP = 0 + +# target directory for the backup file +BACKUP_TO = "." + +# delete a group even there are still users in this group +ONLY_IF_EMPTY = 0 + +# exclude these filesystem types when searching for files of a user to backup +EXCLUDE_FSTYPES = "(proc|sysfs|usbfs|devpts|tmpfs|afs)" |