%PDF- %PDF-
Direktori : /usr/sbin/ |
Current File : //usr/sbin/delgroup |
#! /usr/bin/perl # Copyright (C) 2000-2003 Roland Bauerschmidt <rb@debian.org> # 2005-2023 Marc Haber <mh+debian-packages@zugschlus.de> # 2021-2022 Jason Franklin <jason@oneway.dev> # 2022 Matt Barry <matt@hazelmollusk.org> # 2016 Afif Elghraoui <afif@debian.org> # 2005-2009 Joerg Hoh <joerg@joerghoh.de> # 2006-2011 Stephen Gran <sgran@debian.org> # # Based on the Debian "adduser" utility developed by: # Guy Maor <maor@debian.org> # Ted Hajek <tedhajek@boombox.micro.umn.edu> # Ian A. Murdock <imurdock@gnu.ai.mit.edu> # # License: GPL-2+ use 5.32.0; use strict; use warnings; use Getopt::Long; use Debian::AdduserCommon 3.136; use Debian::AdduserLogging 3.136; use Debian::AdduserRetvalues 3.136; BEGIN { if ( Debian::AdduserCommon->VERSION != version->declare('3.136') || Debian::AdduserLogging->VERSION != version->declare('3.136') || Debian::AdduserRetvalues->VERSION != version->declare('3.136') ) { die "wrong module version in adduser, check your packaging or path"; } } my $version = "3.137ubuntu1"; my $install_more_packages; BEGIN { local $ENV{PERL_DL_NONLAZY}=1; # we need to disable perlcritic here since this construct # needs experession form eval, see perl cookbook 12.2.3 eval "use File::Find;"; ## no critic if ($@) { $install_more_packages = 1; } #no warnings "File::Find"; eval "use File::Temp;"; ## no critic if ($@) { $install_more_packages = 1; } } BEGIN { # we need to disable perlcritic here since this construct # needs experession form eval, see perl cookbook 12.2.3 ## no critic eval " require POSIX; import POSIX qw(setlocale); "; ## use critic if ($@) { *setlocale = sub { return 1 }; } else { setlocale(&POSIX::LC_MESSAGES, ""); } } my $action = $0 =~ /delgroup$/ ? "delgroup" : "deluser"; our $verbose = 1; our $stderrmsglevel = "warn"; our $stdoutmsglevel = "info"; our $logmsglevel = "info"; my %pconfig = (); my %config = (); my @configfiles; my @defaults; my $no_preserve_root; unless ( GetOptions ( 'quiet|q' => sub {$verbose = 0; }, 'debug' => sub {$verbose = 2; }, 'verbose' => sub {$verbose = 2; }, 'stdoutmsglevel=s' => \$stdoutmsglevel, 'stderrmsglevel=s' => \$stderrmsglevel, 'logmsglevel=s' => \$logmsglevel, 'version|v' => sub { &version(); exit 0; }, 'help|h' => sub { &usage(); exit 0;}, 'group' => sub { $action = 'delgroup';}, 'conf|c=s' => \@configfiles, 'system' => \$pconfig{'system'}, 'only-if-empty' => \$pconfig{'only_if_empty'}, 'remove-home' => \$pconfig{'remove_home'}, 'remove-all-files' => \$pconfig{'remove_all_files'}, 'backup' => \$pconfig{'backup'}, 'backup-to=s' => \$pconfig{'backup_to'}, 'backup-suffix=s' => \$pconfig{'backup_suffix'}, 'no-preserve-root' => \$no_preserve_root ) ) { &usage; exit 1; } # everyone can issue "--help" and "--version", but only root can go on if( $> != 0) { log_fatal( mtx("Only root may remove a user or group from the system.") ); exit( RET_ROOT_NEEDED ); } if (!@configfiles) { @defaults = ("/etc/adduser.conf", "/etc/deluser.conf"); } else { @defaults = (@configfiles); } # explicitly set PATH, because super (1) cleans up the path and makes deluser unusable; # this is also a good idea for sudo (which doesn't clean up) $ENV{"PATH"}="/bin:/usr/bin:/sbin:/usr/sbin"; my @names = (); my ($user,$group); if( $verbose == 0 ) { set_msglevel( $stderrmsglevel, "warn", $logmsglevel ); } elsif( $verbose == 1 ) { set_msglevel( $stderrmsglevel, "info", $logmsglevel ); } elsif( $verbose == 2 ) { set_msglevel( $stderrmsglevel, "debug", $logmsglevel ); } else { set_msglevel( $stderrmsglevel, $stdoutmsglevel, $logmsglevel ); } ###################### # handling of @names # ###################### while (defined(my $arg = shift(@ARGV))) { if (defined($names[0]) && $arg =~ /^--/) { log_fatal( mtx("No options allowed after names.") ); exit( RET_INVALID_CALL ); } else { # it's a username push (@names, $arg); } } if(@names == 0) { if($action eq "delgroup") { print (gtx("Enter a group name to remove: ")); } else { print (gtx("Enter a user name to remove: ")); } chomp(my $answer=<STDIN>); push(@names, $answer); } if (length($names[0]) == 0 || @names > 2) { log_fatal( mtx("Only one or two names allowed.") ); exit( RET_INVALID_CALL ); } if(@names == 2) { # must be deluserfromgroup $action = "deluserfromgroup"; $user = shift(@names); $group = shift(@names); } else { if($action eq "delgroup") { $group = shift(@names); } else { $user = shift(@names); } } undef(@names); $ENV{"VERBOSE"} = $verbose; $ENV{"DEBUG"} = $verbose; ########################################################## # (1) preseed the config # (2) read the default /etc/adduser.conf configuration. # (3) read the default /etc/deluser.conf configuration. # (4) process commmand line settings # last match wins ########################################################## preseed_config (\@defaults,\%config); foreach(keys(%pconfig)) { $config{$_} = $pconfig{$_} if ($pconfig{$_}); } if (($config{remove_home} || $config{remove_all_files} || $config{backup}) && ($install_more_packages)) { log_fatal( mtx("In order to use the --remove-home, --remove-all-files, and --backup features, you need to install the `perl' package. To accomplish that, run apt-get install perl.") ); exit( RET_MORE_PACKAGES ); } my ($pw_uid, $pw_gid, $pw_homedir, $gr_gid, $maingroup); if(defined($user)) { my @passwd = getpwnam($user); $pw_uid = $passwd[2]; $pw_gid = $passwd[3]; $pw_homedir = $passwd[7]; $maingroup = $pw_gid ? getgrgid($pw_gid) : ""; } if(defined($group)) { #($gr_name,$gr_passwd,$gr_gid,$gr_members) = getgrnam($group); my @group = getgrnam($group); $gr_gid = $group[2]; } # arguments are processed: # # $action = "deluser" # $user name of the user to remove # # $action = "delgroup" # $group name of the group to remove # # $action = "deluserfromgroup" # $user the user to be remove # $group the group to remove him/her from if($action eq "deluser") { my($dummy1,$dummy2,$uid); # Don't allow a non-system user to be deleted when --system is given # Also, "user does not exist" is only a warning with --system, but an # error without --system. if( $config{"system"} ) { if( ($dummy1,$dummy2,$uid) = getpwnam($user) ) { if ( ($uid < $config{"first_system_uid"} || $uid > $config{"last_system_uid" } ) ) { log_warn( mtx("The user `%s' is not a system user. Exiting."), $user); exit( RET_WRONG_OBJECT_PROPERTIES ); } } else { log_info( mtx("The user `%s' does not exist, but --system was given. Exiting."), $user); exit( RET_OK ); } } unless(exist_user($user)) { log_fatal( mtx("The user `%s' does not exist."), $user ); exit( RET_OBJECT_DOES_NOT_EXIST ); } # Warn in any case if you want to remove the root account if ((defined($pw_uid)) && ($pw_uid == 0) && (!defined($no_preserve_root))) { log_fatal( mtx("WARNING: You are just about to delete the root account (uid 0). Usually this is never required as it may render the whole system unusable. If you really want this, call deluser with parameter --no-preserve-root. Stopping now without having performed any action") ); exit( RET_DONT_REMOVE_ROOT ); } # consistency check # if --backup-to is specified, --backup should be set too if ($pconfig{"backup_to"}) { $config{"backup"} = 1; } if($config{"remove_home"} || $config{"remove_all_files"}) { log_info( mtx("Looking for files to backup/remove ...") ); my @mountpoints; my $exclude_fstypes = $config{"exclude_fstypes"}; my $mount; if( !open($mount, q{<}, '/proc/mounts') ) { log_fatal( mtx("failed to open /proc/mounts: %s") , $! ); exit( RET_FILE_ERROR ); } while (<$mount>) { my @temparray = split; my ($fstype, $fname) = ($temparray[2], $temparray[1]); next if $fname eq '/'; next if $fname eq '/home'; push @mountpoints,$fname if ($fstype =~ /$exclude_fstypes/); } if( !close($mount) ) { log_fatal( mtx("failed to close /proc/mounts: %s"), $!); exit( RET_FILE_ERROR ); } my(@files,@dirs); if($config{"remove_home"}) { # collect all files in user home sub home_match { push(@files, $File::Find::name) if(-f $File::Find::name || -l $File::Find::name); push(@dirs, $File::Find::name) if(-d $File::Find::name); } # sub home_match # collect ecryptfs config files not stored in $HOME sub ecryptfs_match { if ( $File::Find::name !~ m[^/var/lib/ecryptfs/\Q$user] && $File::Find::name !~ m[^/home/\.ecryptfs/\Q$user]) { $File::Find::prune=1; return; } push(@files, $File::Find::name) if(-f $File::Find::name || -l $File::Find::name); push(@dirs, $File::Find::name) if(-d $File::Find::name); } # sub ecryptfs_match File::Find::find({wanted => \&home_match, untaint => 1, no_chdir => 1}, $pw_homedir) if(-d "$pw_homedir"); if(-d "/var/lib/ecryptfs/$user") { File::Find::find({wanted => \&ecryptfs_match, untaint => 1, no_chdir => 1}, "/var/lib/ecryptfs/$user"); } elsif (-d "/home/.ecryptfs/$user") { File::Find::find({wanted => \&ecryptfs_match, untaint => 1, no_chdir => 1}, "/home/.ecryptfs/$user"); } push(@files, "/var/mail/$user") if(-e "/var/mail/$user"); } if ($config{"remove_all_files"}) { # collect all files on system belonging to that user sub find_match { my ($dev,$ino,$mode,$nlink,$uid,$gid) = lstat; foreach my $mount (@mountpoints) { if( $File::Find::name eq $mount ) { log_info( mtx("Not backing up/removing `%s', it is a mount point."), $File::Find::name ); $File::Find::prune=1; return; } } foreach my $re ( split ' ', $config{"no_del_paths"} ) { if( $File::Find::name =~ qr/$re/ ) { log_info( mtx("Not backing up/removing `%s', it matches %s."), $File::Find::name, $re); $File::Find::prune=1; return; } } (defined($uid) && ($uid == $pw_uid)) && ( (-f $File::Find::name && push(@files, $File::Find::name)) || (-l $File::Find::name && push(@files, $File::Find::name)) || (-d $File::Find::name && push(@dirs, $File::Find::name)) || (-S $File::Find::name && push(@files, $File::Find::name)) || (-p $File::Find::name && push(@files, $File::Find::name)) ); if ( -b $File::Find::name || -c $File::Find::name ) { log_warn( mtx("Cannot handle special file %s"), $File::Find::name ); } } # sub find_match File::Find::find({wanted => \&find_match, untaint => 1, no_chdir => 1}, '/'); } if($config{"backup"}) { log_info( mtx("Backing up files to be removed to %s ..."), $config{"backup_to"} ); my $filesfile = new File::Temp(TEMPLATE=>"deluser.XXXXX", DIR=>"/tmp"); my $filesfilename = $filesfile->filename; my $backup_name = $config{"backup_to"} . "/$user.tar"; print $filesfile join("\n", map { s/^\///r } @files); $filesfile->close(); my $tar = &which('tar'); &check_backup_suffix(); $backup_name .= $config{'backup_suffix'}; log_debug( "backup_name = %s", $backup_name ); &systemcall($tar, "--directory", "/", "--auto-compress", "-cf", $backup_name, "--files-from", $filesfilename); chmod 0600, $backup_name; my $rootid = 0; chown $rootid, $rootid, $backup_name; unlink($filesfilename); } if(@files || @dirs) { log_info( mtx("Removing files ...") ); unlink(@files) if(@files); foreach(reverse(sort(@dirs))) { rmdir unless /^$config{dhome}$/ || /^\/$/; } } } if (-x '/usr/bin/crontab') { log_info( mtx("Removing crontab ...") ); if (&systemcall_silent('/usr/bin/crontab', '-u', $user, '-l') == 0) { &systemcall_or_warn('/usr/bin/crontab', '-u', $user, '-r'); } } else { log_warn( mtx("`%s' not executed. Skipping crontab removal. Package `cron' required."), '/usr/bin/crontab' ); } log_info( mtx("Removing user `%s' ..."), $user); acquire_lock(); &systemcall('/usr/sbin/userdel', $user); release_lock(); &systemcall('/usr/local/sbin/deluser.local', $user, $pw_uid, $pw_gid, $pw_homedir) if (-x "/usr/local/sbin/deluser.local"); exit( RET_OK ); } if ($action eq 'delgroup') { unless (exist_group($group)) { if( $config{'system'} ) { log_info( mtx("The group `%s' does not exist."), $group); exit( RET_OK ); } else { log_warn( mtx("The group `%s' does not exist."), $group); exit( RET_OBJECT_DOES_NOT_EXIST ); } } my($dummy,$gid,$members); unless( (($dummy, $dummy, $gid, $members ) = getgrnam($group)) ) { log_fatal( mtx("getgrnam `%s' failed: %s. This shouldn't happen."), $group, $! ); exit( RET_SYSTEM_ERROR ); } if( $config{"system"} && ($gid < $config{"first_system_gid"} || $gid > $config{"last_system_gid" } )) { log_fatal( mtx("The group `%s' is not a system group. Exiting."), $group ); exit( RET_WRONG_OBJECT_PROPERTIES ); } if( $config{"only_if_empty"} && $members ne "") { log_fatal( mtx("The group `%s' is not empty!"), $group ); exit( RET_GROUP_NOT_EMPTY ); } # groupdel will error out if there are users left that # have $group as primary group. We are not checking this # ourself since this would mean enumerating all users. log_info( mtx("Removing group `%s' ..."), $group ); my $groupdel = &which('groupdel'); acquire_lock(); &systemcall($groupdel,$group); release_lock(); exit 0; } if($action eq 'deluserfromgroup') { unless(exist_user($user)) { log_fatal( mtx("The user `%s' does not exist.\n"), $user ); exit( RET_OBJECT_DOES_NOT_EXIST ); } unless(exist_group($group)) { log_fatal( mtx("The group `%s' does not exist.\n"), $group ); exit( RET_OBJECT_DOES_NOT_EXIST ); } if($maingroup eq $group) { log_fatal( mtx("You may not remove the user from their primary group.") ); exit( RET_NO_PRIMARY_GROUP ); } my $is_member; my @members; foreach my $member (get_group_members($group)) { if ($member eq $user) { $is_member = 1; next; } push @members, $member; } unless($is_member) { log_fatal( mtx("The user `%s' is not a member of group `%s'."), $user, $group ); exit( RET_USER_NOT_IN_GROUP ); } log_info( mtx("Removing user `%s' from group `%s' ..."), $user, $group ); acquire_lock(); &systemcall('/usr/bin/gpasswd', '-M', join(',', @members), $group); release_lock(); } ###### sub version { printf( gtx("deluser version %s\n\n"), $version); print( gtx("Removes users and groups from the system. For detailed copyright information, please refer to /usr/share/doc/adduser/copyright. \n") ); print( gtx("This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License, /usr/share/common-licenses/GPL, for more details. ") ); } sub usage { printf( gtx( "deluser [--system] [--remove-home] [--remove-all-files] [--backup] [--backup-to dir] [--backup-suffix str] [--conf file] [--quiet] [--verbose] [--debug] user remove a normal user from the system deluser --group [--system] [--only-if-empty] [--conf file] [--quiet] [--verbose] [--debug] group delgroup [--system] [--only-if-empty] [--conf file] [--quiet] [--verbose] [--debug] group remove a group from the system deluser [--conf file] [--quiet] [--verbose] [--debug] user group remove the user from a group\n") ); } sub exist_user { my $exist_user = shift; return(defined getpwnam($exist_user)); } sub exist_group { my $exist_group = shift; return(defined getgrnam($exist_group)); } sub check_backup_suffix { my $tar = &which('tar'); my $suffix = $config{'backup_suffix'} || 'gz'; if ($suffix !~ /^\./) { $suffix = ".$suffix"; } my $filename = '/tmp/deluser-check.tar'; my $testfile = 'usr/sbin/deluser'; &systemcall_silent_error($tar, '--auto-compress', '--directory', '/', '-cf', $filename.$suffix, $testfile); if ($?) { # compressor recognized, not available log_warn( mtx("Backup suffix %s unavailable, using gzip."), $suffix ); $suffix = '.gz'; } else { # no error, check if compressed &systemcall_silent($tar, '--directory', '/', '-cf', $filename, $testfile); my @zstat = stat($filename.$suffix); my @ustat = stat($filename); unlink($filename, $filename.$suffix); if ($zstat[7] == $ustat[7]) { log_warn( mtx("Backup suffix %s unavailable, using gzip."), $suffix ); $suffix = '.gz'; } } $config{'backup_suffix'} = $suffix; } # vim: tabstop=4 shiftwidth=4 expandtab