From owner-freebsd-hackers Tue Jan 16 23:47:40 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA23935 for hackers-outgoing; Tue, 16 Jan 1996 23:47:40 -0800 (PST) Received: from apollo.is.co.za (apollo.is.co.za [196.4.160.2]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA23926 for ; Tue, 16 Jan 1996 23:47:33 -0800 (PST) Received: from admin.is.co.za (admin.is.co.za [196.23.0.9]) by apollo.is.co.za (8.6.12/SMI-SVR4tmp8) id JAA14974; Wed, 17 Jan 1996 09:47:07 +0200 Received: (from robin@localhost) by admin.is.co.za (8.6.12/8.6.12) id JAA13326; Wed, 17 Jan 1996 09:47:27 +0200 From: Robin Lunn Message-Id: <199601170747.JAA13326@admin.is.co.za> Subject: Re: user management stuff To: wosch@cs.tu-berlin.de Date: Wed, 17 Jan 1996 09:47:27 +0200 (GMT) Cc: hackers@freebsd.org In-Reply-To: <199601162215.XAA01147@localhost> from "Wolfram Schneider" at Jan 16, 96 11:15:36 pm X-Organisation: The Internet Solution (Pty) Ltd. X-Phone: +27-11-4475566; Fax: +27-11-4475567 Reply-To: robin@is.co.za X-AIDAT-Member: See http://www.aidat.org X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@freebsd.org Precedence: bulk Wolfram Schneider wrote: > Robin Lunn writes: > >I was horrified to see that /usr/sbin/adduser does no locking of the password > >file! I recommend that instead of attempting to add the entry directly that > >the program simply invoke chpass -a which will see to it that locking > >is done etc. Much safer. > > Old chpass (FreeBSD 2.0) core dumped. if(!flock(MASTER_PW,6)) { close(TMP_PW); unlink(TMP_PW); close(MASTER_PW); die "Could not lock $masterpasswd! Quitting.\n"; } ..... flock(MASTER_PW,8); > >Also, I've made a userdel script in perl. It was written on company time and > >so my company has the copyright. The company is however happy to allow this > >to be freely released. Should I put this on a news group or would someone > >like to have a look and perhaps put it into future FreeBSD releases? > > This is the 3th deluser perl script. > > I don't like the idea of a delete user script. It is too complex. I > recommend first a man page with a brief description of possible > problems. > > - delete password entry > - delete user from group database (/etc/group), may be delete > groups > - delete ppp password (/etc/ppp/*) > - delete slip entries (/etc/sliphome*) > - delete user from /etc/ftpusers > - check for other users with same uid (may be also for groups) > - remove home dir > - remove WWW files (/~user), which are not in HOME located > - check other FS, $ find / -user user -print > - delete user from /etc/inetd.conf, remove files which owned by user > - delete user from /etc/rc.local if the user start programs > - remove mailbox > - delete mail aliases (/etc/aliases, may be /etc/sendmail.cf) > - delete crontab entries (/etc/crontab, /var/cron/allow, > /var/cron/deny, /var/cron/tabs/user) > - delete at(8) entries > - delete user phone numbers in /etc/phones > - remove quota I agree that removing every trace of the user is highly complex, but for most people I think its fine to simply delete the homedir and mailbox and preserve any files that were under the homedir that did not belong to that user. I'm a firm believer in the 80% solution. (Ok.. maybe 69% in this case). Certainly doing a find / -user ... for each user is unfeasable and perhaps indexing the entire filesystem once and then making such checks against multiple users being deleted is also too much. Each of the other systems (mail, cron etc) will barf at unknown users in their own time and such problems can be addressed then. Containing complexity is a major goal in my current project and hence I've ignored the more complex scenarios. The goals/circumstances of my project wont necesarily coincide with every admin's list of things that they do with their users, and hence the script may not be appropriate. I thought that 69% was better than the percentage of current solutions. -- _ __ | Only my ideas here unless I say otherwise... _ ' ) ) / | (BeamJack@IRC) / \ /--' ____/___o __ | | / / \_(_) /_) (__/) )_ | \ "I didn't know it was impossible when I did it!" \ /\ | | \/