Date: Wed, 17 Jan 1996 09:47:27 +0200 (GMT) From: Robin Lunn <robin@is.co.za> To: wosch@cs.tu-berlin.de Cc: hackers@freebsd.org Subject: Re: user management stuff Message-ID: <199601170747.JAA13326@admin.is.co.za> In-Reply-To: <199601162215.XAA01147@localhost> from "Wolfram Schneider" at Jan 16, 96 11:15:36 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Wolfram Schneider wrote:
> Robin Lunn writes:
> >I was horrified to see that /usr/sbin/adduser does no locking of the password
> >file! I recommend that instead of attempting to add the entry directly that
> >the program simply invoke chpass -a <list> which will see to it that locking
> >is done etc. Much safer.
>
> Old chpass (FreeBSD 2.0) core dumped.
if(!flock(MASTER_PW,6))
{ close(TMP_PW);
unlink(TMP_PW);
close(MASTER_PW);
die "Could not lock $masterpasswd! Quitting.\n";
}
.....
flock(MASTER_PW,8);
> >Also, I've made a userdel script in perl. It was written on company time and
> >so my company has the copyright. The company is however happy to allow this
> >to be freely released. Should I put this on a news group or would someone
> >like to have a look and perhaps put it into future FreeBSD releases?
>
> This is the 3th deluser perl script.
>
> I don't like the idea of a delete user script. It is too complex. I
> recommend first a man page with a brief description of possible
> problems.
>
> - delete password entry
> - delete user from group database (/etc/group), may be delete
> groups
> - delete ppp password (/etc/ppp/*)
> - delete slip entries (/etc/sliphome*)
> - delete user from /etc/ftpusers
> - check for other users with same uid (may be also for groups)
> - remove home dir
> - remove WWW files (/~user), which are not in HOME located
> - check other FS, $ find / -user user -print
> - delete user from /etc/inetd.conf, remove files which owned by user
> - delete user from /etc/rc.local if the user start programs
> - remove mailbox
> - delete mail aliases (/etc/aliases, may be /etc/sendmail.cf)
> - delete crontab entries (/etc/crontab, /var/cron/allow,
> /var/cron/deny, /var/cron/tabs/user)
> - delete at(8) entries
> - delete user phone numbers in /etc/phones
> - remove quota
I agree that removing every trace of the user is highly complex, but for most
people I think its fine to simply delete the homedir and mailbox and preserve
any files that were under the homedir that did not belong to that user.
I'm a firm believer in the 80% solution. (Ok.. maybe 69% in this case).
Certainly doing a find / -user ... for each user is unfeasable and perhaps
indexing the entire filesystem once and then making such checks against
multiple users being deleted is also too much. Each of the other systems
(mail, cron etc) will barf at unknown users in their own time and such
problems can be addressed then. Containing complexity is a major goal in my
current project and hence I've ignored the more complex scenarios. The
goals/circumstances of my project wont necesarily coincide with every admin's
list of things that they do with their users, and hence the script may not be
appropriate. I thought that 69% was better than the percentage of
current solutions.
--
_ __ | Only my ideas here unless I say otherwise... _
' ) ) / | (BeamJack@IRC) / \
/--' ____/___o __ | | /
/ \_(_) /_) (__/) )_ | \
"I didn't know it was impossible when I did it!" \
/\
| |
\/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601170747.JAA13326>