46 Deleting a User Account


#46 Deleting a User Account

Deleting an account is a bit more tricky than suspending it, because the script needs to check the entire file system for files owned by the user, and this must be done before the account information is removed from /etc/passwd and /etc/shadow .

The Code

 #!/bin/sh ## deleteuser - Deletes a user account without a trace... #           Not for use with Mac OS X homedir="/home" pwfile="/etc/passwd"            shadow="/etc/shadow" newpwfile="/etc/passwd.new"     newshadow="/etc/shadow.new" suspend="/usr/local/bin/suspenduser" locker="/etc/passwd.lock" if [ -z  ] ; then   echo "Usage: 
 #!/bin/sh ## deleteuser - Deletes a user account without a trace... # Not for use with Mac OS X homedir="/home" pwfile="/etc/passwd" shadow="/etc/shadow" newpwfile="/etc/passwd.new" newshadow="/etc/shadow.new" suspend="/usr/local/bin/suspenduser" locker="/etc/passwd.lock" if [ -z $1 ] ; then echo "Usage: $0 account" >&2; exit 1 elif [ "$(whoami)" != "root" ] ; then echo "Error: you must be 'root' to run this command.">&2; exit 1 fi $suspend $1 # suspend their account while we do the dirty work uid="$(grep -E "^${1}:" $pwfile  cut -d: -f3)" if [ -z $uid ] ; then echo "Error: no account $1 found in $pwfile" >&2; exit 1 fi # Remove from the password and shadow files grep -vE "^${1}:" $pwfile > $newpwfile grep -vE "^${1}:" $shadow > $newshadow lockcmd="$(which lockfile)" # find lockfile app in the path if [ ! -z $lockcmd ] ; then # let's use the system lockfile eval $lockcmd -r 15 $locker else # ulp, let's do it ourselves while [ -e $locker ] ; do echo "waiting for the password file" ; sleep 1 done touch $locker # created a file-based lock fi mv $newpwfile $pwfile mv $newshadow $shadow rm -f $locker # click! unlocked again chmod 644 $pwfile chmod 400 $shadow # Now remove home directory and list anything left... rm -rf $homedir/$1 echo "Files still left to remove (if any):" find / -uid $uid -print 2>/dev/null  sed 's/^/ /' echo "" echo "Account $1 (uid $uid) has been deleted, and their home directory " echo "($homedir/$1) has been removed." exit 0 
account" >&2; exit 1 elif [ "$(whoami)" != "root" ] ; then echo "Error: you must be 'root' to run this command.">&2; exit 1 fi $suspend # suspend their account while we do the dirty work uid="$(grep -E "^:" $pwfile cut -d: -f3)" if [ -z $uid ] ; then echo "Error: no account found in $pwfile" >&2; exit 1 fi # Remove from the password and shadow files grep -vE "^:" $pwfile > $newpwfile grep -vE "^:" $shadow > $newshadow lockcmd="$(which lockfile)" # find lockfile app in the path if [ ! -z $lockcmd ] ; then # let's use the system lockfile eval $lockcmd -r 15 $locker else # ulp, let's do it ourselves while [ -e $locker ] ; do echo "waiting for the password file" ; sleep 1 done touch $locker # created a file-based lock fi mv $newpwfile $pwfile mv $newshadow $shadow rm -f $locker # click! unlocked again chmod 644 $pwfile chmod 400 $shadow # Now remove home directory and list anything left... rm -rf $homedir/ echo "Files still left to remove (if any):" find / -uid $uid -print 2>/dev/null sed 's/^/ /' echo "" echo "Account (uid $uid) has been deleted, and their home directory " echo "($homedir/) has been removed." exit 0

How It Works

To avoid any problems with things changing underfoot, notice that the very first task that deleteuser performs is to suspend the user account by calling suspenduser .

Before modifying the password file, this script locks it using the lockfile program, if it's available. If not, it drops back to a relatively primitive locking mechanism through the creation of the file /etc/passwd.lock . If the lock file already exists, this script will sit and wait for it to be deleted by another program; once it's gone, deleteuser immediately creates it and proceeds.

Running the Code

This script must be run as root (use sudo ) and needs the name of the account to delete specified as the command argument.

Danger!  

Notice that this script is irreversible and causes lots of files to vanish , so do be careful if you want to experiment with it!

The Results

 $  sudo deleteuser snowy  Please change account snowy password to something new. Changing password for user snowy. New password: Retype new password: passwd: all authentication tokens updated successfully. Account snowy has been suspended. Files still left to remove (if any):   /var/log/dogbone.avi Account snowy (uid 502) has been deleted, and their home directory (/home/snowy) has been removed. 

That sneaky Snowy had hidden an AVI file ( dogbone.avi ) in /var/log . Lucky we noticed that ” who knows what it could be?

Hacking the Script

This deleteuser script is deliberately not complete. Sysadmins will decide what additional steps to take, whether it is compressing and archiving a final copy of the account files, writing them to tape, burning them on a CD-ROM, or even mailing them directly to the FBI (hopefully I'm just kidding on that last one). In addition, the account needs to be removed from the /etc/ group files. If there are stray files outside of the user's home directory, the find command identifies them, but it's still up to the admin to examine and delete each one, as appropriate.




Wicked Cool Shell Scripts. 101 Scripts for Linux, Mac OS X, and Unix Systems
Wicked Cool Shell Scripts
ISBN: 1593270127
EAN: 2147483647
Year: 2004
Pages: 150
Authors: Dave Taylor

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net