48 Cleaning Up After Guests Leave
#48 Cleaning Up After Guests Leave
Although many sites disable the guest user for security reasons, others do have a guest account (often with a trivially guessable password) to allow people from other departments to access the network. It's a useful account, but there's one big problem: With multiple people sharing the same account, it's not uncommon for someone to experiment with commands, edit .rc files, add subdirectories, and so forth, thereby leaving things messed up for the next user.
This script addresses the problem by cleaning up the account space each time a user logs out from the guest account, deleting any files or subdirectories created, removing all dot files, and then rebuilding the official account files, copies of which are stored in a read-only archive tucked into the guest account in the ..template directory.
The Code
#!/bin/sh # fixguest - Cleans up the guest account during the logout process. # Don't trust environment variables: reference read-only sources iam=$(whoami) myhome="$(grep "^${iam}:" /etc/passwd cut -d: -f6)" # *** Do NOT run this script on a regular user account! if [ "$iam" != "guest" ] ; then echo "Error: you really don't want to run fixguest on this account." >&2 exit 1 fi if [ ! -d $myhome/..template ] ; then echo " #!/bin/sh # fixguest - Cleans up the guest account during the logout process. # Don't trust environment variables : reference read-only sources iam=$(whoami) myhome="$(grep "^${iam}:" /etc/passwd cut -d: -f6)" # *** Do NOT run this script on a regular user account! if [ "$iam" != "guest" ] ; then echo "Error: you really don't want to run fixguest on this account." >&2 exit 1 fi if [ ! -d $myhome/..template ] ; then echo "$0: no template directory found for rebuilding." >&2 exit 1 fi # Remove all files and directories in the home account cd $myhome rm -rf * $(find . - name ".[a-zA-Z0-9]*" -print) # Now the only thing present should be the ..template directory cp -Rp ..template/* . exit 0 : no template directory found for rebuilding." >&2 exit 1 fi # Remove all files and directories in the home account cd $myhome rm -rf * $(find . -name ".[a-zA-Z0-9]*" -print) # Now the only thing present should be the ..template directory cp -Rp ..template/* . exit 0 How It Works
For this script to work correctly, you'll want to create a master set of template files and directories within the guest home directory, tucked into a new directory called ..template . Change the permissions of the ..template directory to read-only, and then within ..template ensure that all the files and directories have the proper ownership and permissions for user guest .
Running the Code
A logical time to run the fixguest script is at logout by invoking it in the .logout file (which works with most shells , though not all). It'd doubtless save you lots of complaints from users if the login script output a message like the following:
Notice: All files are purged from the guest account immediately upon logout, so please don't save anything here you need. If you want to save something, email it to your main account instead. You've been warned!
However, because some guest users might be savvy enough to tinker with the .logout script, it would be worthwhile to invoke the fixguest script from cron too. Just make sure no one's logged in to the account when it runs!
The Results
There are no visible results to running this program, except that the guest home directory will be restored to mirror the layout and files in the ..template directory.
