nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-02-11 08:23:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove POSIX users.

Browse Source
This commit is contained in:
James Valleroy 2015-07-09 21:30:05 -04:00 committed by Sunil Mohan Adapa
parent d672e24ac4
commit 2adf14b8b7
14 changed files with 15 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
actions/change-user-password
View File

@ -1,34 +0,0 @@
#!/bin/bash
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
password="$2"
getent passwd "$username"
if [ $? -ne 0 ]; then
echo "Failed: user not found"
exit
fi
echo "$username:$password" | chpasswd
if [ $? -ne 0 ]; then
echo "Failed: could not set user password"
exit 2
fi

28
actions/check-user-exists
View File

@ -1,28 +0,0 @@
#!/bin/sh
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Can be run as normal user.
username="$1"
getent passwd "$username" >/dev/null
if [ $? -eq 0 ]; then
echo "User exists"
else
echo "User does not exist"
fi

9
actions/create-ldap-user
View File

@ -30,6 +30,11 @@ cn: $username
userPassword: $password
EOF
if [ $? -ne 0 ]; then
echo "Failed to create user"
exit 1
fi
uid_num=$(getent passwd | awk -F: '($3>=1000) && ($3<59999) && ($3>maxuid) { maxuid=$3; } END { print maxuid+1; }')
home_dir=/home/$username
@ -50,8 +55,8 @@ homeDirectory: $home_dir
EOF
if [ $? -ne 0 ]; then
echo "Failed to create user"
exit 1
echo "Failed to create posix account for user"
exit 2
fi
# check if admin group exists

38
actions/create-user
View File

@ -1,38 +0,0 @@
#!/bin/bash
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
username="$1"
password="$2"
adduser --disabled-password --gecos "" "$username"
if [ $? -ne 0 ]; then
echo "Failed to create user"
exit 1
fi
adduser "$username" sudo
if [ $? -ne 0 ]; then
echo "Failed to add user to sudo group"
exit 2
fi
echo "$username:$password" | chpasswd
if [ $? -ne 0 ]; then
echo "Failed to set user password"
exit 3
fi

35
actions/delete-user
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
getent passwd "$username"
if [ $? -ne 0 ]; then
echo "Failed: user not found"
exit
fi
deluser "$username"
if [ $? -eq 0 ]; then
echo "Success: user deleted"
else
echo "Failed: userdel error"
exit 2
fi

33
actions/disable-user
View File

@ -1,33 +0,0 @@
#!/bin/sh
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
getent passwd "$username"
if [ $? -ne 0 ]; then
echo "Failed: user not found"
exit
fi
usermod --expiredate 1 "$username"
if [ $? -ne 0 ]; then
echo "Failed"
exit 2
fi

33
actions/enable-user
View File

@ -1,33 +0,0 @@
#!/bin/sh
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
getent passwd "$username"
if [ $? -ne 0 ]; then
echo "Failed: user not found"
exit
fi
usermod --expiredate "" "$username"
if [ $? -ne 0 ]; then
echo "Failed"
exit 2
fi

36
actions/rename-user
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
old_username="$1"
new_username="$2"
getent passwd "$old_username"
if [ $? -ne 0 ]; then
echo "Failed: user not found"
exit
fi
usermod -l "$new_username" "$old_username"
if [ $? -eq 0 ]; then
echo "Success: user renamed"
else
echo "Failed: user rename failed"
exit 2
fi

11
plinth/modules/first_boot/forms.py
View File

@ -52,8 +52,8 @@ than 63 characters in length.'),
'username':
_('Choose a username and password to access this web interface. '
'The password can be changed and other users can be added '
'later. A POSIX system user with administrative privileges '
'(sudo) is also created.'),
'later. An LDAP user with administrative privileges (sudo) is '
'also created.'),
}
def save(self, commit=True):
@ -63,13 +63,6 @@ than 63 characters in length.'),
user.set_password(self.cleaned_data['password'])
if commit:
user.save()
try:
actions.superuser_run(
'create-user',
[user.get_username(), self.cleaned_data['password']])
except ActionError:
messages.error(self.request,
_('Creating POSIX system user failed.'))
try:
actions.superuser_run(

55
plinth/modules/users/forms.py
View File

@ -28,16 +28,9 @@ from plinth.errors import ActionError
class CreateUserForm(UserCreationForm):
"""Custom user create form.
Include options to also create POSIX and LDAP user.
Include option to also create LDAP user.
"""
add_posix_user = forms.BooleanField(
label=_('Also create a POSIX system user'),
required=False,
help_text=_('This will allow the new user to log in to the system '
'through SSH. The new user will also have administrative '
'privileges (sudo).'))
add_ldap_user = forms.BooleanField(
label=_('Also create an LDAP user'),
required=False,
@ -50,19 +43,10 @@ class CreateUserForm(UserCreationForm):
super(CreateUserForm, self).__init__(*args, **kwargs)
def save(self, commit=True):
"""Save the user model and create POSIX user if required."""
"""Save the user model and create LDAP user if required."""
user = super(CreateUserForm, self).save(commit)
if commit:
if self.cleaned_data['add_posix_user']:
try:
actions.superuser_run(
'create-user',
[user.get_username(), self.cleaned_data['password1']])
except ActionError:
messages.error(self.request,
_('Creating POSIX system user failed.'))
if self.cleaned_data['add_ldap_user']:
try:
actions.superuser_run(
@ -76,7 +60,7 @@ class CreateUserForm(UserCreationForm):
class UserUpdateForm(forms.ModelForm):
"""When user is enabled/disabled, also enables/disables the POSIX user."""
"""When user info is changed, also updates LDAP user."""
class Meta:
"""Metadata to control automatic form building."""
@ -93,29 +77,11 @@ class UserUpdateForm(forms.ModelForm):
super(UserUpdateForm, self).__init__(*args, **kwargs)
def save(self, commit=True):
"""Enable/disable POSIX user after saving user model."""
"""Update LDAP user name after saving user model."""
user = super(UserUpdateForm, self).save(commit)
if commit:
try:
if user.is_active:
actions.superuser_run('enable-user', [user.get_username()])
else:
actions.superuser_run('disable-user',
[user.get_username()])
except ActionError:
messages.error(
self.request,
_('Setting active status for POSIX system user failed.'))
if self.username != user.get_username():
try:
actions.superuser_run('rename-user',
[self.username, user.get_username()])
except ActionError:
messages.error(self.request,
_('Renaming POSIX system user failed.'))
try:
actions.superuser_run('rename-ldap-user',
[self.username, user.get_username()])
@ -127,7 +93,7 @@ class UserUpdateForm(forms.ModelForm):
class UserChangePasswordForm(SetPasswordForm):
"""Custom form that also updates password for POSIX users."""
"""Custom form that also updates password for LDAP users."""
def __init__(self, request, *args, **kwargs):
"""Initialize the form with extra request argument."""
@ -135,18 +101,9 @@ class UserChangePasswordForm(SetPasswordForm):
super(UserChangePasswordForm, self).__init__(*args, **kwargs)
def save(self, commit=True):
"""Save the user model and change POSIX password as well."""
"""Save the user model and change LDAP password as well."""
user = super(UserChangePasswordForm, self).save(commit)
if commit:
try:
actions.superuser_run(
'change-user-password',
[user.get_username(), self.cleaned_data['new_password1']])
except ActionError:
messages.error(
self.request,
_('Changing POSIX system user password failed.'))
try:
actions.superuser_run(
'change-ldap-user-password',

6
plinth/modules/users/templates/users_change_password.html
View File

@ -31,12 +31,6 @@
{{ form|bootstrap }}
{% if is_posix_user %}
<p>This user is also a POSIX system user and password for POSIX system
user will also be updated.
</p>
{% endif %}
{% if is_ldap_user %}
<p>This user is also an LDAP user and password for LDAP user will also
be updated.

6
plinth/modules/users/templates/users_delete.html
View File

@ -24,12 +24,6 @@
<h3>Delete User <em>{{ object.username }}</em></h3>
{% if is_posix_user %}
<p>This user is also a POSIX system user. POSIX system user will also be
deleted.
</p>
{% endif %}
{% if is_ldap_user %}
<p>This user is also an LDAP user. LDAP user will also be deleted.</p>
{% endif %}

6
plinth/modules/users/templates/users_update.html
View File

@ -46,12 +46,6 @@
{{ form|bootstrap }}
{% if is_posix_user %}
<p>This user is also a POSIX system user and, if active, can log in to
the system through SSH.
</p>
{% endif %}
{% if is_ldap_user %}
<p>This user is also an LDAP user.</p>
{% endif %}

12
plinth/modules/users/views.py
View File

@ -88,8 +88,6 @@ class UserUpdate(ContextMixin, SuccessMessageMixin, UpdateView):
def get_context_data(self, **kwargs):
"""Return the data to be used for rendering templates."""
context = super(UserUpdate, self).get_context_data(**kwargs)
output = actions.run('check-user-exists', [self.object.username])
context['is_posix_user'] = 'User exists' in output
output = actions.run('check-ldap-user-exists', [self.object.username])
context['is_ldap_user'] = 'User exists' in output
return context
@ -114,8 +112,6 @@ class UserDelete(ContextMixin, DeleteView):
def get_context_data(self, **kwargs):
"""Return the data to be used for rendering templates."""
context = super(UserDelete, self).get_context_data(**kwargs)
output = actions.run('check-user-exists', [self.kwargs['slug']])
context['is_posix_user'] = 'User exists' in output
output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
context['is_ldap_user'] = 'User exists' in output
return context
@ -131,12 +127,6 @@ class UserDelete(ContextMixin, DeleteView):
message = _('User %s deleted.') % self.kwargs['slug']
messages.success(self.request, message)
try:
actions.superuser_run('delete-user', [self.kwargs['slug']])
except ActionError:
messages.error(self.request,
_('Deleting POSIX system user failed.'))
try:
actions.superuser_run('delete-ldap-user', [self.kwargs['slug']])
except ActionError:
@ -163,8 +153,6 @@ class UserChangePassword(ContextMixin, SuccessMessageMixin, FormView):
def get_context_data(self, **kwargs):
"""Return the data to be used for rendering templates."""
context = super(UserChangePassword, self).get_context_data(**kwargs)
output = actions.run('check-user-exists', [self.kwargs['slug']])
context['is_posix_user'] = 'User exists' in output
output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
context['is_ldap_user'] = 'User exists' in output
return context