From 2adf14b8b72aead2fc25f2f3823594b9110954db Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Thu, 9 Jul 2015 21:30:05 -0400
Subject: [PATCH] Remove POSIX users.

---
 actions/change-user-password                  | 34 ------------
 actions/check-user-exists                     | 28 ----------
 actions/create-ldap-user                      |  9 ++-
 actions/create-user                           | 38 -------------
 actions/delete-user                           | 35 ------------
 actions/disable-user                          | 33 -----------
 actions/enable-user                           | 33 -----------
 actions/rename-user                           | 36 ------------
 plinth/modules/first_boot/forms.py            | 11 +---
 plinth/modules/users/forms.py                 | 55 ++-----------------
 .../templates/users_change_password.html      |  6 --
 .../modules/users/templates/users_delete.html |  6 --
 .../modules/users/templates/users_update.html |  6 --
 plinth/modules/users/views.py                 | 12 ----
 14 files changed, 15 insertions(+), 327 deletions(-)
 delete mode 100755 actions/change-user-password
 delete mode 100755 actions/check-user-exists
 delete mode 100755 actions/create-user
 delete mode 100755 actions/delete-user
 delete mode 100755 actions/disable-user
 delete mode 100755 actions/enable-user
 delete mode 100755 actions/rename-user

diff --git a/actions/change-user-password b/actions/change-user-password
deleted file mode 100755
index a7c953207..000000000
--- a/actions/change-user-password
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Must be run as root.
-
-username="$1"
-password="$2"
-
-getent passwd "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed: user not found"
-    exit
-fi
-
-echo "$username:$password" | chpasswd
-if [ $? -ne 0 ]; then
-    echo "Failed: could not set user password"
-    exit 2
-fi
diff --git a/actions/check-user-exists b/actions/check-user-exists
deleted file mode 100755
index b056d453b..000000000
--- a/actions/check-user-exists
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Can be run as normal user.
-
-username="$1"
-
-getent passwd "$username" >/dev/null
-if [ $? -eq 0 ]; then
-    echo "User exists"
-else
-    echo "User does not exist"
-fi
diff --git a/actions/create-ldap-user b/actions/create-ldap-user
index eda5abe04..4fbdb4c81 100755
--- a/actions/create-ldap-user
+++ b/actions/create-ldap-user
@@ -30,6 +30,11 @@ cn: $username
 userPassword: $password
 EOF
 
+if [ $? -ne 0 ]; then
+    echo "Failed to create user"
+    exit 1
+fi
+
 uid_num=$(getent passwd | awk -F: '($3>=1000) && ($3<59999) && ($3>maxuid) { maxuid=$3; } END { print maxuid+1; }')
 home_dir=/home/$username
 
@@ -50,8 +55,8 @@ homeDirectory: $home_dir
 EOF
 
 if [ $? -ne 0 ]; then
-    echo "Failed to create user"
-    exit 1
+    echo "Failed to create posix account for user"
+    exit 2
 fi
 
 # check if admin group exists
diff --git a/actions/create-user b/actions/create-user
deleted file mode 100755
index b309c2c78..000000000
--- a/actions/create-user
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-username="$1"
-password="$2"
-
-adduser --disabled-password --gecos "" "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed to create user"
-    exit 1
-fi
-
-adduser "$username" sudo
-if [ $? -ne 0 ]; then
-    echo "Failed to add user to sudo group"
-    exit 2
-fi
-
-echo "$username:$password" | chpasswd
-if [ $? -ne 0 ]; then
-    echo "Failed to set user password"
-    exit 3
-fi
diff --git a/actions/delete-user b/actions/delete-user
deleted file mode 100755
index 395aae767..000000000
--- a/actions/delete-user
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Must be run as root.
-
-username="$1"
-
-getent passwd "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed: user not found"
-    exit
-fi
-
-deluser "$username"
-if [ $? -eq 0 ]; then
-    echo "Success: user deleted"
-else
-    echo "Failed: userdel error"
-    exit 2
-fi
diff --git a/actions/disable-user b/actions/disable-user
deleted file mode 100755
index a61bca536..000000000
--- a/actions/disable-user
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/sh
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Must be run as root.
-
-username="$1"
-
-getent passwd "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed: user not found"
-    exit
-fi
-
-usermod --expiredate 1 "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed"
-    exit 2
-fi
diff --git a/actions/enable-user b/actions/enable-user
deleted file mode 100755
index 265c1f7c2..000000000
--- a/actions/enable-user
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/sh
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Must be run as root.
-
-username="$1"
-
-getent passwd "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed: user not found"
-    exit
-fi
-
-usermod --expiredate "" "$username"
-if [ $? -ne 0 ]; then
-    echo "Failed"
-    exit 2
-fi
diff --git a/actions/rename-user b/actions/rename-user
deleted file mode 100755
index b0c9fefa4..000000000
--- a/actions/rename-user
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# This file is part of Plinth.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Must be run as root.
-
-old_username="$1"
-new_username="$2"
-
-getent passwd "$old_username"
-if [ $? -ne 0 ]; then
-    echo "Failed: user not found"
-    exit
-fi
-
-usermod -l "$new_username" "$old_username"
-if [ $? -eq 0 ]; then
-    echo "Success: user renamed"
-else
-    echo "Failed: user rename failed"
-    exit 2
-fi
diff --git a/plinth/modules/first_boot/forms.py b/plinth/modules/first_boot/forms.py
index fe12bd686..994bd4f83 100644
--- a/plinth/modules/first_boot/forms.py
+++ b/plinth/modules/first_boot/forms.py
@@ -52,8 +52,8 @@ than 63 characters in length.'),
             'username':
             _('Choose a username and password to access this web interface. '
               'The password can be changed and other users can be added '
-              'later. A POSIX system user with administrative privileges '
-              '(sudo) is also created.'),
+              'later. An LDAP user with administrative privileges (sudo) is '
+              'also created.'),
         }
 
     def save(self, commit=True):
@@ -63,13 +63,6 @@ than 63 characters in length.'),
         user.set_password(self.cleaned_data['password'])
         if commit:
             user.save()
-            try:
-                actions.superuser_run(
-                    'create-user',
-                    [user.get_username(), self.cleaned_data['password']])
-            except ActionError:
-                messages.error(self.request,
-                               _('Creating POSIX system user failed.'))
 
             try:
                 actions.superuser_run(
diff --git a/plinth/modules/users/forms.py b/plinth/modules/users/forms.py
index c2c2a88cb..e72bee865 100644
--- a/plinth/modules/users/forms.py
+++ b/plinth/modules/users/forms.py
@@ -28,16 +28,9 @@ from plinth.errors import ActionError
 class CreateUserForm(UserCreationForm):
     """Custom user create form.
 
-    Include options to also create POSIX and LDAP user.
+    Include option to also create LDAP user.
     """
 
-    add_posix_user = forms.BooleanField(
-        label=_('Also create a POSIX system user'),
-        required=False,
-        help_text=_('This will allow the new user to log in to the system '
-                    'through SSH. The new user will also have administrative '
-                    'privileges (sudo).'))
-
     add_ldap_user = forms.BooleanField(
         label=_('Also create an LDAP user'),
         required=False,
@@ -50,19 +43,10 @@ class CreateUserForm(UserCreationForm):
         super(CreateUserForm, self).__init__(*args, **kwargs)
 
     def save(self, commit=True):
-        """Save the user model and create POSIX user if required."""
+        """Save the user model and create LDAP user if required."""
         user = super(CreateUserForm, self).save(commit)
 
         if commit:
-            if self.cleaned_data['add_posix_user']:
-                try:
-                    actions.superuser_run(
-                        'create-user',
-                        [user.get_username(), self.cleaned_data['password1']])
-                except ActionError:
-                    messages.error(self.request,
-                                   _('Creating POSIX system user failed.'))
-
             if self.cleaned_data['add_ldap_user']:
                 try:
                     actions.superuser_run(
@@ -76,7 +60,7 @@ class CreateUserForm(UserCreationForm):
 
 
 class UserUpdateForm(forms.ModelForm):
-    """When user is enabled/disabled, also enables/disables the POSIX user."""
+    """When user info is changed, also updates LDAP user."""
 
     class Meta:
         """Metadata to control automatic form building."""
@@ -93,29 +77,11 @@ class UserUpdateForm(forms.ModelForm):
         super(UserUpdateForm, self).__init__(*args, **kwargs)
 
     def save(self, commit=True):
-        """Enable/disable POSIX user after saving user model."""
+        """Update LDAP user name after saving user model."""
         user = super(UserUpdateForm, self).save(commit)
 
         if commit:
-            try:
-                if user.is_active:
-                    actions.superuser_run('enable-user', [user.get_username()])
-                else:
-                    actions.superuser_run('disable-user',
-                                          [user.get_username()])
-            except ActionError:
-                messages.error(
-                    self.request,
-                    _('Setting active status for POSIX system user failed.'))
-
             if self.username != user.get_username():
-                try:
-                    actions.superuser_run('rename-user',
-                                          [self.username, user.get_username()])
-                except ActionError:
-                    messages.error(self.request,
-                                   _('Renaming POSIX system user failed.'))
-
                 try:
                     actions.superuser_run('rename-ldap-user',
                                           [self.username, user.get_username()])
@@ -127,7 +93,7 @@ class UserUpdateForm(forms.ModelForm):
 
 
 class UserChangePasswordForm(SetPasswordForm):
-    """Custom form that also updates password for POSIX users."""
+    """Custom form that also updates password for LDAP users."""
 
     def __init__(self, request, *args, **kwargs):
         """Initialize the form with extra request argument."""
@@ -135,18 +101,9 @@ class UserChangePasswordForm(SetPasswordForm):
         super(UserChangePasswordForm, self).__init__(*args, **kwargs)
 
     def save(self, commit=True):
-        """Save the user model and change POSIX password as well."""
+        """Save the user model and change LDAP password as well."""
         user = super(UserChangePasswordForm, self).save(commit)
         if commit:
-            try:
-                actions.superuser_run(
-                    'change-user-password',
-                    [user.get_username(), self.cleaned_data['new_password1']])
-            except ActionError:
-                messages.error(
-                    self.request,
-                    _('Changing POSIX system user password failed.'))
-
             try:
                 actions.superuser_run(
                     'change-ldap-user-password',
diff --git a/plinth/modules/users/templates/users_change_password.html b/plinth/modules/users/templates/users_change_password.html
index e3a614c73..4eae225e0 100644
--- a/plinth/modules/users/templates/users_change_password.html
+++ b/plinth/modules/users/templates/users_change_password.html
@@ -31,12 +31,6 @@
 
         {{ form|bootstrap }}
 
-        {% if is_posix_user %}
-        <p>This user is also a POSIX system user and password for POSIX system
-          user will also be updated.
-        </p>
-        {% endif %}
-
         {% if is_ldap_user %}
         <p>This user is also an LDAP user and password for LDAP user will also
           be updated.
diff --git a/plinth/modules/users/templates/users_delete.html b/plinth/modules/users/templates/users_delete.html
index 95b17f402..d8bf3a311 100644
--- a/plinth/modules/users/templates/users_delete.html
+++ b/plinth/modules/users/templates/users_delete.html
@@ -24,12 +24,6 @@
 
   <h3>Delete User <em>{{ object.username }}</em></h3>
 
-  {% if is_posix_user %}
-  <p>This user is also a POSIX system user.  POSIX system user will also be
-     deleted.
-  </p>
-  {% endif %}
-
   {% if is_ldap_user %}
   <p>This user is also an LDAP user.  LDAP user will also be deleted.</p>
   {% endif %}
diff --git a/plinth/modules/users/templates/users_update.html b/plinth/modules/users/templates/users_update.html
index 2a6520a71..0c29e8eba 100644
--- a/plinth/modules/users/templates/users_update.html
+++ b/plinth/modules/users/templates/users_update.html
@@ -46,12 +46,6 @@
 
         {{ form|bootstrap }}
 
-        {% if is_posix_user %}
-        <p>This user is also a POSIX system user and, if active, can log in to
-          the system through SSH.
-        </p>
-        {% endif %}
-
         {% if is_ldap_user %}
         <p>This user is also an LDAP user.</p>
         {% endif %}
diff --git a/plinth/modules/users/views.py b/plinth/modules/users/views.py
index 750d03a66..c116f5566 100644
--- a/plinth/modules/users/views.py
+++ b/plinth/modules/users/views.py
@@ -88,8 +88,6 @@ class UserUpdate(ContextMixin, SuccessMessageMixin, UpdateView):
     def get_context_data(self, **kwargs):
         """Return the data to be used for rendering templates."""
         context = super(UserUpdate, self).get_context_data(**kwargs)
-        output = actions.run('check-user-exists', [self.object.username])
-        context['is_posix_user'] = 'User exists' in output
         output = actions.run('check-ldap-user-exists', [self.object.username])
         context['is_ldap_user'] = 'User exists' in output
         return context
@@ -114,8 +112,6 @@ class UserDelete(ContextMixin, DeleteView):
     def get_context_data(self, **kwargs):
         """Return the data to be used for rendering templates."""
         context = super(UserDelete, self).get_context_data(**kwargs)
-        output = actions.run('check-user-exists', [self.kwargs['slug']])
-        context['is_posix_user'] = 'User exists' in output
         output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
         context['is_ldap_user'] = 'User exists' in output
         return context
@@ -131,12 +127,6 @@ class UserDelete(ContextMixin, DeleteView):
         message = _('User %s deleted.') % self.kwargs['slug']
         messages.success(self.request, message)
 
-        try:
-            actions.superuser_run('delete-user', [self.kwargs['slug']])
-        except ActionError:
-            messages.error(self.request,
-                           _('Deleting POSIX system user failed.'))
-
         try:
             actions.superuser_run('delete-ldap-user', [self.kwargs['slug']])
         except ActionError:
@@ -163,8 +153,6 @@ class UserChangePassword(ContextMixin, SuccessMessageMixin, FormView):
     def get_context_data(self, **kwargs):
         """Return the data to be used for rendering templates."""
         context = super(UserChangePassword, self).get_context_data(**kwargs)
-        output = actions.run('check-user-exists', [self.kwargs['slug']])
-        context['is_posix_user'] = 'User exists' in output
         output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
         context['is_ldap_user'] = 'User exists' in output
         return context