[Pkg-shadow-commits] r3334 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Sun Jun 5 12:24:02 UTC 2011
Author: nekral-guest
Date: 2011-06-05 12:23:59 +0000 (Sun, 05 Jun 2011)
New Revision: 3334
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/userdel.c
Log:
* NEWS, src/userdel.c: Do not remove a group with the same name as
the user (usergroup) if this group isn't the user's primary group.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/ChangeLog 2011-06-05 12:23:59 UTC (rev 3334)
@@ -1,3 +1,8 @@
+2011-06-05 Nicolas François <nicolas.francois at centraliens.net>
+
+ * NEWS, src/userdel.c: Do not remove a group with the same name as
+ the user (usergroup) if this group isn't the user's primary group.
+
2011-06-04 Nicolas François <nicolas.francois at centraliens.net>
* NEWS, src/userdel.c: Check the existence of the user's mail
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/NEWS 2011-06-05 12:23:59 UTC (rev 3334)
@@ -47,6 +47,8 @@
- userdel
* Check the existence of the user's mail spool before trying to remove
it. If it does not exist, a warning is issued, but no failure.
+ * Do not remove a group with the same name as the user (usergroup) if
+ this group isn't the user's primary group.
- usermod
* Accept options in any order (username not necessarily at the end)
Modified: upstream/trunk/src/userdel.c
===================================================================
--- upstream/trunk/src/userdel.c 2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/src/userdel.c 2011-06-05 12:23:59 UTC (rev 3334)
@@ -82,6 +82,7 @@
static char *user_name;
static uid_t user_id;
+static gid_t user_gid;
static char *user_home;
static bool fflg = false;
@@ -100,6 +101,7 @@
/* local function prototypes */
static void usage (int status);
static void update_groups (void);
+static void remove_usergroup (void);
static void close_files (void);
static void fail_exit (int);
static void open_files (void);
@@ -145,10 +147,8 @@
{
const struct group *grp;
struct group *ngrp;
- struct passwd *pwd;
#ifdef SHADOWGRP
- bool deleted_user_group = false;
const struct sgrp *sgrp;
struct sgrp *nsgrp;
#endif /* SHADOWGRP */
@@ -199,69 +199,10 @@
user_name, ngrp->gr_name));
}
- /*
- * we've removed their name from all the groups above, so
- * now if they have a group with the same name as their
- * user name, with no members, we delete it.
- * FIXME: below, the check for grp->gr_mem[0] is not sufficient.
- * We should retrieve the group with gr_locate and check
- * that gr_mem is empty.
- */
- grp = xgetgrnam (user_name);
- if ( (NULL != grp)
- && getdef_bool ("USERGROUPS_ENAB")
- && ( (NULL == grp->gr_mem[0])
- || ( (NULL == grp->gr_mem[1])
- && (strcmp (grp->gr_mem[0], user_name) == 0)))) {
+ if (getdef_bool ("USERGROUPS_ENAB")) {
+ remove_usergroup ();
+ }
- pwd = NULL;
- if (!fflg) {
- /*
- * Scan the passwd file to check if this group is still
- * used as a primary group.
- */
- setpwent ();
- while ((pwd = getpwent ()) != NULL) {
- if (strcmp (pwd->pw_name, user_name) == 0) {
- continue;
- }
- if (pwd->pw_gid == grp->gr_gid) {
- fprintf (stderr,
- _("%s: group %s is the primary group of another user and is not removed.\n"),
- Prog, grp->gr_name);
- break;
- }
- }
- endpwent ();
- }
-
- if (NULL == pwd) {
- /*
- * We can remove this group, it is not the primary
- * group of any remaining user.
- */
- if (gr_remove (grp->gr_name) == 0) {
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
- Prog, grp->gr_name, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-
-#ifdef SHADOWGRP
- deleted_user_group = true;
-#endif /* SHADOWGRP */
-
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "deleting group",
- grp->gr_name, AUDIT_NO_ID,
- SHADOW_AUDIT_SUCCESS);
-#endif /* WITH_AUDIT */
- SYSLOG ((LOG_INFO,
- "removed group '%s' owned by '%s'\n",
- grp->gr_name, user_name));
- }
- }
#ifdef SHADOWGRP
if (!is_shadow_grp) {
return;
@@ -317,19 +258,109 @@
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
- user_name, nsgrp->sg_name));
+ user_name, nsgrp->sg_name));
}
+#endif /* SHADOWGRP */
+}
- if ( deleted_user_group
- && (sgr_locate (user_name) != NULL)) {
- if (sgr_remove (user_name) == 0) {
+/*
+ * remove_usergroup - delete the user's group if it is a usergroup
+ *
+ * An usergroup is removed if
+ * + it has the same name as the user
+ * + it is the primary group of the user
+ * + it has no other members
+ * + it is not the primary group of any other user
+ */
+static void remove_usergroup (void)
+{
+ const struct group *grp;
+ const struct passwd *pwd = NULL;
+
+ grp = gr_locate (user_name);
+ if (NULL == grp) {
+ /* This user has no usergroup. */
+ return;
+ }
+
+ if (grp->gr_gid != user_gid) {
+ fprintf (stderr,
+ _("%s: group %s not removed because it is not the primary group of user %s.\n"),
+ Prog, grp->gr_name, user_name);
+ return;
+ }
+
+ if (NULL != grp->gr_mem[0]) {
+ /* The usergroup has other members. */
+ fprintf (stderr,
+ _("%s: group %s not removed because it has other members.\n"),
+ Prog, grp->gr_name);
+ return;
+ }
+
+ if (!fflg) {
+ /*
+ * Scan the passwd file to check if this group is still
+ * used as a primary group.
+ */
+ setpwent ();
+ while ((pwd = getpwent ()) != NULL) {
+ if (strcmp (pwd->pw_name, user_name) == 0) {
+ continue;
+ }
+ if (pwd->pw_gid == grp->gr_gid) {
+ fprintf (stderr,
+ _("%s: group %s is the primary group of another user and is not removed.\n"),
+ Prog, grp->gr_name);
+ break;
+ }
+ }
+ endpwent ();
+ }
+
+ if (NULL == pwd) {
+ /*
+ * We can remove this group, it is not the primary
+ * group of any remaining user.
+ */
+ if (gr_remove (grp->gr_name) == 0) {
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
- Prog, user_name, sgr_dbname ());
+ Prog, grp->gr_name, gr_dbname ());
fail_exit (E_GRP_UPDATE);
}
+
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_DEL_GROUP, Prog,
+ "deleting group",
+ grp->gr_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_SUCCESS);
+#endif /* WITH_AUDIT */
+ SYSLOG ((LOG_INFO,
+ "removed group '%s' owned by '%s'\n",
+ grp->gr_name, user_name));
+
+#ifdef SHADOWGRP
+ if (sgr_locate (user_name) != NULL) {
+ if (sgr_remove (user_name) == 0) {
+ fprintf (stderr,
+ _("%s: cannot remove entry '%s' from %s\n"),
+ Prog, user_name, sgr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_DEL_GROUP, Prog,
+ "deleting shadow group",
+ grp->gr_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_SUCCESS);
+#endif /* WITH_AUDIT */
+ SYSLOG ((LOG_INFO,
+ "removed shadow group '%s' owned by '%s'\n",
+ grp->gr_name, user_name));
+
+ }
+#endif /* SHADOWGRP */
}
-#endif /* SHADOWGRP */
}
/*
@@ -925,6 +956,7 @@
exit (E_NOTFOUND);
}
user_id = pwd->pw_uid;
+ user_gid = pwd->pw_gid;
user_home = xstrdup (pwd->pw_dir);
}
#ifdef WITH_TCB
More information about the Pkg-shadow-commits
mailing list