xref: /freebsd/usr.sbin/adduser/rmuser.sh (revision d8a0fe102c0cfdfcd5b818f850eff09d8536c9bc)
1#!/bin/sh
2#
3# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4#
5# Copyright (c) 2002, 2003 Michael Telahun Makonnen. All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26#
27#	Email: Mike Makonnen <mtm@FreeBSD.Org>
28#
29# $FreeBSD$
30#
31
32ATJOBDIR="/var/at/jobs"
33CRONJOBDIR="/var/cron/tabs"
34MAILSPOOL="/var/mail"
35SIGKILL="-KILL"
36TEMPDIRS="/tmp /var/tmp"
37THISCMD=`/usr/bin/basename $0`
38PWCMD="${PWCMD:-/usr/sbin/pw}"
39
40# err msg
41#	Display $msg on stderr.
42#
43err() {
44	echo 1>&2 ${THISCMD}: $*
45}
46
47# verbose
48#	Returns 0 if verbose mode is set, 1 if it is not.
49#
50verbose() {
51	[ -n "$vflag" ] && return 0 || return 1
52}
53
54# rm_files login
55#	Removes files or empty directories belonging to $login from various
56#	temporary directories.
57#
58rm_files() {
59	# The argument is required
60	[ -n $1 ] && login=$1 || return
61
62	totalcount=0
63	for _dir in ${TEMPDIRS} ; do
64		filecount=0
65		if [ ! -d $_dir ]; then
66			err "$_dir is not a valid directory."
67			continue
68		fi
69		verbose && echo -n "Removing files owned by ($login) in $_dir:"
70		filecount=`find 2>/dev/null "$_dir" -user "$login" -delete -print |
71		    wc -l | sed 's/ *//'`
72		verbose && echo " $filecount removed."
73		totalcount=$(($totalcount + $filecount))
74	done
75	! verbose && [ $totalcount -ne 0 ] && echo -n " files($totalcount)"
76}
77
78# rm_mail login
79#	Removes unix mail and pop daemon files belonging to the user
80#	specified in the $login argument.
81#
82rm_mail() {
83	# The argument is required
84	[ -n $1 ] && login=$1 || return
85
86	verbose && echo -n "Removing mail spool(s) for ($login):"
87	if [ -f ${MAILSPOOL}/$login ]; then
88		verbose && echo -n " ${MAILSPOOL}/$login" ||
89		    echo -n " mailspool"
90		rm ${MAILSPOOL}/$login
91	fi
92	if [ -f ${MAILSPOOL}/.${login}.pop ]; then
93		verbose && echo -n " ${MAILSPOOL}/.${login}.pop" ||
94		    echo -n " pop3"
95		rm ${MAILSPOOL}/.${login}.pop
96	fi
97	verbose && echo '.'
98}
99
100# kill_procs login
101#	Send a SIGKILL to all processes owned by $login.
102#
103kill_procs() {
104	# The argument is required
105	[ -n $1 ] && login=$1 || return
106
107	verbose && echo -n "Terminating all processes owned by ($login):"
108	killcount=0
109	proclist=`ps 2>/dev/null -U $login | grep -v '^\ *PID' | awk '{print $1}'`
110	for _pid in $proclist ; do
111		kill 2>/dev/null ${SIGKILL} $_pid
112		killcount=$(($killcount + 1))
113	done
114	verbose && echo " ${SIGKILL} signal sent to $killcount processes."
115	! verbose && [ $killcount -ne 0 ] && echo -n " processes(${killcount})"
116}
117
118# rm_at_jobs login
119#	Remove at (1) jobs belonging to $login.
120#
121rm_at_jobs() {
122	# The argument is required
123	[ -n $1 ] && login=$1 || return
124
125	atjoblist=`find 2>/dev/null ${ATJOBDIR} -maxdepth 1 -user $login -print`
126	jobcount=0
127	verbose && echo -n "Removing at(1) jobs owned by ($login):"
128	for _atjob in $atjoblist ; do
129		rm -f $_atjob
130		jobcount=$(($jobcount + 1))
131	done
132	verbose && echo " $jobcount removed."
133	! verbose && [ $jobcount -ne 0 ] && echo -n " at($jobcount)"
134}
135
136# rm_crontab login
137#	Removes crontab file belonging to user $login.
138#
139rm_crontab() {
140	# The argument is required
141	[ -n $1 ] && login=$1 || return
142
143	verbose && echo -n "Removing crontab for ($login):"
144	if [ -f ${CRONJOBDIR}/$login ]; then
145		verbose && echo -n " ${CRONJOBDIR}/$login" || echo -n " crontab"
146		rm -f ${CRONJOBDIR}/$login
147	fi
148	verbose && echo '.'
149}
150
151# rm_ipc login
152#	Remove all IPC mechanisms which are owned by $login.
153#
154rm_ipc() {
155	verbose && echo -n "Removing IPC mechanisms"
156	for i in s m q; do
157		ipcs -$i |
158		awk -v i=$i -v login=$1 '$1 == i && $5 == login { print $2 }' |
159		xargs -n 1 ipcrm -$i
160	done
161	verbose && echo '.'
162}
163
164# rm_user login
165#	Remove user $login from the system. This subroutine makes use
166#	of the pw(8) command to remove a user from the system. The pw(8)
167#	command will remove the specified user from the user database
168#	and group file and remove any crontabs. His home
169#	directory will be removed if it is owned by him and contains no
170#	files or subdirectories owned by other users. Mail spool files will
171#	also be removed.
172#
173rm_user() {
174	# The argument is required
175	[ -n $1 ] && login=$1 || return
176
177	verbose && echo -n "Removing user ($login)"
178	[ -n "$pw_rswitch" ] && {
179		verbose && echo -n " (including home directory)"
180		! verbose && echo -n " home"
181	}
182	! verbose && echo -n " passwd"
183	verbose && echo -n " from the system:"
184	${PWCMD} userdel -n $login $pw_rswitch
185	verbose && echo ' Done.'
186}
187
188# prompt_yesno msg
189#	Prompts the user with a $msg. The answer is expected to be
190#	yes, no, or some variation thereof. This subroutine returns 0
191#	if the answer was yes, 1 if it was not.
192#
193prompt_yesno() {
194	# The argument is required
195	[ -n "$1" ] && msg="$1" || return
196
197        while : ; do
198                echo -n "$msg"
199                read _ans
200                case $_ans in
201                [Nn][Oo]|[Nn])
202			return 1
203                        ;;
204                [Yy][Ee][Ss]|[Yy][Ee]|[Yy])
205                        return 0
206                        ;;
207                *)
208                        ;;
209                esac
210	done
211}
212
213# show_usage
214#	(no arguments)
215#	Display usage message.
216#
217show_usage() {
218	echo "usage: ${THISCMD} [-yv] [-f file] [user ...]"
219	echo "       if the -y switch is used, either the -f switch or"
220	echo "       one or more user names must be given"
221}
222
223#### END SUBROUTINE DEFENITION ####
224
225ffile=
226fflag=
227procowner=
228pw_rswitch=
229userlist=
230yflag=
231vflag=
232
233procowner=`/usr/bin/id -u`
234if [ "$procowner" != "0" ]; then
235	err 'you must be root (0) to use this utility.'
236	exit 1
237fi
238
239args=`getopt 2>/dev/null yvf: $*`
240if [ "$?" != "0" ]; then
241	show_usage
242	exit 1
243fi
244set -- $args
245for _switch ; do
246	case $_switch in
247	-y)
248		yflag=1
249		shift
250		;;
251	-v)
252		vflag=1
253		shift
254		;;
255	-f)
256		fflag=1
257		ffile="$2"
258		shift; shift
259		;;
260	--)
261		shift
262		break
263		;;
264	esac
265done
266
267# Get user names from a file if the -f switch was used. Otherwise,
268# get them from the commandline arguments. If we're getting it
269# from a file, the file must be owned by and writable only by root.
270#
271if [ $fflag ]; then
272	_insecure=`find $ffile ! -user 0 -or -perm +0022`
273	if [ -n "$_insecure" ]; then
274		err "file ($ffile) must be owned by and writeable only by root."
275		exit 1
276	fi
277	if [ -r "$ffile" ]; then
278		userlist=`cat $ffile | while read _user _junk ; do
279			case $_user in
280			\#*|'')
281				;;
282			*)
283				echo -n "$userlist $_user"
284				;;
285			esac
286		done`
287	fi
288else
289	while [ $1 ] ; do
290		userlist="$userlist $1"
291		shift
292	done
293fi
294
295# If the -y or -f switch has been used and the list of users to remove
296# is empty it is a fatal error. Otherwise, prompt the user for a list
297# of one or more user names.
298#
299if [ ! "$userlist" ]; then
300	if [ $fflag ]; then
301		err "($ffile) does not exist or does not contain any user names."
302		exit 1
303	elif [ $yflag ]; then
304		show_usage
305		exit 1
306	else
307		echo -n "Please enter one or more usernames: "
308		read userlist
309	fi
310fi
311
312_user=
313_uid=
314for _user in $userlist ; do
315	# Make sure the name exists in the passwd database and that it
316	# does not have a uid of 0
317	#
318	userrec=`pw 2>/dev/null usershow -n $_user`
319	if [ "$?" != "0" ]; then
320		err "user ($_user) does not exist in the password database."
321		continue
322	fi
323	_uid=`echo $userrec | awk -F: '{print $3}'`
324	if [ "$_uid" = "0" ]; then
325		err "user ($_user) has uid 0. You may not remove this user."
326		continue
327	fi
328
329	# If the -y switch was not used ask for confirmation to remove the
330	# user and home directory.
331	#
332	if [ -z "$yflag" ]; then
333		echo "Matching password entry:"
334		echo
335		echo $userrec
336		echo
337		if ! prompt_yesno "Is this the entry you wish to remove? " ; then
338			continue
339		fi
340		_homedir=`echo $userrec | awk -F: '{print $9}'`
341		if prompt_yesno "Remove user's home directory ($_homedir)? "; then
342			pw_rswitch="-r"
343		fi
344	else
345		pw_rswitch="-r"
346	fi
347
348	# Disable any further attempts to log into this account
349	${PWCMD} 2>/dev/null lock $_user
350
351	# Remove crontab, mail spool, etc. Then obliterate the user from
352	# the passwd and group database.
353	#
354	! verbose && echo -n "Removing user ($_user):"
355	rm_crontab $_user
356	rm_at_jobs $_user
357	rm_ipc $_user
358	kill_procs $_user
359	rm_files $_user
360	rm_mail $_user
361	rm_user $_user
362	! verbose && echo "."
363done
364