rmproj.in 2.84 KB
Newer Older
1 2 3 4 5
#!/usr/local/bin/perl -wT
use Mysql;
use English;

#
6 7
# Remove a project. We delete the project directory hierarchy and the
# we remove the group from /etc/group. Actually, the project directory
8 9 10 11 12
# is *renamed* from $pid to $pid-`date +20%y%m%d-%H.%M.%S` since we do
# not want to be so destructive.
#
# usage: rmprojdir <pid>
#
13
# TODO: Allow for the head of a project to delete it.
14 15
#

16 17 18 19 20 21
#
# Configure variables
#
my $TB     = "@prefix@";
my $DBNAME = "@TBDBNAME@";

22 23 24 25 26
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

my $PROJROOT = "/proj";
27
my $dbh      = Mysql->connect("localhost",$DBNAME,"script","none");
28
my $db_result= "";
29
my $control_node = "plastic.emulab.net";
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100

#
# Check args.
#
if ($#ARGV < 0) {
    die("Usage: rmprojdir <pid>\n");
}
my $pid = $ARGV[0];

#
# Untaint the argument.
#
if ($pid =~ /^([-\@\w.]+)$/) {
    $pid = $1;
}
else {
    die("Invalid pid '$pid' contains illegal characters.\n");
}

#
# Figure out who called us. Only root or people with admin status
# can run this script.
#
if ($UID != 0) {
    my ($me) = getpwuid($UID)
	or die "$UID not in passwd file";
    
    $db_result = $dbh->query("select admin from users where uid='$me'");
    my @row = $db_result->fetchrow_array();
    if ($row[0] != 1) {
	die("rmprojdir: ".
	    "You must be root or TB admin to remove a project directory\n");
    }
}

#
# Ensure that the project is not in the database!
#
$db_result = $dbh->query("select head_uid ".
			 "from projects where pid='$pid'");
if ($db_result->numrows == 1) {	
    die("Project '$pid' is still in the database!\n");
}

#
# Rename the project directory.
# 
my $newname = "$pid-" . `date +20%y%m%d-%H.%M.%S`;

#
# Untaint the new name since it was constructed with date. Dopey.
#
if ($newname =~ /^([-\@\w.]+)$/) {
    $newname = $1;
}

if (! chdir($PROJROOT)) {
    print STDOUT "Could not chdir to $PROJROOT!\n";
    exit(-1);
}

if (! -e $pid) {
    print STDOUT "Project directory '$pid' does not exist!\n";
    exit(-1);
}

if (! rename($pid, $newname)) {
    print STDOUT "Could not rename project directory $pid to $newname: $!\n";
    exit(-1);
}

101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
#
# Chown the owner/group to root and set the permissions so no one is
# allowed to look inside.
#
if (! chmod(0700, $newname)) {
    print STDOUT "Could not chmod directory $newname to 0700: $!\n";
    exit(-1);
}
if (! chown(0, 0, $newname)) {
    print STDOUT "Could not chown directory $newname to 0/0: $!\n";
    exit(-1);
}

#
# Now remove the group from the group file on both plastic and paper.
#
if (system("/usr/sbin/pw groupdel $pid")) {
    print STDOUT "Could not remove group $pid fron operatons node (paper)\n";
    exit(-1);
}

#
# Be real root for ssh.
# 
$UID = 0;

if (system("/usr/local/bin/sshtb $control_node /usr/sbin/pw groupdel $pid")) {
    print STDOUT "Could not remove group $pid fron control node (plastic)\n";
    exit(-1);
}

132 133
exit(0);