diff options
author | Wanlong Gao <gaowanlong@cn.fujitsu.com> | 2012-04-23 08:58:44 +0800 |
---|---|---|
committer | Richard W.M. Jones <rjones@redhat.com> | 2012-04-23 15:37:24 +0100 |
commit | 148b51fe0ba8311336e649d089e8da83d5fb8b8c (patch) | |
tree | eede5c07229dace9068f9cbcddf8d7eea8fdb16d | |
parent | 7916f5d43c021ced2f13d2bf707dbc7702ee8f2b (diff) | |
download | libguestfs-148b51fe0ba8311336e649d089e8da83d5fb8b8c.tar.gz libguestfs-148b51fe0ba8311336e649d089e8da83d5fb8b8c.tar.xz libguestfs-148b51fe0ba8311336e649d089e8da83d5fb8b8c.zip |
sysprep: remove user accounts
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
RWMJ:
- Updated to use Augeas to delete accounts.
- Disable this by default, since it is very invasive.
-rw-r--r-- | sysprep/Makefile.am | 2 | ||||
-rw-r--r-- | sysprep/sysprep_operation_user_account.ml | 70 |
2 files changed, 72 insertions, 0 deletions
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am index f51fc077..9b068043 100644 --- a/sysprep/Makefile.am +++ b/sysprep/Makefile.am @@ -48,6 +48,7 @@ SOURCES = \ sysprep_operation_ssh_hostkeys.ml \ sysprep_operation_ssh_userdir.ml \ sysprep_operation_udev_persistent_net.ml \ + sysprep_operation_user_account.ml \ sysprep_operation_utmp.ml \ sysprep_operation_yum_uuid.ml \ utils.ml @@ -73,6 +74,7 @@ OBJECTS = \ sysprep_operation_ssh_hostkeys.cmx \ sysprep_operation_ssh_userdir.cmx \ sysprep_operation_udev_persistent_net.cmx \ + sysprep_operation_user_account.ml \ sysprep_operation_utmp.cmx \ sysprep_operation_yum_uuid.cmx \ main.cmx diff --git a/sysprep/sysprep_operation_user_account.ml b/sysprep/sysprep_operation_user_account.ml new file mode 100644 index 00000000..63757051 --- /dev/null +++ b/sysprep/sysprep_operation_user_account.ml @@ -0,0 +1,70 @@ +(* virt-sysprep + * Copyright (C) 2012 FUJITSU LIMITED + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + *) + +open Printf + +open Sysprep_operation +open Utils + +module G = Guestfs + +let user_account_perform g root = + let typ = g#inspect_get_type root in + if typ <> "windows" then ( + g#aug_init "/" 0; + let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in + let uid_min = int_of_string uid_min in + let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in + let uid_max = int_of_string uid_max in + let users = Array.to_list (g#aug_ls "/files/etc/passwd") in + List.iter ( + fun userpath -> + let uid = userpath ^ "/uid" in + let uid = g#aug_get uid in + let uid = int_of_string uid in + if uid >= uid_min && uid <= uid_max then ( + g#aug_rm userpath; + let username = + let i = String.rindex userpath '/' in + String.sub userpath (i+1) (String.length userpath -i-1) in + (* XXX Augeas doesn't yet have a lens for /etc/shadow, so the + * next line currently does nothing, but should start to + * work in a future version. + *) + g#aug_rm (sprintf "/files/etc/shadow/%s" username); + g#aug_rm (sprintf "/files/etc/group/%s" username); + g#rm_rf ("/home/" ^ username) + ) + ) users; + g#aug_save (); + [] + ) + else [] + +let user_account_op = { + name = "user-account"; + enabled_by_default = false; + heading = "Remove the user accounts in the guest"; + pod_description = Some "\ +Remove all the user accounts and their home directories. +The \"root\" account is not removed."; + extra_args = []; + perform = user_account_perform; +} + +let () = register_operation user_account_op |