4:14 a.m.
Hi Rich,
This patch attends to remove the user accounts in the guest,
I send this out to request your comments, if the concept
is correct and you can point out some syntax error for me.
Thanks a lot,
Wanlong Gao
Remove user accounts except the root user.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 82 +++++++++++++++++++++++++++++
2 files changed, 84 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..ac07c6d
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,82 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ let login_def = "/etc/login.defs" in
+ let lines = Array.to_list (g#read_lines login_def) in
+ let line_min = Array.filter (
+ fun line -> (string_prefix line "UID_MIN")
+ ) lines in
+ let _,min_uid = sscanf line_min "%s %d" (fun a b -> a,b) in
+ let line_max = Array.filter (
+ fun line -> (string_prefix line "UID_MAX")
+ ) lines in
+ let _,max_uid = sscanf line_max "%s %d" (fun a b -> a,b) in
+ let passwd = "/etc/passwd" in
+ let shadow = "/etc/shadow" in
+ let group = "/etc/group" in
+ let lines = Array.to_list (g#read_lines passwd) in
+ let lines_passwd = Array.to_list (g#read_lines passwd) in
+ let lines_shadow = Array.to_list (g#read_lines shadow) in
+ let lines_group = Array.to_list (g#read_lines group) in
+ List.iter (
+ fun line ->
+ let user_line = string_split ":" line in
+ let user_line = Array.of_list user_line in
+ if user_line.(2) >= min_uid and user_line.(2) <= max_uid then (
+ let user = user_line(0) in
+ let lines_passwd = List.filter (
+ fun line -> not (string_prefix line user)
+ ) lines_passwd in
+ let lines_shadow = List.filter (
+ fun line -> not (string_prefix line user)
+ ) lines_shadow in
+ let lines_group = List.filter (
+ fun line -> not (string_prefix line user)
+ ) lines_group in
+ let dir = String.concat "/home/" user in
+ g#rm_rf dir
+ )
+ ) lines in
+ let file = String.concat "\n" lines_passwd ^ "\n" in
+ g#write passwd file in
+ let file = String.concat "\n" lines_shadow ^ "\n" in
+ g#write shadow file in
+ let file = String.concat "\n" lines_group ^ "\n" in
+ g#write group file
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ pod_description = "\
+Remove the user accounts except \"root\" in the guest.
+
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation bash_history_op
--
1.7.10
5:12 p.m.
On Wed, Apr 18, 2012 at 05:14:39PM +0800, Wanlong Gao wrote:
Hi Rich,
This patch attends to remove the user accounts in the guest,
I send this out to request your comments, if the concept
is correct and you can point out some syntax error for me.
One thought I have is:
Should we only enable a "core" of functions by default, and let the
user enable other ones? That would allow us to put experimental
functions in, disabled by default, without too much risk.
Other comments inline below.
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ let login_def = "/etc/login.defs" in
+ let lines = Array.to_list (g#read_lines login_def) in
+ let line_min = Array.filter (
+ fun line -> (string_prefix line "UID_MIN")
+ ) lines in
+ let _,min_uid = sscanf line_min "%s %d" (fun a b -> a,b) in
+ let line_max = Array.filter (
+ fun line -> (string_prefix line "UID_MAX")
+ ) lines in
+ let _,max_uid = sscanf line_max "%s %d" (fun a b -> a,b) in
Augeas has lenses for login.defs, passwd, shadow and group. The
Augeas API is exposed through libguestfs, and it's relatively easy to
use. Easier than parsing files ...
For example:
$ guestfish --ro -a /dev/vg_pin/RHEL60x64 -i
Welcome to guestfish, the libguestfs filesystem interactive shell for
editing virtual machine filesystems.
Type: 'help' for help on commands
'man' to read the manual
'quit' to quit the shell
Operating system: Red Hat Enterprise Linux Server release 6.0 (Santiago)
/dev/mapper/vg_rhel6brewx64-lv_root mounted on /
/dev/vda1 mounted on /boot
<fs> aug-init / 0
<fs> aug-ls /files/etc/login.defs
/files/etc/login.defs/#comment[10]
/files/etc/login.defs/#comment[11]
/files/etc/login.defs/#comment[12]
/files/etc/login.defs/#comment[13]
/files/etc/login.defs/#comment[14]
/files/etc/login.defs/#comment[15]
/files/etc/login.defs/#comment[16]
/files/etc/login.defs/#comment[17]
/files/etc/login.defs/#comment[18]
/files/etc/login.defs/#comment[19]
/files/etc/login.defs/#comment[1]
/files/etc/login.defs/#comment[20]
/files/etc/login.defs/#comment[21]
/files/etc/login.defs/#comment[22]
/files/etc/login.defs/#comment[23]
/files/etc/login.defs/#comment[24]
/files/etc/login.defs/#comment[2]
/files/etc/login.defs/#comment[3]
/files/etc/login.defs/#comment[4]
/files/etc/login.defs/#comment[5]
/files/etc/login.defs/#comment[6]
/files/etc/login.defs/#comment[7]
/files/etc/login.defs/#comment[8]
/files/etc/login.defs/#comment[9]
/files/etc/login.defs/CREATE_HOME
/files/etc/login.defs/ENCRYPT_METHOD
/files/etc/login.defs/GID_MAX
/files/etc/login.defs/GID_MIN
/files/etc/login.defs/MAIL_DIR
/files/etc/login.defs/PASS_MAX_DAYS
/files/etc/login.defs/PASS_MIN_DAYS
/files/etc/login.defs/PASS_MIN_LEN
/files/etc/login.defs/PASS_WARN_AGE
/files/etc/login.defs/UID_MAX
/files/etc/login.defs/UID_MIN
/files/etc/login.defs/UMASK
/files/etc/login.defs/USERGROUPS_ENAB
<fs> aug-get /files/etc/login.defs/UID_MAX
60000
<fs> aug-get /files/etc/login.defs/UID_MIN
500
It might make things easier if we used Augeas here.
But the general idea is good.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
8:21 a.m.
New subject: [PATCH V2] sysprep: remove user accounts
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 71 +++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..45c05d7
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,71 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Utils
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ g#aug_init "/" 0;
+ let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
+ let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
+ let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
+ List.iter (
+ fun user ->
+ let uid = user ^ "/uid" in
+ let uid = g#aug_get uid in
+ if int_of_string uid >= int_of_string uid_min then (
+ if int_of_string uid <= int_of_string uid_max then (
+ let user' = Array.of_list (string_split "/" user) in
+ let user = user'.(4) in
+ let user_prefix = user ^ ":" in
+ let filenames = [ "/etc/passwd";
+ "/etc/shadow";
+ "/etc/group" ] in
+ List.iter (
+ fun filename ->
+ let lines = Array.to_list (g#read_lines filename) in
+ let lines = List.filter (
+ fun line -> not (string_prefix line user_prefix)
+ ) lines in
+ let file = String.concat "\n" lines ^ "\n" in
+ g#write filename file
+ ) filenames;
+ g#rm_rf ("/home/" ^ user);
+ )
+ )
+ ) users;
+ []
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ pod_description = "\
+Remove the user accounts except \"root\" in the guest.
+
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation user_account_op
--
1.7.10
9:53 a.m.
New subject: [PATCH V2] sysprep: remove user accounts
On Sun, Apr 22, 2012 at 09:21:02PM +0800, Wanlong Gao wrote:
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
I wrote a small patch last night to implement the 'enabled_by_default'
feature. See the attachment. If applied, it would require minor
changes to your new operation.
Rich.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 71 +++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..45c05d7
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,71 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Utils
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ g#aug_init "/" 0;
+ let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
+ let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
+ let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
+ List.iter (
+ fun user ->
+ let uid = user ^ "/uid" in
+ let uid = g#aug_get uid in
+ if int_of_string uid >= int_of_string uid_min then (
+ if int_of_string uid <= int_of_string uid_max then (
+ let user' = Array.of_list (string_split "/" user) in
+ let user = user'.(4) in
+ let user_prefix = user ^ ":" in
+ let filenames = [ "/etc/passwd";
+ "/etc/shadow";
+ "/etc/group" ] in
+ List.iter (
+ fun filename ->
+ let lines = Array.to_list (g#read_lines filename) in
+ let lines = List.filter (
+ fun line -> not (string_prefix line user_prefix)
+ ) lines in
+ let file = String.concat "\n" lines ^ "\n" in
+ g#write filename file
+ ) filenames;
+ g#rm_rf ("/home/" ^ user);
+ )
+ )
+ ) users;
+ []
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ pod_description = "\
+Remove the user accounts except \"root\" in the guest.
+
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation user_account_op
--
1.7.10
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
7:55 p.m.
New subject: [PATCH V3] sysprep: remove user accounts
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 71 +++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..9398d57
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,71 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Utils
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ g#aug_init "/" 0;
+ let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
+ let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
+ let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
+ List.iter (
+ fun user ->
+ let uid = user ^ "/uid" in
+ let uid = g#aug_get uid in
+ if int_of_string uid >= int_of_string uid_min then (
+ if int_of_string uid <= int_of_string uid_max then (
+ let user' = Array.of_list (string_split "/" user) in
+ let user = user'.(4) in
+ let user_prefix = user ^ ":" in
+ let filenames = [ "/etc/passwd";
+ "/etc/shadow";
+ "/etc/group" ] in
+ List.iter (
+ fun filename ->
+ let lines = Array.to_list (g#read_lines filename) in
+ let lines = List.filter (
+ fun line -> not (string_prefix line user_prefix)
+ ) lines in
+ let file = String.concat "\n" lines ^ "\n" in
+ g#write filename file
+ ) filenames;
+ g#rm_rf ("/home/" ^ user);
+ )
+ )
+ ) users;
+ []
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ enabled_by_default = true;
+ heading = "Remove the user accounts in the guest";
+ pod_description = Some "\
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation user_account_op
--
1.7.10
7:58 p.m.
New subject: [PATCH V4] sysprep: remove user accounts
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 71 +++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..ed01289
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,71 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Utils
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ g#aug_init "/" 0;
+ let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
+ let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
+ let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
+ List.iter (
+ fun user ->
+ let uid = user ^ "/uid" in
+ let uid = g#aug_get uid in
+ if int_of_string uid >= int_of_string uid_min then (
+ if int_of_string uid <= int_of_string uid_max then (
+ let user' = Array.of_list (string_split "/" user) in
+ let user = user'.(4) in
+ let user_prefix = user ^ ":" in
+ let filenames = [ "/etc/passwd";
+ "/etc/shadow";
+ "/etc/group" ] in
+ List.iter (
+ fun filename ->
+ let lines = Array.to_list (g#read_lines filename) in
+ let lines = List.filter (
+ fun line -> not (string_prefix line user_prefix)
+ ) lines in
+ let file = String.concat "\n" lines ^ "\n" in
+ g#write filename file
+ ) filenames;
+ g#rm_rf ("/home/" ^ user);
+ )
+ )
+ ) users;
+ []
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ enabled_by_default = true;
+ heading = "Remove the user accounts in the guest";
+ pod_description = Some "\
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation user_account_op
--
1.7.10
3:53 a.m.
New subject: [PATCH V4] sysprep: remove user accounts
On Mon, Apr 23, 2012 at 08:58:44AM +0800, Wanlong Gao wrote:
Remove user accounts from /etc/passwd, /etc/group,
/etc/shadow, and the home directory of the user,
except the root user.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_user_account.ml | 71 +++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
create mode 100644 sysprep/sysprep_operation_user_account.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index f51fc07..9b06804 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -48,6 +48,7 @@ SOURCES = \
sysprep_operation_ssh_hostkeys.ml \
sysprep_operation_ssh_userdir.ml \
sysprep_operation_udev_persistent_net.ml \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.ml \
sysprep_operation_yum_uuid.ml \
utils.ml
@@ -73,6 +74,7 @@ OBJECTS = \
sysprep_operation_ssh_hostkeys.cmx \
sysprep_operation_ssh_userdir.cmx \
sysprep_operation_udev_persistent_net.cmx \
+ sysprep_operation_user_account.ml \
sysprep_operation_utmp.cmx \
sysprep_operation_yum_uuid.cmx \
main.cmx
diff --git a/sysprep/sysprep_operation_user_account.ml
b/sysprep/sysprep_operation_user_account.ml
new file mode 100644
index 0000000..ed01289
--- /dev/null
+++ b/sysprep/sysprep_operation_user_account.ml
@@ -0,0 +1,71 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Utils
+
+module G = Guestfs
+
+let user_account_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ g#aug_init "/" 0;
+ let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
+ let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
+ let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
+ List.iter (
+ fun user ->
+ let uid = user ^ "/uid" in
+ let uid = g#aug_get uid in
+ if int_of_string uid >= int_of_string uid_min then (
+ if int_of_string uid <= int_of_string uid_max then (
+ let user' = Array.of_list (string_split "/" user) in
+ let user = user'.(4) in
+ let user_prefix = user ^ ":" in
+ let filenames = [ "/etc/passwd";
+ "/etc/shadow";
+ "/etc/group" ] in
+ List.iter (
+ fun filename ->
+ let lines = Array.to_list (g#read_lines filename) in
+ let lines = List.filter (
+ fun line -> not (string_prefix line user_prefix)
+ ) lines in
+ let file = String.concat "\n" lines ^ "\n" in
+ g#write filename file
+ ) filenames;
+ g#rm_rf ("/home/" ^ user);
+ )
+ )
+ ) users;
+ []
+ )
+ else []
+
+let user_account_op = {
+ name = "user-account";
+ enabled_by_default = true;
+ heading = "Remove the user accounts in the guest";
+ pod_description = Some "\
+Remove the user accounts and their home directory except
+the \"root\" account.";
+ extra_args = [];
+ perform = user_account_perform;
+}
+
+let () = register_operation user_account_op
--
1.7.10
ACK. I'll play with this and push it later today.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
4597
days inactive
4602
days old
6 comments
2 participants
participants (2)
-
Richard W.M. Jones -
Wanlong Gao