[hcoop/scripts.git] / destroy-user

#!/bin/bash

# MUST be executed:
#  - on the kerberos domain controller
#  - as a user with an /etc/sudoers line
#  - as a user with domtool-admin rights
#  - while holding system:administrator tokens

USER=$1
if test -z "$USER"; then
	echo Usage: destroy-user USERNAME
	exit 1
fi

PATHBITS=`echo $USER | head -c 1`/`echo $USER | head -c 2`/$USER
HOMEPATH=/afs/hcoop.net/user/$PATHBITS
MAILPATH=/afs/hcoop.net/common/email/$PATHBITS
# We don't use separate partitions for logs
#LOGSPATH=/afs/.hcoop.net/common/.logs/$USER

sudo rm -f /etc/keytabs/mailfilter/$USER
sudo rm -f /etc/keytabs/cgi/$USER
sudo rm -f /etc/keytabs/user.daemon/$USER

# LDAP
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	uid=$USER,ou=People,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	uid=$USER.cgi,ou=People,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	uid=$USER.mailfilter,ou=People,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	cn=$USER,ou=Group,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	cn=$USER.cgi,ou=Group,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	cn=$USER.mailfilter,ou=Group,dc=hcoop,dc=net
# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
# 	cn=$USER.daemon,ou=Group,dc=hcoop,dc=net

# Remove from domtool
domtool-rmuser $USER

# Invalidate nscd cache
sudo nscd -i passwd
sudo nscd -i group

# Remove from databases
#sudo -u postgres psql -c "DROP TABLESPACE user_$USER"
#sudo -u postgres psql -c "DROP USER $USER"
#sudo -H mysql -e "DROP USER $USER@localhost"

# Remove privs before rm
fs sa $HOMEPATH -clear system:anyuser none
fs sa $MAILPATH -clear system:anyuser none
#XXX see what to do with db volume

fs rm $MAILPATH
fs rm $HOMEPATH
#fs rm $LOGSPATH
#fs rm $DBPATH
fs rm /afs/.hcoop.net/old/user/$PATHBITS
fs rm /afs/.hcoop.net/old/mail/$PATHBITS

# Don't delete volumes, rename them.
#vos remove deleuze.hcoop.net /vicepa user.$USER
#vos remove deleuze.hcoop.net /vicepa mail.$USER
#vos remove deleuze.hcoop.net /vicepa db.$USER
#vos remove deleuze.hcoop.net /vicepa logs.$USER
vos rename user.$USER user.$USER.d
vos rename mail.$USER mail.$USER.d
#XXX vos rename db.$USER db.$USER.d

#vos release common.databases
#vos release common.logs

sudo kadmin.local -q "delprinc -force $USER@HCOOP.NET"
sudo kadmin.local -q "delprinc -force $USER/mailfilter@HCOOP.NET"
sudo kadmin.local -q "delprinc -force $USER/cgi@HCOOP.NET"
sudo kadmin.local -q "delprinc -force $USER/daemon@HCOOP.NET"

pts delete $USER
pts delete $USER.mailfilter
pts delete $USER.cgi
pts delete $USER.daemon

#fs rm /afs/hcoop.net/old/user/$PATHBITS
#fs rm /afs/hcoop.net/old/mail/$PATHBITS
#fs rm /afs/hcoop.net/old/logs/$PATHBITS

vos syncserv fritz
vos syncvldb fritz
fs checkvolumes

# Remove user from all of our mailing lists
echo $USER@hcoop.net | ssh -K deleuze sudo -u list \
    /var/lib/mailman/bin/remove_members --fromall -f -
Commit	Line	Data
d2462e94	1	#!/bin/bash
	2
	3	# MUST be executed:
4ce82351	4	# - on the kerberos domain controller
d2462e94	5	# - as a user with an /etc/sudoers line
94b41ac4	6	# - as a user with domtool-admin rights
d2462e94	7	# - while holding system:administrator tokens
	8
	9	USER=$1
1311d6b0	10	if test -z "$USER"; then
	11	echo Usage: destroy-user USERNAME
	12	exit 1
	13	fi
d2462e94	14
	15	PATHBITS=`echo $USER \| head -c 1`/`echo $USER \| head -c 2`/$USER
	16	HOMEPATH=/afs/hcoop.net/user/$PATHBITS
	17	MAILPATH=/afs/hcoop.net/common/email/$PATHBITS
d2462e94	18	# We don't use separate partitions for logs
	19	#LOGSPATH=/afs/.hcoop.net/common/.logs/$USER
	20
	21	sudo rm -f /etc/keytabs/mailfilter/$USER
	22	sudo rm -f /etc/keytabs/cgi/$USER
03807e61	23	sudo rm -f /etc/keytabs/user.daemon/$USER
d2462e94	24
d2462e94	25	# LDAP
4ce82351	26	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	27	# uid=$USER,ou=People,dc=hcoop,dc=net
	28	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	29	# uid=$USER.cgi,ou=People,dc=hcoop,dc=net
	30	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	31	# uid=$USER.mailfilter,ou=People,dc=hcoop,dc=net
	32	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	33	# cn=$USER,ou=Group,dc=hcoop,dc=net
	34	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	35	# cn=$USER.cgi,ou=Group,dc=hcoop,dc=net
	36	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	37	# cn=$USER.mailfilter,ou=Group,dc=hcoop,dc=net
	38	# sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
	39	# cn=$USER.daemon,ou=Group,dc=hcoop,dc=net
d2462e94	40
8791f670	41	# Remove from domtool
	42	domtool-rmuser $USER
	43
d2462e94	44	# Invalidate nscd cache
	45	sudo nscd -i passwd
	46	sudo nscd -i group
	47
	48	# Remove from databases
e3f713a3	49	#sudo -u postgres psql -c "DROP TABLESPACE user_$USER"
d2462e94	50	#sudo -u postgres psql -c "DROP USER $USER"
	51	#sudo -H mysql -e "DROP USER $USER@localhost"
	52
e3f713a3	53	# Remove privs before rm
	54	fs sa $HOMEPATH -clear system:anyuser none
	55	fs sa $MAILPATH -clear system:anyuser none
	56	#XXX see what to do with db volume
	57
d2462e94	58	fs rm $MAILPATH
	59	fs rm $HOMEPATH
	60	#fs rm $LOGSPATH
e3f713a3	61	#fs rm $DBPATH
1311d6b0	62	fs rm /afs/.hcoop.net/old/user/$PATHBITS
1311d6b0	63	fs rm /afs/.hcoop.net/old/mail/$PATHBITS
e3f713a3	64
e3f713a3	65	# Don't delete volumes, rename them.
2639c68f	66	#vos remove deleuze.hcoop.net /vicepa user.$USER
	67	#vos remove deleuze.hcoop.net /vicepa mail.$USER
	68	#vos remove deleuze.hcoop.net /vicepa db.$USER
d2462e94	69	#vos remove deleuze.hcoop.net /vicepa logs.$USER
e3f713a3	70	vos rename user.$USER user.$USER.d
	71	vos rename mail.$USER mail.$USER.d
	72	#XXX vos rename db.$USER db.$USER.d
d2462e94	73
82cda9f8	74	#vos release common.databases
d2462e94	75	#vos release common.logs
	76
	77	sudo kadmin.local -q "delprinc -force $USER@HCOOP.NET"
	78	sudo kadmin.local -q "delprinc -force $USER/mailfilter@HCOOP.NET"
	79	sudo kadmin.local -q "delprinc -force $USER/cgi@HCOOP.NET"
03807e61	80	sudo kadmin.local -q "delprinc -force $USER/daemon@HCOOP.NET"
d2462e94	81
	82	pts delete $USER
	83	pts delete $USER.mailfilter
	84	pts delete $USER.cgi
03807e61	85	pts delete $USER.daemon
d2462e94	86
	87	#fs rm /afs/hcoop.net/old/user/$PATHBITS
	88	#fs rm /afs/hcoop.net/old/mail/$PATHBITS
	89	#fs rm /afs/hcoop.net/old/logs/$PATHBITS
	90
487d87d3 CE	91	vos syncserv fritz
487d87d3 CE	92	vos syncvldb fritz
d2462e94	93	fs checkvolumes
d2462e94	94
2a2fcc8e	95	# Remove user from all of our mailing lists
0dceb813	96	echo $USER@hcoop.net \| ssh -K deleuze sudo -u list \
2a2fcc8e	97	/var/lib/mailman/bin/remove_members --fromall -f -
1311d6b0	98