fix apache2 davlockdb path in chowns

[hcoop/scripts.git] / freeze

diff --git a/freeze b/freeze
index 5e2ff8b..bfe9ed3 100755 (executable)
--- a/freeze
+++ b/freeze
@@ -3,7 +3,7 @@
 #
 # Purpose: freeze user (cancel user services except email), or unfreeze user.
 #
-# Usage (RUN AS _ADMIN USER ON DELEUZE WITHOUT SUDO):
+# Usage (RUN AS _ADMIN USER ON GIBRAN WITHOUT SUDO ... but it shouldn't matter where you run it):
 #
 # Display frozen users or details for one user (one user implies -verbose):
 #   freeze  [user], OR
@@ -94,11 +94,11 @@ use Getopt::Long qw/GetOptions/;
 
 use constant DEBUG => 1;
 use constant DRY => 0;
-use constant STORE => "/var/tmp/frozen/cache";
+use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache";
 use constant DEFAULT_SHELL => '/bin/bash';
 use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell';
-use constant PUBLIC_ACCESS => (qw/mire/);
-use constant RUN_SERVER => 'deleuze';
+use constant PUBLIC_ACCESS => (qw/marsh/);
+use constant RUN_SERVER => 'gibran';
 
 my $store = {}; # cached info
 my $action = 'list'; # list, freeze, unfreeze
@@ -238,14 +238,15 @@ sub login {
        }
 
        elsif ($a =~ /^u/i) {
+           if ( -l "$user[5]/.loginshell" or -e "$user[5]/.loginshell" ) {
+               if (!DRY) {
+                   system("rm '$user[5]/.loginshell'");
+               } else {
+                   warn qq{system("rm '$user[5]/.loginshell'")\n};
+               }
+           }
+
                if ( $$store{$u}{shell}) {
-                       if ( -l "$user[5]/.loginshell" or -e "$user[5]/.loginshell" ) {
-                               if (!DRY) {
-                                       system("rm '$user[5]/.loginshell'");
-                               } else {
-                                       warn qq{system("rm '$user[5]/.loginshell'")\n};
-                               }
-                       }
                        if (!DRY) {
                                symlink($$store{$u}{shell}, "$user[5]/.loginshell")
                                        or warn "symlink: $!";
@@ -274,28 +275,29 @@ sub domtool {
 
                for (@domains) {
                        push @{ $$store{$u}{domains} }, $_;
-                       if (!DRY) {
-                               system("domtool-admin rmdom $_")
-                       } else {
-                               warn qq|system("domtool-admin rmdom $_")\n|
-                       }
-               }
 
+                       # As per adamc's suggestion, I should not be
+                       # running rmdom explicitly.
+                       # https://bugzilla.hcoop.net/show_bug.cgi?id=555
+                       # adam was wrong, rmuser is too broad. rmdom + revoke
                        if (!DRY) {
-                               system("domtool-rmuser $_")
+                           system("domtool-admin rmdom $_");
+                           system("domtool-admin revoke $u domain $_");
                        } else {
-                               warn qq|system("domtool-rmuser $_")\n|
+                           warn qq|system("domtool-admin rmdom $_")\n|;
+                           warn qq|system("domtool-admin revoke $u domain $_")\n|
                        }
+               }
 
                push @{ $$store{$u}{modules} }, 'domtool';
        }
 
        elsif ($a =~ /^u/i) {
-                       if (!DRY) {
-                               system("domtool-adduser $_")
-                       } else {
-                               warn qq|system("domtool-adduser $_")\n|
-                       }
+               if (!DRY) {
+                       system("domtool-adduser $u")
+               } else {
+                       warn qq|system("domtool-adduser $u")\n|
+               }
 
                for ( @{ $$store{$u}{domains} } ) {
                        if (!DRY) {