X-Git-Url: https://git.hcoop.net/hcoop/scripts.git/blobdiff_plain/d5a2aadaef874a5215bfed89064fe98b4b4d2073..6d76f213ad5eb330ae20be4ace45ab27ff6e4268:/freeze diff --git a/freeze b/freeze index 660619a..bfe9ed3 100755 --- a/freeze +++ b/freeze @@ -3,7 +3,7 @@ # # Purpose: freeze user (cancel user services except email), or unfreeze user. # -# Usage (RUN AS _ADMIN USER ON DELEUZE WITHOUT SUDO): +# Usage (RUN AS _ADMIN USER ON GIBRAN WITHOUT SUDO ... but it shouldn't matter where you run it): # # Display frozen users or details for one user (one user implies -verbose): # freeze [user], OR @@ -94,11 +94,11 @@ use Getopt::Long qw/GetOptions/; use constant DEBUG => 1; use constant DRY => 0; -use constant STORE => "/var/tmp/frozen/cache"; +use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache"; use constant DEFAULT_SHELL => '/bin/bash'; use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell'; -use constant PUBLIC_ACCESS => (qw/mire/); -use constant RUN_SERVER => 'deleuze'; +use constant PUBLIC_ACCESS => (qw/marsh/); +use constant RUN_SERVER => 'gibran'; my $store = {}; # cached info my $action = 'list'; # list, freeze, unfreeze @@ -238,14 +238,15 @@ sub login { } elsif ($a =~ /^u/i) { + if ( -l "$user[5]/.loginshell" or -e "$user[5]/.loginshell" ) { + if (!DRY) { + system("rm '$user[5]/.loginshell'"); + } else { + warn qq{system("rm '$user[5]/.loginshell'")\n}; + } + } + if ( $$store{$u}{shell}) { - if ( -l "$user[5]/.loginshell" or -e "$user[5]/.loginshell" ) { - if (!DRY) { - system("rm '$user[5]/.loginshell'"); - } else { - warn qq{system("rm '$user[5]/.loginshell'")\n}; - } - } if (!DRY) { symlink($$store{$u}{shell}, "$user[5]/.loginshell") or warn "symlink: $!"; @@ -278,17 +279,14 @@ sub domtool { # As per adamc's suggestion, I should not be # running rmdom explicitly. # https://bugzilla.hcoop.net/show_bug.cgi?id=555 - #if (!DRY) { - # system("domtool-admin rmdom $_") - #} else { - # warn qq|system("domtool-admin rmdom $_")\n| - #} - } - - if (!DRY) { - system("domtool-rmuser $u") - } else { - warn qq|system("domtool-rmuser $u")\n| + # adam was wrong, rmuser is too broad. rmdom + revoke + if (!DRY) { + system("domtool-admin rmdom $_"); + system("domtool-admin revoke $u domain $_"); + } else { + warn qq|system("domtool-admin rmdom $_")\n|; + warn qq|system("domtool-admin revoke $u domain $_")\n| + } } push @{ $$store{$u}{modules} }, 'domtool';