#
# Display frozen users or details for one user (one user implies -verbose):
# freeze [user], OR
-# freeze --action list [--verbose] | freeze -a l [-v | user]
+# freeze [ --action list | -a ] [--verbose | -v] [user]
#
# Freeze user:
# freeze -a f user
# unfreezed.
#
# Module 'record' creates or deletes initial user entry in $$store.
-# If you create a new module that will use the store (announce it's
+# If you create a new module that will use the store, announce its
# hash key by creating it empty in record().
#
-# For additional help, here's how the stored hash might look like:
+# For additional detail, here's how the stored hash might look like:
#
#
# $store = {
use Getopt::Long qw/GetOptions/;
use constant DEBUG => 1;
-use constant DRY => 1;
-use constant STORE => "/tmp/store";
+use constant DRY => 0;
+use constant STORE => "/var/tmp/frozen/cache";
use constant DEFAULT_SHELL => '/bin/bash';
use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell';
-use constant PUBLIC_ACCESS => [qw/mire/];
-use constant RUN_SERVER => 'handgun';
+use constant PUBLIC_ACCESS => (qw/mire/);
+use constant RUN_SERVER => 'deleuze';
my $store = {}; # cached info
my $action = 'list'; # list, freeze, unfreeze
$user = shift ;
+if ( $> == 0 or $< == 0 ) {
+ die "Run script under admin account without sudo.\n";
+}
+
if ( -e STORE ) {
$store = lock_retrieve(STORE);
} else {
###########################################################################
# Helpers below
-# GETENT:
+# GETENT (available to modules automatically in @user):
# 0 1 2 3 4 5 6
# docelic:x:10235:65534:docelic:/afs/hcoop.net/user/d/do/docelic:/bin/bash
# XXX how to restart services after that?
if ($a =~ /^f/i) {
- my $domains = `domtool-admin perms docelic | grep '^domain: '`;
+ my $domains = `domtool-admin perms $u | grep '^domain: '`;
chomp $domains;
my @domains = split / +/, $domains;
for (@domains) {
push @{ $$store{$u}{domains} }, $_;
- if (!DRY) {
- system("domtool-admin rmdom $_")
- } else {
- warn qq|system("domtool-admin rmdom $_")\n|
- }
+
+ # As per adamc's suggestion, I should not be
+ # running rmdom explicitly.
+ # https://bugzilla.hcoop.net/show_bug.cgi?id=555
+ #if (!DRY) {
+ # system("domtool-admin rmdom $_")
+ #} else {
+ # warn qq|system("domtool-admin rmdom $_")\n|
+ #}
}
- if (!DRY) {
- system("domtool-rmuser $_")
- } else {
- warn qq|system("domtool-rmuser $_"\n|
- }
+ if (!DRY) {
+ system("domtool-rmuser $u")
+ } else {
+ warn qq|system("domtool-rmuser $u")\n|
+ }
push @{ $$store{$u}{modules} }, 'domtool';
}
elsif ($a =~ /^u/i) {
- if (!DRY) {
- system("domtool-adduser $_")
- } else {
- warn qq|system("domtool-adduser $_")\n|
- }
+ if (!DRY) {
+ system("domtool-adduser $u")
+ } else {
+ warn qq|system("domtool-adduser $u")\n|
+ }
for ( @{ $$store{$u}{domains} } ) {
if (!DRY) {
if ($a =~ /^f/i) {
for ( PUBLIC_ACCESS ) {
if (!DRY) {
- qx{ssh -K $_ slay $u}; sleep 5; qx{ssh -K $_ slay -9 $u};
+ qx{ssh -K $_ sudo slay $u}; sleep 5; qx{ssh -K $_ sudo slay -9 $u};
} else {
- warn qq|ssh -K $_ slay $u; sleep 5; ssh -K $_ slay -9 $u\n|
+ warn qq|ssh -K $_ sudo slay $u; sleep 5; ssh -K $_ sudo slay -9 $u\n|
}
}