Implement sanitization checker and actual removal functionality
This commit is contained in:
parent
b3ed80abb5
commit
5111b544ec
@ -89,7 +89,23 @@ for file in /etc/shadow /etc/gshadow; do
|
|||||||
# If we're at this point in the code path, we now know that we for-sure are
|
# If we're at this point in the code path, we now know that we for-sure are
|
||||||
# operating on an entry that will cause systemd-sysusers to bail out
|
# operating on an entry that will cause systemd-sysusers to bail out
|
||||||
# on invocation. We are thus going to remove it.
|
# on invocation. We are thus going to remove it.
|
||||||
echo "Fixing broken entity: $name"
|
echo "Analyzing broken entity: $name"
|
||||||
|
# First, we're going to pattern match the username against the systemd
|
||||||
|
# common core username regex. If this fails to match, we bail. I was unable
|
||||||
|
# to find a Fedora username that didn't match this but it's best to have
|
||||||
|
# this type of safety -- you never know what might happen.
|
||||||
|
# https://systemd.io/USER_NAMES/
|
||||||
|
if ! [[ $name =~ ^[a-z][a-z0-9-]{0,30}$ ]]; then
|
||||||
|
echo "Not touching nonconformant name: $name"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
# We've succeeded in all our checks and for sure have a username loaded
|
||||||
|
# that isn't going to cause our regex to explode in terrifying ways.
|
||||||
|
# We're now going to load sed up and fire it at the shadowfile
|
||||||
|
echo "Removing from $file: $name"
|
||||||
|
sed --in-place=- \
|
||||||
|
"/^$name:/d" \
|
||||||
|
"$file"
|
||||||
fi
|
fi
|
||||||
done < "$file"
|
done < "$file"
|
||||||
done
|
done
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user