Implement sanitization checker and actual removal functionality
This commit is contained in:
parent
b3ed80abb5
commit
5111b544ec
@ -89,7 +89,23 @@ for file in /etc/shadow /etc/gshadow; do
|
||||
# If we're at this point in the code path, we now know that we for-sure are
|
||||
# operating on an entry that will cause systemd-sysusers to bail out
|
||||
# on invocation. We are thus going to remove it.
|
||||
echo "Fixing broken entity: $name"
|
||||
echo "Analyzing broken entity: $name"
|
||||
# First, we're going to pattern match the username against the systemd
|
||||
# common core username regex. If this fails to match, we bail. I was unable
|
||||
# to find a Fedora username that didn't match this but it's best to have
|
||||
# this type of safety -- you never know what might happen.
|
||||
# https://systemd.io/USER_NAMES/
|
||||
if ! [[ $name =~ ^[a-z][a-z0-9-]{0,30}$ ]]; then
|
||||
echo "Not touching nonconformant name: $name"
|
||||
continue
|
||||
fi
|
||||
# We've succeeded in all our checks and for sure have a username loaded
|
||||
# that isn't going to cause our regex to explode in terrifying ways.
|
||||
# We're now going to load sed up and fire it at the shadowfile
|
||||
echo "Removing from $file: $name"
|
||||
sed --in-place=- \
|
||||
"/^$name:/d" \
|
||||
"$file"
|
||||
fi
|
||||
done < "$file"
|
||||
done
|
||||
|
||||
Loading…
Reference in New Issue
Block a user