run_parts for groupadd and groupdel
run_parts currently exists in useradd and userdel, this commit mirrors
the functionality with groupadd and groupdel
Hook for group{add,del} to include killing processes that have group
membership that would no longer exist to avoid membership ID reuse.
This commit is contained in:
ed neville
Serge Hallyn
parent
15a64f9e7f
commit
4e1f674c41
26
etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
Normal file
26
etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
|
||||||
|
|
||||||
|
if [ "${GROUPID}" = "" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
for status in /proc/*/status; do
|
||||||
|
# either this isn't a process or its already dead since expanding the list
|
||||||
|
[ -f "$status" ] || continue
|
||||||
|
|
||||||
|
tbuf=${status%/status}
|
||||||
|
pid=${tbuf#/proc/}
|
||||||
|
case "$pid" in
|
||||||
|
"$$") continue;;
|
||||||
|
[0-9]*) :;;
|
||||||
|
*) continue
|
||||||
|
esac
|
||||||
|
|
||||||
|
grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
|
||||||
|
|
||||||
|
kill -9 "$pid" || echo "cannot kill $pid" 1>&2
|
||||||
|
done
|
||||||
|
|
||||||
@ -34,6 +34,7 @@
|
|||||||
#include "sgroupio.h"
|
#include "sgroupio.h"
|
||||||
#endif
|
#endif
|
||||||
#include "shadowlog.h"
|
#include "shadowlog.h"
|
||||||
|
#include "run_part.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* exit status values
|
* exit status values
|
||||||
@ -603,6 +604,11 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
check_perms ();
|
check_perms ();
|
||||||
|
|
||||||
|
if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
|
||||||
|
"groupadd")) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
is_shadow_grp = sgr_file_present ();
|
is_shadow_grp = sgr_file_present ();
|
||||||
#endif
|
#endif
|
||||||
@ -621,6 +627,11 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
grp_update ();
|
grp_update ();
|
||||||
close_files ();
|
close_files ();
|
||||||
|
if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
|
||||||
|
"groupadd")) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
nscd_flush_cache ("group");
|
nscd_flush_cache ("group");
|
||||||
sssd_flush_cache (SSSD_DB_GROUP);
|
sssd_flush_cache (SSSD_DB_GROUP);
|
||||||
|
|||||||
@ -32,6 +32,7 @@
|
|||||||
#include "sgroupio.h"
|
#include "sgroupio.h"
|
||||||
#endif
|
#endif
|
||||||
#include "shadowlog.h"
|
#include "shadowlog.h"
|
||||||
|
#include "run_part.h"
|
||||||
/*
|
/*
|
||||||
* Global variables
|
* Global variables
|
||||||
*/
|
*/
|
||||||
@ -461,6 +462,11 @@ int main (int argc, char **argv)
|
|||||||
group_busy (group_id);
|
group_busy (group_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
|
||||||
|
"groupdel")) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Do the hard stuff - open the files, delete the group entries,
|
* Do the hard stuff - open the files, delete the group entries,
|
||||||
* then close and update the files.
|
* then close and update the files.
|
||||||
@ -471,6 +477,11 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
close_files ();
|
close_files ();
|
||||||
|
|
||||||
|
if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
|
||||||
|
"groupdel")) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
nscd_flush_cache ("group");
|
nscd_flush_cache ("group");
|
||||||
sssd_flush_cache (SSSD_DB_GROUP);
|
sssd_flush_cache (SSSD_DB_GROUP);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user