[Libguestfs] [PATCH V4] sysprep: remove user accounts

Richard W.M. Jones rjones at redhat.com
Mon Apr 23 08:53:40 UTC 2012


On Mon, Apr 23, 2012 at 08:58:44AM +0800, Wanlong Gao wrote:
> Remove user accounts from /etc/passwd, /etc/group,
> /etc/shadow, and the home directory of the user,
> except the root user.
> 
> Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
> ---
>  sysprep/Makefile.am                       |    2 +
>  sysprep/sysprep_operation_user_account.ml |   71 +++++++++++++++++++++++++++++
>  2 files changed, 73 insertions(+)
>  create mode 100644 sysprep/sysprep_operation_user_account.ml
> 
> diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
> index f51fc07..9b06804 100644
> --- a/sysprep/Makefile.am
> +++ b/sysprep/Makefile.am
> @@ -48,6 +48,7 @@ SOURCES = \
>  	sysprep_operation_ssh_hostkeys.ml \
>  	sysprep_operation_ssh_userdir.ml \
>  	sysprep_operation_udev_persistent_net.ml \
> +	sysprep_operation_user_account.ml \
>  	sysprep_operation_utmp.ml \
>  	sysprep_operation_yum_uuid.ml \
>  	utils.ml
> @@ -73,6 +74,7 @@ OBJECTS = \
>  	sysprep_operation_ssh_hostkeys.cmx \
>  	sysprep_operation_ssh_userdir.cmx \
>  	sysprep_operation_udev_persistent_net.cmx \
> +	sysprep_operation_user_account.ml \
>  	sysprep_operation_utmp.cmx \
>  	sysprep_operation_yum_uuid.cmx \
>  	main.cmx
> diff --git a/sysprep/sysprep_operation_user_account.ml b/sysprep/sysprep_operation_user_account.ml
> new file mode 100644
> index 0000000..ed01289
> --- /dev/null
> +++ b/sysprep/sysprep_operation_user_account.ml
> @@ -0,0 +1,71 @@
> +(* virt-sysprep
> + * Copyright (C) 2012 FUJITSU LIMITED
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +open Sysprep_operation
> +open Utils
> +
> +module G = Guestfs
> +
> +let user_account_perform g root =
> +  let typ = g#inspect_get_type root in
> +  if typ <> "windows" then (
> +    g#aug_init "/" 0;
> +    let uid_min = g#aug_get "/files/etc/login.defs/UID_MIN" in
> +    let uid_max = g#aug_get "/files/etc/login.defs/UID_MAX" in
> +    let users = Array.to_list (g#aug_ls "/files/etc/passwd") in
> +    List.iter (
> +      fun user ->
> +        let uid = user ^ "/uid" in
> +        let uid = g#aug_get uid in
> +        if int_of_string uid >= int_of_string uid_min then (
> +          if int_of_string uid <= int_of_string uid_max then (
> +            let user' = Array.of_list (string_split "/" user) in
> +            let user = user'.(4) in
> +            let user_prefix = user ^ ":" in
> +            let filenames = [ "/etc/passwd";
> +                              "/etc/shadow";
> +                              "/etc/group" ] in
> +            List.iter (
> +              fun filename ->
> +                let lines = Array.to_list (g#read_lines filename) in
> +                let lines = List.filter (
> +                  fun line -> not (string_prefix line user_prefix)
> +                ) lines in
> +                let file = String.concat "\n" lines ^ "\n" in
> +                g#write filename file
> +            ) filenames;
> +            g#rm_rf ("/home/" ^ user);
> +          )
> +        )
> +    ) users;
> +    []
> +  )
> +  else []
> +
> +let user_account_op = {
> +  name = "user-account";
> +  enabled_by_default = true;
> +  heading = "Remove the user accounts in the guest";
> +  pod_description = Some "\
> +Remove the user accounts and their home directory except
> +the \"root\" account.";
> +  extra_args = [];
> +  perform = user_account_perform;
> +}
> +
> +let () = register_operation user_account_op
> -- 
> 1.7.10

ACK.  I'll play with this and push it later today.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org




More information about the Libguestfs mailing list