[Libguestfs] [PATCH RFC] sysprep: remove user accounts
Richard W.M. Jones
rjones at redhat.com
Wed Apr 18 22:12:43 UTC 2012
On Wed, Apr 18, 2012 at 05:14:39PM +0800, Wanlong Gao wrote:
> Hi Rich,
> This patch attends to remove the user accounts in the guest,
> I send this out to request your comments, if the concept
> is correct and you can point out some syntax error for me.
One thought I have is:
Should we only enable a "core" of functions by default, and let the
user enable other ones? That would allow us to put experimental
functions in, disabled by default, without too much risk.
Other comments inline below.
> +let user_account_perform g root =
> + let typ = g#inspect_get_type root in
> + if typ <> "windows" then (
> + let login_def = "/etc/login.defs" in
> + let lines = Array.to_list (g#read_lines login_def) in
> + let line_min = Array.filter (
> + fun line -> (string_prefix line "UID_MIN")
> + ) lines in
> + let _,min_uid = sscanf line_min "%s %d" (fun a b -> a,b) in
> + let line_max = Array.filter (
> + fun line -> (string_prefix line "UID_MAX")
> + ) lines in
> + let _,max_uid = sscanf line_max "%s %d" (fun a b -> a,b) in
Augeas has lenses for login.defs, passwd, shadow and group. The
Augeas API is exposed through libguestfs, and it's relatively easy to
use. Easier than parsing files ...
For example:
$ guestfish --ro -a /dev/vg_pin/RHEL60x64 -i
Welcome to guestfish, the libguestfs filesystem interactive shell for
editing virtual machine filesystems.
Type: 'help' for help on commands
'man' to read the manual
'quit' to quit the shell
Operating system: Red Hat Enterprise Linux Server release 6.0 (Santiago)
/dev/mapper/vg_rhel6brewx64-lv_root mounted on /
/dev/vda1 mounted on /boot
><fs> aug-init / 0
><fs> aug-ls /files/etc/login.defs
/files/etc/login.defs/#comment[10]
/files/etc/login.defs/#comment[11]
/files/etc/login.defs/#comment[12]
/files/etc/login.defs/#comment[13]
/files/etc/login.defs/#comment[14]
/files/etc/login.defs/#comment[15]
/files/etc/login.defs/#comment[16]
/files/etc/login.defs/#comment[17]
/files/etc/login.defs/#comment[18]
/files/etc/login.defs/#comment[19]
/files/etc/login.defs/#comment[1]
/files/etc/login.defs/#comment[20]
/files/etc/login.defs/#comment[21]
/files/etc/login.defs/#comment[22]
/files/etc/login.defs/#comment[23]
/files/etc/login.defs/#comment[24]
/files/etc/login.defs/#comment[2]
/files/etc/login.defs/#comment[3]
/files/etc/login.defs/#comment[4]
/files/etc/login.defs/#comment[5]
/files/etc/login.defs/#comment[6]
/files/etc/login.defs/#comment[7]
/files/etc/login.defs/#comment[8]
/files/etc/login.defs/#comment[9]
/files/etc/login.defs/CREATE_HOME
/files/etc/login.defs/ENCRYPT_METHOD
/files/etc/login.defs/GID_MAX
/files/etc/login.defs/GID_MIN
/files/etc/login.defs/MAIL_DIR
/files/etc/login.defs/PASS_MAX_DAYS
/files/etc/login.defs/PASS_MIN_DAYS
/files/etc/login.defs/PASS_MIN_LEN
/files/etc/login.defs/PASS_WARN_AGE
/files/etc/login.defs/UID_MAX
/files/etc/login.defs/UID_MIN
/files/etc/login.defs/UMASK
/files/etc/login.defs/USERGROUPS_ENAB
><fs> aug-get /files/etc/login.defs/UID_MAX
60000
><fs> aug-get /files/etc/login.defs/UID_MIN
500
It might make things easier if we used Augeas here.
But the general idea is good.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list