[MediaWiki-commits] [Gerrit] admin: use $LAST_SYSTEM_UID in enforce-users-groups - change (operations/puppet)

Wed, 27 May 2015 03:35:30 -0700 

Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214030

Change subject: admin: use $LAST_SYSTEM_UID in enforce-users-groups
......................................................................

admin: use $LAST_SYSTEM_UID in enforce-users-groups

Change-Id: Iaf19e7dc22dda91e132040b3cafc35d6504e57d2
---
M modules/admin/files/enforce-users-groups.sh
1 file changed, 11 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/30/214030/1

diff --git a/modules/admin/files/enforce-users-groups.sh 
b/modules/admin/files/enforce-users-groups.sh
index 914d2d3..8d2406a 100755
--- a/modules/admin/files/enforce-users-groups.sh
+++ b/modules/admin/files/enforce-users-groups.sh
@@ -1,16 +1,18 @@
 #!/bin/bash
 
-# This is a user garbage collection script that removes
-# users who do not have a supplementary group that also have
-# a UID above the ID_BOUNDARY. Removals are logged to syslog.
-# with 'dryrun' as first arg exits 1 if cleanup is needed
+set -e
 
-# /etc/adduser.conf
-ID_BOUNDRY='999'
+# This is a user garbage collection script that removes users who do not have a
+# supplementary group that also have a UID above the LAST_SYSTEM_UID. Removals
+# are logged to syslog. With 'dryrun' as the first argument, it exits 1 if
+# cleanup is needed.
+
+# for $LAST_SYSTEM_UID
+. /etc/adduser.conf
+
 ARCHIVE_DIR='/var/userarchive'
 EXCLUDE=("nobody" \
          "l10nupdate" \
-         "gmetric" \    # nescio.wikimedia.org
          "mwdeploy" \   # eventlog*
          "gerrit2" \    # ytterbium.wikimedia.org
          "spamd" \      # sodium.wikimedia.org:
@@ -36,9 +38,7 @@
     return 1
 }
 
-# This is an intentional hard stop
-# as before T84032 this could do some
-# serious damage to a labstore host.
+# FIXME: this is an intentional hard stop as before T84032
 if [[ `hostname -s` =~ ^labstore100 ]]; then
         exit 1
 fi
@@ -60,7 +60,7 @@
         continue
     fi
 
-    if [[ "$uid" -gt "$ID_BOUNDRY" ]]; then
+    if [[ "$uid" -gt "$LAST_SYSTEM_UID" ]]; then
         if [[ `/usr/bin/id $username` != *","* ]]; then
             if [ "${1}" == "dryrun" ]
                 then

-- 
To view, visit https://gerrit.wikimedia.org/r/214030
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaf19e7dc22dda91e132040b3cafc35d6504e57d2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to