2 * Copyright (c) 1991 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2000 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2008, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 #ifdef ACCT_TOOLS_SETUID
45 #endif /* ACCT_TOOLS_SETUID */
47 #include <sys/types.h>
51 #include "prototypes.h"
60 static char *group_name;
61 static gid_t group_id = -1;
64 static bool is_shadow_grp;
71 #define E_SUCCESS 0 /* success */
72 #define E_USAGE 2 /* invalid command syntax */
73 #define E_NOTFOUND 6 /* specified group doesn't exist */
74 #define E_GROUP_BUSY 8 /* can't remove user's primary group */
75 #define E_GRP_UPDATE 10 /* can't update group file */
77 /* local function prototypes */
78 static void usage (void);
79 static void grp_update (void);
80 static void close_files (void);
81 static void open_files (void);
82 static void group_busy (gid_t);
85 * usage - display usage message and exit
87 static void usage (void)
89 fputs (_("Usage: groupdel group\n"), stderr);
94 * grp_update - update group file entries
96 * grp_update() writes the new records to the group files.
98 static void grp_update (void)
101 * To add the group, we need to update /etc/group.
102 * Make sure failures will be reported.
104 add_cleanup (cleanup_report_del_group_group, group_name);
107 /* We also need to update /etc/gshadow */
108 add_cleanup (cleanup_report_del_group_gshadow, group_name);
113 * Delete the group entry.
115 if (gr_remove (group_name) == 0) {
117 _("%s: cannot remove entry '%s' from %s\n"),
118 Prog, group_name, gr_dbname ());
124 * Delete the shadow group entries as well.
126 if (is_shadow_grp && (sgr_locate (group_name) != NULL)) {
127 if (sgr_remove (group_name) == 0) {
129 _("%s: cannot remove entry '%s' from %s\n"),
130 Prog, group_name, sgr_dbname ());
134 #endif /* SHADOWGRP */
138 * close_files - close all of the files that were opened
140 * close_files() closes all of the files that were opened for this
141 * new group. This causes any modified entries to be written out.
143 static void close_files (void)
145 /* First, write the changes in the regular group database */
146 if (gr_close () == 0) {
148 _("%s: failure while writing changes to %s\n"),
154 audit_logger (AUDIT_DEL_GROUP, Prog,
155 "removing group from /etc/group",
156 group_name, (unsigned int) group_id,
157 SHADOW_AUDIT_SUCCESS);
160 "group '%s' removed from %s",
161 group_name, gr_dbname ()));
162 del_cleanup (cleanup_report_del_group_group);
164 cleanup_unlock_group (NULL);
165 del_cleanup (cleanup_unlock_group);
168 /* Then, write the changes in the shadow database */
171 if (sgr_close () == 0) {
173 _("%s: failure while writing changes to %s\n"),
174 Prog, sgr_dbname ());
179 audit_logger (AUDIT_DEL_GROUP, Prog,
180 "removing group from /etc/gshadow",
181 group_name, (unsigned int) group_id,
182 SHADOW_AUDIT_SUCCESS);
185 "group '%s' removed from %s",
186 group_name, sgr_dbname ()));
187 del_cleanup (cleanup_report_del_group_gshadow);
189 cleanup_unlock_gshadow (NULL);
190 del_cleanup (cleanup_unlock_gshadow);
192 #endif /* SHADOWGRP */
194 /* Report success at the system level */
196 audit_logger (AUDIT_DEL_GROUP, Prog,
198 group_name, (unsigned int) group_id,
199 SHADOW_AUDIT_SUCCESS);
201 SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
202 del_cleanup (cleanup_report_del_group);
206 * open_files - lock and open the group files
208 * open_files() opens the two group files.
210 static void open_files (void)
212 /* First, lock the databases */
213 if (gr_lock () == 0) {
215 _("%s: cannot lock %s; try again later.\n"),
219 add_cleanup (cleanup_unlock_group, NULL);
222 if (sgr_lock () == 0) {
224 _("%s: cannot lock %s; try again later.\n"),
225 Prog, sgr_dbname ());
228 add_cleanup (cleanup_unlock_gshadow, NULL);
233 * Now, if the group is not removed, it's our fault.
234 * Make sure failures will be reported.
236 add_cleanup (cleanup_report_del_group, group_name);
238 /* An now open the databases */
239 if (gr_open (O_RDWR) == 0) {
241 _("%s: cannot open %s\n"),
243 SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
248 if (sgr_open (O_RDWR) == 0) {
250 _("%s: cannot open %s\n"),
251 Prog, sgr_dbname ());
252 SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
256 #endif /* SHADOWGRP */
260 * group_busy - check if this is any user's primary group
262 * group_busy verifies that this group is not the primary group
263 * for any user. You must remove all users before you remove
266 static void group_busy (gid_t gid)
271 * Nice slow linear search.
276 while ( ((pwd = getpwent ()) != NULL) && (pwd->pw_gid != gid) );
281 * If pwd isn't NULL, it stopped because the gid's matched.
284 if (pwd == (struct passwd *) 0) {
289 * Can't remove the group.
292 _("%s: cannot remove the primary group of user '%s'\n"),
298 * main - groupdel command
300 * The syntax of the groupdel command is
304 * The named group will be deleted.
307 int main (int argc, char **argv)
309 #ifdef ACCT_TOOLS_SETUID
311 pam_handle_t *pamh = NULL;
314 #endif /* ACCT_TOOLS_SETUID */
319 atexit (do_cleanups);
322 * Get my name so that I can use it to report errors.
325 Prog = Basename (argv[0]);
327 (void) setlocale (LC_ALL, "");
328 (void) bindtextdomain (PACKAGE, LOCALEDIR);
329 (void) textdomain (PACKAGE);
335 group_name = argv[1];
337 OPENLOG ("groupdel");
339 #ifdef ACCT_TOOLS_SETUID
342 struct passwd *pampw;
343 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
346 _("%s: Cannot determine your user name.\n"),
351 retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh);
354 if (PAM_SUCCESS == retval) {
355 retval = pam_authenticate (pamh, 0);
358 if (PAM_SUCCESS == retval) {
359 retval = pam_acct_mgmt (pamh, 0);
363 (void) pam_end (pamh, retval);
365 if (PAM_SUCCESS != retval) {
366 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
370 #endif /* ACCT_TOOLS_SETUID */
373 is_shadow_grp = sgr_file_present ();
379 * Start with a quick check to see if the group exists.
381 grp = getgrnam (group_name); /* local, no need for xgetgrnam */
384 _("%s: group '%s' does not exist\n"),
389 group_id = grp->gr_gid;
394 * Make sure this isn't a NIS group
401 _("%s: group '%s' is a NIS group\n"),
404 if (!yp_get_default_domain (&nis_domain) &&
405 !yp_master (nis_domain, "group.byname", &nis_master)) {
407 _("%s: %s is the NIS master\n"),
415 * Make sure this isn't the primary group of anyone.
417 group_busy (group_id);
420 * Do the hard stuff - open the files, delete the group entries,
421 * then close and update the files.
429 nscd_flush_cache ("group");