#48 Cleaning Up After Guests Leave

Although many sites disable the guest user for security reasons, others do have a guest account (often with a trivially guessable password) to allow people from other departments to access the network. It's a useful account, but there's one big problem: With multiple people sharing the same account, it's not uncommon for someone to experiment with commands, edit .rc files, add subdirectories, and so forth, thereby leaving things messed up for the next user.

This script addresses the problem by cleaning up the account space each time a user logs out from the guest account, deleting any files or subdirectories created, removing all dot files, and then rebuilding the official account files, copies of which are stored in a read-only archive tucked into the guest account in the ..template directory.

The Code

#!/bin/sh

# fixguest - Cleans up the guest account during the logout process.

# Don't trust environment variables: reference read-only sources

iam=$(whoami)
myhome="$(grep "^${iam}:" /etc/passwd | cut -d: -f6)"

# *** Do NOT run this script on a regular user account!

if [ "$iam" != "guest" ] ; then
  echo "Error: you really don't want to run fixguest on this account." >&2
  exit 1
fi

if [ ! -d $myhome/..template ] ; then
  echo "$0: no template directory 
 
 found for rebuilding." >&2
  exit 1
fi
# Remove all files and directories in the home account

cd $myhome

rm -rf * $(find . -name ".[a-zA-Z0–9]*" -print)

# Now the only thing present should be the ..template directory

cp -Rp ..template/* .
exit 0

How It Works

For this script to work correctly, you'll want to create a master set of template files and directories within the guest home directory, tucked into a new directory called ..template. Change the permissions of the ..template directory to read-only, and then within ..template ensure that all the files and directories have the proper ownership and permissions for user guest.

Running the Code

A logical time to run the fixguest script is at logout by invoking it in the .logout file (which works with most shells, though not all). It'd doubtless save you lots of complaints from users if the login script output a message like the following:

Notice: All files are purged from the guest account immediately
upon logout, so please don't save anything here you need. If you
want to save something, email it to your main account instead.
You've been warned!

However, because some guest users might be savvy enough to tinker with the .logout script, it would be worthwhile to invoke the fixguest script from cron too. Just make sure no one's logged in to the account when it runs!

The Results

There are no visible results to running this program, except that the guest home directory will be restored to mirror the layout and files in the ..template directory.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.96.247