-
Notifications
You must be signed in to change notification settings - Fork 37
Expand file tree
/
Copy pathdelete.go
More file actions
86 lines (71 loc) · 2.58 KB
/
delete.go
File metadata and controls
86 lines (71 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package user
import (
"bufio"
"context"
"fmt"
"os"
"strings"
"github.com/canonical/authd/cmd/authctl/internal/client"
"github.com/canonical/authd/cmd/authctl/internal/completion"
"github.com/canonical/authd/cmd/authctl/internal/log"
"github.com/canonical/authd/internal/proto/authd"
"github.com/spf13/cobra"
)
const warningMessage = `
WARNING: Deleting a user that still owns files on the filesystem can lead to
security issues. Any existing files owned by this user's UID may become
accessible to a different user that is later assigned the same UID. If the
user is later re-created, they may be assigned a new UID, breaking ownership
of their existing home directory and files.
If you only want to prevent the user from logging in, consider using
'authctl user lock' instead. A locked user retains their UID, ensuring
no other user can be assigned the same UID.
`
// deleteCmd is a command to delete a user from the authd database.
var deleteCmd = &cobra.Command{
Use: "delete <user>",
Short: "Delete a user managed by authd",
Long: "Delete a user from the authd database.\n\n" + warningMessage + "\n\nThe command must be run as root.",
Example: ` # Delete user "alice" from the authd database
authctl user delete alice
# Delete user "alice" without confirmation prompt
authctl user delete --yes alice
# Delete user "alice" and remove their home directory
authctl user delete --remove alice`,
Args: cobra.ExactArgs(1),
ValidArgsFunction: completion.Users,
RunE: runDeleteUser,
}
var deleteUserYes bool
var deleteUserRemoveHome bool
func init() {
deleteCmd.Flags().BoolVarP(&deleteUserYes, "yes", "y", false, "Skip confirmation prompt")
deleteCmd.Flags().BoolVarP(&deleteUserRemoveHome, "remove", "r", false, "Remove the user's home directory")
}
func runDeleteUser(cmd *cobra.Command, args []string) error {
name := args[0]
if !deleteUserYes {
log.Warning(warningMessage)
fmt.Fprintf(os.Stderr, "Are you sure you want to delete user %q? [y/N] ", name)
reader := bufio.NewReader(os.Stdin)
answer, err := reader.ReadString('\n')
if err != nil {
return fmt.Errorf("failed to read confirmation: %w", err)
}
answer = strings.TrimSpace(strings.ToLower(answer))
if answer != "y" && answer != "yes" {
log.Info("Aborted.")
return nil
}
}
c, err := client.NewUserServiceClient()
if err != nil {
return err
}
_, err = c.DeleteUser(context.Background(), &authd.DeleteUserRequest{Name: name, RemoveHome: deleteUserRemoveHome})
if err != nil {
return err
}
log.Infof("User %q has been deleted from the authd database.", name)
return nil
}