[MediaWiki-commits] [Gerrit] admin enforce-users-groups exclude known accounts - change (operations/puppet)

Thu, 26 Feb 2015 11:57:14 -0800 

Rush has submitted this change and it was merged.

Change subject: admin enforce-users-groups exclude known accounts
......................................................................


admin enforce-users-groups exclude known accounts

Accounts that fall out of the range but would be
harmful to cleanup.  These will need to be dealt
with individually.

Change-Id: I3bf65e3e1cb4177eae4c7496316b0cce7aeb0813
---
M modules/admin/files/enforce-users-groups.sh
1 file changed, 34 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/admin/files/enforce-users-groups.sh 
b/modules/admin/files/enforce-users-groups.sh
index f551125..7478c8e 100644
--- a/modules/admin/files/enforce-users-groups.sh
+++ b/modules/admin/files/enforce-users-groups.sh
@@ -7,18 +7,44 @@
 # a UID above the ID_BOUNDARY. Removals are logged to syslog.
 # with 'dryrun' as first arg exits 1 if cleanup is needed
 
+# /etc/adduser.conf
 ID_BOUNDRY='999'
 ARCHIVE_DIR='/var/userarchive'
+EXCLUDE=("nobody" \
+         "l10nupdate" \
+         "gmetric" \    # nescio.esams.wikimedia.org
+         "mwdeploy" \   # vanadium.eqiad.wmnet
+         "gerrit2" \    # ytterbium.wikimedia.org
+         "spamd" \      # sodium.wikimedia.org:
+         "mwprof" \     # tungsten.eqiad.wmnet
+         "releases" \   # tin.eqiad.wmnet
+         "reprepro" \   # caesium.eqiad.wmnet
+         "mysql" \      # pc1001.eqiad.wmnet
+         "dbmon" \      # db1044.eqiad.wmnet
+         "txstatsd" \   # osmium.eqiad.wmnet
+         "chromium" \   # osmium.eqiad.wmnet
+         "parsoid-rt"); # ruthenium.eqiad.wmnet
 
-function log() {
+log() {
     logger $1
     echo $1
+}
+
+in_array() {
+    local haystack=${1}[@]
+    local needle=${2}
+    for i in ${!haystack}; do
+        if [[ ${i} == ${needle} ]]; then
+            return 0
+        fi
+    done
+    return 1
 }
 
 if [ ! -d $ARCHIVE_DIR ]
     then
         log "creating new user files archive ${ARCHIVE_DIR}"
-        mkdir $ARCHIVE_DIR
+        mkdir -p $ARCHIVE_DIR
 fi
 
 #TMP
@@ -38,9 +64,14 @@
 do
     username=`echo $var | cut -d ':' -f 1`
     uid=`echo $var | cut -d ':' -f 3`
+
+    # A few global accounts of dubious nature are ignored
+    if in_array EXCLUDE $username; then
+        continue
+    fi
+
     if [[ "$uid" -gt "$ID_BOUNDRY" ]]; then
         if [[ `/usr/bin/id $username` != *","* ]]; then
-
             #TEMP
             echo $var >> /var/log/admincleanup
 

-- 
To view, visit https://gerrit.wikimedia.org/r/193140
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3bf65e3e1cb4177eae4c7496316b0cce7aeb0813
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to