passwd: allow removing the existing users/groups

Fixes coreos#738 This PR will add a way to delete existing users/groups
sohankunkerkar · Jul 8, 2020 · 382048a · 382048a
1 parent b025750
commit 382048a
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 6 deletions.
diff --git a/internal/distro/distro.go b/internal/distro/distro.go
@@ -34,13 +34,15 @@ var (
 
 	// Helper programs
 	groupaddCmd = "groupadd"
+	groupdelCmd = "groupdel"
 	mdadmCmd    = "mdadm"
 	mountCmd    = "mount"
 	sgdiskCmd   = "sgdisk"
 	modprobeCmd = "modprobe"
 	udevadmCmd  = "udevadm"
 	usermodCmd  = "usermod"
 	useraddCmd  = "useradd"
+	userdelCmd  = "userdel"
 	setfilesCmd = "setfiles"
 	wipefsCmd   = "wipefs"
 
@@ -74,13 +76,15 @@ func KernelCmdlinePath() string { return kernelCmdlinePath }
 func SystemConfigDir() string   { return fromEnv("SYSTEM_CONFIG_DIR", systemConfigDir) }
 
 func GroupaddCmd() string { return groupaddCmd }
+func GroupdelCmd() string { return groupdelCmd }
 func MdadmCmd() string    { return mdadmCmd }
 func MountCmd() string    { return mountCmd }
 func SgdiskCmd() string   { return sgdiskCmd }
 func ModprobeCmd() string { return modprobeCmd }
 func UdevadmCmd() string  { return udevadmCmd }
 func UsermodCmd() string  { return usermodCmd }
 func UseraddCmd() string  { return useraddCmd }
+func UserdelCmd() string  { return userdelCmd }
 func SetfilesCmd() string { return setfilesCmd }
 func WipefsCmd() string   { return wipefsCmd }
 

diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go
@@ -103,6 +103,8 @@ func (s stage) createUsers(config types.Config) error {
 		if err := s.EnsureUser(u); err != nil {
 			return fmt.Errorf("failed to create user %q: %v",
 				u.Name, err)
+		} else if !(u.ShouldExist == nil || *u.ShouldExist) && err == nil {
+			continue
 		}
 
 		if err := s.SetPasswordHash(u); err != nil {
@@ -128,9 +130,11 @@ func (s stage) createGroups(config types.Config) error {
 	defer s.Logger.PopPrefix()
 
 	for _, g := range config.Passwd.Groups {
-		if err := s.CreateGroup(g); err != nil {
+		if err := s.EnsureGroup(g); err != nil {
 			return fmt.Errorf("failed to create group %q: %v",
 				g.Name, err)
+		} else if !(g.ShouldExist == nil || *g.ShouldExist) && err == nil {
+			continue
 		}
 	}
 

diff --git a/internal/exec/util/passwd.go b/internal/exec/util/passwd.go
@@ -50,13 +50,24 @@ func appendIfStringSet(args []string, arg string, str *string) []string {
 }
 
 // EnsureUser ensures that the user exists as described. If the user does not
-// yet exist, they will be created, otherwise the existing user will be
-// modified.
+// yet exist, they will be created, otherwise the existing user will be modified.
+// If shouldExist variable is set to false and the user already exists, then they
+// will be deleted.
 func (u Util) EnsureUser(c types.PasswdUser) error {
 	exists, err := u.CheckIfUserExists(c)
 	if err != nil {
 		return err
 	}
+	if !(c.ShouldExist == nil || *c.ShouldExist) && exists {
+		args := []string{"--remove", "--force", c.Name}
+		_, err := u.LogCmd(exec.Command(distro.UserdelCmd(), args...),
+			"deleting user %q", c.Name)
+		if err != nil {
+			return fmt.Errorf("failed to delete user %q: %v",
+				c.Name, err)
+		}
+		return nil
+	}
 	args := []string{"--root", u.DestDir}
 
 	var cmd string
@@ -244,8 +255,24 @@ func (u Util) SetPasswordHash(c types.PasswdUser) error {
 	return err
 }
 
-// CreateGroup creates the group as described.
-func (u Util) CreateGroup(g types.PasswdGroup) error {
+// EnsureGroup ensures that the group exists as described. If shouldExist
+// variable is set to false and the group already exists, then it will be
+// deleted.
+func (u Util) EnsureGroup(g types.PasswdGroup) error {
+	exists, err := u.CheckIfGroupExists(g)
+	if err != nil {
+		return err
+	}
+	if !(g.ShouldExist == nil || *g.ShouldExist) && exists {
+		args := []string{"--force", g.Name}
+		_, err := u.LogCmd(exec.Command(distro.GroupdelCmd(), args...),
+			"deleting group %q", g.Name)
+		if err != nil {
+			return fmt.Errorf("failed to delete group %q: %v",
+				g.Name, err)
+		}
+		return nil
+	}
 	args := []string{"--root", u.DestDir}
 
 	if g.Gid != nil {
@@ -263,7 +290,19 @@ func (u Util) CreateGroup(g types.PasswdGroup) error {
 
 	args = append(args, g.Name)
 
-	_, err := u.LogCmd(exec.Command(distro.GroupaddCmd(), args...),
+	_, err = u.LogCmd(exec.Command(distro.GroupaddCmd(), args...),
 		"adding group %q", g.Name)
 	return err
 }
+
+// CheckIfGroupExists will return Info log when group is empty
+func (u Util) CheckIfGroupExists(g types.PasswdGroup) (bool, error) {
+	_, err := u.groupLookup(g.Name)
+	if _, ok := err.(user.UnknownGroupError); ok {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	return true, nil
+}