From 7c33c7c9d9a6ad68051e61da0479cad31595a5b4 Mon Sep 17 00:00:00 2001 From: Fred Hamster Date: Mon, 16 Dec 2024 16:06:29 -0500 Subject: [PATCH] moving to sanitized user don't want to use the bare USER variable any more, since we have seen that including an email domain (e.g. blah@flork.com instead of just blah). so these changes should use a sanitized version without the email portion. --- .../bashisms/bashrc_with_localtmp_code.sh | 2 +- infobase/examples/os_related/user_sudoing.sh | 2 +- .../solution_solvers/check_resource_ids.sh | 8 ++++---- scripts/archival/backup_arbitrary.sh | 2 +- scripts/archival/compare_backup_drive.sh | 4 ++-- scripts/core/create_tempdir.sh | 4 ++-- scripts/core/functions.sh | 6 +++--- scripts/core/inventory.sh | 2 +- scripts/core/launch_feisty_meow.sh | 19 ++++++++++++++++++- scripts/core/variables.sh | 6 ++++-- scripts/email/move_spams_and_check.sh | 4 ++-- scripts/files/find_non_owned.sh | 4 ++-- scripts/opensim/opensim_utils.sh | 2 +- scripts/opensim/zap_opensim_main.sh | 2 +- scripts/processes/findme.sh | 2 +- scripts/processes/list_process_names.sh | 2 +- scripts/rev_control/version_control.sh | 2 +- scripts/security/cool_permissionator.sh | 2 +- scripts/site_avenger/shared_site_mgr.sh | 2 +- scripts/system/dump_log.sh | 2 +- scripts/tty/lockem.sh | 2 +- testkit/prepare_tools.sh | 2 +- 22 files changed, 51 insertions(+), 32 deletions(-) diff --git a/infobase/examples/bashisms/bashrc_with_localtmp_code.sh b/infobase/examples/bashisms/bashrc_with_localtmp_code.sh index 0df81b5e..278a32ee 100644 --- a/infobase/examples/bashisms/bashrc_with_localtmp_code.sh +++ b/infobase/examples/bashisms/bashrc_with_localtmp_code.sh @@ -5,7 +5,7 @@ # use a local temporary directory if possible. if [ -d /localtmp ]; then - export FAST_LOCAL_STORAGE=/localtmp/$USER + export FAST_LOCAL_STORAGE=/localtmp/$(sanitized_username) export TMP=$FAST_LOCAL_STORAGE/tempo mkdir -p $TMP &>/dev/null chmod -R 700 $FAST_LOCAL_STORAGE diff --git a/infobase/examples/os_related/user_sudoing.sh b/infobase/examples/os_related/user_sudoing.sh index 4f12ed73..946118c8 100644 --- a/infobase/examples/os_related/user_sudoing.sh +++ b/infobase/examples/os_related/user_sudoing.sh @@ -3,7 +3,7 @@ # user, in order to run something from within their context. this is one way to do it # with a semi-interactive set of steps... sudo -u chronical bash <"$TEMP_RESOURCE_HEADERS" -FULLDEFS=/tmp/full_definition_list_$USER.txt +FULLDEFS=/tmp/full_definition_list_$(sanitized_username).txt # clean up prior versions. rm -f "$FULLDEFS" @@ -57,7 +57,7 @@ done <"$FULLDEFS" echo done reading all definitions. -JUST_IDS=/tmp/ids_list_$USER.txt +JUST_IDS=/tmp/ids_list_$(sanitized_username).txt rm -f "$JUST_IDS" i=0 @@ -70,7 +70,7 @@ echo done accumulating list of integer ids. id_size=$(wc "$JUST_IDS") -JUST_IDS_TEMP=/tmp/ids_list_temp_$USER.txt +JUST_IDS_TEMP=/tmp/ids_list_temp_$(sanitized_username).txt sort "$JUST_IDS" | uniq >"$JUST_IDS_TEMP" id_temp_size=$(wc "$JUST_IDS_TEMP") diff --git a/scripts/archival/backup_arbitrary.sh b/scripts/archival/backup_arbitrary.sh index 419ed763..79862daa 100644 --- a/scripts/archival/backup_arbitrary.sh +++ b/scripts/archival/backup_arbitrary.sh @@ -22,6 +22,6 @@ fi sep='_' -tar -czf "${archive_storage_path}/${archive_tag}_bkup_$(date +"%Y$sep%m$sep%d$sep%H%M$sep%S" | tr -d '/\n/').tar.gz" "$target_asset_path" &>>$TMP/${USER}.scripts.backup_arbitrary.log +tar -czf "${archive_storage_path}/${archive_tag}_bkup_$(date +"%Y$sep%m$sep%d$sep%H%M$sep%S" | tr -d '/\n/').tar.gz" "$target_asset_path" &>>$TMP/$(sanitized_username).scripts.backup_arbitrary.log diff --git a/scripts/archival/compare_backup_drive.sh b/scripts/archival/compare_backup_drive.sh index 00839cd3..3363b984 100644 --- a/scripts/archival/compare_backup_drive.sh +++ b/scripts/archival/compare_backup_drive.sh @@ -22,7 +22,7 @@ echo would do-- compare_dirs "$target/$(basename $currdir)" "$currdir" # decide which drive to compare. targets="$1" if [ -z "$targets" ]; then - targets=($($(whichable ls) -1 /media/$USER/*)) + targets=($($(whichable ls) -1 /media/$(sanitized_username)/*)) if [ ${#targets[@]} -gt 1 ]; then echo " Please provide a media drive name on the command line, because more than @@ -34,7 +34,7 @@ fi echo "comparing the media drive '${targets[0]}' against local archives." -compare_archives_with_target "/media/$USER/${targets[0]}" +compare_archives_with_target "/media/$(sanitized_username)/${targets[0]}" sep diff --git a/scripts/core/create_tempdir.sh b/scripts/core/create_tempdir.sh index e9cda8b7..3a14240b 100644 --- a/scripts/core/create_tempdir.sh +++ b/scripts/core/create_tempdir.sh @@ -16,11 +16,11 @@ source "$FEISTY_MEOW_SCRIPTS/core/functions.sh" if [ ! -d "$TMP" ]; then mkdir -p $TMP - chown $USER $TMP + chown $(sanitized_username) $TMP if [ $? -ne 0 ]; then echo "failed to chown $TMP to user's ownership." fi - log_feisty_meow_event "created transient area \"$TMP\" for $USER on $(date_stringer)." + log_feisty_meow_event "created transient area \"$TMP\" for $(sanitized_username) on $(date_stringer)." fi # set other temporary variables to the same place as TMP. diff --git a/scripts/core/functions.sh b/scripts/core/functions.sh index d5162785..bcf50df6 100644 --- a/scripts/core/functions.sh +++ b/scripts/core/functions.sh @@ -140,7 +140,7 @@ if [ -z "$skip_all" ]; then local custom_user="$(logname 2>/dev/null)" if [ -z "$custom_user" ]; then # try the normal unix user variable. - custom_user="$USER" + custom_user="$(sanitized_username)" fi if [ -z "$custom_user" ]; then # try the windows user variable. @@ -264,7 +264,7 @@ if [ -z "$skip_all" ]; then # accepts any number of arguments and outputs them to the feisty meow event log. function log_feisty_meow_event() { - echo -e "$(timestamper)-- ${USER}@$(hostname): $*" >> "$FEISTY_MEOW_EVENT_LOG" + echo -e "$(timestamper)-- $(sanitized_username)@$(hostname): $*" >> "$FEISTY_MEOW_EVENT_LOG" } ############## @@ -583,7 +583,7 @@ if [ -z "$skip_all" ]; then fi # reload feisty meow environment in current shell. - log_feisty_meow_event "reloading the feisty meow scripts for $USER in current shell." + log_feisty_meow_event "reloading the feisty meow scripts for $(sanitized_username) in current shell." source "$FEISTY_MEOW_SCRIPTS/core/launch_feisty_meow.sh" # run nechung oracle to give user a new fortune. nechung diff --git a/scripts/core/inventory.sh b/scripts/core/inventory.sh index 6b1b11b7..8cc4de7f 100644 --- a/scripts/core/inventory.sh +++ b/scripts/core/inventory.sh @@ -67,7 +67,7 @@ else splitter="cat" fi echo -echo "it is $(date +"%A at %H:%M hours on day %e of the %B moon in the gregorian year %Y" | tr A-Z a-z) and our intrepid adventurer $USER is exploring a computer named $(hostname) that is running in a thoughtspace called $osname $osver (code-name $codename), and $USER has deduced that the machine's OS platform is $(uname -m) and its current incarnation has been ${up}." | $splitter +echo "it is $(date +"%A at %H:%M hours on day %e of the %B moon in the gregorian year %Y" | tr A-Z a-z) and our intrepid adventurer $(sanitized_username) is exploring a computer named $(hostname) that is running in a thoughtspace called $osname $osver (code-name $codename), and $(sanitized_username) has deduced that the machine's OS platform is $(uname -m) and its current incarnation has been ${up}." | $splitter echo echo "the following things appear to be lying around here..." echo diff --git a/scripts/core/launch_feisty_meow.sh b/scripts/core/launch_feisty_meow.sh index 4eadb38f..c1791c59 100644 --- a/scripts/core/launch_feisty_meow.sh +++ b/scripts/core/launch_feisty_meow.sh @@ -104,8 +104,25 @@ if [ "$NO_REPAIRS_NEEDED" == "true" ]; then # set the directory tab completion to behave properly and not start escaping # the dollar signs in variable names. shopt -u progcomp - + + #### + # (function borrowed from our own variables.sh) + # a handy helper method that turns a potentially gross USER variable into + # a nice clean one (by removing email domains). + export SANITIZED_USER + function sanitized_username() { + if [ ! -z "$SANITIZED_USER" ]; then + echo -n "$SANITIZED_USER" + fi + export SANITIZED_USER="$(echo "$USER" | sed -e 's/@[a-zA-Z0-9_.]*//')" + echo -n "$SANITIZED_USER" + } + # call the method to ensure the variable gets loaded. + sanitized_username &> /dev/null + ##### + # patch the user variable if we were launched by one of our cron jobs. + USER="$(sanitized_username)" if [ -z "$USER" -a ! -z "$CRONUSER" ]; then export USER="$CRONUSER" fi diff --git a/scripts/core/variables.sh b/scripts/core/variables.sh index 9b535889..cd1e1356 100644 --- a/scripts/core/variables.sh +++ b/scripts/core/variables.sh @@ -40,7 +40,7 @@ return 0 # a handy helper method that turns a potentially gross USER variable into # a nice clean one (by removing email domains). - export SANITIZED_USER="" + export SANITIZED_USER function sanitized_username() { if [ ! -z "$SANITIZED_USER" ]; then echo -n "$SANITIZED_USER" @@ -48,6 +48,8 @@ return 0 export SANITIZED_USER="$(echo "$USER" | sed -e 's/@[a-zA-Z0-9_.]*//')" echo -n "$SANITIZED_USER" } + # call the method to ensure the variable gets loaded. + sanitized_username &> /dev/null ############## @@ -130,7 +132,7 @@ define_yeti_variable DEFAULT_FEISTYMEOW_ORG_DIR=/opt/feistymeow.org # set up our event logging file for any notable situation to be recorded in. if [ -z "$FEISTY_MEOW_EVENT_LOG" ]; then - define_yeti_variable FEISTY_MEOW_EVENT_LOG="$TMP/$USER-feisty_meow-events.log" + define_yeti_variable FEISTY_MEOW_EVENT_LOG="$TMP/$(sanitized_username)-feisty_meow-events.log" fi # set up the top-level for all build creations and logs and such. diff --git a/scripts/email/move_spams_and_check.sh b/scripts/email/move_spams_and_check.sh index c45d271b..0c66a77b 100644 --- a/scripts/email/move_spams_and_check.sh +++ b/scripts/email/move_spams_and_check.sh @@ -28,8 +28,8 @@ if [ $? -ne 0 ]; then exit 3 fi echo "Setting the directory back to user's ownership..." -sudo chown -R $USER "$SPAM_HOLD" -sudo chgrp -R $USER "$SPAM_HOLD" +sudo chown -R $(sanitized_username) "$SPAM_HOLD" +sudo chgrp -R $(sanitized_username) "$SPAM_HOLD" echo "Checking for false-positive spams..." | tee "$REPORT_FILE" bash "$FEISTY_MEOW_SCRIPTS/email/scan_spam.sh" "$SPAM_HOLD" "$EMAIL_WHITE_LIST" 2>&1 \ | tee -a "$REPORT_FILE" diff --git a/scripts/files/find_non_owned.sh b/scripts/files/find_non_owned.sh index 0470004e..5c48dbed 100644 --- a/scripts/files/find_non_owned.sh +++ b/scripts/files/find_non_owned.sh @@ -6,9 +6,9 @@ if test $# = 0; then fi; export outfile="$(mktemp "$TMP/zz_findertmp.XXXXXX")" # check for files not owned by the user. -echo "These files are not self-owned by $USER:" >$outfile +echo "These files are not self-owned by $(sanitized_username):" >$outfile for i; do - find $i ! -user $USER >>$outfile + find $i ! -user $(sanitized_username) >>$outfile done # check for files not in same group as the user. GROUP="$(groups | awk '{print $1}')" diff --git a/scripts/opensim/opensim_utils.sh b/scripts/opensim/opensim_utils.sh index 3e440abb..38f0a141 100644 --- a/scripts/opensim/opensim_utils.sh +++ b/scripts/opensim/opensim_utils.sh @@ -61,7 +61,7 @@ function find_opensim_process() if [ -z "$process_name" ]; then return 1 # failure in call. fi - OS_PROC_ID=$(ps wuax | grep "[0-9] mono $process_name" | grep -vi screen | sed -e "s/$USER *\([0-9][0-9]*\).*/\1/" | head -n 1) + OS_PROC_ID=$(ps wuax | grep "[0-9] mono $process_name" | grep -vi screen | sed -e "s/$(sanitized_username) *\([0-9][0-9]*\).*/\1/" | head -n 1) } # takes a screen name for the detached screen session and a process name that diff --git a/scripts/opensim/zap_opensim_main.sh b/scripts/opensim/zap_opensim_main.sh index 616cb8d3..bf070e52 100644 --- a/scripts/opensim/zap_opensim_main.sh +++ b/scripts/opensim/zap_opensim_main.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -main_pid=$( ps wuax | grep "[0-9] mono OpenSim.exe" | grep -vi screen | sed -e "s/$USER *\([0-9][0-9]*\).*/\1/" ) +main_pid=$( ps wuax | grep "[0-9] mono OpenSim.exe" | grep -vi screen | sed -e "s/$(sanitized_username) *\([0-9][0-9]*\).*/\1/" ) if [ ! -z "$main_pid" ]; then echo Zapping main opensim process with id $main_pid. diff --git a/scripts/processes/findme.sh b/scripts/processes/findme.sh index 24f2e88b..886ddc78 100644 --- a/scripts/processes/findme.sh +++ b/scripts/processes/findme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # finds the current user's processes in the process list. -snuser=$USER +snuser=$(sanitized_username) # if the unix variable for the user is not set, try the dos variable. if [ -z "$snuser" ]; then snuser=$USERNAME; fi #hmmm: more checks? what else would we get it from, REPLYTO? diff --git a/scripts/processes/list_process_names.sh b/scripts/processes/list_process_names.sh index c98b8d9e..6aa96a1a 100644 --- a/scripts/processes/list_process_names.sh +++ b/scripts/processes/list_process_names.sh @@ -5,7 +5,7 @@ user="$1" if [ -z "$user" ]; then - user="$USER" + user="$(sanitized_username)" fi ps wuax | grep $user | awk '{ print $11; }' diff --git a/scripts/rev_control/version_control.sh b/scripts/rev_control/version_control.sh index 67238cae..b1aa88ec 100644 --- a/scripts/rev_control/version_control.sh +++ b/scripts/rev_control/version_control.sh @@ -34,7 +34,7 @@ fi # to get past this, TMP gets changed below to a hopefully generic and safe place. if [[ "$TMP" =~ .:.* ]]; then log_feisty_meow_event "making weirdo temporary directory for PCDOS-style path." - export TMP=/tmp/rev_control_$USER + export TMP=/tmp/rev_control_$(sanitized_username) fi if [ ! -d "$TMP" ]; then mkdir -p $TMP diff --git a/scripts/security/cool_permissionator.sh b/scripts/security/cool_permissionator.sh index 54c07cc5..ccb9b8ba 100644 --- a/scripts/security/cool_permissionator.sh +++ b/scripts/security/cool_permissionator.sh @@ -92,7 +92,7 @@ if [[ $0 =~ .*cool_permissionator\.sh.* ]]; then export FEISTY_MEOW_APEX="$( \cd "$THISDIR/../.." && \pwd )" source "$THISDIR/../core/launch_feisty_meow.sh" continue_on_error "sourcing the feisty meow launcher" - coolio="$USER" + coolio="$(sanitized_username)" reapply_cool_permissions "$coolio" continue_on_error "reapplying cool permissions on $coolio" fi diff --git a/scripts/site_avenger/shared_site_mgr.sh b/scripts/site_avenger/shared_site_mgr.sh index 050eb555..98481c08 100644 --- a/scripts/site_avenger/shared_site_mgr.sh +++ b/scripts/site_avenger/shared_site_mgr.sh @@ -517,7 +517,7 @@ function fix_appdir_ownership() local combo="$appsdir/$dir" # go with the default user running the script. - user_name="$USER" + user_name="$(sanitized_username)" if [ ! -z "$user_name" -a "$user_name" != "root" ]; then echo "$(date_stringer): Chowning the app folder to be owned by: $user_name" >> "$SSM_LOG_FILE" #hmmm: have to hope for now for standard group named after user diff --git a/scripts/system/dump_log.sh b/scripts/system/dump_log.sh index 3750bd17..14a2ffda 100644 --- a/scripts/system/dump_log.sh +++ b/scripts/system/dump_log.sh @@ -16,7 +16,7 @@ function assemble_log_file() exit 1 fi - logdump="$(mktemp /tmp/$USER_logdump.XXXXXX)" + logdump="$(mktemp /tmp/$(sanitized_username)_logdump.XXXXXX)" for logy in ${full_set[*]}; do #echo logy is $logy diff --git a/scripts/tty/lockem.sh b/scripts/tty/lockem.sh index de9cd947..6ef43b08 100644 --- a/scripts/tty/lockem.sh +++ b/scripts/tty/lockem.sh @@ -50,7 +50,7 @@ echo "$(date_stringer): successful login" >>$LOG_FILE echo "$(date_stringer): --- terminal unlocked" >>$LOG_FILE clear -echo "hi $USER, your password has been accepted. enjoy your computer." +echo "hi $(sanitized_username), your password has been accepted. enjoy your computer." echo diff --git a/testkit/prepare_tools.sh b/testkit/prepare_tools.sh index df7446ce..5fe1a227 100644 --- a/testkit/prepare_tools.sh +++ b/testkit/prepare_tools.sh @@ -82,7 +82,7 @@ fi # commonly used environment variables... # TEST_TEMP is a folder where we can generate a collection of junk files. -export TEST_TEMP="$TMP/testkit_logs_${USER}" +export TEST_TEMP="$TMP/testkit_logs_$(sanitized_username)" if [ ! -d "$TEST_TEMP" ]; then mkdir -p "$TEST_TEMP" fi -- 2.34.1