Hi all, my first post here and I've read the guidelines on how to post, so here goes! I have a project at work, whereby we have a secure server for transporting documents too large for email. It's running on Ubuntu server 16.04. The previous iteration was really old and needed replacing but I found out how the customer accounts were created: with a Perl script! It's a really good script and the functions work perfectly for our requirements. I'm sure you'll all be able to read the functions but I'm not too good with Perl, so I can only gather the basic stuff that I can read in English but in a nutshell: we run the command "sudo sftp-create-user $username" to create an account for a customer, the script automatically adds them into a group whereby they can only access their own user folder and the account automatically expires after a specified amount of time (if no time is specified, the default is 7 days) - as shown below. For the record: I have installed the String::MkPasswd module; File::Copy and File::Path seem to be embedded into the installed version of Perl 5.30.0 distribution running on this server. The scripts worked fine on the old server but since moving them and installing Perl and the modules specified in the code, the scripts are only really half working now. 
 
#!/usr/bin/perl

# Feature changes:
# 1. Rewritten in Perl, using String::MkPasswd
# 2. Simplified accounts structure, all accounts now
# feature an expiry time, and may not traverse into
# other accounts' directories
# 3. Changed username format to all lowercase letters,
# numbers and underscore
# 4. The user purging script actually works!
# 5. Better passwords via String::MkPasswd
# 6. You can now extend user accounts

use strict;
use String::MkPasswd qq{mkpasswd};

my $username   = lc( shift );
my $expiration = shift;

if( $< != 0 ) {
    print qq{You must run this script as root or sudo!\n};
    exit;
}

if( $username eq q{} ) {
    print qq{You must enter a username!\n};
    exit;
} elsif ( defined( getpwnam( $username ) ) ) {
    print qq{This username already exists!\n};
    exit;
} elsif ( $username =~ m/\W/ ) {
    print qq{You may not use special characters in the username!\n};
    exit;
}

mkdir qq{/FTP/$username};
mkdir qq{/FTP/$username/$username};

my $password = mkpasswd();

if ( $password =~ m/\"|\'/ ) {
    $password = mkpasswd();
}

system( qq{useradd -s /bin/false -M $username} );
system( qq{usermod -g customers $username} );
system( qq{usermod -d /$username $username} );
system( qq{chown -R $username:customers /FTP/$username/$username} ); 

print qq{Created SFTP user $username\n};

system( qq{echo "$username:$password" | chpasswd} );

print qq{Assigned password $password to $username\n};

open( my $expFile , qq{>>/etc/ssh/sftp-users.dat} );

my $currentTime = time;
my $newTime;

if( defined( $expiration ) ) {
    $newTime = ( $expiration * 86400 ) + $currentTime;
    print qq{Set expiration to $expiration days.\n};
} else {
    $newTime = $currentTime + 604800;
    print qq{Set expiration to 7 days (default).\n};
}

print $expFile qq{$username,$newTime\n};

close( $expFile );

[download]
As far as I can tell, it works fine in the creation of the groups, the user account and the folders in /FTP/$username. However, if you can spot anything to improve on, please do point it out! Anyway, back to the issue... The account doesn't seem to be expiring (i.e. automatically deleting itself and the user folder in /FTP/$username/ and removing itself from any system groups) and when I run the backup command "sudo sftp-delete-user $username" (code below) it seems to successfully delete the user account, as it doesn't show up in "/etc/passwd" but the user folders in /FTP/$username/ all still remain. As per the "how to post a question effectively" page, laziness is a virtue for many people in the vast umbrella of I.T. and programming - if it's not already obvious, I'm a system administrator/network engineer for a cyber security company and this being a manual process creates additional overhead that I simply don't have the time or the will to do manually, so any help would be greatly appreciated! 
 
#!/usr/bin/perl

# Feature changes:
# 1. Rewritten in Perl, using String::MkPasswd
# 2. Simplified accounts structure, all accounts now
# feature an expiry time, and may not traverse into
# other accounts' directories
# 3. Changed username format to all lowercase letters,
# numbers and underscore
# 4. The user purging script actually works!
# 5. Better passwords via String::MkPasswd
# 6. You can now extend user accounts

use strict;
use File::Copy;
use File::Path;

my $username = lc( shift );

if( $< != 0 ) {
    print qq{You must run this script as root or sudo!\n};
    exit;
}

open( my $oldExpFile, qq{</etc/ssh/sftp-users.dat} )
    || die qq{Couldn't open expirations file!\n};

open( my $newExpFile, qq{>/etc/ssh/sftp-users.dat.tmp} )
    || die qq{Couldn't create new expirations file!\n};

while( my $line = <$oldExpFile> ) {

    ( my $userInLine ) = $line =~ /^(.+?),.+?$/;

    if( $username eq $userInLine ) {
    system( qq{deluser $username} );
    system( qq{delgroup $username} );
    rmtree( qq{/FTP/$username} );
    print qq{Deleted $username!\n};
    } else {
    print $newExpFile $line;
    }

}

close( $oldExpFile );
close( $newExpFile );

move( qq{/etc/ssh/sftp-users.dat.tmp}, qq{/etc/ssh/sftp-users.dat} );

[download]
And the code for the command "sudo sftp-purge-users" also doesn't seem to work. This script is almost identical to the previous "sftp-delete-user" with the only difference being that line 18 is removed.

Thanks,
Anthony

In reply to Script for SFTP users not deleting accounts automatically by C18ANT

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.