1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
summary: Ensure remove-user functionality
details: |
Check the command `snap remove-user` works properly. Verify that
it fails when run as non-root user without sudo and works when run
as non-root user with sudo. Also Verify the root user cannot be
removed.
systems: [ubuntu-core-*]
environment:
# Note that any valid sso account will work for this test
USER_EMAIL: mvo@ubuntu.com
USER_NAME: mvo
prepare: |
# Note: make this test work with the user already created in the device
if [ "$(snap managed)" = "true" ]; then
# Leave a file indicating the device was initially managed
touch managed.device
exit 0
fi
snap create-user --sudoer "$USER_EMAIL"
restore: |
if [ -e managed.device ]; then
exit 0
fi
userdel --extrausers -r "$USER_NAME" || true
rm -rf "/etc/sudoers.d/create-user-$USER_NAME"
execute: |
if [ -e managed.device ]; then
exit 0
fi
echo "precondition check: user in passwd"
id "$USER_NAME"
echo "precondition check: has sudoer file"
test -f "/etc/sudoers.d/create-user-$USER_NAME"
echo "precondition check: user has a home"
test -d "/home/$USER_NAME"
echo "snap remove-user fails when run as non-root user without sudo"
expected="error: access denied (try with sudo)"
if obtained=$(su - test /bin/sh -c "snap remove-user $USER_NAME 2>&1"); then
echo "remove-user command should have failed"
fi
[ "$obtained" = "$expected" ]
echo "snap remove-user needs root and snap login is not enough"
if [ -n "$SPREAD_STORE_USER" ] && [ -n "$SPREAD_STORE_PASSWORD" ]; then
echo "Checking successful login"
expect -d -f "$TESTSLIB"/successful_login.exp
expected="error: access denied (try with sudo)"
if obtained=$(su - test /bin/sh -c "snap remove-user $USER_NAME 2>&1"); then
echo "remove-user command should have failed"
fi
[ "$obtained" = "$expected" ]
fi
echo "snap remove-user succeeds when run as non-root user with sudo"
expected="removed user \"$USER_NAME\""
obtained=$(su - test /bin/sh -c "sudo snap remove-user $USER_NAME 2>&1")
[ "$obtained" = "$expected" ]
echo "user no longer in passwd"
not id "$USER_NAME"
echo "user no longer has sudoer file"
test ! -f "/etc/sudoers.d/create-user-$USER_NAME"
echo "user no longer has a home"
test ! -d "/home/$USER_NAME"
echo "user is no longer managed by snapd"
[ "$(snap managed)" = "false" ]
echo "snap remove-user cannot remove arbitrary users"
expected="error: user \"root\" is not known"
if obtained=$(su - test /bin/sh -c "sudo snap remove-user root 2>&1"); then
echo "remove-user command should have failed"
fi
[ "$obtained" = "$expected" ]
|
