AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix remove-analyst silent failure caused by set -e + pipefail

Browse source 
The script was exiting silently on the GROUPS=$(groups ... | cut ...)
line — set -eo pipefail caused bash to terminate the script before any
echo output, making it appear to do nothing.

Replace set -euo pipefail with set -u and explicit error handling.
Admin scripts must always report what happened, never exit silently.

Also: use id -nG instead of groups|cut pipe, add verification step
after userdel, and log each operation for visibility.
This commit is contained in:
Petr 2026-03-15 14:17:39 +01:00
parent 2181d490e9
commit 440662c8fe
1 changed files with 26 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
server/bin/remove-analyst
View file

@ -1,11 +1,15 @@
#!/bin/bash #!/bin/bash
# Remove user (analyst or admin) # Remove user (analyst or admin)
# Usage: sudo remove-analyst username [--force] # Usage: sudo remove-analyst username [--force]
#
# Note: This script uses explicit error handling instead of set -e.
# set -e causes silent exits with command substitutions and pipefail,
# which is unacceptable for admin scripts that must always report what happened.
set -euo pipefail set -u # Catch unset variables, but no -e (explicit error handling)
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root (use sudo)" echo "Error: This script must be run as root (use sudo)"
exit 1 exit 1
fi fi
@ -37,17 +41,18 @@ if ! id "$USERNAME" &>/dev/null; then
fi fi
# Prevent removing yourself # Prevent removing yourself
CURRENT_USER=$(logname 2>/dev/null || echo "$SUDO_USER") CURRENT_USER=$(logname 2>/dev/null || echo "${SUDO_USER:-unknown}")
if [[ "$USERNAME" == "$CURRENT_USER" ]]; then if [[ "$USERNAME" == "$CURRENT_USER" ]]; then
echo "Error: Cannot remove yourself" echo "Error: Cannot remove yourself"
exit 1 exit 1
fi fi
# Get user groups for info # Get user groups for info (safe extraction, no pipefail issues)
GROUPS=$(groups "$USERNAME" 2>/dev/null | cut -d: -f2 || echo "") GROUPS=$(id -nG "$USERNAME" 2>/dev/null) || GROUPS="(unknown)"
echo "Removing user: $USERNAME" echo "Removing user: $USERNAME"
echo "Groups: $GROUPS" echo " Groups: $GROUPS"
echo " Home: /home/$USERNAME"
if [[ "$FORCE" != true ]]; then if [[ "$FORCE" != true ]]; then
read -p "Are you sure? [y/N] " -n 1 -r read -p "Are you sure? [y/N] " -n 1 -r
@ -59,15 +64,25 @@ if [[ "$FORCE" != true ]]; then
fi fi
# Remove user and home directory # Remove user and home directory
# userdel -r may fail if home is owned by someone else; fall back to manual cleanup echo " Deleting OS user..."
if userdel -r "$USERNAME" 2>/dev/null; then if userdel -r "$USERNAME" 2>/dev/null; then
: # success echo " User and home directory removed"
else elif userdel "$USERNAME" 2>/dev/null; then
userdel "$USERNAME" echo " User removed (userdel -r failed, cleaning up home manually)"
if [[ -d "/home/$USERNAME" ]]; then if [[ -d "/home/$USERNAME" ]]; then
rm -rf "/home/$USERNAME" rm -rf "/home/$USERNAME"
echo "Home directory removed manually" echo " Home directory /home/$USERNAME removed"
fi fi
else
echo "Error: Failed to remove user '$USERNAME'"
echo " Check if processes are running as this user: ps -u $USERNAME"
exit 1
fi
# Verify removal
if id "$USERNAME" &>/dev/null; then
echo "Warning: User '$USERNAME' still exists (OS login system may have re-created it)"
exit 1
fi fi
echo "User '$USERNAME' removed successfully" echo "User '$USERNAME' removed successfully"