From 8e6fe7f877eb1378b4b9d41f1babf3ed42300f52 Mon Sep 17 00:00:00 2001
From: Julien Da Silva <julien.dasilva@univ-rennes.fr>
Date: Mon, 13 Apr 2026 13:58:20 +0200
Subject: [PATCH] Initial commit

---
 clean_up_accounts.sh | 249 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 249 insertions(+)
 create mode 100644 clean_up_accounts.sh

diff --git a/clean_up_accounts.sh b/clean_up_accounts.sh
new file mode 100644
index 0000000..c83465e
--- /dev/null
+++ b/clean_up_accounts.sh
@@ -0,0 +1,249 @@
+#! /usr/bin/env bash
+
+#set -euo pipefail
+
+dbrepo="$HOME/dev/cellinfo/ipritevents"
+
+ldap_file=$(mktemp)
+trap 'rm -f "$ldap_file"' EXIT
+
+ask_yes_no() {
+  local prompt="$1"
+  local default="$2"   # y ou n
+  local reply
+
+  while true; do
+    if [[ "$default" == "y" ]]; then
+      read -rp "$prompt [Y/n] " reply
+      reply=${reply:-y}
+    else
+      read -rp "$prompt [y/N] " reply
+      reply=${reply:-n}
+    fi
+
+    case "$reply" in
+      [Yy]|[Oo])
+        return 0
+        ;;
+      [Nn])
+        return 1
+        ;;
+      *)
+        echo "Invalid choice, Please answer 'y' or 'n'."
+        ;;
+    esac
+  done
+}
+
+search_db() {
+    # $1: The login to seach in the db file
+    #git -C "$dbrepo" pull
+    local file="$dbrepo"/itevents.sql
+    local col=3
+    local user="$1"
+
+    sed -n "/^\s*(\s*'$user'\s*,/p" "$file" \
+        | tr -d "'()" |cut -d, --fields=$col \
+        | tr -d " "
+}
+
+update_db() {
+    # $1: The login to seach in the db file
+    #git -C "$dbrepo" pull
+    local user="$1"
+    local file="$dbrepo"/itevents.sql
+    local archiver=$(whoami)
+    local now=$(date +'%Y-%m-%d %H:%M:%S.%3N%:z')
+
+    sed -E -i "/^\('$user',/ s/(, *'[^,]*' *){2}, *'([^,]*)' *\)/, '$archiver', '$now', '\2')/g" "$file"
+
+    # commit
+    git -C "$dbrepo" add itevents.sql
+    git -C "$dbrepo" commit -m "Archived data from old user \"$user\""
+
+}
+
+
+search_email() {
+    local login="$1"
+
+    email=$(ldapsearch -x -LLL \
+        -H ldaps://ldap.univ-rennes1.fr \
+        -D "uid=$(whoami),ou=people,dc=univ-rennes1,dc=fr" \
+        -y "$ldap_file" \
+        -b "dc=univ-rennes1,dc=fr" \
+        "(uid=$login)" mail \
+        | awk -F': ' '/^mail: / {print $2}')
+    echo "$email"
+}
+
+search_ghosts() {
+    local home_folder="/mnt/home.ipr"
+    #folders=$(find /mnt/home.ipr -mindepth 1 -maxdepth 1 -type d ! -name '.*' -exec \
+    #          sh -c 'getent passwd "$(basename "$1")" > /dev/null || printf "%s\n" "$(basename "$1")"' _ {} \; )
+
+    mapfile -d '' -t orphan_homes < <(
+        find "$home_folder" -mindepth 1 -maxdepth 1 -type d ! -name '.*' \
+            -exec sh -c '
+                for d; do
+                    getent passwd "$(basename "$d")" > /dev/null || printf "%s\0" "$(basename "$d")"
+                done
+            ' _ {} + \
+                | sort -z
+    )
+    echo "${orphan_homes[@]}"
+}
+    
+
+run_remote() {
+    local use_sudo=0
+
+    if [[ "$1" == "--sudo" ]]; then
+        use_sudo=1
+        shift
+    fi
+
+    local host="$1"
+    local task="$2"
+    shift 2
+    local args=("$@")
+
+    local remote_cmd="bash -s"
+    [[ $use_sudo -eq 1 ]] && remote_cmd="sudo -S bash -s"
+
+    {
+        [[ $use_sudo -eq 1 ]] && echo "$PASS"
+        declare -f "$task"
+        printf '%q ' "$task" "${args[@]}"
+        echo
+    } | ssh "$host" "$remote_cmd"
+}
+
+
+sync_folder() {
+    # source folder
+    local src="$1"
+    # destination folder
+    local dest="$2"
+    # supervisor login
+    local supervisor="$3"
+
+    supervisor_group=$(id -gn $supervisor)
+    # Create dir
+    mkdir -p "$dest"
+    chown $supervisor:$supervisor_group "$dest"
+    # sync
+    rsync -av --exclude='.*' --chown=$supervisor:$supervisor_group "$src" "$dest"
+}
+
+
+remove_folder() {
+    local folder="$1"
+    echo "Removing \""$1"\"..."
+    rm -r "$folder"
+}
+
+
+mail_it() {
+    local email="$1"
+    local msg="$2"
+    local subject="Old data migrated to your personnal folders on Alambix"
+
+    echo "$msg" | mailx -s "$subject" "$email"
+}
+
+
+
+### MAIN
+# Ask password
+read -s -p "Please enter sudo password: " PASS
+echo
+# store it securely for ldap access
+printf '%s' "$PASS" > "$ldap_file"
+chmod 600 "$ldap_file"
+
+
+# Ask for account name
+echo
+echo "Please select an orphan folder in the list: "
+echo
+PS3="Enter an item number: "
+while true; do
+    select old_user in $(run_remote "home.ipr" "search_ghosts"); do
+        if [[ -n "$old_user" ]]; then
+            echo "Selection: $old_user"
+            break 2
+        else
+            echo "Invalid choice"
+        fi
+    done
+done
+
+
+# Ask for supervisor's login
+supervisor_found=$(search_db "$old_user")
+read -rp "Supervisor's login ["$supervisor_found"]: " supervisor
+supervisor=${supervisor:-"$supervisor_found"}
+
+# Find corresponding folders
+work_src=/mnt/work/$old_user
+home_src=/mnt/home.ipr/$old_user
+work_dest=/mnt/work/$supervisor/old_users/
+home_dest=/mnt/home.ipr/$supervisor/old_users/
+
+# Ask if we remove folders after sync
+ask_yes_no "Remove \"$work_src\" and \"$home_src\" after synchronization ?" y
+remove_after=$?
+
+# Should we warn the supervisor
+ask_yes_no "Email confirmation to supervisor ?" y
+send_email=$?
+if [ "$send_email" == 0 ]; then
+    email_found=$(search_email "$supervisor")
+    read -rp "Email address ["$email_found"]: " email
+    email=${email:-"$email_found"}
+fi
+
+# Print a summary
+echo "/!\ SUMMARY:"
+echo "------------"
+echo    "-> \"$work_src\" will be synchronized in \"$work_dest\""
+echo    "-> \"$home_src\" will be synchronized in \"$home_dest\""
+echo -n "-> \"$work_src\" and \"$home_src\" will be " 
+[[ "$remove_after" == 0 ]] && echo -n "REMOVED from " || echo -n "KEPT on " 
+echo "the file system."
+#[[ "$delete_user" == 0 ]] && echo "-> User "$folder" WILL BE DELETED."
+[[ "$send_email" == 0 ]]  && echo "-> A confirmation will be sent to "$email"."
+echo ""
+ask_yes_no "Proceed ?" n
+do_it=$?
+message=$(cat <<EOF
+This is an automatic message, please do not reply.
+
+User "$old_user" is no longer a user of the alambix system.
+You are identified as the supervisor of this former user.
+In order to delete ${old_user}'s personal files from the system,
+his/her data has been migrated to your /home and /work folders
+in - $work_dest$old_user
+   - $home_dest$old_user
+
+Please manage this data as soon as possible and keep only what 
+is necessary.
+EOF
+)
+
+
+if [ "$do_it" == 0 ]; then
+    run_remote --sudo "home.ipr" "sync_folder" "$home_src" "$home_dest" "$supervisor"
+    run_remote --sudo "work.ipr" "sync_folder" "$work_src" "$work_dest" "$supervisor"
+    if [ "$remove_after" == 0 ]; then
+        ask_yes_no "Please CONFIRM that you REALLY want to delete "$work_src" and "$home_src" ?" y
+        confirm_removal=$?
+        [[ "$confirm_removal" == 0 ]] && run_remote --sudo "home.ipr" "remove_folder" "$home_src"
+        [[ "$confirm_removal" == 0 ]] && run_remote --sudo "work.ipr" "remove_folder" "$work_src"
+    fi
+    [[ "$send_email" == 0 ]] && run_remote "alambix" "mail_it" "$email" "$message"
+    update_db "$old_user"
+else
+    echo "Operation aborted."
+fi