sorry: disable an OCF account

Introduction

sorry is the command used to disable OCF accounts. Accounts are disabled for various reasons, including but not limited to violating OCF/university policies, security issues, lack of contact information, etc. Alumni also sometimes request to have their accounts disabled to stop vhosts, take down information, or for myriad other reasons.

Usage/Example

Usage: sorry [user to be sorried] [sorry file]

Sorrying a user changes their login shell to the sorryshell, (/opt/share/utils/bin/sorried), copies the sorry file (containing the reason they were sorried) to ~user/.sorry, chmod 000's the user's httpdir, chmod 500's the user's homedir, and adds the user to the "sorry" group, before emailing them with the reason they were sorried. If a sorried user attempts to log in, they will be rebuffed.

You will need an admin and root principal (or, atleast, ocfroot membership) in order to run this command, which should preferably be run on supernova in order to find all the appropriate files.

All sorry files are stored in ocf/utils under staff/acct/sorry/, which is where they should be edited if necessary. Puppet clones this repo to /opt/share/utils/ on all the computers.

After sorrying a user, make sure to run the note command to document the reasoning to ~staff/User_Info. This reason will be read to future users running check on the sorried user.

Unsorrying a user is also possible.

If a user is sending too much mail, it may be easier to nomail the user instead of sorrying their account. This involves adding the user to /etc/postfix/ocf/nomail on anthrax, at which point their ability to send mail will be removed.

See how sorry for more information on the sorry command itself.