Ben Kevan’s Blog

Script for disabling users (follow up for creating user)

Just to follow up on my Blog posting of the creating users script, I give you my script for disabling users (disabling etc may come to follow).. So without further a-do, here we go:

PATH=$PATH:/usr/local/bin:/usr/bin:/usr/sbin:/sbin
PGM=`basename $0`

if [ $(id -u) -eq 0 ]; then

# Logging information
DATESTAMP=`date +%Y%m%d`
TIMESTAMP=`date +%H%M%S`
LOGDIR=/var/log/$PGM

# Find out who I am
ME=`whoami`

while [ $# -ge 1 ] ; do
case $1 in
-h*)
echo “Use: $PGM account”
exit
;;
-*) die “$PGM: unknown option \”$1\”" ;;
*) USER_TO_DIS=$1 ;;
esac
shift
done

# If no user is defined we have to get one
while [ "$USER_TO_DIS" = "" ] ; do
echo -n “Who do you want to disable? “
read USER_TO_DIS || die “” 0
done

# check to be sure that the person has an account on the local machine
egrep -s “^${USER_TO_DIS}:” /etc/passwd >/dev/null
case $? in
0)
echo “Disabling from password file”

lockit passwd.lock

egrep -v “^${USER_TO_DIS}:” /tmp/passwd.tmp
egrep “^${USER_TO_DIS}:” /etc/passwd | \
awk -F: ‘{print $1 “:*DISABLED*:” $3 “:” $4 “:” $5 “:” $6 “:” $7}’ >>/tmp/passwd.tmp

ed /tmp/passwd.tmp < s/^${USER_TO_DIS}:/X${USER_TO_DIS}:/p
w
q
EOF

cmp /etc/passwd /tmp/passwd.tmp >/dev/null
case $? in
0) rm /tmp/passwd.tmp ;;
*)
mv /tmp/passwd.tmp /etc/passwd
;;
esac
chmod a-w /etc/passwd
chmod a+r /etc/passwd
unlockit passwd.lock
;;
1)
echo “$PGM: $USER_TO_DIS Does not have an account on $HOST”
;;
esac

egrep -s “[:,]${USER_TO_DIS}$|[:,]${USER_TO_DIS},” /etc/group >/dev/null
case $? in
0)
echo “Disabling from group file”

lockit group.lock

sed -e “s/\([:,]\)${USER_TO_DIS},/\1X${USER_TO_DIS},/” \
-e “s/\([:,]\)${USER_TO_DIS}$/\1X${USER_TO_DIS}/” \
/tmp/group.tmp

cmp /etc/group /tmp/group.tmp >/dev/null
case $? in
0) rm /tmp/group.tmp ;;
*)
mv /tmp/group.tmp /etc/group
#/etc/dist/bin/mail-group
;;
esac
chmod a-w /etc/group
chmod a+r /etc/group
unlockit group.lock
;;
1)
echo “$PGM: $USER_TO_DIS Does not have a group entry on $HOST”
;;
esac

# remove any left over mail spool file
rm -f /var/mail/${USER_TO_DIS}

# insure log directory exists
test -d $LOGDIR || mkdir -p $LOGDIR
LOGFILE=$LOGDIR/$DATESTAMP

# log what we do
echo “$TIMESTAMP-$ME $USER_TO_DIS” >>$LOGFILE

exit
else
echo “Only root may run $PGM”
exit 2
fi

Please any feedback is quite helpful, and any input to make the script better is obviously welcomed. Later I’ll post up some stuff for quarterly changes, enabling disabled users, and a few other things I’ve been putting together lately. Hope this series will be helpful.

Tags: linux, programing, scripts, user management

Script for adding new users

A few people have asked about scripting new user installation for your needs so I thought I would share the script I have made and use to create users in my environment. In my environment I require the assigning of the UID (as I would like UID’s to be the same across all machines), comment (GELOC (I use it for putting in the full name of the user)) and obviously the username. I have also written it to assign a default password that is set to expire and change the next time they log in.

So without further ado:
#!/bin/bash
# Script to add a user to Linux systems

# Make sure we have the required paths
PATH=$PATH:/usr/local/bin:/usr/bin:/usr/sbin:/sbin
PGM=`basename $0`

if [ $(id -u) -eq 0 ]; then

# Logging information
DATESTAMP=`date +%Y%m%d`
TIMESTAMP=`date +%H%M%S`
LOGDIR=/var/log/$PGM

# Find out who I am
ME=`whoami`

# Gather argument information
while [ $# -ge 1 ] ; do
case $1 in
-c*) COMNT=`echo $1 | sed -e ’s/^-c//’` ;;
-d*) HDIR=`echo $1 | sed -e ’s/^-d//’` ;;
-g*) GROUP=`echo $1 | sed -e ’s/^-g//’` ;;
-s*) USHELL=`echo $1 | sed -e ’s/^-s//’` ;;
-u*) UUID=`echo $1 | sed -e ’s/^-u//’` ;;
-h*)
echo “Use: $PGM -uUID -gGROUP -cCOMMENTS [-d/path/to/homedir] [-sSHELL] account”
exit
;;
-*) die “$PGM: unknown option \”$1\”" ;;
*) ACCT=$1 ;;
esac
shift
done

# If no account name on command line, get one
if [ "$ACCT" = "" ] ; then
while [ "$ACCT" = "" ] ; do
echo -n “What is the username? “
read ACCT
done
fi

# If no uid on command line, get one
if [ "$UUID" = "" ] ; then
while [ "$UUID" = "" ] ; do
echo -n “You need to provide a UID? “
read UUID
done
fi

# If no comment on command line, get one
if [ "$COMNT" = "" ] ; then
while [ "$COMNT" = "" ] ; do
echo -n “You need to provide comments (ie Full Name)? “
read COMNT
done
fi

# If no group on command line, assume “users”
if [ "$GROUP" = "" ] ; then
GROUP=users
fi
GID=`grep ^$GROUP: /etc/group | awk -F: ‘{print $3}’`
test “$GID” = “” && die “No group named $GROUP”

# If no home directory on command line, assume /home/$ACCT
if [ "$HDIR" = "" ] ; then
HDIR=/home/$ACCT
fi

# If no shell on command line, assume /bin/bash
if [ "$USHELL" = "" ] ; then
USHELL=/bin/bash
fi

echo “This is what is to be added - ok? (^C if not)”
echo “$ACCT::$UUID:$GID:$COMNT:$HDIR:$USHELL”
read ans

# insure log directory exists
test -d $LOGDIR || mkdir -p $LOGDIR
LOGFILE=$LOGDIR/$DATESTAMP

egrep -w “^$ACCT” /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo “$ACCT exists!”
exit 1
else
password=$ACCT
pass=$(perl -e ‘print crypt($ARGV[0], “password”)’ $password)
useradd -u $UUID -g $GID -c “$COMNT” -d $HDIR -s $USHELL $ACCT -p $pass && chage -d 0 $ACCT

[ $? -eq 0 ] && echo “$ACCT has been added to system! They will be required to change password on first login” || echo “Failed to add $ACCT!”
# log what we do
echo “$TIMESTAMP-$ME-$ACCT::$UUID:$GID:$COMNT:$HDIR:$USHELL” >>$LOGFILE
fi
else
echo “Only root can run $PGM”
exit 2
fi

I have to say sorry for the formatting that wordpress butchered. I do use good practice when scripting, just wordpress didn’t show that.. haha.

Tags: scripting, user management