daily pastebin goal
56%
SHARE
TWEET

Untitled

a guest Jan 20th, 2017 409 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. ###
  3. # adduser.sh
  4. # Add user to system with random pass, add user to groups, create directories and fix permission
  5. #
  6. # Copyright (c) 2016 thomas.zink _at_ uni-konstanz _dot_ de (tz)
  7. # Usage of the works is permitted provided that this instrument is retained with the works, so that any entity that uses the works is notified of this instrument.
  8. # DISCLAIMER: THE WORKS ARE WITHOUT WARRANTY.
  9. #
  10. # This scripts performs the following actions:
  11. # 1. add a new user with random password
  12. # 2. add user to specified groups
  13. # 3. create .ssh, authorized_keys, and set permissions correctly
  14. # 4. set age of user to 0 to force password change at next login
  15. #
  16. # version:
  17. # - 2016-04-06-01 | tz | pwgen with 8 chars, touch create instead of created
  18. # - 2016-03-17-02 | tz | added history; group arguments; better output
  19. # - 2016-03-17-01 | tz | initial version
  20. ###
  21.  
  22. set -eu -o pipefail
  23. shopt -s failglob
  24.  
  25. # check if we got a username
  26. user="$1"
  27. [[ -z "$user" ]] && echo "usage: `basename $0` USERNAME [GROUPS..]" && exit 0;
  28.  
  29. # check if we got any groups
  30. if [ ! -z "$2" ]; then
  31.     shift
  32.     groups=( "$@" )
  33. fi
  34.  
  35. # add a new user with name $user, create home (-m), use bash as shell (-s /bin/bash)
  36. echo "useradd: Add user ${user}"
  37. pass=$(pwgen 8 1)
  38. sudo useradd -m -s /bin/bash -p $(openssl passwd -1 ${pass}) $user
  39.  
  40. # add to groups
  41. for grp in "${groups[@]}"; do
  42.     sudo usermod -aG $grp $user
  43.     echo "usermod: Add user ${user} to group ${grp}"
  44. done
  45.  
  46. # create .ssh, authorized_keys
  47. sudo mkdir -p -v /home/$user/.ssh
  48. sudo touch /home/$user/.ssh/authorized_keys
  49. echo "touch: create /home/${user}/.ssh/authorized_keys"
  50.  
  51. # set user:group and permissions
  52. sudo chown -R $user:$user /home/$user/.ssh
  53. echo "chown: set ${user}:${user} for /home/${user}/.ssh"
  54. sudo chmod 700 /home/$user/.ssh
  55. echo "chmod: set 700 for /home/${user}/.ssh"
  56. sudo chmod 600 /home/$user/.ssh/authorized_keys
  57. echo "chmod: set 600 for /home/${user}/.ssh/authorized_keys"
  58.  
  59. # change age to force user to change pass
  60. sudo chage -d 0 $user
  61. echo "chage: force ${user} to change pass at first login"
  62.  
  63. # give feedback
  64. echo ""
  65. echo -e "INFO: Created user \e[1m${user}\e[0m with pass \e[1m${pass}\e[0m"
  66. echo ""
  67. echo -e "WARN: User \e[4mmust\e[0m change pass at first login"
  68. echo ""
  69. echo "NEXT:"
  70. echo "If user $user does not have an SSH key yet, on ${user}'s machine, create SSH key."
  71. echo "Use a keysize of at least 2048."
  72. echo ""
  73. echo "Linux: ssh-keygen -t rsa -b 2048 -C "${user}" -f ~/.ssh/id_rsa"
  74. echo "Windows: Use PuTTYgen, SSH-2 RSA, 2048"
  75. echo ""
  76. echo "Paste content of public key (id_rsa.pub) into server:/home/${user}/.ssh/authorized_keys"
  77. echo ""
  78. echo "Bye."
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top