#!/bin/bash# Unix/Linmux Administration# Assignment 2 - User Management

1. #!/bin/bash
2.  
3. # Unix/Linmux Administration
4. # Assignment 2 - User Management
5.  
6. # Christopher Kibble
7.  
8. report_no_password() {
9. ###########################################################################
10. # Requirement 1 - Report on and lock all user accounts without password. #
11. ###########################################################################
12.  
13. echo "Reporting all user accounts that don't have a password" | tee -a $1
14. echo "" | tee -a $1
15.  
16. # Set the Internal Field Seperator so that we can look at the password
17. # file in terms of fields delimited by colons.
18. IFS=':'
19. pwdFile="/etc/shadow"
20.  
21. # Read
22. while read -r line
23. do
24. # Read each line into an array and determine password status. Echo out and tee to log file.
25. read -r -a pwdline <<< "$line"
26. if [ "${pwdline[1]}" = "" ]; then
27. echo "${pwdline[0]} does not have a password set. Locking account." | tee -a $1
28. lock_account $1 ${pwdline[0]}
29. elif [ "${pwdline[1]}" = "*" ]; then
30. echo "${pwdline[0]} does not have a password set and does not permitted login." | tee -a $1
31. elif [[ "${pwdline[1]}" == !* ]]; then
32. echo "${pwdline[0]} is already locked." | tee -a $1
33. fi
34. done <"$pwdFile"
35. }
36.  
37. report_expired_accounts() {
38. ###########################################################################
39. # Requirement 2 - Report on expired accounts . #
40. ###########################################################################
41.  
42. daysSinceEpoch=$(expr $(date --utc +%s) / 86400)
43.  
44. echo "Reporting all user accounts that are expired" | tee -a $1
45. echo "" | tee -a $1
46.  
47. # Set the Internal Field Seperator so that we can look at the password
48. # file in terms of fields delimited by colons.
49. IFS=':'
50. pwdFile="/etc/shadow"
51.  
52. # Read
53. while read -r line
54. do
55. # Read each line into an array and determine expiration status. Echo out and tee to log file.
56. read -r -a account <<< "$line"
57. if [ "${account[7]}" != "" ] && [ ${account[7]} -le $daysSinceEpoch ]; then
58. # Because an expiration date is set, and it's before now, the account is expired.
59. echo "${account[0]} has expired" | tee -a $1
60. fi
61. done <"$pwdFile"
62. }
63.  
64. report_expiration_dates() {
65. ###########################################################################
66. # Requirement 3 - Report on expiration dates for all accounts #
67. ###########################################################################
68.  
69. echo "Reporting expiration dates on all user accounts" | tee -a $1
70. echo "" | tee -a $1
71.  
72. # Set the Internal Field Seperator so that we can look at the password
73. # file in terms of fields delimited by colons.
74. IFS=':'
75. pwdFile="/etc/shadow"
76.  
77. # Read
78. while read -r line
79. do
80. # Read each line into an array and determine expiration status. Echo out and tee to log file.
81. read -r -a account <<< "$line"
82. if [ "${account[7]}" != "" ]; then
83. # An expiration date is set. Find out when it is, and convert to current date from epoch.
84. # Multiplying by 86,400 converts from number of days since epoch.
85. expEpoch=$((${account[7]}*86400))
86. expDate=$(date --date @$expEpoch --utc)
87. echo "${account[0]} has an expiration date of $expDate (${account[7]})" | tee -a $1
88. else
89. echo "${account[0]} does not have an expiration date." | tee -a $1
90. fi
91. done <"$pwdFile"
92. }
93.  
94. report_no_expire() {
95. ###########################################################################
96. # Requirement 4 - Report on accounts with no expiration date #
97. ###########################################################################
98.  
99. echo "Reporting on user accounts without an expiration date" | tee -a $1
100. echo "" | tee -a $1
101.  
102. # Set the Internal Field Seperator so that we can look at the password
103. # file in terms of fields delimited by colons.
104. IFS=':'
105. pwdFile="/etc/shadow"
106.  
107. # Read
108. while read -r line
109. do
110. # Read each line into an array and determine expiration status. Echo out and tee to log file.
111. read -r -a account <<< "$line"
112. if [ "${account[7]}" = "" ]; then
113. echo "${account[0]} does not have an expiration date." | tee -a $1
114. fi
115. done <"$pwdFile"
116. }
117.  
118. unlock_account() {
119.  
120. ###########################################################################
121. # Requirement 5a - Lock a user account #
122. ###########################################################################
123.  
124. echo "Unlocking Account $2" | tee -a $1
125.  
126. # Calling passwd to set account password status.
127. passwd -u $2 | tee -a $1
128.  
129. }
130.  
131. lock_account() {
132.  
133. ###########################################################################
134. # Requirement 5b - Unlock a user account #
135. ###########################################################################
136.  
137. echo "Locking Account $2" | tee -a $1
138.  
139. # Calling passwd to set account password status.
140. passwd -l $2 | tee -a $1
141.  
142. }
143.  
144. create_user() {
145.  
146. ###########################################################################
147. # Requirement 6 - Create a User Account #
148. ###########################################################################
149.  
150. username=$2
151. userHome=$3
152. userFull=$4
153. userPass=$5
154. userExpire=$6
155.  
156. echo "Creating User Account $username" | tee -a $logFile
157. useradd -c "$userFull" -d "$userHome" -e "$userExpire" "$username" | tee -a $logFile
158.  
159. # Confirm there was no error with useradd before trying to change password or
160. # to change the next required password change.
161.  
162. if [ $? -eq 0 ]; then
163. echo -e "$userPass\n$userPass" | passwd $username
164. chage -d 0 "$username" | tee -a $logFile
165. fi
166.  
167. }
168.  
169. create_user_from_file() {
170.  
171. ###########################################################################
172. # Requirement 6b - Create a User Account by Reading File #
173. ###########################################################################
174.  
175. # Set the Internal Field Seperator so that we're using the format we've
176. # defined for our file, which is colan separated.
177.  
178. IFS=':'
179.  
180. echo "Creating New User Accounts from $2" | tee -a $1
181.  
182. while read -r line
183. do
184. # Should be read in format of username:userhome:userfull:userpass:userexpire
185. read -r -a newuser <<< "$line"
186. newUserName=${newuser[0]}
187. newUserHome=${newuser[1]}
188. newUserFull=${newuser[2]}
189. newUserPass=${newuser[3]}
190. newUserExpire=${newuser[4]}
191. if [ "$newUserName" != "" ]; then
192. echo "Attempting to create $newUserName ($newUserFull) with Home $newUserHome that expires $newUserExpire." | tee -a $logFile
193. create_user "$logFile" "$newUserName" "$newUserHome" "$newUserFull" "$newUserPass" "$newUserExpire"
194. fi
195. done <"$2"
196.  
197.  
198.  
199. }
200.  
201. set_user_expiration() {
202.  
203. ###########################################################################
204. # Requirement 7 - Set the expiration date on a user account #
205. ###########################################################################
206.  
207. username=$2
208. expiration=$3
209.  
210. if [ "$username" = "root" ]; then
211. echo "You cannot change the expiration date of the root account." | tee -a $1
212. else
213. echo "Changing Expiration date on $username to $expiration" | tee -a $1
214. chage -E "$expiration" "$username" | tee -a $1
215. fi
216. }
217.  
218.  
219. # Set some default variables.
220. report=0
221. reportNoPassword=0
222. reportExpired=0
223. reportExpiration=0
224. reportNoExpire=0
225.  
226. userAction=0
227. unlockAccount=0
228. lockAccount=0
229. userAdd=0
230. userSetExpiration=0
231.  
232. username=""
233. userHome=""
234. userFull=""
235. userPass=""
236. userExpire=""
237.  
238. userAddFile=""
239. logFile="/dev/null"
240.  
241. showHelp=0
242. helpContext=""
243.  
244. # Here we get the first command line argument ($1) and then we shift through them
245. # until we reach the final one (where $1 is empty).
246.  
247. while [ "$1" != "" ]; do
248. if [ "$1" = "--log" ]; then
249. shift
250. logFile="$1"
251. elif [ "$1" = "--user" ] || [ "$1" = "--username" ] ; then
252. shift
253. username="$1"
254. elif [ "$1" = "--userhome" ]; then
255. shift
256. userHome="$1"
257. elif [ "$1" = "--userfull" ]; then
258. shift
259. userFull="$1"
260. elif [ "$1" = "--userpass" ]; then
261. shift
262. userPass="$1"
263. elif [ "$1" = "--userexpire" ]; then
264. shift
265. userExpire="$1"
266. elif [ "$1" = "--useraddfile" ]; then
267. shift
268. userAddFile="$1"
269. elif [ "$1" = "--reportnopassword" ] || [ "$1" = "-rnp" ]; then
270. reportNoPassword=1
271. report=1
272. elif [ "$1" = "--reportexpired" ] || [ "$1" = "-re" ]; then
273. reportExpired=1
274. report=1
275. elif [ "$1" = "--reportexpiration" ] || [ "$1" = "-rex" ]; then
276. reportExpiration=1
277. report=1
278. elif [ "$1" = "--reportnoexpire" ] || [ "$1" = "-rne" ]; then
279. reportNoExpire=1
280. report=1
281. elif [ "$1" = "--unlock" ]; then
282. unlockAccount=1
283. userAction=$((userAction+1))
284. elif [ "$1" = "--lock" ]; then
285. lockAccount=1
286. userAction=$((userAction+1))
287. elif [ "$1" = "--useradd" ]; then
288. userAdd=1
289. userAction=$((userAction+1))
290. elif [ "$1" = "--setexpiration" ]; then
291. userSetExpiration=1
292. userAction=$((userAction+1))
293. elif [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
294. shift
295. showHelp=1;
296. helpContext="$1";
297. else
298. echo "$1 is an unknown parameter."
299. exit
300. fi
301. shift
302. done
303.  
304. # Determine if help is needed
305.  
306. if [ $showHelp = 1 ]; then
307.  
308. echo ""
309. echo " Reporting Parameters:"
310. echo " --reportnopassword : Show and lock all user accounts with no password."
311. echo " --reportexpired : Show all expired accounts."
312. echo " --reportexpiration : Show expiration date/time for all accounts."
313. echo " --reportnoexpire : Show all accounts with no expiration date."
314. echo ""
315. echo " User Management:"
316. echo " --unlock : Unlock a user account. See HowTo file for usage."
317. echo " --lock : Lock a user account. See HowTo file for usage."
318. echo " --useradd : Creates a new user account. See HowTo file for usage."
319. echo " --setexpiration : Set the expiration date on an account. See HowTo file for usage."
320. echo ""
321. echo " Common Parameters:"
322. echo " --log <path> : Defines the path to log the output to."
323. echo " --help : Show this help screen."
324. echo ""
325. exit
326. fi
327.  
328. # Main part of the script starts. We echo out a header.
329.  
330. echo "Account Management Script - Christopher Kibble" | tee $logFile
331. echo "" | tee -a $logFile
332.  
333. # Verify the user is not trying to do more than one action at a time (such as adding a user
334. # while also trying to change the expiration date).
335.  
336. if [ $userAction -gt 1 ]; then
337. echo "Only one user action can be done at a time." | tee -a $logFile
338. exit
339. fi
340.  
341. # Verify that the user is not trying to both report out information as well as perform
342. # a user action - this is not allowed.
343.  
344. if [ $userAction = 1 ] && [ $report = 1 ]; then
345. echo "You can not run a report and perform a user action at the same time." | tee -a $logFile
346. exit
347. fi
348.  
349. # Go through each of the possible reports and run the associated function. We do these each
350. # as their own if statement instead of if/elseif so that the user can call multiple reports
351. # in a single command line.
352.  
353. if [ $reportNoPassword == 1 ]; then
354. report_no_password $logFile
355. fi
356.  
357. if [ $reportExpired == 1 ]; then
358. report_expired_accounts $logFile
359. fi
360.  
361. if [ $reportExpiration == 1 ]; then
362. report_expiration_dates $logFile
363. fi
364.  
365. if [ $reportNoExpire == 1 ]; then
366. report_no_expire $logFile
367. fi
368.  
369. # Check which user actions, if any, are required and call the associated functions.
370.  
371. if [ $unlockAccount = 1 ]; then
372. if [ "$username" = "" ]; then
373. echo "You cannot use --unlock without a username defined." | tee -a $logFile
374. exit
375. fi
376. unlock_account $logFile $username
377. fi
378.  
379. if [ $lockAccount = 1 ]; then
380. if [ "$username" = "" ]; then
381. echo "You cannot use --lock without a username defined." | tee -a $logFile
382. exit
383. fi
384. lock_account $logFile $username
385. fi
386.  
387. if [ $userAdd = 1 ]; then
388. if [ "$userAddFile" != "" ] && [[ ( "$username" != "" || "$userHome" != "" || "$userFull" != "" || "$userPass" != "" || "$userExpire" != "" ) ]]; then
389. echo "You cannot define an innput file for --useradd as well as other parameters." | tee -a $logFile
390. exit
391. fi
392.  
393. if [ "$userAddFile" = "" ]; then
394. if [ "$username" = "" ]; then
395. read -p "What is the username you'd like to create? " username
396. fi
397. if [ "$userFull" = "" ]; then
398. read -p "What is the Full Name for $username? " userFull
399. fi
400. if [ "$userHome" = "" ]; then
401. read -p "Where would like like the userhome for $username to be? " userHome
402. fi
403. if [ "$userPass" = "" ]; then
404. read -sp "What will be the temporary password for $username? " userPass
405. echo ""
406. fi
407. if [ "$userExpire" = "" ]; then
408. read -p "When would like like the account to expire for $username? (YYYY-MM-DD Format) " userExpire
409. fi
410.  
411. create_user "$logFile" "$username" "$userHome" "$userFull" "$userPass" "$userExpire"
412. else
413. create_user_from_file "$logFile" "$userAddFile"
414. fi
415.  
416. fi
417.  
418. if [ $userSetExpiration = 1 ]; then
419. if [ "$username" = "" ] || [ "$userExpire" = "" ]; then
420. echo "This command requires that both --user and --userexpire are set." | tee -a $logFile
421. exit
422. fi
423.  
424. set_user_expiration "$logFile" "$username" "$userExpire"
425. fi