Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Unix/Linmux Administration
- # Assignment 2 - User Management
- # Christopher Kibble
- report_no_password() {
- ###########################################################################
- # Requirement 1 - Report on and lock all user accounts without password. #
- ###########################################################################
- echo "Reporting all user accounts that don't have a password" | tee -a $1
- echo "" | tee -a $1
- # Set the Internal Field Seperator so that we can look at the password
- # file in terms of fields delimited by colons.
- IFS=':'
- pwdFile="/etc/shadow"
- # Read
- while read -r line
- do
- # Read each line into an array and determine password status. Echo out and tee to log file.
- read -r -a pwdline <<< "$line"
- if [ "${pwdline[1]}" = "" ]; then
- echo "${pwdline[0]} does not have a password set. Locking account." | tee -a $1
- lock_account $1 ${pwdline[0]}
- elif [ "${pwdline[1]}" = "*" ]; then
- echo "${pwdline[0]} does not have a password set and does not permitted login." | tee -a $1
- elif [[ "${pwdline[1]}" == !* ]]; then
- echo "${pwdline[0]} is already locked." | tee -a $1
- fi
- done <"$pwdFile"
- }
- report_expired_accounts() {
- ###########################################################################
- # Requirement 2 - Report on expired accounts . #
- ###########################################################################
- daysSinceEpoch=$(expr $(date --utc +%s) / 86400)
- echo "Reporting all user accounts that are expired" | tee -a $1
- echo "" | tee -a $1
- # Set the Internal Field Seperator so that we can look at the password
- # file in terms of fields delimited by colons.
- IFS=':'
- pwdFile="/etc/shadow"
- # Read
- while read -r line
- do
- # Read each line into an array and determine expiration status. Echo out and tee to log file.
- read -r -a account <<< "$line"
- if [ "${account[7]}" != "" ] && [ ${account[7]} -le $daysSinceEpoch ]; then
- # Because an expiration date is set, and it's before now, the account is expired.
- echo "${account[0]} has expired" | tee -a $1
- fi
- done <"$pwdFile"
- }
- report_expiration_dates() {
- ###########################################################################
- # Requirement 3 - Report on expiration dates for all accounts #
- ###########################################################################
- echo "Reporting expiration dates on all user accounts" | tee -a $1
- echo "" | tee -a $1
- # Set the Internal Field Seperator so that we can look at the password
- # file in terms of fields delimited by colons.
- IFS=':'
- pwdFile="/etc/shadow"
- # Read
- while read -r line
- do
- # Read each line into an array and determine expiration status. Echo out and tee to log file.
- read -r -a account <<< "$line"
- if [ "${account[7]}" != "" ]; then
- # An expiration date is set. Find out when it is, and convert to current date from epoch.
- # Multiplying by 86,400 converts from number of days since epoch.
- expEpoch=$((${account[7]}*86400))
- expDate=$(date --date @$expEpoch --utc)
- echo "${account[0]} has an expiration date of $expDate (${account[7]})" | tee -a $1
- else
- echo "${account[0]} does not have an expiration date." | tee -a $1
- fi
- done <"$pwdFile"
- }
- report_no_expire() {
- ###########################################################################
- # Requirement 4 - Report on accounts with no expiration date #
- ###########################################################################
- echo "Reporting on user accounts without an expiration date" | tee -a $1
- echo "" | tee -a $1
- # Set the Internal Field Seperator so that we can look at the password
- # file in terms of fields delimited by colons.
- IFS=':'
- pwdFile="/etc/shadow"
- # Read
- while read -r line
- do
- # Read each line into an array and determine expiration status. Echo out and tee to log file.
- read -r -a account <<< "$line"
- if [ "${account[7]}" = "" ]; then
- echo "${account[0]} does not have an expiration date." | tee -a $1
- fi
- done <"$pwdFile"
- }
- unlock_account() {
- ###########################################################################
- # Requirement 5a - Lock a user account #
- ###########################################################################
- echo "Unlocking Account $2" | tee -a $1
- # Calling passwd to set account password status.
- passwd -u $2 | tee -a $1
- }
- lock_account() {
- ###########################################################################
- # Requirement 5b - Unlock a user account #
- ###########################################################################
- echo "Locking Account $2" | tee -a $1
- # Calling passwd to set account password status.
- passwd -l $2 | tee -a $1
- }
- create_user() {
- ###########################################################################
- # Requirement 6 - Create a User Account #
- ###########################################################################
- username=$2
- userHome=$3
- userFull=$4
- userPass=$5
- userExpire=$6
- echo "Creating User Account $username" | tee -a $logFile
- useradd -c "$userFull" -d "$userHome" -e "$userExpire" "$username" | tee -a $logFile
- # Confirm there was no error with useradd before trying to change password or
- # to change the next required password change.
- if [ $? -eq 0 ]; then
- echo -e "$userPass\n$userPass" | passwd $username
- chage -d 0 "$username" | tee -a $logFile
- fi
- }
- create_user_from_file() {
- ###########################################################################
- # Requirement 6b - Create a User Account by Reading File #
- ###########################################################################
- # Set the Internal Field Seperator so that we're using the format we've
- # defined for our file, which is colan separated.
- IFS=':'
- echo "Creating New User Accounts from $2" | tee -a $1
- while read -r line
- do
- # Should be read in format of username:userhome:userfull:userpass:userexpire
- read -r -a newuser <<< "$line"
- newUserName=${newuser[0]}
- newUserHome=${newuser[1]}
- newUserFull=${newuser[2]}
- newUserPass=${newuser[3]}
- newUserExpire=${newuser[4]}
- if [ "$newUserName" != "" ]; then
- echo "Attempting to create $newUserName ($newUserFull) with Home $newUserHome that expires $newUserExpire." | tee -a $logFile
- create_user "$logFile" "$newUserName" "$newUserHome" "$newUserFull" "$newUserPass" "$newUserExpire"
- fi
- done <"$2"
- }
- set_user_expiration() {
- ###########################################################################
- # Requirement 7 - Set the expiration date on a user account #
- ###########################################################################
- username=$2
- expiration=$3
- if [ "$username" = "root" ]; then
- echo "You cannot change the expiration date of the root account." | tee -a $1
- else
- echo "Changing Expiration date on $username to $expiration" | tee -a $1
- chage -E "$expiration" "$username" | tee -a $1
- fi
- }
- # Set some default variables.
- report=0
- reportNoPassword=0
- reportExpired=0
- reportExpiration=0
- reportNoExpire=0
- userAction=0
- unlockAccount=0
- lockAccount=0
- userAdd=0
- userSetExpiration=0
- username=""
- userHome=""
- userFull=""
- userPass=""
- userExpire=""
- userAddFile=""
- logFile="/dev/null"
- showHelp=0
- helpContext=""
- # Here we get the first command line argument ($1) and then we shift through them
- # until we reach the final one (where $1 is empty).
- while [ "$1" != "" ]; do
- if [ "$1" = "--log" ]; then
- shift
- logFile="$1"
- elif [ "$1" = "--user" ] || [ "$1" = "--username" ] ; then
- shift
- username="$1"
- elif [ "$1" = "--userhome" ]; then
- shift
- userHome="$1"
- elif [ "$1" = "--userfull" ]; then
- shift
- userFull="$1"
- elif [ "$1" = "--userpass" ]; then
- shift
- userPass="$1"
- elif [ "$1" = "--userexpire" ]; then
- shift
- userExpire="$1"
- elif [ "$1" = "--useraddfile" ]; then
- shift
- userAddFile="$1"
- elif [ "$1" = "--reportnopassword" ] || [ "$1" = "-rnp" ]; then
- reportNoPassword=1
- report=1
- elif [ "$1" = "--reportexpired" ] || [ "$1" = "-re" ]; then
- reportExpired=1
- report=1
- elif [ "$1" = "--reportexpiration" ] || [ "$1" = "-rex" ]; then
- reportExpiration=1
- report=1
- elif [ "$1" = "--reportnoexpire" ] || [ "$1" = "-rne" ]; then
- reportNoExpire=1
- report=1
- elif [ "$1" = "--unlock" ]; then
- unlockAccount=1
- userAction=$((userAction+1))
- elif [ "$1" = "--lock" ]; then
- lockAccount=1
- userAction=$((userAction+1))
- elif [ "$1" = "--useradd" ]; then
- userAdd=1
- userAction=$((userAction+1))
- elif [ "$1" = "--setexpiration" ]; then
- userSetExpiration=1
- userAction=$((userAction+1))
- elif [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
- shift
- showHelp=1;
- helpContext="$1";
- else
- echo "$1 is an unknown parameter."
- exit
- fi
- shift
- done
- # Determine if help is needed
- if [ $showHelp = 1 ]; then
- echo ""
- echo " Reporting Parameters:"
- echo " --reportnopassword : Show and lock all user accounts with no password."
- echo " --reportexpired : Show all expired accounts."
- echo " --reportexpiration : Show expiration date/time for all accounts."
- echo " --reportnoexpire : Show all accounts with no expiration date."
- echo ""
- echo " User Management:"
- echo " --unlock : Unlock a user account. See HowTo file for usage."
- echo " --lock : Lock a user account. See HowTo file for usage."
- echo " --useradd : Creates a new user account. See HowTo file for usage."
- echo " --setexpiration : Set the expiration date on an account. See HowTo file for usage."
- echo ""
- echo " Common Parameters:"
- echo " --log <path> : Defines the path to log the output to."
- echo " --help : Show this help screen."
- echo ""
- exit
- fi
- # Main part of the script starts. We echo out a header.
- echo "Account Management Script - Christopher Kibble" | tee $logFile
- echo "" | tee -a $logFile
- # Verify the user is not trying to do more than one action at a time (such as adding a user
- # while also trying to change the expiration date).
- if [ $userAction -gt 1 ]; then
- echo "Only one user action can be done at a time." | tee -a $logFile
- exit
- fi
- # Verify that the user is not trying to both report out information as well as perform
- # a user action - this is not allowed.
- if [ $userAction = 1 ] && [ $report = 1 ]; then
- echo "You can not run a report and perform a user action at the same time." | tee -a $logFile
- exit
- fi
- # Go through each of the possible reports and run the associated function. We do these each
- # as their own if statement instead of if/elseif so that the user can call multiple reports
- # in a single command line.
- if [ $reportNoPassword == 1 ]; then
- report_no_password $logFile
- fi
- if [ $reportExpired == 1 ]; then
- report_expired_accounts $logFile
- fi
- if [ $reportExpiration == 1 ]; then
- report_expiration_dates $logFile
- fi
- if [ $reportNoExpire == 1 ]; then
- report_no_expire $logFile
- fi
- # Check which user actions, if any, are required and call the associated functions.
- if [ $unlockAccount = 1 ]; then
- if [ "$username" = "" ]; then
- echo "You cannot use --unlock without a username defined." | tee -a $logFile
- exit
- fi
- unlock_account $logFile $username
- fi
- if [ $lockAccount = 1 ]; then
- if [ "$username" = "" ]; then
- echo "You cannot use --lock without a username defined." | tee -a $logFile
- exit
- fi
- lock_account $logFile $username
- fi
- if [ $userAdd = 1 ]; then
- if [ "$userAddFile" != "" ] && [[ ( "$username" != "" || "$userHome" != "" || "$userFull" != "" || "$userPass" != "" || "$userExpire" != "" ) ]]; then
- echo "You cannot define an innput file for --useradd as well as other parameters." | tee -a $logFile
- exit
- fi
- if [ "$userAddFile" = "" ]; then
- if [ "$username" = "" ]; then
- read -p "What is the username you'd like to create? " username
- fi
- if [ "$userFull" = "" ]; then
- read -p "What is the Full Name for $username? " userFull
- fi
- if [ "$userHome" = "" ]; then
- read -p "Where would like like the userhome for $username to be? " userHome
- fi
- if [ "$userPass" = "" ]; then
- read -sp "What will be the temporary password for $username? " userPass
- echo ""
- fi
- if [ "$userExpire" = "" ]; then
- read -p "When would like like the account to expire for $username? (YYYY-MM-DD Format) " userExpire
- fi
- create_user "$logFile" "$username" "$userHome" "$userFull" "$userPass" "$userExpire"
- else
- create_user_from_file "$logFile" "$userAddFile"
- fi
- fi
- if [ $userSetExpiration = 1 ]; then
- if [ "$username" = "" ] || [ "$userExpire" = "" ]; then
- echo "This command requires that both --user and --userexpire are set." | tee -a $logFile
- exit
- fi
- set_user_expiration "$logFile" "$username" "$userExpire"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement