ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update lock script, add unlock script, minor updates in other scripts

Browse Source 
Make sure that lock script reejcts core users
(root/ec2-user/admin/ubuntu)

Unlock script works reverse with also optional check in user_list.txt
for ssh allow/foward group type

Internal:
rename all $user to $username
This commit is contained in:
Clemens Schwaighofer
2022-12-02 09:23:35 +09:00
parent ebddac7f67
commit 1f4e295e9f
5 changed files with 221 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
bin/create_user.sh
View File

@@ -43,7 +43,9 @@ timestamp=$(date +%Y%m%d-%H%M%S)
# character to set getween info blocks
separator="#";
# base folder for all data
root_folder=$(pwd)'/';
# root_folder=$(pwd)'/';
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
root_folder="${BASE_FOLDER}";
input_file='user_list.txt';
output_file="user_password.${timestamp}.txt";
output_zip_folder='zip/';
@@ -108,7 +110,7 @@ while read i; do
continue;
fi;
# make lower case, remove spaces
user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z | tr -d ' ');
username=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z | tr -d ' ');
_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
group=$(echo "${_group}" | cut -d "," -f 1);
sub_group="";
@@ -119,7 +121,7 @@ while read i; do
ssh_access_type="allow";
fi;
if [ $ssh_forward_ok -eq 0 ] && [ "${ssh_access_type}" = "forward" ]; then
echo "[!!!] sshforward group does not exsts, cannot set user ${user}";
echo "[!!!] sshforward group does not exsts, cannot set user ${username}";
break;
fi;
ssh_group="ssh${ssh_access_type}";
@@ -145,13 +147,13 @@ while read i; do
#echo "[!!] BACKWARDS COMPATIBLE RSA TYPE SELECTION [!!]";
fi;
# user & group not set
if [ -z "${user}" ] || [ -z "${_group}" ]; then
echo "[!!!!!] Missing user or group entry for ${user}/${_group}";
if [ -z "${username}" ] || [ -z "${_group}" ]; then
echo "[!!!!!] Missing user or group entry for ${username}/${_group}";
echo "[*** ABORT RUN ***]"
break;
fi;
# SSH file name part without folder
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
ssh_keygen_id="${hostname}${separator}${group}${separator}${username}${separator}${ssh_keytype}.pem";
# the full file including folder name
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
# publ file if new
@@ -161,8 +163,8 @@ while read i; do
if [ ${INFO} -eq 1 ]; then
# test if pub file exists or not, test if user exists
echo -n "User: '${user}:${group}(${sub_group});${ssh_group}', SSH: ${ssh_keygen_id}";
if getent passwd ${user} > /dev/null 2>&1; then
echo -n "User: '${username}:${group}(${sub_group});${ssh_group}', SSH: ${ssh_keygen_id}";
if getent passwd ${username} > /dev/null 2>&1; then
echo -n ", User exists";
fi;
if [ -f "${ssh_keyfile_check_pub}" ]; then
@@ -182,15 +184,16 @@ while read i; do
fi;
done;
# check if user is not already created
if getent passwd ${user} > /dev/null 2>&1; then
echo "-- Skip '${user}:${group}(${sub_group})'";
# if getent passwd ${username} > /dev/null 2>&1; then
if id "${username}" &>/dev/null; then
echo "-- Skip '${username}:${group}(${sub_group})'";
else
echo "++ Create '${user}:${group}(${sub_group})'";
echo "++ Create '${username}:${group}(${sub_group})'";
if [ ${TEST} -eq 0 ]; then
# comment is user create time
useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -m ${user};
useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -m ${username};
else
echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user}";
echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${username}";
fi;
fi;
skip_ssh=0;
@@ -210,13 +213,13 @@ while read i; do
ssh-keygen \
-t ${ssh_keytype} \
-f "${ssh_keyfile}" \
-C "${hostname}: ${user}@${group}" \
-C "${hostname}: ${username}@${group}" \
-a 100 -N "${password}"
else
echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${user}@${group} -a 100 -N ${password}";
echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${username}@${group} -a 100 -N ${password}";
fi;
else
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${username}/.ssh/authorized_keys);
if [ ! -z "${found}" ]; then
skip_ssh=1;
# override previously set with stored one
@@ -235,29 +238,29 @@ while read i; do
else
create_output_file="${root_folder}${output_file}.TEST";
fi;
echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password}";"${ssh_allow_type} >> ${create_output_file};
echo $(date +"%F %T")";"${host}";"${_hostname}";"${username}";"${password}";"${ssh_allow_type} >> ${create_output_file};
# create the SSH foler and authorized access file with correct permissions
echo " > Create .ssh folder";
if [ ${TEST} -eq 0 ]; then
mkdir /home/${user}/.ssh/;
mkdir /home/${username}/.ssh/;
else
echo "$> mkdir /home/${user}/.ssh/";
echo "$> mkdir /home/${username}/.ssh/";
fi;
echo " > Add public into authorized_keys";
if [ ${TEST} -eq 0 ]; then
cat "${ssh_keyfile_pub}" > /home/${user}/.ssh/authorized_keys;
cat "${ssh_keyfile_pub}" > /home/${username}/.ssh/authorized_keys;
else
echo "$> cat ${ssh_keyfile_pub} > /home/${user}/.ssh/authorized_keys";
echo "$> cat ${ssh_keyfile_pub} > /home/${username}/.ssh/authorized_keys";
fi;
echo " > Secure folder .ssh and authorized_keys file";
if [ ${TEST} -eq 0 ]; then
chown -R ${user}:${group} /home/${user}/.ssh/;
chmod 700 /home/${user}/.ssh/;
chmod 600 /home/${user}/.ssh/authorized_keys;
chown -R ${username}:${group} /home/${username}/.ssh/;
chmod 700 /home/${username}/.ssh/;
chmod 600 /home/${username}/.ssh/authorized_keys;
else
echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
echo "$> chmod 700 /home/${user}/.ssh/";
echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
echo "$> chown -R ${username}:${group} /home/${username}/.ssh/";
echo "$> chmod 700 /home/${username}/.ssh/";
echo "$> chmod 600 /home/${username}/.ssh/authorized_keys";
fi;
fi;
done;