ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AWS user account management scripts updates

Browse Source 
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
This commit is contained in:
Clemens Schwaighofer
2023-08-07 07:29:24 +09:00
parent eb194c2f1c
commit 571ddcc717
10 changed files with 323 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bin/unlock_user.sh
View File

@@ -66,21 +66,21 @@ for username in "$@"; do
# skip ignore users, note that if a user is not in the sshallow list anyway
# we skip them too, this is just in case check
if [[ " ${ignore_users[*]} " =~ " ${username} " ]]; then
echo "[!] User $username is in the ignore user list";
echo "[!] User ${username} is in the ignore user list";
continue;
fi;
# check that user exists in passwd
if ! id "${username}" &>/dev/null; then
echo "[!] User $username does not exists in /etc/passwd file";
echo "[!] User ${username} does not exists in /etc/passwd file";
continue;
fi;
# check if already in OK groups
if id -nGz "${username}" | grep -qzxF "${ssh_allow_group}"; then
echo "[.] User $username already in the ${ssh_allow_group} list";
echo "[.] User ${username} already in the ${ssh_allow_group} list";
continue;
fi;
if id -nGz "${username}" | grep -qzxF "${ssh_forward_group}"; then
echo "[.] User $username already in the ${ssh_forward_group} list";
echo "[.] User ${username} already in the ${ssh_forward_group} list";
continue;
fi;
# try to find user in user_list.txt and get the allow/forward flag from there,
@@ -98,7 +98,7 @@ for username in "$@"; do
# check if user is in reject group remove
if id -nGz "${username}" | grep -qzxF "${ssh_reject_group}"; then
# remove user from ssh group and add to reject groups
echo "[*] User $username will be added to ${ssh_add_group}";
echo "[*] User ${username} will be added to ${ssh_add_group}";
if [ ${TEST} -eq 1 ]; then
printf "${user_group_tpl}" "${username}" "${ssh_reject_group}" "${username}" "${ssh_add_group}";
else
@@ -107,7 +107,7 @@ for username in "$@"; do
fi;
else
# skip not ssh user
echo "[?] User $username not in the ssh reject group";
echo "[?] User ${username} not in the ssh reject group";
fi;
done;