shellcheck fixup

bin/authorized_key_location_change.sh

@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+# shellcheck disable=SC2059
+
 # check if we need to move the users authorized keys to the central location
 
 TEST=1;
@@ -30,9 +32,10 @@ done;
 SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
 SSH_MASTER_AUTHORIZED_FILE='';
 # SSH_AUTHORIZED_FILE='';
+# shellcheck disable=SC2013
 for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep "%u"); do
-	if [ ! -z $(echo "${cf}" | grep "%u") ]; then
-		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=$(echo "${cf}" | sed -e 's/%u//');
+	if echo "$cf" | grep -q "%u"; then
+		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER="${cf/%%u//}";
 		if [ ! -d "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
 			echo "ssh central authorized_file folder could not be found: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
 			exit;
@@ -43,8 +46,9 @@ if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
 	echo "No central authorized_keys file detected, no change check needed";
 	exit;
 fi;
+# shellcheck disable=SC2013
 for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep -- "--master"); do
-	if [ ! -z $(echo "${cf}" | grep -- "--master") ]; then
+	if ! echo "${cf}" | grep -q -- "--master"; then
 		SSH_MASTER_AUTHORIZED_FILE="${cf}";
 		if [ ! -f "${SSH_MASTER_AUTHORIZED_FILE}" ]; then
 			echo "ssh master authorized_file could not be found: ${SSH_MASTER_AUTHORIZED_FILE}"l
@@ -86,20 +90,20 @@ fi;
 
 # loop over passwd file
 # if not in no action then check if .ssh/authorized_keys file exists
-cat /etc/passwd | cut -d ":" -f 1,6 |
-while read user_home; do
+cut -d ":" -f 1,6 /etc/passwd |
+while read -r user_home; do
 	username=$(echo "${user_home}" | cut -d ":" -f 1);
 	master_user=0;
 	# skip admin usernames
-	if [[ " ${NO_ACTION[*]} " =~ " ${username} " ]]; then
+	if [[ " ${NO_ACTION[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
 		printf "${PRINTF_INFO}" "NO ACT" "!" "${username}" "user in NO ACTION list";
 		continue;
 	fi;
-	if [[ " ${SKIP_USERS[*]} " =~ " ${username} " ]]; then
+	if [[ " ${SKIP_USERS[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
 		printf "${PRINTF_INFO}" "SKIP" "*" "${username}" "skip forced via command line";
 		continue;
 	fi;
-	if [[ " ${IGNORE_USER[*]} " =~ " ${username} " ]]; then
+	if [[ " ${IGNORE_USER[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
 		printf "${PRINTF_INFO}" "SKIP" "**" "${username}" "skip from ignore config file";
 		continue;
 	fi;
@@ -115,10 +119,10 @@ while read user_home; do
 		continue;
 	fi;
 	# check those keys are in the master key list
-	if [[ " ${MASTER_KEY[*]} " =~ " ${username} " ]]; then
+	if [[ " ${MASTER_KEY[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
 		master_user=1;
 		ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_MASTER_AUTHORIZED_FILE}");
-		if [ ! -z "${ssh_key_diff}" ]; then
+		if [ -n "${ssh_key_diff}" ]; then
 			printf "${PRINTF_INFO}" "ABORT" "!!!" "${username}" "authorized key is not matching the master key file";
 			exit;
 		fi;
@@ -148,12 +152,12 @@ while read user_home; do
 	if [ ${TEST} -eq 0 ]; then
 		cat "${home_folder}/.ssh/authorized_keys" > "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
 		# secure new folder: chown/chmod/chattr
-		chown ${username} "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
+		chown "${username}" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
 		chmod 400 "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
 		chattr +i "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
 		# confirm
 		ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}");
-		if [ ! -z "${ssh_key_diff}" ]; then
+		if [ -n "${ssh_key_diff}" ]; then
 			printf "${PRINTF_INFO}" "ERROR" "!!!" "${username}" "Move problem ${ssh_key_diff}";
 			break;
 		fi;