ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shellcheck fixup

Browse Source
This commit is contained in:
Clemens Schwaighofer
2024-09-27 18:49:36 +09:00
parent d8f9710593
commit 7ce8330aa6
6 changed files with 96 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
bin/lock_user.sh
View File

@@ -9,14 +9,18 @@
TEST=0; # no delete, just print
while getopts ":t" opt; do
case "${opt}" in
t|test)
t) # test
TEST=1;
;;
\?)
echo "";
echo "-t test run, do not lock users";
;;
esac;
done;
shift "$((OPTIND-1))"
if [ $(whoami) != "root" ]; then
if [ "$(whoami)" != "root" ]; then
if [ ${TEST} -eq 0 ]; then
echo "Script must be run as root user";
exit;
@@ -34,7 +38,7 @@ fi;
ignore_users=('root' 'ec2-user' 'ubuntu' 'admin');
# ssh reject group
ssh_reject_group="sshreject";
if [ -z $(cat /etc/group | grep "${ssh_reject_group}:") ]; then
if ! grep -q "${ssh_reject_group}:" /etc/group; then
echo "Missing ssh reject group: ${ssh_reject_group}";
exit;
fi;
@@ -51,7 +55,7 @@ for username in "$@"; do
fi;
# skip ignore users, note that if a user is not in the sshallow list anyway
# we skip them too, this is just in case check
if [[ " ${ignore_users[*]} " =~ " ${username} " ]]; then
if [[ " ${ignore_users[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
echo "[!] User ${username} is in the ignore user list";
continue;
fi;
@@ -72,16 +76,17 @@ for username in "$@"; do
fi;
# if user is in ssh allow group and ALSO in ssh forward group -> bad
if id -nGz "${username}" | grep -qzxF "${ssh_forward_group}"; then
if [ ! -z "${ssh_remove_group}" ]; then
if [ -n "${ssh_remove_group}" ]; then
echo "[!!!! ERROR !!!!] User ${username} exists in both ${ssh_allow_group} and ${ssh_forward_group} group which should not be allowed. Remove user from one group and run script again.";
break;
fi;
ssh_remove_group="${ssh_forward_group}";
fi;
if [ ! -z "${ssh_remove_group}" ]; then
if [ -n "${ssh_remove_group}" ]; then
# remove user from ssh group and add to reject groups
echo "[*] User ${username} will be removed from ${ssh_remove_group}";
if [ ${TEST} -eq 1 ]; then
# shellcheck disable=SC2059
printf "${user_group_tpl}" "${username}" "${ssh_remove_group}" "${username}" "${ssh_reject_group}";
else
gpasswd -d "${username}" "${ssh_remove_group}";