ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into shellecheck-cleanup

Browse Source
This commit is contained in:
Clemens Schwaighofer
2024-09-06 10:58:13 +09:00
parent ee7cc8555e 935d6a84c9
commit 91f096ab0c
2 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
bin/create_user.sh
View File

@@ -2,13 +2,14 @@
# * input file
# user_list.txt
# <ignored id>;<user name>;<group>[,sub group,sub group];<ssh access type>;[override password];[override hostname];[override ssh key type]
# <ignored id>;<user name>;<group>[,sub group,sub group];<ssh access type>|<no login flag>;[override password];[override hostname];[override ssh key type]
# lines with # are skipped
# already created users are skipped
# Mandatory: <ignored id>;<user name>;<group>;<ssh access type>
# <ssh access type> can be
# allow (full login access)
# forward (forward/jump host only)
# if in this column with pipe (|) the flag "no_login" is set then the default shell will change to "/sbin/nologin"
# * output file
# <date>;<target connect host name>;<hostname>;<username>;<password>;<ssh access type>
# If already existing PEM key is used then <password> is [ALREADY SET]
@@ -113,6 +114,10 @@ ssh_keytype='';
# sshallow or sshforward
ssh_group='';
ssh_forward_ok=0;
# login shells
login_shell="/bin/bash";
no_login_shell="/sbin/nologin";
user_login_shell="";
# detect ssh authorized_keys setting
SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
SSH_AUTHORIZED_FILE='';
@@ -201,8 +206,21 @@ while read -r i; do
_group=$(echo "${i}" | cut -d ";" -f 3 | tr "[:upper:]" "[:lower:]" | tr -d ' ');
group=$(echo "${_group}" | cut -d "," -f 1);
sub_group="";
# POS 4: ssh access type
ssh_access_type=$(echo "${i}" | cut -d ";" -f 4 | tr "[:upper:]" "[:lower:]" | tr -d ' ');
# POS 4: ssh access type and no login flag
# no login flag
no_login_flag="";
# if there is a pipe, check, else ignore
if echo "${i}" | cut -d ";" -f 4 | grep -q "|"; then
no_login_flag=$(echo "${i}" | cut -d ";" -f 4 | cut -d "|" -f 2);
fi;
# anything set in no login shell flag, we set no login shell
if [ -n "${no_login_flag}" ]; then
user_login_shell="${no_login_shell}";
else
user_login_shell="${login_shell}";
fi;
# ssh access type
ssh_access_type=$(echo "${i}" | cut -d ";" -f 4 | cut -d "|" -f 1 | tr "[:upper:]" "[:lower:]" | tr -d ' ');
# if not allow or forward, set to access
if [ "${ssh_access_type}" != "allow" ] && [ "${ssh_access_type}" != "forward" ]; then
echo "[!!] Not valid ssh access type ${ssh_access_type}, set to allow";
@@ -220,7 +238,7 @@ while read -r i; do
# check if "," inside and extract sub groups
if [ -z "${_group##*,*}" ]; then
sub_group=$(echo "${_group}" | cut -d "," -f 2-);
sub_group_opt=" -G ${sub_group}";
sub_group_opt=" -G ${ssh_group},${sub_group}";
fi;
# POS 5: do we have a password preset
_password=$(echo "${i}" | cut -d ";" -f 5);
@@ -298,9 +316,9 @@ while read -r i; do
echo "++ Create '${username}:${group}(${sub_group})'";
if [ ${TEST} -eq 0 ]; then
# comment is user create time
useradd -c "$(date +"%F")" -s /bin/bash -g "${group}${sub_group_opt}" -d "${HOME_FOLDER}${username}" -m "${username}";
useradd -c "$(date +"%F")" -s "${user_login_shell}" -g "${group}${sub_group_opt}" -d "${HOME_FOLDER}${username}" -m "${username}";
else
echo "$> useradd -c \"$(date +"%F")\" -s /bin/bash -g ${group}${sub_group_opt} -d \"${HOME_FOLDER}${username}\" -m \"${username}\"";
echo "$> useradd -c \"$(date +"%F")\" -s \"${user_login_shell}\" -g \"${group}${sub_group_opt}\" -d \"${HOME_FOLDER}${username}\" -m \"${username}\"";
fi;
fi;
# set the auth file