ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add login shell type select (bash login or no login), fix ssh base groups

Browse Source 
no ssh allow/forward/reject base group was set if an optional sub group was set

Add possibility to chose no login when setting the ssh access type to "...|no_login"
This commit is contained in:
Clemens Schwaighofer
2024-09-06 10:44:31 +09:00
parent 83f84abd46
commit 935d6a84c9
2 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
bin/create_user.sh
View File

@@ -2,13 +2,14 @@
# * input file # * input file
# user_list.txt # user_list.txt
# <ignored id>;<user name>;<group>[,sub group,sub group];<ssh access type>;[override password];[override hostname];[override ssh key type] # <ignored id>;<user name>;<group>[,sub group,sub group];<ssh access type>|<no login flag>;[override password];[override hostname];[override ssh key type]
# lines with # are skipped # lines with # are skipped
# already created users are skipped # already created users are skipped
# Mandatory: <ignored id>;<user name>;<group>;<ssh access type> # Mandatory: <ignored id>;<user name>;<group>;<ssh access type>
# <ssh access type> can be # <ssh access type> can be
# allow (full login access) # allow (full login access)
# forward (forward/jump host only) # forward (forward/jump host only)
# if in this column with pipe (|) the flag "no_login" is set then the default shell will change to "/sbin/nologin"
# * output file # * output file
# <date>;<target connect host name>;<hostname>;<username>;<password>;<ssh access type> # <date>;<target connect host name>;<hostname>;<username>;<password>;<ssh access type>
# If already existing PEM key is used then <password> is [ALREADY SET] # If already existing PEM key is used then <password> is [ALREADY SET]
@@ -111,6 +112,10 @@ ssh_keytype='';
# sshallow or sshforward # sshallow or sshforward
ssh_group=''; ssh_group='';
ssh_forward_ok=0; ssh_forward_ok=0;
# login shells
login_shell="/bin/bash";
no_login_shell="/sbin/nologin";
user_login_shell="";
# detect ssh authorized_keys setting # detect ssh authorized_keys setting
SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=''; SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
SSH_AUTHORIZED_FILE=''; SSH_AUTHORIZED_FILE='';
@@ -202,8 +207,21 @@ while read i; do
_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' '); _group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
group=$(echo "${_group}" | cut -d "," -f 1); group=$(echo "${_group}" | cut -d "," -f 1);
sub_group=""; sub_group="";
# POS 4: ssh access type # POS 4: ssh access type and no login flag
ssh_access_type=$(echo "${i}" | cut -d ";" -f 4 | tr A-Z a-z | tr -d ' '); # no login flag
no_login_flag="";
# if there is a pipe, check, else ignore
if echo "${i}" | cut -d ";" -f 4 | grep -q "|"; then
no_login_flag=$(echo "${i}" | cut -d ";" -f 4 | cut -d "|" -f 2);
fi;
# anything set in no login shell flag, we set no login shell
if [ -n "${no_login_flag}" ]; then
user_login_shell="${no_login_shell}";
else
user_login_shell="${login_shell}";
fi;
# ssh access type
ssh_access_type=$(echo "${i}" | cut -d ";" -f 4 | cut -d "|" -f 1 | tr A-Z a-z | tr -d ' ');
# if not allow or forward, set to access # if not allow or forward, set to access
if [ "${ssh_access_type}" != "allow" ] && [ "${ssh_access_type}" != "forward" ]; then if [ "${ssh_access_type}" != "allow" ] && [ "${ssh_access_type}" != "forward" ]; then
echo "[!!] Not valid ssh access type ${ssh_access_type}, set to allow"; echo "[!!] Not valid ssh access type ${ssh_access_type}, set to allow";
@@ -221,7 +239,7 @@ while read i; do
# check if "," inside and extract sub groups # check if "," inside and extract sub groups
if [ -z "${_group##*,*}" ]; then if [ -z "${_group##*,*}" ]; then
sub_group=$(echo "${_group}" | cut -d "," -f 2-); sub_group=$(echo "${_group}" | cut -d "," -f 2-);
sub_group_opt=" -G ${sub_group}"; sub_group_opt=" -G ${ssh_group},${sub_group}";
fi; fi;
# POS 5: do we have a password preset # POS 5: do we have a password preset
_password=$(echo "${i}" | cut -d ";" -f 5); _password=$(echo "${i}" | cut -d ";" -f 5);
@@ -299,9 +317,9 @@ while read i; do
echo "++ Create '${username}:${group}(${sub_group})'"; echo "++ Create '${username}:${group}(${sub_group})'";
if [ ${TEST} -eq 0 ]; then if [ ${TEST} -eq 0 ]; then
# comment is user create time # comment is user create time
useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username}; useradd -c `date +"%F"` -s "${user_login_shell}" -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username};
else else
echo "$> useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username}"; echo "$> useradd -c `date +"%F"` -s "${user_login_shell}" -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username}";
fi; fi;
fi; fi;
# set the auth file # set the auth file

2
user_list.txt-sample
View File

@@ -1 +1 @@
#user_id;user_name;group,subgroup;ssh access type;override password;override hostname;override ssh type #user_id;user_name;group,subgroup;ssh access type|no login flag;override password;override hostname;override ssh type