Add central logging for all actions done

log file "user_management.log"

Each line is
[YYYY-MM-DD HH:mm:ss] [script name] [TEST] ...

[TEST] is only set if we are in a test run

for create user, if info flag is set, we do not write a log

bin/unlock_user.sh

@@ -61,31 +61,52 @@ ssh_allow_group="sshallow";
 ssh_forward_group="sshforward";
 user_group_tpl="gpasswd -d %s %s\ngpasswd -a %s %s\n";
 
+LOG="${BASE_FOLDER}/../log/user_management.log";
+function write_log()
+{
+	text="${1}";
+	do_echo="${2}";
+	log_prefix="";
+	# log prefix
+	if [ ${TEST} -eq 1 ]; then
+		log_prefix="TEST";
+	fi;
+	if [ -n "${log_prefix}" ]; then
+		log_prefix="[${log_prefix}] ";
+	fi;
+	echo "[$(date +"%F %T")] [$0] ${log_prefix}${text}" >> "${LOG}";
+	if [ "${do_echo}" = "1" ]; then
+		echo "${text}";
+	fi;
+}
+write_log "START SCRIPT RUN";
+
 echo "--------------------->"
 # $1 ... $n
 for username in "$@"; do
 	# skip if there is an option hidden
+	# shellcheck disable=SC2154
 	if [[ ${_arg:0:1} = "-" ]]; then
 		continue;
 	fi;
 	# skip ignore users, note that if a user is not in the sshallow list anyway
 	# we skip them too, this is just in case check
 	if [[ " ${ignore_users[*]} " =~ [[:space:]]${username}[[:space:]] ]]; then
-		echo "[!] User ${username} is in the ignore user list";
+		write_log "[ERROR] User ${username} is in the ignore user list" "1";
 		continue;
 	fi;
 	# check that user exists in passwd
 	if ! id "${username}" &>/dev/null; then
-		echo "[!] User ${username} does not exists in /etc/passwd file";
+		write_log "[ERROR] User ${username} does not exists in /etc/passwd file" "1";
 		continue;
 	fi;
 	# check if already in OK groups
 	if id -nGz "${username}" | grep -qzxF "${ssh_allow_group}"; then
-		echo "[.] User ${username} already in the ${ssh_allow_group} list";
+		write_log "[.] User ${username} already in the ${ssh_allow_group} list" "1";
 		continue;
 	fi;
 	if id -nGz "${username}" | grep -qzxF "${ssh_forward_group}"; then
-		echo "[.] User ${username} already in the ${ssh_forward_group} list";
+		write_log "[.] User ${username} already in the ${ssh_forward_group} list" "1";
 		continue;
 	fi;
 	# try to find user in user_list.txt and get the allow/forward flag from there,
@@ -103,7 +124,7 @@ for username in "$@"; do
 	# check if user is in reject group remove
 	if id -nGz "${username}" | grep -qzxF "${ssh_reject_group}"; then
 		# remove user from ssh group and add to reject groups
-		echo "[*] User ${username} will be added to ${ssh_add_group}";
+		write_log "[*] User ${username} will be added to ${ssh_add_group}" "1";
 		if [ ${TEST} -eq 1 ]; then
 			# shellcheck disable=SC2059
 			printf "${user_group_tpl}" "${username}" "${ssh_reject_group}" "${username}" "${ssh_add_group}";
@@ -113,7 +134,7 @@ for username in "$@"; do
 		fi;
 	else
 		# skip not ssh user
-		echo "[?] User ${username} not in the ssh reject group";
+		write_log "[?] User ${username} not in the ssh reject group" "1";
 	fi;
 done;