Bash script to add and remove users - linux

I am a beginner in bash scripting and I have created a bash script to add users and remove users on Linux.
But since I am facing some issues with the script not really major issues but would be helpful if anyone could point me how to improve the script and the worst practice I am doing the script would be helpful
however the problem I have noticed is that the script takes -a to add a user -d to remove user and -h to get help the -a flag as 2 optional arguments -p for password and -s for shell so the command would be
./useradd.sh -a user -p password -s shell
this works as expected and the user is added to the system but the problem I am facing is that if I do not enter -a flag and specify the -s and -p flag the script is just exited I want to show a clear idea to the user why it exited and there is so many such errors I am assuming but I have not tested it out so much any help would be appreciated, so here is my script
https://github.com/abhijith7025/bash_scripts/blob/master/useradd.sh

... I have created a bash script to add users and remove users on Linux.
You might want to reconsider this, given that Linux has separate commands for these two operations.
There's a lot more to creating a user than there is is getting rid of one, so you may be asking for trouble trying to conjoin the two.
Anyway:
Your case statement has no "other" branch ("* )").
This may be why you're getting no errors when "misusing" your script.
case $opt in
a )
;;
d )
;;
h )
;;
* )
usage
exit 1
;;
esac
Other things to look out for:
useradd is, perhaps, a poor name for a script that can delete users.
You allow a shell to be specified as an argument, but you don't check to see if that exists.
It's conventional for Linux commands to operate on a "thing" or list of "things" and for that operation to be qualified by options that [usually] precede the thing(s). Thus, your script might be better invoked like this:
./manage_user -a -p password -s shell_exe user1
| | | |
| | | User name
| | Shell for User
| Password for User
Add a User
./manage_user -d user2
| |
| User name
Delete a User

Related

sudoedit non interactive with password and editor input from script

(I'm a beginner in linux and shell)
I need to run a sudoedit -u from a non interactive bash script
I have the password in a variable and the input for the editor
My challenge is to give password AND editor inputs to sudoedit
For the context, I need to make a kind of automatic unit tests for sudoers commands.
So my actual strategy is to run the main script with a user A. In that script I need to switch to a second user B (su) to run a subscript that run the sudoedit command (sudoedit -u userC). And I need to get the $? of the sudoedit for my main script report.
I have tested many things without success. Is there a way to give both password and editor input ? (Or an other way to perform what I need to do ?)
I tried that :
#!/bin/bash
# master script
userB=userB
userBpassword=xxx
export userBpassword
su - userB bash child.sh >/dev/null 2>&1 < <(echo $userBpassword)
isSuccess=$? # I need the information of success or not for file edition
#!/bin/bash
sudoedit -u userC file.txt >/dev/null 2>&1 < <(echo ":wq") # I must inject userBpassword here but how ?
return $?
I must do that non interactive (just asking logins and passwords once at start)
Ideally I should have 0 if sudoedit is success or anithing else if there is a failure (no right or missing file)
Thanks in advance for reading and help

How can I pass a password to bash script

I'd like to write a bash script which automates a specific process.
It starts an analyzing cms-tool with passing an identifier.
After passing an identifier that tool is asking for user password.
The script should read through a list of such identifiers and input the user password after each forwarded identifier.
The following simple example shows the process with an identifier called 'eventDatePicker' :
jmm#workstation:/opt/media/tools/bin$ ./cm old-viewtypes-usage -u admin -s "/test/" -t "/home/media/transfer" -vt eventDatePicker
password:
This is my created bash script so far but I don't know how to implement a function for passing a user password:
#!/bin/bash
# list with identifiers
input="/opt/media/tools/bin/technical_identifier"
#path to analyzing tool
cd /opt/media/tools/bin || exit
while IFS= read -r line
do
./cm old-viewtypes-usage -u admin -s "/test/" -t "/home/media/transfer" -vt "$line"
# command for passing the user password
done < "$input"
I tried it out by using read or expect but it didn't work out.
I'd be glad for any help.
You might like to learn the 'expect' dialect of Tcl. Start with running 'autoexpect' and then change the output script to take parameters and send your password.
This is really the only sane way of scripting up interactive scripts.

'su' by using 'script' in Docker returns different results compared to the standard environment

I need to request certain commands via su including password in one line.
I found a solution and it is working in a standard environment (Ubuntu) (more about solution here):
{ sleep 1; echo password; } | script -qc 'su -l user -c id' /dev/null | tail -n +2
But I am faced with the problem that this solution is not suitable in a Docker container environment
Script terminates the command without waiting for echo and as a result i get:
su: Authentication failure
Any help is much appreciated.
Passing the password for su via stdin is problematic for various reasons: the biggest one is probably that your password will end up in the history.
You could instead:
Call the entire script as the specific user and thus enter the password manually
Use sudo with the appropriate NOPASSWD sudoers configuration
In your case you are using docker, so you could just set the USER in your Dockerfile

EXISTS=`ssh xyz 'egrep "$username" /etc/passwd | cut -d':' -f1'` command is not working properly

I am writing a script to add users on multiple linux servers. But first i want to check that mentioned username already exists on that particular server or not.
EXISTS=`ssh xyz 'egrep "$username" /etc/passwd | cut -d':' -f1'`
This is the command i am trying. But its not giving me the output that i want..rather its giving me the all username in passwd file.
The variable EXISTS should have the only that username or it should be empty.
On any modern Linux systems, you have getent. So instead of checking like this, check the return code (via $?) of:
getent passwd $username &>/dev/null
(exits with 0 if the user exists, 2 if it doesn't exist; other error codes described in the manpage)
(note: this is not really a Java question, is it?)
EDIT OK, full code...
ssh thehost getent passwd $username;
RC=$?;
# check for $RC here; if 0, the user exists; if not 0 it doesn't.
# Man getent for more details
Note that another solution would be to try and add the user directly; the command will fail if the user already exists, or some other reason; here again, man useradd, and check for possible return codes.

Most reliable way to identify the current user through a sudo

I have an application that may or may not be run while users are sudo'ed to a shared user account. I would like to reliably identify who the real user is for a sort of "honor-system" ACL. I think there's some way by tracing parent/group/session process ids the way that the pstree command does, but I'm not sure how to do that best or if there are better alternatives.
I tried getlogin() originally. That works if ./myapp is used, but it fails with 'cat input | ./myapp` (because the "controlling terminal" is a pipe owned by the shared account).
I'd rather not trust environment variables, as I don't want my "honor system" to be completely thwarted by a simply unset, when the information is still available elsewhere.
I'd also like to avoid forcing a lookup in the password database, as that is a remote RPC (NIS or LDAP) and I'm pretty sure wtmp already contains the information I need.
For a shell script, you might use this to get the sudo'ing user:
WHO=$(who am i | sed -e 's/ .*//'`)
and extract the id from the login using:
ID_WHO=$(id -u $WHO)
I'll ferret out the C library equivalent later.
sudo sets the environment variables SUDO_USER, SUDO_UID, and SUDO_GID.
You can test this with:
$ sudo env
[sudo] password for shteef:
TERM=xterm
# [...snip...]
SHELL=/bin/bash
LOGNAME=root
USER=root
USERNAME=root
SUDO_COMMAND=/usr/bin/env
SUDO_USER=shteef
SUDO_UID=1000
SUDO_GID=1000
But if your users have shell access on the shared account, then I suppose you cannot blindly trust this either.
How about:
#!/usr/bin/ksh
username=`id | cut -d"=" -f2 | cut -d" " -f1`
if [ $username == "0(root)" ]
then
print "Yes, the user is root"
else
print "Sorry! the user $username, is not a root"
fi

Resources