跳板机管理平台
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

174 lines
4.3 KiB

5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
  1. #!/bin/bash
  2. # -------------------------------------
  3. # 用户管理
  4. #
  5. # @author golanstone
  6. # @date 2020-03-25
  7. # -------------------------------------
  8. cmdOp=$1 # 操作码 add del passwd sudo unsudo
  9. cmdName=$2 # 用户名
  10. cmdPassword=$3 # 密码
  11. cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥
  12. # cmdAuthorizedKeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLQnYvqNnDcsR6lvrUL3SgmyPJ3XqGork2IxZMPyu+68dZC2/DIaVYm2G0NeEdnDlExkmIrhzRWpfmz6H748TFFsTvGxeOOR+djjKWwOMwmxU0y8QDseZqEAuCANTjzBjGu7/RUWQ5ysOKD8+UTdr1W+avumfFbBzFXNHSHA3JBFUFvFOWxcggBAlOBbA3fWig6a/ykepBfimEdgcyq/P7ERRsP5eLxasmf/vUV3vVE04SpkpMXniG8r9z3gP7At/TFWnvCWmmBJ9+EUK6FE7fxV4tmEni+IfkpQog+l5SpOp2XpMHp8YdIgotwdAKoOu3/bRsqeEMMNYErV+WsFF Stone@Golanstone"
  13. # 操作码
  14. OpAdd=1 # 添加用户
  15. OpDel=2 # 删除用户
  16. OpSudo=3 # 给用户加sudo权限
  17. SUDOFILE=/etc/sudoers # 系统sudoer文件
  18. SYSPASSWD=/etc/passwd # 系统passwd文件
  19. USER_HOME_DIR=/home/$cmdName # 家目录
  20. USER_AUTHORIZED_KEYS=/home/$cmdName/.ssh/authorized_keys # ssh免密认证文件
  21. USER_SSH_DIR=/home/$cmdName/.ssh # ssh目录
  22. USER_SSH_RSA_PRIVATE=/home/$cmdName/.ssh/id_rsa # ssh私钥
  23. # 检查cmd参数
  24. check() {
  25. echo $cmdOp $cmdName $cmdPassword $cmdAuthorizedKeys
  26. }
  27. # 添加用户
  28. add_user() {
  29. # 判断用户是否存在
  30. grep "^$cmdName" $SYSPASSWD >& /dev/null
  31. if [ $? -ne 0 ]; then
  32. # 创建用户并设置密码
  33. useradd $cmdName
  34. echo "password" $cmdPassword
  35. echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
  36. if [ $? -eq 0 ];then
  37. echo "${cmdName}'s password is set successful"
  38. else
  39. echo "${cmdName}'s password is set failed"
  40. fi
  41. fi
  42. # 生成.ssh目录
  43. if [ ! -d $USER_SSH_DIR ]; then
  44. sudo -u $cmdName mkdir $USER_SSH_DIR && chmod 700 $USER_SSH_DIR
  45. echo "mkdir $USER_SSH_DIR"
  46. fi
  47. # 生成authorized_keys文件
  48. if [ ! -f $USER_AUTHORIZED_KEYS ]; then
  49. sudo -u $cmdName touch $USER_AUTHORIZED_KEYS && chmod 600 $USER_AUTHORIZED_KEYS
  50. echo "mkdir $USER_AUTHORIZED_KEYS"
  51. fi
  52. # 生成ssh秘钥对
  53. if [ ! -f $USER_SSH_RSA_PRIVATE ]; then
  54. sudo -u $cmdName ssh-keygen -t rsa -f $USER_SSH_RSA_PRIVATE -P "" -q
  55. fi
  56. # 添加公钥
  57. if [ "$cmdAuthorizedKeys" ]; then
  58. echo "usshkey:" $cmdAuthorizedKeys
  59. echo $cmdAuthorizedKeys >> $USER_AUTHORIZED_KEYS
  60. fi
  61. }
  62. # 删除用户
  63. del_user() {
  64. grep "^$cmdName" $SYSPASSWD >& /dev/null
  65. if [ $? -ne 0 ]; then
  66. echo "${cmdName} is not exits"
  67. exit 1
  68. fi
  69. #
  70. unsudo_user
  71. userdel $cmdName #&& rm -r $USER_HOME_DIR
  72. if [ $? -eq 0 ];then
  73. echo "${cmdName} is delete successful"
  74. else
  75. echo "${cmdName} is delete failed"
  76. fi
  77. }
  78. # 修改密码
  79. change_password() {
  80. # 判断用户是否存在
  81. grep "^$cmdName" $SYSPASSWD >& /dev/null
  82. if [ $? -eq 0 ] && [ "$cmdPassword" ]; then
  83. echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
  84. if [ $? -eq 0 ];then
  85. echo "${cmdName}'s password is set successful"
  86. else
  87. echo "${cmdName}'s password is set failed"
  88. fi
  89. fi
  90. }
  91. # 添加sudo权限
  92. sudo_user() {
  93. grep "^$cmdName:" $SYSPASSWD >& /dev/null
  94. if [ $? -eq 0 ]; then
  95. echo "$cmdName ALL=(ALL) ALL" >> ${SUDOFILE} && echo "User $cmdName add sudo success!"
  96. else
  97. echo "User $cmdName not exists!"
  98. fi
  99. }
  100. # 取消sudo权限
  101. unsudo_user() {
  102. grep "${cmdName}" ${SUDOFILE} > /dev/null
  103. if [ $? -eq 0 ]; then
  104. sudo sed -i "/${cmdName}/d" ${SUDOFILE} && echo "User $1 on ${HOST} delete sudo success!"
  105. else
  106. echo "User $cmdName already delete sudo!"
  107. fi
  108. }
  109. check
  110. # 处理
  111. case $cmdOp in
  112. add)
  113. if [ -z $cmdName ] || [ -z $cmdPassword ]; then
  114. echo "add_user invalid params"
  115. exit 1
  116. fi
  117. add_user
  118. ;;
  119. del)
  120. if [ -z $cmdName ]; then
  121. echo "del_user invalid params"
  122. exit 1
  123. fi
  124. del_user
  125. ;;
  126. passwd)
  127. if [ -z $cmdName ]; then
  128. echo "del_user invalid params"
  129. exit 1
  130. fi
  131. change_password
  132. ;;
  133. sudo)
  134. if [ -z $cmdName ]; then
  135. echo "sudo_user invalid params"
  136. exit 1
  137. fi
  138. sudo_user
  139. ;;
  140. unsudo)
  141. if [ -z $cmdName ]; then
  142. echo "unsudo_user invalid params"
  143. exit 1
  144. fi
  145. unsudo_user
  146. ;;
  147. *)
  148. exit 1
  149. ;;
  150. esac