#!/bin/bash # ------------------------------------- # 用户管理 # # @author golanstone # @date 2020-03-25 # ------------------------------------- cmdOp=$1 # 操作码 add del passwd sudo unsudo cmdName=$2 # 用户名 cmdPassword=$3 # 密码 cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥 # cmdAuthorizedKeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLQnYvqNnDcsR6lvrUL3SgmyPJ3XqGork2IxZMPyu+68dZC2/DIaVYm2G0NeEdnDlExkmIrhzRWpfmz6H748TFFsTvGxeOOR+djjKWwOMwmxU0y8QDseZqEAuCANTjzBjGu7/RUWQ5ysOKD8+UTdr1W+avumfFbBzFXNHSHA3JBFUFvFOWxcggBAlOBbA3fWig6a/ykepBfimEdgcyq/P7ERRsP5eLxasmf/vUV3vVE04SpkpMXniG8r9z3gP7At/TFWnvCWmmBJ9+EUK6FE7fxV4tmEni+IfkpQog+l5SpOp2XpMHp8YdIgotwdAKoOu3/bRsqeEMMNYErV+WsFF Stone@Golanstone" # 操作码 OpAdd=1 # 添加用户 OpDel=2 # 删除用户 OpSudo=3 # 给用户加sudo权限 SUDOFILE=/etc/sudoers # 系统sudoer文件 SYSPASSWD=/etc/passwd # 系统passwd文件 USER_HOME_DIR=/home/$cmdName # 家目录 USER_AUTHORIZED_KEYS=/home/$cmdName/.ssh/authorized_keys # ssh免密认证文件 USER_SSH_DIR=/home/$cmdName/.ssh # ssh目录 USER_SSH_RSA_PRIVATE=/home/$cmdName/.ssh/id_rsa # ssh私钥 # 检查cmd参数 check() { echo $cmdOp $cmdName $cmdPassword $cmdAuthorizedKeys } # 添加用户 add_user() { # 判断用户是否存在 grep "^$cmdName" $SYSPASSWD >& /dev/null if [ $? -ne 0 ]; then # 创建用户并设置密码 useradd $cmdName echo "password" $cmdPassword echo $cmdPassword| passwd $cmdName --stdin &>/dev/null if [ $? -eq 0 ];then echo "${cmdName}'s password is set successful" else echo "${cmdName}'s password is set failed" fi fi # 生成.ssh目录 if [ ! -d $USER_SSH_DIR ]; then sudo -u $cmdName mkdir $USER_SSH_DIR && chmod 700 $USER_SSH_DIR echo "mkdir $USER_SSH_DIR" fi # 生成authorized_keys文件 if [ ! -f $USER_AUTHORIZED_KEYS ]; then sudo -u $cmdName touch $USER_AUTHORIZED_KEYS && chmod 600 $USER_AUTHORIZED_KEYS echo "mkdir $USER_AUTHORIZED_KEYS" fi # 生成ssh秘钥对 if [ ! -f $USER_SSH_RSA_PRIVATE ]; then sudo -u $cmdName ssh-keygen -t rsa -f $USER_SSH_RSA_PRIVATE -P "" -q fi # 添加公钥 if [ "$cmdAuthorizedKeys" ]; then echo "usshkey:" $cmdAuthorizedKeys echo $cmdAuthorizedKeys >> $USER_AUTHORIZED_KEYS fi } # 删除用户 del_user() { grep "^$cmdName" $SYSPASSWD >& /dev/null if [ $? -ne 0 ]; then echo "${cmdName} is not exits" exit 1 fi # unsudo_user userdel $cmdName && rm -r $USER_HOME_DIR if [ $? -eq 0 ];then echo "${cmdName} is delete successful" else echo "${cmdName} is delete failed" fi } # 修改密码 change_password() { # 判断用户是否存在 grep "^$cmdName" $SYSPASSWD >& /dev/null if [ $? -eq 0 ] && [ "$cmdPassword" ]; then echo $cmdPassword| passwd $cmdName --stdin &>/dev/null if [ $? -eq 0 ];then echo "${cmdName}'s password is set successful" else echo "${cmdName}'s password is set failed" fi fi } # 添加sudo权限 sudo_user() { grep "^$cmdName:" $SYSPASSWD >& /dev/null if [ $? -eq 0 ]; then echo "$cmdName ALL=(ALL) ALL" >> ${SUDOFILE} && echo "User $cmdName add sudo success!" else echo "User $cmdName not exists!" fi } # 取消sudo权限 unsudo_user() { grep "${cmdName}" ${SUDOFILE} > /dev/null if [ $? -eq 0 ]; then sudo sed -i "/${cmdName}/d" ${SUDOFILE} && echo "User $1 on ${HOST} delete sudo success!" else echo "User $cmdName already delete sudo!" fi } check # 处理 case $cmdOp in add) if [ -z $cmdName ] || [ -z $cmdPassword ]; then echo "add_user invalid params" exit 1 fi add_user ;; del) if [ -z $cmdName ]; then echo "del_user invalid params" exit 1 fi del_user ;; passwd) if [ -z $cmdName ]; then echo "del_user invalid params" exit 1 fi change_password ;; sudo) if [ -z $cmdName ]; then echo "sudo_user invalid params" exit 1 fi sudo_user ;; unsudo) if [ -z $cmdName ]; then echo "unsudo_user invalid params" exit 1 fi unsudo_user ;; *) exit 1 ;; esac