You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
174 lines
4.3 KiB
174 lines
4.3 KiB
#!/bin/bash
|
|
# -------------------------------------
|
|
# 用户管理
|
|
#
|
|
# @author golanstone
|
|
# @date 2020-03-25
|
|
# -------------------------------------
|
|
|
|
cmdOp=$1 # 操作码 add del passwd sudo unsudo
|
|
cmdName=$2 # 用户名
|
|
cmdPassword=$3 # 密码
|
|
cmdAuthorizedKeys=`echo ${@:4}` # ssh公钥
|
|
|
|
# cmdAuthorizedKeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLQnYvqNnDcsR6lvrUL3SgmyPJ3XqGork2IxZMPyu+68dZC2/DIaVYm2G0NeEdnDlExkmIrhzRWpfmz6H748TFFsTvGxeOOR+djjKWwOMwmxU0y8QDseZqEAuCANTjzBjGu7/RUWQ5ysOKD8+UTdr1W+avumfFbBzFXNHSHA3JBFUFvFOWxcggBAlOBbA3fWig6a/ykepBfimEdgcyq/P7ERRsP5eLxasmf/vUV3vVE04SpkpMXniG8r9z3gP7At/TFWnvCWmmBJ9+EUK6FE7fxV4tmEni+IfkpQog+l5SpOp2XpMHp8YdIgotwdAKoOu3/bRsqeEMMNYErV+WsFF Stone@Golanstone"
|
|
|
|
# 操作码
|
|
OpAdd=1 # 添加用户
|
|
OpDel=2 # 删除用户
|
|
OpSudo=3 # 给用户加sudo权限
|
|
|
|
SUDOFILE=/etc/sudoers # 系统sudoer文件
|
|
SYSPASSWD=/etc/passwd # 系统passwd文件
|
|
USER_HOME_DIR=/home/$cmdName # 家目录
|
|
USER_AUTHORIZED_KEYS=/home/$cmdName/.ssh/authorized_keys # ssh免密认证文件
|
|
USER_SSH_DIR=/home/$cmdName/.ssh # ssh目录
|
|
USER_SSH_RSA_PRIVATE=/home/$cmdName/.ssh/id_rsa # ssh私钥
|
|
|
|
# 检查cmd参数
|
|
check() {
|
|
echo $cmdOp $cmdName $cmdPassword $cmdAuthorizedKeys
|
|
}
|
|
|
|
# 添加用户
|
|
add_user() {
|
|
# 判断用户是否存在
|
|
grep "^$cmdName" $SYSPASSWD >& /dev/null
|
|
if [ $? -ne 0 ]; then
|
|
# 创建用户并设置密码
|
|
useradd $cmdName
|
|
|
|
echo "password" $cmdPassword
|
|
echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
|
|
if [ $? -eq 0 ];then
|
|
echo "${cmdName}'s password is set successful"
|
|
else
|
|
echo "${cmdName}'s password is set failed"
|
|
fi
|
|
fi
|
|
|
|
# 生成.ssh目录
|
|
if [ ! -d $USER_SSH_DIR ]; then
|
|
sudo -u $cmdName mkdir $USER_SSH_DIR && chmod 700 $USER_SSH_DIR
|
|
echo "mkdir $USER_SSH_DIR"
|
|
fi
|
|
|
|
# 生成authorized_keys文件
|
|
if [ ! -f $USER_AUTHORIZED_KEYS ]; then
|
|
sudo -u $cmdName touch $USER_AUTHORIZED_KEYS && chmod 600 $USER_AUTHORIZED_KEYS
|
|
echo "mkdir $USER_AUTHORIZED_KEYS"
|
|
fi
|
|
|
|
# 生成ssh秘钥对
|
|
if [ ! -f $USER_SSH_RSA_PRIVATE ]; then
|
|
sudo -u $cmdName ssh-keygen -t rsa -f $USER_SSH_RSA_PRIVATE -P "" -q
|
|
fi
|
|
|
|
# 添加公钥
|
|
if [ "$cmdAuthorizedKeys" ]; then
|
|
echo "usshkey:" $cmdAuthorizedKeys
|
|
echo $cmdAuthorizedKeys >> $USER_AUTHORIZED_KEYS
|
|
fi
|
|
}
|
|
|
|
# 删除用户
|
|
del_user() {
|
|
grep "^$cmdName" $SYSPASSWD >& /dev/null
|
|
if [ $? -ne 0 ]; then
|
|
echo "${cmdName} is not exits"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
unsudo_user
|
|
|
|
userdel $cmdName #&& rm -r $USER_HOME_DIR
|
|
if [ $? -eq 0 ];then
|
|
echo "${cmdName} is delete successful"
|
|
else
|
|
echo "${cmdName} is delete failed"
|
|
fi
|
|
}
|
|
|
|
# 修改密码
|
|
change_password() {
|
|
# 判断用户是否存在
|
|
grep "^$cmdName" $SYSPASSWD >& /dev/null
|
|
if [ $? -eq 0 ] && [ "$cmdPassword" ]; then
|
|
echo $cmdPassword| passwd $cmdName --stdin &>/dev/null
|
|
if [ $? -eq 0 ];then
|
|
echo "${cmdName}'s password is set successful"
|
|
else
|
|
echo "${cmdName}'s password is set failed"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# 添加sudo权限
|
|
sudo_user() {
|
|
grep "^$cmdName:" $SYSPASSWD >& /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
echo "$cmdName ALL=(ALL) ALL" >> ${SUDOFILE} && echo "User $cmdName add sudo success!"
|
|
else
|
|
echo "User $cmdName not exists!"
|
|
fi
|
|
}
|
|
|
|
# 取消sudo权限
|
|
unsudo_user() {
|
|
grep "${cmdName}" ${SUDOFILE} > /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
sudo sed -i "/${cmdName}/d" ${SUDOFILE} && echo "User $1 on ${HOST} delete sudo success!"
|
|
else
|
|
echo "User $cmdName already delete sudo!"
|
|
fi
|
|
}
|
|
|
|
check
|
|
|
|
# 处理
|
|
case $cmdOp in
|
|
add)
|
|
if [ -z $cmdName ] || [ -z $cmdPassword ]; then
|
|
echo "add_user invalid params"
|
|
exit 1
|
|
fi
|
|
|
|
add_user
|
|
;;
|
|
del)
|
|
if [ -z $cmdName ]; then
|
|
echo "del_user invalid params"
|
|
exit 1
|
|
fi
|
|
|
|
del_user
|
|
;;
|
|
passwd)
|
|
if [ -z $cmdName ]; then
|
|
echo "del_user invalid params"
|
|
exit 1
|
|
fi
|
|
|
|
change_password
|
|
;;
|
|
sudo)
|
|
if [ -z $cmdName ]; then
|
|
echo "sudo_user invalid params"
|
|
exit 1
|
|
fi
|
|
|
|
sudo_user
|
|
;;
|
|
unsudo)
|
|
if [ -z $cmdName ]; then
|
|
echo "unsudo_user invalid params"
|
|
exit 1
|
|
fi
|
|
|
|
unsudo_user
|
|
;;
|
|
*)
|
|
exit 1
|
|
;;
|
|
esac
|