diff options
Diffstat (limited to 'init-sh/grpuser')
| -rwxr-xr-x | init-sh/grpuser | 125 |
1 files changed, 67 insertions, 58 deletions
diff --git a/init-sh/grpuser b/init-sh/grpuser index fb2ad25..6fa0e5d 100755 --- a/init-sh/grpuser +++ b/init-sh/grpuser @@ -13,12 +13,13 @@ user_name=$3 Usage() { echo "Usage :" - echo " --add [ groupname ] [ username ] ---> Add an user to a group." - echo " --del [ groupname ] [ username ] ---> Delete an user from a group." + echo " --refresh ---> Read group name in /etc/security/msec/group.conf" + echo " and add each user in /etc/security/msec/user.conf" + echo " in these groups ( if security level is <= 2 )" } ModifyFile() { - mv /etc/${file} /tmp/${file}.old + cp /etc/${file} /tmp/${file}.old head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file} echo "${new_group_line}" >> /etc/${file} @@ -42,10 +43,10 @@ AppendUserToGroup() { IsUserAlreadyInGroup() { if echo ${group_users} | grep -qw "${user_name}"; then - return 1 + return 0 fi - return 0 + return 1 } IsGroupExisting() { @@ -60,8 +61,9 @@ IsGroupExisting() { group_users=`echo ${tmp} | awk -F: '{print $5}'` group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'` - [ -z "${tmp}" ] && return 0 - return 1 + [ -z "${tmp}" ] && return 1 + + return 0 } IsUserExisting() { @@ -73,68 +75,66 @@ IsUserExisting() { return 1; } -Add() { - IsGroupExisting; - if [[ $? == 0 ]]; then - echo "Sorry, group \"${group_name}\" does not exist." - echo "Please create it using the \"groupadd\" command." - exit 1 - fi - - IsUserExisting; - if [[ $? == 1 ]]; then - echo "Sorry, user \"${user_name}\" does not exist." - exit 1 - fi - - IsUserAlreadyInGroup; - if [[ $? == 1 ]]; then - echo "Sorry, user \"${user_name}\" is already in group \"${group_name}\"." - exit 1 +Refresh() { + if [[ ${SECURE_LEVEL} > 2 ]]; then + echo "You are in a secure level > 2, in this level you need to add group user by yourself." + echo "Use the command : usermod -G group_name user_name" + exit 1; fi - AppendUserToGroup; - ModifyFile; - - exit 0 -} - -Del() { - IsGroupExisting; - if [[ $? == 0 ]]; then - echo "Sorry, group \"${group_name}\" does not exist." - exit 1 - fi - - IsUserAlreadyInGroup; - if [[ $? == 0 ]]; then - echo "Sorry, user \"${user_name}\" is not in group \"${group_name}\"." - exit 1 - fi - - RemoveUserFromGroup; - ModifyFile; - - exit 0 + cat /etc/security/msec/group.conf | while read group_name; do + IsGroupExisting; + if [[ $? != 0 ]]; then + echo "Group \"${group_name}\" doesn't exist. skiping it." + else + cat /etc/security/msec/user.conf | while read user_name; do + IsUserExisting; + if [[ $? != 0 ]]; then + # user doesn't exist + echo "Can't add user \"${user_name}\" to group \"${group_name}\"." + echo "\"${user_name}\" doesn't exist. skiping." + IsUserAlreadyInGroup; + if [[ $? == 0 ]]; then + # user doesn't exist but is in a group... delete user from this group. + RemoveUserFromgroup; + ModifyFile; + fi + else + usermod -G ${group_name} ${user_name} + fi + done + fi + done } Perm() { + if [[ ${UID} != 0 ]]; then + echo "You need root access to use this tool." + echo "And this script shouldn't be used by users." + exit 1 + fi + if [[ ! -w /etc/${file} ]]; then - echo "You're not allowed to write to /etc/group..." - exit 1 + echo "You're not allowed to write to /etc/group..." + exit 1 + fi + + if [[ ! -f /etc/security/msec/group.conf ]]; then + echo "/etc/security/msec/group.conf doesn't exist..." + exit 1 + fi + + if [[ ! -f /etc/security/msec/user.conf ]]; then + echo "/etc/security/msec/user.conf doesn't exist..." + exit 1 fi } -if [[ $# == 3 ]]; then +if [[ $# == 1 ]]; then case $1 in - "--add") - Perm; - Add; - exit 0 - ;; - "--del") + "--refresh") Perm; - Del; + Refresh; exit 0 ;; esac @@ -150,3 +150,12 @@ fi + + + + + + + + + |