From f7724d679b59540db2af2a17eb3ee169dad870d5 Mon Sep 17 00:00:00 2001 From: Yoann Vandoorselaere Date: Wed, 15 Dec 1999 17:21:06 +0000 Subject: *** empty log message *** --- init-sh/grpuser.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100755 init-sh/grpuser.sh (limited to 'init-sh/grpuser.sh') diff --git a/init-sh/grpuser.sh b/init-sh/grpuser.sh new file mode 100755 index 0000000..6fa0e5d --- /dev/null +++ b/init-sh/grpuser.sh @@ -0,0 +1,161 @@ +#!/bin/sh + +# +# Writen by Vandoorselaere Yoann +# Thanks to Francis Galiegue. +# + +file="group" +group_line="" +new_group_line="" +group_name=$2 +user_name=$3 + +Usage() { + echo "Usage :" + echo " --refresh ---> Read group name in /etc/security/msec/group.conf" + echo " and add each user in /etc/security/msec/user.conf" + echo " in these groups ( if security level is <= 2 )" +} + +ModifyFile() { + cp /etc/${file} /tmp/${file}.old + + head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file} + echo "${new_group_line}" >> /etc/${file} + tail +$((group_line_number + 1)) /tmp/${file}.old >> /etc/${file} + + rm -f /tmp/${file}.old +} + +RemoveUserFromGroup() { + new_group_line=${group}`echo ${group_users} | + sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g` +} + +AppendUserToGroup() { + if [[ -z ${group_users} ]]; then + new_group_line=${group_line}${user_name} + else + new_group_line=${group_line}",${user_name}" + fi +} + +IsUserAlreadyInGroup() { + if echo ${group_users} | grep -qw "${user_name}"; then + return 0 + fi + + return 1 +} + +IsGroupExisting() { + group_line="" + group_line_number="" + + # We get some group infos as well, will be used later + tmp=`grep -n "^${group_name}:" /etc/${file} | tr -d " "` + + group_line_number=`echo ${tmp} | awk -F: '{print $1}'` + group=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"}'` + group_users=`echo ${tmp} | awk -F: '{print $5}'` + group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'` + + [ -z "${tmp}" ] && return 1 + + return 0 +} + +IsUserExisting() { + grep -qn "^${user_name}:" /etc/passwd + if [[ $? == 0 ]]; then + return 0; + fi + + return 1; +} + +Refresh() { + if [[ ${SECURE_LEVEL} > 2 ]]; then + echo "You are in a secure level > 2, in this level you need to add group user by yourself." + echo "Use the command : usermod -G group_name user_name" + exit 1; + fi + + cat /etc/security/msec/group.conf | while read group_name; do + IsGroupExisting; + if [[ $? != 0 ]]; then + echo "Group \"${group_name}\" doesn't exist. skiping it." + else + cat /etc/security/msec/user.conf | while read user_name; do + IsUserExisting; + if [[ $? != 0 ]]; then + # user doesn't exist + echo "Can't add user \"${user_name}\" to group \"${group_name}\"." + echo "\"${user_name}\" doesn't exist. skiping." + IsUserAlreadyInGroup; + if [[ $? == 0 ]]; then + # user doesn't exist but is in a group... delete user from this group. + RemoveUserFromgroup; + ModifyFile; + fi + else + usermod -G ${group_name} ${user_name} + fi + done + fi + done +} + +Perm() { + if [[ ${UID} != 0 ]]; then + echo "You need root access to use this tool." + echo "And this script shouldn't be used by users." + exit 1 + fi + + if [[ ! -w /etc/${file} ]]; then + echo "You're not allowed to write to /etc/group..." + exit 1 + fi + + if [[ ! -f /etc/security/msec/group.conf ]]; then + echo "/etc/security/msec/group.conf doesn't exist..." + exit 1 + fi + + if [[ ! -f /etc/security/msec/user.conf ]]; then + echo "/etc/security/msec/user.conf doesn't exist..." + exit 1 + fi +} + +if [[ $# == 1 ]]; then + case $1 in + "--refresh") + Perm; + Refresh; + exit 0 + ;; + esac + Usage; + exit 0 +else + Usage; +fi + + + + + + + + + + + + + + + + -- cgit v1.2.1