#!/bin/bash # # Writen by Vandoorselaere Yoann # Thanks to Francis Galiegue. # file="group" group_line="" new_group_line="" group_name=$2 user_name=$3 Usage() { echo "Usage :" echo " --clean ---> Remove all group change." echo " --refresh ---> Read group name in /etc/security/msec/group.conf" echo " and add each user in /etc/security/msec/user.conf" echo " in these groups ( if security level is <= 2 )" } ModifyFile() { tmpfile=`mktemp /tmp/grpuser.XXXXXX` cp /etc/${file} ${tmpfile} head -$((group_line_number - 1)) ${tmpfile} > /etc/${file} echo "${new_group_line}" >> /etc/${file} tail +$((group_line_number + 1)) ${tmpfile} >> /etc/${file} rm -f ${tmpfile} } RemoveUserFromGroup() { new_group_line=${group}`echo ${group_users} | sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g` } AppendUserToGroup() { if [[ -z ${group_users} ]]; then new_group_line=${group_line}${user_name} else new_group_line=${group_line}",${user_name}" fi } IsUserAlreadyInGroup() { if echo ${group_users} | grep -qw "${user_name}"; then return 0 fi return 1 } IsGroupExisting() { group_line="" group_line_number="" # We get some group infos as well, will be used later tmp=`grep -n "^${group_name}:" /etc/${file} | tr -d " "` group_line_number=`echo ${tmp} | awk -F: '{print $1}'` group=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"}'` group_users=`echo ${tmp} | awk -F: '{print $5}'` group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'` [ -z "${tmp}" ] && return 1 return 0 } IsUserExisting() { grep -qn "^${user_name}:" /etc/passwd if [[ $? == 0 ]]; then return 0; fi return 1; } RefreshAdd() { if [[ ${SECURE_LEVEL} == 3 || ${SECURE_LEVEL} == 4 || ${SECURE_LEVEL} == 5 || ${SECURE_LEVEL} == snf ]]; then echo "You are in a secure level > 2, in this level you need to add group user by yourself." echo "Use the command : usermod -G group_name user_name" exit 1; fi cat /etc/security/msec/group.conf | grep -v "^$" | while read group_name; do IsGroupExisting; if [[ $? != 0 ]]; then echo "Group \"${group_name}\" doesn't exist. skiping it." else cat /etc/security/msec/user.conf | grep -v "^$" | while read user_name; do IsUserExisting; if [[ $? != 0 ]]; then # user doesn't exist echo "Can't add user \"${user_name}\" to group \"${group_name}\" user doesn't exist. skiping." IsUserAlreadyInGroup; if [[ $? == 0 ]]; then #User doesn't exist but is in a group... delete user from this group. IsGroupExisting; RemoveUserFromGroup; ModifyFile; fi else echo "Adding user \"${user_name}\" to group \"${group_name}\"." IsGroupExisting; IsUserAlreadyInGroup; if [[ $? == 1 ]]; then AppendUserToGroup; ModifyFile; fi fi done fi done } RefreshDel() { cat /etc/security/msec/group.conf | grep -v "^$" | while read group_name; do IsGroupExisting; if [[ $? != 0 ]]; then echo "Group \"${group_name}\" doesn't exist. skiping it." else cat /etc/security/msec/user.conf | grep -v "^$" | while read user_name; do IsGroupExisting; # We need some variable at each turn. IsUserAlreadyInGroup; if [[ $? == 0 ]]; then echo "Removing \"${user_name}\" from group \"${group_name}\"." RemoveUserFromGroup; ModifyFile; fi done fi done } Perm() { if [[ ${UID} != 0 ]]; then echo "You need root access to use this tool." echo "And this script shouldn't be used by users." exit 1 fi if [[ ! -w /etc/${file} ]]; then echo "You're not allowed to write to /etc/group..." exit 1 fi if [[ ! -f /etc/security/msec/group.conf ]]; then echo "/etc/security/msec/group.conf doesn't exist..." exit 1 fi if [[ ! -f /etc/security/msec/user.conf ]]; then echo "/etc/security/msec/user.conf doesn't exist..." exit 1 fi } if [[ $# == 1 ]]; then case $1 in "--refresh") Perm; RefreshAdd; exit 0 ;; "--clean") Perm; RefreshDel; exit 0 ;; esac Usage; exit 0 else Usage; fi