├── .gitignore ├── README.md └── usr-mgr.sh /.gitignore: -------------------------------------------------------------------------------- 1 | actions.log 2 | backups -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # User Management 2 | 3 | This script is a simple tool for user management in Linux distros. 4 | 5 | ## Functionality 6 | 7 | * Create users 8 | * List all created users 9 | * Lock / Unclock users 10 | * List all locked users 11 | * Backup user home 12 | * Generate SSH key for exist user 13 | * Promote user to admin 14 | * Degrate user from admin 15 | * Delete user 16 | * Logging all actions in `actions.log` 17 | 18 | ## Backups 19 | 20 | Script create `backups` catalog in the script folder and them create `tar.gz` archive with name which contains - user name and current date 21 | 22 | ## SSH keys 23 | 24 | Script generate 4096 RSA key for target user in `/home//.ssh` and key has name is `id_rsa_`. 25 | 26 | After SSH key was generate, script show the contents from `id_rsa_.pub` file to the admin. 27 | 28 | ## Promoting / Degrating 29 | 30 | * Promoting - User will add to `wheel` group and them will create file in `/etc/sudoers.d/` 31 | * Degrating - User will remove from `wheel` group and file `/etc/sudoers.d/` will be remove 32 | 33 | ## Logging 34 | 35 | Script has `action.log` with logged basic actions with: 36 | * Date and Time 37 | * User name 38 | * Action -------------------------------------------------------------------------------- /usr-mgr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # User manager script for Linux 3 | # Created by Y.G. 4 | 5 | # Envs 6 | # ---------------------------------------------------\ 7 | PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 8 | SCRIPT_PATH=$(cd `dirname "${BASH_SOURCE[0]}"` && pwd) 9 | cd $SCRIPT_PATH 10 | 11 | # Vars 12 | # ---------------------------------------------------\ 13 | ME=`basename "$0"` 14 | BACKUPS=$SCRIPT_PATH/backups 15 | SERVER_NAME=`hostname` 16 | SERVER_IP=`hostname -I | cut -d' ' -f1` 17 | LOG=$SCRIPT_PATH/actions.log 18 | DISTRO_UNAME=`uname` 19 | 20 | # Output messages 21 | # ---------------------------------------------------\ 22 | RED='\033[0;91m' 23 | GREEN='\033[0;92m' 24 | CYAN='\033[0;96m' 25 | YELLOW='\033[0;93m' 26 | PURPLE='\033[0;95m' 27 | BLUE='\033[0;94m' 28 | BOLD='\033[1m' 29 | WHiTE="\e[1;37m" 30 | NC='\033[0m' 31 | 32 | ON_SUCCESS="DONE" 33 | ON_FAIL="FAIL" 34 | ON_ERROR="Oops" 35 | ON_CHECK="✓" 36 | 37 | Info() { 38 | echo -en "[${1}] ${GREEN}${2}${NC}\n" 39 | } 40 | 41 | Warn() { 42 | echo -en "[${1}] ${PURPLE}${2}${NC}\n" 43 | } 44 | 45 | Success() { 46 | echo -en "[${1}] ${GREEN}${2}${NC}\n" 47 | } 48 | 49 | Error () { 50 | echo -en "[${1}] ${RED}${2}${NC}\n" 51 | } 52 | 53 | Splash() { 54 | echo -en "${WHiTE} ${1}${NC}\n" 55 | } 56 | 57 | space() { 58 | echo -e "" 59 | } 60 | 61 | 62 | # Functions 63 | # ---------------------------------------------------\ 64 | 65 | logthis() { 66 | 67 | echo "$(date): $(whoami) - $@" >> "$LOG" 68 | # "$@" 2>> "$LOG" 69 | } 70 | 71 | isRoot() { 72 | if [ $(id -u) -ne 0 ]; then 73 | Error "You must be root user to continue" 74 | exit 1 75 | fi 76 | RID=$(id -u root 2>/dev/null) 77 | if [ $? -ne 0 ]; then 78 | Error "User root no found. You should create it to continue" 79 | exit 1 80 | fi 81 | if [ $RID -ne 0 ]; then 82 | Error "User root UID not equals 0. User root must have UID 0" 83 | exit 1 84 | fi 85 | } 86 | 87 | # Checks supporting distros 88 | checkDistro() { 89 | # Checking distro 90 | if [ -e /etc/centos-release ]; then 91 | DISTRO=`cat /etc/redhat-release | awk '{print $1,$4}'` 92 | RPM=1 93 | elif [ -e /etc/fedora-release ]; then 94 | DISTRO=`cat /etc/fedora-release | awk '{print ($1,$3~/^[0-9]/?$3:$4)}'` 95 | RPM=2 96 | elif [ -e /etc/os-release ]; then 97 | DISTRO=`lsb_release -d | awk -F"\t" '{print $2}'` 98 | RPM=0 99 | DEB=1 100 | fi 101 | 102 | if [[ "$DISTRO_UNAME" == 'Linux' ]]; then 103 | _LINUX=1 104 | Warn "Server info" "${SERVER_NAME} ${SERVER_IP} (${DISTRO}" 105 | else 106 | _LINUX=0 107 | Error "Error" "Your distribution is not supported (yet)" 108 | fi 109 | } 110 | 111 | # Yes / No confirmation 112 | confirm() { 113 | # call with a prompt string or use a default 114 | read -r -p "${1:-Are you sure? [y/N]} " response 115 | case "$response" in 116 | [yY][eE][sS]|[yY]) 117 | true 118 | ;; 119 | *) 120 | false 121 | ;; 122 | esac 123 | } 124 | 125 | check_bkp_folder() { 126 | if [[ ! -d "$BACKUPS" ]]; then 127 | mkdir -p $BACKUPS 128 | fi 129 | } 130 | 131 | gen_pass() { 132 | local l=$1 133 | [ "$l" == "" ] && l=9 134 | tr -dc A-Za-z0-9 < /dev/urandom | head -c ${l} | xargs 135 | } 136 | 137 | create_user() { 138 | 139 | space 140 | read -p "Enter user name: " user 141 | 142 | if id -u "$user" >/dev/null 2>&1; then 143 | Error "Error" "User $user exists. Try to set another user name." 144 | else 145 | Info "Info" "User $user will be create.." 146 | 147 | local pass=$(gen_pass) 148 | 149 | if confirm "Promote user to admin? (y/n or enter for n)"; then 150 | useradd -m -s /bin/bash -G wheel ${user} 151 | echo "%$user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$user 152 | else 153 | useradd -m -s /bin/bash ${user} 154 | fi 155 | 156 | # set password 157 | echo "$user:$pass" | chpasswd 158 | 159 | Info "Info" "User created. Name: $user. Password: $pass" 160 | logthis "User created. Name: $user. Password: $pass" 161 | 162 | fi 163 | space 164 | 165 | } 166 | 167 | list_users() { 168 | space 169 | Info "Info" "List of /bin/bash users: " 170 | # grep 'bash' /etc/passwd | cut -d: -f1 171 | users=$(awk -F: '$7=="/bin/bash" { print $1}' /etc/passwd) 172 | for user in $users 173 | do 174 | echo "User: $user , $(id $user | cut -d " " -f 1)" 175 | done 176 | root_info=$(cat /etc/passwd | grep root) 177 | Info "Root info" "${root_info}" 178 | space 179 | } 180 | 181 | reset_password() { 182 | space 183 | while : 184 | do 185 | read -p "Enter user name: " user 186 | if id $user &> /etc/null 187 | then 188 | 189 | if confirm "Generate password automatically? (y/n or enter for n)"; then 190 | local pass=$(gen_pass) 191 | echo "$user:$pass" | chpasswd 192 | Info "Info" "Password changed. Name: $user. Password: $pass" 193 | logthis "Password changed. Name: $user. Password: $pass" 194 | else 195 | read -p "Enter passwords: " password 196 | echo "$password" | passwd --stdin $user 197 | Info "Info" "Password changed. Name: $user. Password: $password" 198 | logthis "Password changed. Name: $user. Password: $password" 199 | fi 200 | space 201 | return 0 202 | else 203 | Error "Error" "User $user does not found!" 204 | space 205 | fi 206 | done 207 | 208 | } 209 | 210 | lock_user() { 211 | 212 | space 213 | while : 214 | do 215 | read -p "Enter user name: " user 216 | if [ -z $user ] 217 | then 218 | Error "Error" "Username can't be empty" 219 | else 220 | if id $user &> /etc/null 221 | then 222 | passwd -l $user 223 | Info "Info" "User $user locked" 224 | logthis "User $user locked" 225 | space 226 | return 0 227 | else 228 | Error "Error" "User $user does not found!" 229 | space 230 | fi 231 | fi 232 | done 233 | } 234 | 235 | unlock_user() { 236 | space 237 | while : 238 | do 239 | read -p "Enter user name: " user 240 | if [ -z $user ] 241 | then 242 | Error "Error" "Username can't be empty" 243 | else 244 | if id $user &> /etc/null 245 | then 246 | 247 | local locked=$(cat /etc/shadow | grep $user | grep !) 248 | 249 | if [[ -z $locked ]]; then 250 | Info "Info" "User $user not locked" 251 | else 252 | passwd -u $user 253 | Info "Info" "User $user unlocked" 254 | logthis "User $user unlocked" 255 | fi 256 | space 257 | return 0 258 | else 259 | Error "Error" "User $user does not found!" 260 | space 261 | fi 262 | fi 263 | done 264 | } 265 | 266 | list_locked_users() { 267 | cat /etc/shadow | grep '!' 268 | } 269 | 270 | backup_user() { 271 | space 272 | while : 273 | do 274 | read -p "Enter user name: " user 275 | if [ -z $user ] 276 | then 277 | Error "Error" "Username can't be empty" 278 | else 279 | if id $user &> /etc/null 280 | then 281 | check_bkp_folder 282 | homedir=$(grep ${user}: /etc/passwd | cut -d ":" -f 6) 283 | Info "Info" "Home directory for $user is $homedir " 284 | Info "Info" "Creating..." 285 | ts=$(date +%F) 286 | tar -zcvf $BACKUPS/${user}-${ts}.tar.gz $homedir 287 | Info "Info" "Backup for $user created with name ${user}-${ts}.tar.gz" 288 | space 289 | return 0 290 | else 291 | Error "Error" "User $user does not found!" 292 | space 293 | return 1 294 | fi 295 | fi 296 | done 297 | } 298 | 299 | generate_ssh_key() { 300 | space 301 | while : 302 | do 303 | read -p "Enter user name: " user 304 | if [ -z $user ] 305 | then 306 | Error "Error" "Username can't be empty" 307 | else 308 | if id $user &> /etc/null 309 | then 310 | local sshf="/home/$user/.ssh" 311 | if [[ ! -d "$sshf" ]]; then 312 | mkdir -p $sshf 313 | chown $user:$user $sshf 314 | chmod 700 $sshf 315 | fi 316 | 317 | su - $user -c "ssh-keygen -t rsa -b 4096 -C '${user}@local' -f ~/.ssh/id_rsa_${user} -N ''" 318 | space 319 | Info "Info" "User PUB key:" 320 | space 321 | su - $user -c "cat ~/.ssh/id_rsa_${user}.pub" 322 | space 323 | logthis "User $user ssh key is created - id_rsa_$user" 324 | return 0 325 | else 326 | Error "Error" "User $user does not found!" 327 | space 328 | return 1 329 | fi 330 | fi 331 | done 332 | } 333 | 334 | delete_user() { 335 | space 336 | while : 337 | do 338 | read -p "Enter user name: " user 339 | if [ -z $user ] 340 | then 341 | Error "Error" "Username can't be empty" 342 | else 343 | if id $user &> /etc/null 344 | then 345 | 346 | if confirm "Completely delete user (y/n or press enter for n)"; then 347 | userdel -r -f $user 348 | if [[ -f /etc/sudoers.d/$user ]]; then 349 | yes | rm -r /etc/sudoers.d/$user 350 | fi 351 | 352 | Info "Info" "User $user deleted" 353 | space 354 | fi 355 | return 0 356 | else 357 | Error "Error" "User $user does not found!" 358 | space 359 | return 1 360 | fi 361 | fi 362 | done 363 | } 364 | 365 | promote_user() { 366 | space 367 | while : 368 | do 369 | read -p "Enter user name: " user 370 | if [ -z $user ] 371 | then 372 | Error "Error" "Username can't be empty" 373 | else 374 | if id $user &> /etc/null 375 | then 376 | 377 | if id $user | grep wheel &> /etc/null 378 | then 379 | Info "Info" "User already promoted to wheel group" 380 | space 381 | else 382 | usermod -aG wheel $user 383 | echo "%$user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$user 384 | logthis "User $user promoted to wheel" 385 | Info "Info" "User promoted to wheel group" 386 | space 387 | fi 388 | return 0 389 | else 390 | Error "Error" "User $user does not found!" 391 | space 392 | return 1 393 | fi 394 | fi 395 | done 396 | } 397 | 398 | degrate_user() { 399 | space 400 | while : 401 | do 402 | read -p "Enter user name: " user 403 | if [ -z $user ] 404 | then 405 | Error "Error" "Username can't be empty" 406 | else 407 | if id $user &> /etc/null 408 | then 409 | 410 | if id $user | grep wheel &> /etc/null 411 | then 412 | Info "Info" "User already promoted to wheel group. Degrating..." 413 | gpasswd -d $user wheel 414 | yes | rm -r /etc/sudoers.d/$user 415 | space 416 | else 417 | Info "Info" "User not promoted to wheel group" 418 | space 419 | fi 420 | return 0 421 | else 422 | Error "Error" "User $user does not found!" 423 | space 424 | return 1 425 | fi 426 | fi 427 | done 428 | } 429 | 430 | # Actions 431 | # ---------------------------------------------------\ 432 | isRoot 433 | checkDistro 434 | 435 | # User menu rotator 436 | while true 437 | do 438 | PS3='Please enter your choice: ' 439 | options=( 440 | "Create new user" 441 | "List users" 442 | "Reset password for user" 443 | "Lock user" 444 | "Unlock user" 445 | "List all locked users" 446 | "Backup user" 447 | "Generate SSH key for user" 448 | "Promote user to admin" 449 | "Degrate user from admin" 450 | "Delete user" 451 | "Quit" 452 | ) 453 | select opt in "${options[@]}" 454 | do 455 | case $opt in 456 | "Create new user") 457 | create_user 458 | break 459 | ;; 460 | "List users") 461 | list_users 462 | break 463 | ;; 464 | "Reset password for user") 465 | reset_password 466 | break 467 | ;; 468 | "Lock user") 469 | lock_user 470 | break 471 | ;; 472 | "Unlock user") 473 | unlock_user 474 | break 475 | ;; 476 | "List all locked users") 477 | list_locked_users 478 | break 479 | ;; 480 | "Backup user") 481 | backup_user 482 | break 483 | ;; 484 | "Generate SSH key for user") 485 | generate_ssh_key 486 | break 487 | ;; 488 | "Delete user") 489 | delete_user 490 | break 491 | ;; 492 | "Promote user to admin") 493 | promote_user 494 | break 495 | ;; 496 | "Degrate user from admin") 497 | degrate_user 498 | break 499 | ;; 500 | "Quit") 501 | Info "Exit" "Bye" 502 | exit 503 | ;; 504 | *) echo invalid option;; 505 | esac 506 | done 507 | done --------------------------------------------------------------------------------