LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-22-2008, 04:19 AM   #1
theonlymac
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Rep: Reputation: 0
shell script for usermod


Thank goodness for the newbie forum

I'm trying to write a shell script, which I want to run as a cron job, that will change (or rather add ) all exisitng users to a secondary group. Have searched and found half-scripts and tried and tried....

This is my thinking:

groupname="ftp-users"
username= where best to read from and how?

do a loop
/usr/sbin/usermod -G $currentgroup,ftp-users $username

Can someone help please with a complete script which I assume will take no less than one minute to write
 
Old 08-22-2008, 04:29 AM   #2
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
I would not advise running a cron job like that ever. At the very least you need to check that a user has a login shell and is not any of the system's dummy users, and it is not advisable to run it as a recurrent cron job under any circumstance. If you want all future users to belong to a group, edit the 'adduser' scripts (if 'adduser' exists, it is typically a front end to 'useradd').
 
Old 08-22-2008, 04:33 AM   #3
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
The script:
Quote:
cat /etc/passwd | cut -d':' -f1 | while read user
do
usermod -aG ftp-users $user
done
I second the message above.
Do not use this script. Why would you want to do that anyway?

Last edited by Agrouf; 08-22-2008 at 04:35 AM.
 
Old 08-22-2008, 04:40 AM   #4
theonlymac
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Its a fileserver which we want to use for file backups. Using webmin, users can create accounts for themselves (we don't want to administer the the server constantly). So we want to add all users to a group, which will have certain rights that is when making use of a web-based filemanager-type script.
 
Old 08-22-2008, 04:48 AM   #5
theonlymac
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Changing the adduser scripts makes sense for the future, but what then is the difference between doing it that way or afterwards via a cron job in terms of security?
 
Old 08-22-2008, 05:35 AM   #6
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
You don't want the apache, root, ftp, samba and whatever service user in the mentioned groups, do you? That would make the group accessible not only to your user but to the whole world over the internet. In terms of security, this is like instead of giving the keys of your car just to your wife and son so they can go shopping, you give the keys to the postman, your neightbours, the baker and your friends when they don't need it.
You just want the users that were added via webmin in the groups, not all users. The script above adds all the users (including root, apache, nobody and everybody).

Last edited by Agrouf; 08-22-2008 at 05:37 AM.
 
Old 08-22-2008, 05:49 AM   #7
theonlymac
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
I meant to ask why can I change groups with changes to the adduser files, but not with a cronjob afterwards... (ignoring the inefficiency of the latter and if it changes the rigths of all users, which we don't want, as you rightly point out).

Agrouf - what line/s do I then need to add to ensure only users with a /bin/sh/ is changed?
I understand that a relook at the /etc/passwd file is necessary - how to do and where to put in - this shell scripting has a few tricks I do not yet understand....?

Last edited by theonlymac; 08-22-2008 at 06:03 AM.
 
Old 08-22-2008, 07:14 AM   #8
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
I would write such a program in a very defensive manner - check that each user you might modify is a regular user, that they are not already in the ftp-users group and so on, and only after all that consider running usermod for that user.

User information can be found in /etc/passwd.

The system users (root, mail etc) have UIDs which are lower than some value. Typically normal user accounts start at UID 500 or 1000, and new users get a UID one more than the greatest existing regular UID. By looking at the UID, you can discard the system accounts like "root" and "daemon" etc. Note that on some systems, "nobody" may have a very high UID (65534).

You can check what groups a user is already in using the "groups" command.

So maybe something like this:
Code:
#!/bin/bash

DEBUG=1
IFS=:
while read username p uid rest; do
        add_group=1
        reason=""
        # check the user ID is not a "special" one - adjust for your system
        if [ $uid -lt 1000 ] || [ $uid -gt 65500 ]; then
                add_group=0
                reason="$reason bad_uid"
        fi

        # check the user is not already in the group
        if /usr/bin/groups $username | /bin/grep -q ftp-users; then
                add_group=0
                reason="$reason already_in_group"
        fi

        if [ $add_group -ne 1 ]; then
                if [ $DEBUG -eq 1 ]; then
                        echo "user $username ($uid) NOT added because:$reason"
                fi
        else
                echo /usr/sbin/usermod -aG ftp-users $username
                if [ $DEBUG -eq 1 ]; then
                        echo "user $username ($uid) now has additional group ftp-users"
                fi
        fi
done < /etc/passwd
This will not do anything but print a bunh of stuff. When you are happy with the selection of users, set DEBUG to 0 and remove the "echo" before the usermod command.

You will also need to check that the paths to groups, grep and usermod are set right for your system.
 
Old 08-25-2008, 02:06 AM   #9
theonlymac
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Thank you Matthew! Much appreciated!

Works like a bomb - just had to change the UID to 500.

Last edited by theonlymac; 08-25-2008 at 02:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to ssh from a shell script ? For ppl who can write shell scripts. thefountainhead100 Programming 14 10-22-2008 07:24 AM
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 03:14 AM
I made a shortcut to a shell script and it is using default shell icon... shlinux Linux - Software 2 04-20-2006 07:29 AM
Alias or shell script to confirm 'exit' commands from a shell rose_bud4201 Programming 2 03-08-2006 03:34 PM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 06:32 PM


All times are GMT -5. The time now is 12:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration