Review My Script Please

carlosinfl · 12-11-2009, 07:47 AM

I created an automated script that makes deleting someone from my email server a little easier. The script is very basic and just helps me do the following:

1 - back up their home directory.
2 - check to see if they're subscribed to any Mailman lists and removes them to avoid delivery failures.
3 - checks '/etc/aliases' for any entries.
4 - Removes the user and their home directory using the userdel -r "command"

It's very basic and I have never written a script before so please excuse me if I am doing anything wrong. Two things I would like to understand how to do in this script before I use it.

First is to somehow find a way to copy / backup their '/etc/passwd & '/etc/shadow' entry in case I ever need to restore their account for an unknown reason. Is this possible?

Second is I find out the hard way if I run the script on my mail server with no username following it:

Code:

 sh remove_user.sh

Rather than how it's intended:

Code:

 sh remove_user.sh carlos

The script will run and just start backing up the entire /home/* directory. If you did not happen to catch this process, you risk the script backing up the entire home directory and eventually deleting all accounts. Is there a way I can change the script that must require a username after the script name?

Below is the script I wrote:

Code:

#!/bin/bash

USERNAME=$1
HOMEDIR=/home/$USERNAME
BACKUPDIR=/var/backup
MAILMANDIR=/usr/lib/mailman
DATESTAMP=$(date +%m-%d-%Y_%H-%M)

if [ -d /home/$USERNAME ]; then
        echo "* Backing up home directory to $BACKUPDIR:"
        tar jcvf $BACKUPDIR/$USERNAME-$DATESTAMP.tar.bz2 /home/$USERNAME
        echo "--------------------------------------------------"
fi

echo "--------------------------------------------------"
echo "* Removing user from mailing lists:"
$MAILMANDIR/bin/remove_members --fromall $USERNAME@mydomain
echo "--------------------------------------------------"

echo "--------------------------------------------------"
echo "* Checking alias files for entries:"
ALIASFILES=$(ls /etc/*alias* | grep -v '\.db' | grep -v '\.orig')
for f in $ALIASFILES; do
        grep -H $USERNAME $f
done
echo "--------------------------------------------------"

echo "--------------------------------------------------"
echo "* Removing users home directory - /home/$USERNAME:"
userdel -r $USERNAME
echo "--------------------------------------------------"

catkin · 12-11-2009, 08:04 AM

Code:

if [[ $# -ne 1]]; then
    echo "Usage: ${0##*/} username" >&2
    \exit 1
fi

Notes:

[[ ]] test preferred over [ ] test
>&2 sends output to stderr, conventional for error messages
\exit ensures the shell built-in exit is used not any alias of the same name

carlosinfl · 12-11-2009, 09:15 AM

Thanks for the clarification. Where would that code position into my script?

catkin · 12-11-2009, 09:40 AM

Where you want it to be effective, presumably before any other commands are executed.

WhisperiN · 12-12-2009, 11:01 PM

Quote:

Originally Posted by catkin

Notes:

[[ ]] test preferred over [ ] test
>&2 sends output to stderr, conventional for error messages
\exit ensures the shell built-in exit is used not any alias of the same name

You are always amazing.. :-)

ghostdog74 · 12-13-2009, 04:13 AM

this part

Quote:

Code:

ALIASFILES=$(ls /etc/*alias* | grep -v '\.db' | grep -v '\.orig')
for f in $ALIASFILES; do
        grep -H $USERNAME $f
done

you can do it with the shell

Code:

shopt -s extglob
for afile in /etc/*aliases*!(db|orig)/* 
do
  while read -r line
  do
     case "$line" in 
       *$USERNAME* ) echo "$afile: $line";;
     esac
  done < "$afile"
done

regarding the use of [[ vs [, its true that [[ has more features and "supposedly" better, BUT you can still use [ normally, quote your variables and do the necessary and you should be fine.

catkin · 12-13-2009, 01:14 PM

Quote:

Originally Posted by WhisperiN

You are always amazing.. :-)

I amaze myself sometimes!

chrism01 · 12-13-2009, 07:53 PM

For the passwd & shadow files, you can grep the entries by loginname (1st field in record) and output to a backup file eg

grep login /etc/passwd >login_passwd.bak
grep login /etc/shadow >>login_passwd.bak

You're going to have to remove the entries form the live files. If you do that by hand, you could just copy/paste the info anyway.
If you automate that, make sure the script does a backup first(!), then remove using eg sed.
Make sure you test this thoroughly(!) on a test system.