I'm trying to do an script that will add users by a file, the commands works but create a user with unknown password, so I've removed the password but when he logs, he doesn't log in the terminal that he should, like
user#machine:~$ he just log in $, that is a old bash interface, my code is:
#!/bin/bash
for i in $(cat users) #file with the users
do
useradd $i -g redes2016 -m #creating users in group redes2016 with a home directory
passwd -d $i #deleting user password
chage -d 0 $i #forcing him to change he password at next login (doesn't work)
done
Related
account creation
here's the image that I run this its only create 1 user at a time and manually entering PEM pass phrase and ca.key pass phrase. but what I want to achieve is import some csv file that contain username and password then import it then automatic create bulk user.
and here's my code trying to achieve it. but it gives me error saying easyrsa error
#!/bin/bash
read -p "Enter Passphase: " passphrase
while IFS=, read user pass;
do
(echo "$pass"; echo "$pass"; echo "$passphrase") | sudo docker-compose run --rm openvpn easyrsa build-client-full "$user"
sudo docker-compose run --rm openvpn ovpn_otp_user "$user"
sudo docker-compose run --rm openvpn ovpn_getclient "$user" > "$HOME/$user.ovpn"
done < accounts.csv
please help I'm new in bash scripting
I am a technician managing 10 Mac Computers. I do not have and MDM to manage them. I manage them manually and one by one... I have some of my Mac Computers that even putting them non Administrator, their managed account comes back to be administrator.
I am at the point where I will write a script to prevent them from falling administrator.
This is my script :
PASSWORD=$(echo U2FsdGVkX1+6JWRG1T9hsA/DIOfb2OZdXBf9uVcYTxY= | openssl enc -aes-128-cbc -a -d -salt -pass pass:wtf)
echo $PASSWORD | sudo -u administrateur adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
for user in $adminUsers
do
if [ "$user" != "root" ] && [ "$user" != "administrateur" ]
then
dseditgroup -o edit -d $user -t user admin
if [ $? = 0 ]; then echo "Removed user $user from admin group"; fi
else
echo "Admin user $user left alone"
fi
done
The encryption command works but my second command(line 2) can't take my variable $PASSWORD, I have this :
sudo: administrateur: command not found
The script get stuck at "administrateur" from line 2.
There are several problems with the line
echo $PASSWORD | sudo -u administrateur adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
First, $PASSWORD isn't in double-quotes, so several special characters might cause trouble. Actually, echo has its own problems with special characters, so printf '%s\n' "$PASSWORD" would be much more reliable.
Except that sudo doesn't accept passwords over standard input, so the pipe won't work anyway.
Also, you can't do a variable assignment in a sudo command. Well, you can, but it's useless because it would make a subprocess as the other user, set the variable in that subprocess... and then exit the subprocess so the variable vanishes along with it.
And the order of evaluation is all wrong. The shell expands the $( ) part before running any of the commands (and as the current user). So it expands to something like:
echo pwgoeshere | sudo -u administrateur adminUsers=root administrateur
... which will tell sudo to run the command administrateur with the variable adminUsers set to "root". Not what you want at all.
But there's good news: dscl can read the group membership from any user account, so you don't need sudo or any of that. Just use:
adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
On the other hand, dseditgroup does need special access to change group membership. What user is this script running as? If it's already running as root, it'll just work. If not, you could use sudo (with the complications of passing the password to that), or much simpler pass the admin credentials as arguments, with the -u and `-P options:
dseditgroup -o edit -u administrateur -P "$PASSWORD" -d "$user" -t user admin
Two more suggestions: use lowercase variable names (e.g. password instead of PASSWORD) to avoid conflicts with the various the various all-caps names with special meanings, and run your scripts through shellcheck.net and correct the things it points out.
I am writing a code script that will delete a user from the Linux CentOS7 box and also remove their sudo permissions.
This is what I have so far:
echo -n "Please enter the username you'd like to delete: "
read -r username
passwd --lock $username
userdel -r "$username"
sudo userdel -r "$username" >> /etc/sudoers.d/sugroup
I know I may need to move the last line above the last userdel -r line, I definitely know I need some help in making sure that the code is working properly. I have a test box I am running this on so if it blows up, I can recreate it.
it sould be enough to use sudo userdell -r "$username" , no additional command needed to remove a user and most of its files.
An alternative way to update sudoers content would be using visudo, since it protects against many failure modes.
hope this helps.
addition:
all files in /etc/sudoers.d/ should have mode 0440 ...
sudo chmod 440 /etc/sudoers.d/*
I have following postgres backup script, its a shell script and written to run ans postgres user.
But the problem is postgres user doesn't have permission to write these directories. I as a user don't have sudo on these machines but I have changed the directory to has 755 and added to one of the group that has major permission to do read-write-execute. Since postgres user isn't part of the unix user group I guess I am running into this issue.
My goal is to put this in the cron-tab but prior to that I need to get the script running with proper permission:
#!/bin/bash
# location to store backups
backup_dir="/location/to/dir"
# name of the backup file has the date
backup_date=`date +%d-%m-%Y`
# only keep the backup for 30 days (maintain low storage)
number_of_days=30
databases=`psql -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d'`
for i in $databases; do
if [ "$i" != "template0" ] && [ "$i" != "template1" ]; then
echo Dumping $i to $backup_dir$i\_$backup_date
pg_dump -Fc $i > $backup_dir$i\_$backup_date
fi
done
find $backup_dir -type f -prune -mtime +$number_of_days -exec rm -f {} \;
Before doing this be sure to login as a super user (sudo su) and try executing these:
useradd -G unix postgres (Add postgres user to unix group)
su postgres (Login as postgres user)
mkdir folder (Go to the directory where postgres needs to write files)
***From this line down is my answer to #find-missing-semicolon question
Just to illustrate an example with a shell script, you can capture the password using the read command and put it to a variable. Here I stored the password in password and echoed it afterwards. I hope this helps.
`#!/bin/bash`
`read -s -p "Password: " password`
`echo $password`
I'm trying to write a bash script that runs a mysqldump command that uses the -p flag. This flag prompts the user for a password, which works as expected when run in the shell directly, but does not appear when run in a script.
#!/usr/bin/env
ssh user#domain.com 'mysqldump -u mysqluser -p --databases foo | bzip2' > ~/temp/foo-dump.sql.bz2
Now I could embed the password in the script or pass it as an arguments, but I really want the script to prompt the user for the password so the password doesn't show up in my scripts repo or in my bash history.
Anyone have any idea on how to accomplish this?
This should do the trick:
read -p "mysql password: " PASS && ssh user#domain.com 'mysqldump -u mysqluser -p'$PASS' --databases foo | bzip2' > foo-dump.sql.bz2 ; PASS=""
In this case, you will first enter the mysql password, and then be prompted for the ssh password. Note that the mysql password will not be hidden, i.e., someone can read it over your shoulder. If you want to avoid that, use the flag -s
read -s -p "mysql password: " PASS && ...
Note also that there mustn't be any space between the "p" (in -p for password) and the quotation mark for the password variable.
Also, your shebang is not specifying which interpreter to use, which might be a problem. I'd suggest you use #!/bin/bash or #!/usr/bin/env bash.