Para permitir que os usuários do NOC em minha empresa gerenciem usuários por meio do NIS, criei o seguinte script:
#!/bin/bash
# This script will simplicate NIS user management.
# You will not be able to change password or delete users peeradmin and root through this script.
# Written by Itai Ganot 2014.
# Edit only this variable:
PROTECTEDUSERS="peeradmin root" # Separate values with spaces.
# Variables
USER=$1
GREP="/bin/grep"
PASSWDFILE="/etc/passwd"
YPPASSWD="/usr/bin/yppasswd"
USERDEL="/usr/sbin/userdel"
USERADD="/usr/sbin/useradd"
PASSWD="/usr/bin/passwd"
YPCAT="/usr/bin/ypcat passwd.byname"
# Functions
function usage {
echo -e "Usage: $0 <username to manage>"
}
function updatenis {
echo -e "\e[36m #===# Uptdating NIS database... \e[0m"
cd /var/yp && make
}
# Script
if [ -z "$USER" ]; then
usage
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo -e "Run as root!"
exit 1
fi
"$GREP" -q "$USER" "$PASSWDFILE"
if [ "$?" = "0" ]; then
echo -e "\e[36m #===# User already exists \e[0m"
echo -e "\e[36m #===# How would you like to continue? \e[0m"
USERID=$(id -u $USER)
select CHOICE in 'Change user password' 'Remove user' 'View user' 'Exit'; do
case $CHOICE in
"Change user password")
if [[ "$PROTECTEDUSERS" =~ $USER ]]; then # Defense against changing root or peeradmin password
echo -e "\e[36m #===# User $USER should never be edited! \e[0m"
exit 1
fi
echo -e "\e[36m #===# Provide root password for NIS server... \e[0m"
"$YPPASSWD" "$USER"
updatenis
break
;;
"Remove user")
if [[ "$PROTECTEDUSERS" =~ $USER ]]; then # Defense against deletion of user root or peeradmin.
echo -e "\e[36m #===# User $USER should never be edited! \e[0m"
exit 1
fi
read -r -p "Remove home directory and mail? [y/n] " ANSWER1
if [[ "$ANSWER1" = [Yy] ]]; then
"$USERDEL" -r "$USER"
updatenis
echo -e "\e[36m #===# User $USER has been deleted along with the user's home folder and mail \e[0m"
break
else
"$USERDEL" "$USER"
echo -e "\e[36m #===# User $USER has been deleted \e[0m"
updatenis
break
fi
;;
"View user")
echo -e "\e[36m #===# Displaying user $USER \e[0m"
$YPCAT | $GREP "$USER"
break
;;
"Exit")
echo -e "\e[36m #===# Exiting, No changes done. \e[0m"
exit 0
;;
esac
done
else
read -r -p "User doesn't exist, would you like to add it? [y/n] " ANSWER2
if [[ "$ANSWER2" = [Yy] ]]; then
echo -e "\e[36m #===# Collecting required information... \e[0m"
sleep 2
LASTUID=$(tail -n 1 $PASSWDFILE | awk -F: '{print $3}')
NEXTUID=$(( LASTUID + 1 ))
$USERADD -g users $USER -u $NEXTUID
echo -e "\e[36m #===# Set password for the new user \e[0m"
$PASSWD $USER
updatenis
read -r -p "Would you like to test the creation of the user? [y/n] " ANSWER3
if [[ "$ANSWER3" = [Yy] ]]; then
$YPCAT | $GREP "$USER"
if [ "$?" = "0" ]; then
echo -e "\e[36m #===# User $USER created successfully! \e[0m"
fi
fi
elif [[ "$ANSWER2" = [Nn] ]]; then
echo -e "\e[36m #===# Exiting, no changes done. \e[0m"
exit 0
fi
fi
Normalmente, o script funciona perfeitamente, Exemplo:
[root@nis ~]# Nis_Manage
Usage: /usr/sbin/Nis_Manage <username to manage>
[root@nis ~]# Nis_Manage itaig
#===# User already exists
#===# How would you like to continue?
1) Change user password 3) View user
2) Remove user 4) Exit
#? 1
#===# Provide root password for NIS server...
Changing NIS account information for itaig on nis.sj.company.com.
Please enter root password:
Changing NIS password for itaig on nis.sj.company.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on nis.sj.company.com.
#===# Uptdating NIS database...
gmake[1]: Entering directory '/var/yp/company'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory '/var/yp/company'
[root@nis ~]#
Mas algumas vezes, que não consigo distinguir das outras vezes quando o script funciona, ele não consegue make
e atualiza o NIS com a nova senha:
[root@nis ~]# Nis_Manage itaig
#===# User already exists
#===# How would you like to continue?
1) Change user password 3) View user
2) Remove user 4) Exit
#? 1
#===# Provide root password for NIS server...
Changing NIS account information for itaig on nis.sj.company.com.
Please enter root password:
Changing NIS password for itaig on nis.sj.company.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on nis.sj.company.com.
#===# Uptdating NIS database...
gmake[1]: Entering directory '/var/yp/company'
Updating passwd.byname...
Updating passwd.byuid...
makedbm: Cannot open passwd.byuid~
gmake[1]: *** [passwd.byuid] Error 1
gmake[1]: Leaving directory '/var/yp/company'
make: *** [target] Error 2
[root@nis ~]#
Eu tentei encontrar uma tendência, mas não consegui encontrar nenhuma, você pode tentar encontrar o motivo da falha aleatória na atualização de passwd.byuid
?
Obrigado antecipadamente
Tags bash shell shell-scripting nis yp