Чтобы позволить пользователям NOC в моей компании управлять пользователями через NIS, я создал следующий скрипт:
#!/bin/bash
# This script will simplicate NIS user management.
# You will not be able to change password or delete users peeradmin and root through this script.
# Written by Itai Ganot 2014.
# Edit only this variable:
PROTECTEDUSERS="peeradmin root" # Separate values with spaces.
# Variables
USER=$1
GREP="/bin/grep"
PASSWDFILE="/etc/passwd"
YPPASSWD="/usr/bin/yppasswd"
USERDEL="/usr/sbin/userdel"
USERADD="/usr/sbin/useradd"
PASSWD="/usr/bin/passwd"
YPCAT="/usr/bin/ypcat passwd.byname"
# Functions
function usage {
echo -e "Usage: $0 <username to manage>"
}
function updatenis {
echo -e "\e[36m #===# Uptdating NIS database... \e[0m"
cd /var/yp && make
}
# Script
if [ -z "$USER" ]; then
usage
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo -e "Run as root!"
exit 1
fi
"$GREP" -q "$USER" "$PASSWDFILE"
if [ "$?" = "0" ]; then
echo -e "\e[36m #===# User already exists \e[0m"
echo -e "\e[36m #===# How would you like to continue? \e[0m"
USERID=$(id -u $USER)
select CHOICE in 'Change user password' 'Remove user' 'View user' 'Exit'; do
case $CHOICE in
"Change user password")
if [[ "$PROTECTEDUSERS" =~ $USER ]]; then # Defense against changing root or peeradmin password
echo -e "\e[36m #===# User $USER should never be edited! \e[0m"
exit 1
fi
echo -e "\e[36m #===# Provide root password for NIS server... \e[0m"
"$YPPASSWD" "$USER"
updatenis
break
;;
"Remove user")
if [[ "$PROTECTEDUSERS" =~ $USER ]]; then # Defense against deletion of user root or peeradmin.
echo -e "\e[36m #===# User $USER should never be edited! \e[0m"
exit 1
fi
read -r -p "Remove home directory and mail? [y/n] " ANSWER1
if [[ "$ANSWER1" = [Yy] ]]; then
"$USERDEL" -r "$USER"
updatenis
echo -e "\e[36m #===# User $USER has been deleted along with the user's home folder and mail \e[0m"
break
else
"$USERDEL" "$USER"
echo -e "\e[36m #===# User $USER has been deleted \e[0m"
updatenis
break
fi
;;
"View user")
echo -e "\e[36m #===# Displaying user $USER \e[0m"
$YPCAT | $GREP "$USER"
break
;;
"Exit")
echo -e "\e[36m #===# Exiting, No changes done. \e[0m"
exit 0
;;
esac
done
else
read -r -p "User doesn't exist, would you like to add it? [y/n] " ANSWER2
if [[ "$ANSWER2" = [Yy] ]]; then
echo -e "\e[36m #===# Collecting required information... \e[0m"
sleep 2
LASTUID=$(tail -n 1 $PASSWDFILE | awk -F: '{print $3}')
NEXTUID=$(( LASTUID + 1 ))
$USERADD -g users $USER -u $NEXTUID
echo -e "\e[36m #===# Set password for the new user \e[0m"
$PASSWD $USER
updatenis
read -r -p "Would you like to test the creation of the user? [y/n] " ANSWER3
if [[ "$ANSWER3" = [Yy] ]]; then
$YPCAT | $GREP "$USER"
if [ "$?" = "0" ]; then
echo -e "\e[36m #===# User $USER created successfully! \e[0m"
fi
fi
elif [[ "$ANSWER2" = [Nn] ]]; then
echo -e "\e[36m #===# Exiting, no changes done. \e[0m"
exit 0
fi
fi
Обычно скрипт работает отлично, Пример:
[root@nis ~]# Nis_Manage
Usage: /usr/sbin/Nis_Manage <username to manage>
[root@nis ~]# Nis_Manage itaig
#===# User already exists
#===# How would you like to continue?
1) Change user password 3) View user
2) Remove user 4) Exit
#? 1
#===# Provide root password for NIS server...
Changing NIS account information for itaig on nis.sj.company.com.
Please enter root password:
Changing NIS password for itaig on nis.sj.company.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on nis.sj.company.com.
#===# Uptdating NIS database...
gmake[1]: Entering directory `/var/yp/company'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/company'
[root@nis ~]#
Но иногда, что я не могу отличить от других случаев, когда скрипт работает, он не make
и обновите NIS новым паролем:
[root@nis ~]# Nis_Manage itaig
#===# User already exists
#===# How would you like to continue?
1) Change user password 3) View user
2) Remove user 4) Exit
#? 1
#===# Provide root password for NIS server...
Changing NIS account information for itaig on nis.sj.company.com.
Please enter root password:
Changing NIS password for itaig on nis.sj.company.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on nis.sj.company.com.
#===# Uptdating NIS database...
gmake[1]: Entering directory `/var/yp/company'
Updating passwd.byname...
Updating passwd.byuid...
makedbm: Cannot open passwd.byuid~
gmake[1]: *** [passwd.byuid] Error 1
gmake[1]: Leaving directory `/var/yp/company'
make: *** [target] Error 2
[root@nis ~]#
Я пытался найти тенденцию, но не нашел, можете ли вы найти причину случайных сбоев при обновлении passwd.byuid
?
заранее спасибо