#!/bin/sh #writen by Zane C. Bowers . `which sh-include` include lugtools usage(){ echo "luadd: add a user to a POSIX user account to LDAP for use with NSS LDAP" echo "version 0.1.2" echo "" echo "-c the config file to use... the default is ~/.lugtools" echo "-R non-root ok" echo "" echo "required:" echo "-u the username of the user" echo "" echo "-h display this" } #create the tmp file tmpfile=/tmp/luadd.$$ touch $tmpfile chmod go-rwx $tmpfile #default config file config=~/.lugtools NONROOTOK="false" BACKUPDIR="/arc/backup/removed-users" BACKUP="true" RMEMPTYUGROUP="true" PGROUPREMOVE="true" EXISTCHECK="true" #get the options while getopts hu:HRb OPTION ; do case "$OPTION" in u) username="$OPTARG" ;; H) home="false" ;; h) usage=true ;; R) NONROOTOK="true" ;; \?) usage=true ;; esac done #if usage is defined, print the usage info and exit if [ ! -z $usage ]; then usage; exit 1; fi #includes the config file if [ -e $config ]; then . $config else echo $config does not exist exit 1 fi #determines if it should exit if the user is not root if [ ! `whoami` = "root" ]; then if [ "$NONROOTOK" = "false" ]; then echo "It is not ok to run this from something other than root." exit 1; fi fi #check if the user should exist before trying to execute the code if [ $EXISTCHECK = "true" ]; then if [ `userExists $username` = "false" ]; then echo "user, $username, does not exist" exit 1 fi fi #backupdir check if [ ! -d "$BACKUPDIR" ]; then echo "$BACKUPDIR does not exist or is not a directory" exit 1 fi #exit if no username is specified if [ -z $username ]; then echo -u not used to specify a user name fi #the users to be removed home directory uhome=`userHome $username` if [ $BACKUP = "true" ]; then if [ ! -d $uhome ]; then echo "$uhome is not a directory, so not backing it up" else echo "begining backing up $uhome" tar -zcvf $BACKUPDIR/$username.`date +%C%y%m%d-%H%M%S`.tgz fi else echo "BACKUP set to false in $config... not backing up user before removing" fi #remove user from all LDAP groups removeUserFromLDAPGroupsCheck=`removeUserFromLDAPGroups "$username" "$BIND" "$PASSWDFILE" "$USERBASE" "$GROUPBASE"` if [ $removeUserFromLDAPGroupsCheck = "true" ]; then echo "removed $username from all LDAP groups" else echo "failed to remove $username from all LDAP groups" fi #get GIDlist GIDlist=`userGIDlist $username` #remove the users primary group if it PGROUPREMOVE is set to true if [ $PGROUPREMOVE = "true" ]; then pGroup=`userPgroup $username` #only remove it if it is empty if [ `primaryGroupEmpty $username` = true ]; then if [ `groupIsLocal` = true ]; then echo "groupIsLocal=$groupIsLocal" pw groupdel $pGroup if [ $? = 0 ]; then echo "primary group removed" else echo "failed to remove primary group" fi else pGroupRemoveReturn=`removeLDAPposixGroup $pGroup $GROUPBASE $BIND $PASSWDFILE` if [ $pGroupRemoveReturn = "true" ]; then echo "primary group removed" else echo "failed to remove primary group" fi fi else echo "not removing the user's primary group, $pGroup, because it is still in use by "`otherUsersInGroup $pGroup $username` fi fi #removes the user finally if [ `userIsLocal` = true ]; then pw userdel $username if [ $? = 0 ]; then echo "user removed" else echo "failed to remove user" fi else pGroupRemoveReturn=`removeLDAPposixUser $username $USERBASE $BIND $PASSWDFILE` if [ $pGroupRemoveReturn = "true" ]; then echo "user removed" else echo "failed to remove user" fi fi cat $tmpfile rm $tmpfile