#!/bin/bash # ------- # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston MA 02110-1301 USA # -------- set -e # variables ADMIN_GROUP="admin" # funciones usage(){ exit_message "Usage: $0 [--quiet] [--create] {add|del|list} user1 [ user2 ...]" } exit_message() { [ -z "$OPTION_QUIET" ] && echo $1 >&2 exit 1 } test_root(){ [ "`id -u`" != "0" ] && exit_message "Sorry, but only root can manage 'LliureX superusers' ..." return 0 } rm_admin(){ ADMIN_USER="$1" # solo gestionamos usuarios locales para evitar problemas mezclando usuarios de red y grupos locales llx_test_local_user ${ADMIN_USER} || exit_message "The user \"${ADMIN_USER}\" is not local. Use 'lliurex-netadmin-manager' for network users." # comprueba si el usuario está en el grupo admin llx_test_user_in_group ${ADMIN_USER} ${ADMIN_GROUP} || exit_message "The user \"${ADMIN_USER}\" is not in \"${ADMIN_GROUP}\" group." # comprueba grupo principal [ "`llx_get_user_maingroup ${ADMIN_USER}`" = "${ADMIN_GROUP}" ] && exit_message "The user main group is the LliureX admin group. This utility can not change this !!" # ok, quitamos al usuario del grupo prinicpal deluser --quiet "${ADMIN_USER}" "${ADMIN_GROUP}" return 0 } mk_admin(){ ADMIN_USER="$1" DEF_SHELL="/bin/bash" # comprueba y crea grupo admin llx_test_group ${ADMIN_GROUP} || groupadd ${ADMIN_GROUP} # comprueba usuario if ! llx_test_user ${ADMIN_USER} ; then if [ "${OPTION_CREATE}" ] ; then useradd -g ${ADMIN_GROUP} -m ${ADMIN_USER} -s ${DEF_SHELL} else exit_message "The user \"${ADMIN_USER}\" does not exist. Create the user first or use option '--create'" fi fi # solo gestionamos usuarios locales para evitar problemas mezclando usuarios de red y grupos locales llx_test_local_user ${ADMIN_USER} || exit_message "The user \"${ADMIN_USER}\" is not local. Use 'lliurex-netadmin-manager' for network users." # El usuario debe pertenecer al grupo admin (incluso aunque no fuese su grupo principal) y tambien queremos # que pertenezca a los "grupos de interes" # Para ello añadimos el grupo admin a la lista de grupos y usamos 'adduser' para no interferir # con otros posibles grupos a los que perteneciese admin (si ya estaba creado antes) GROUP_LIST="admin `llx_get_default_group_list`" for g in $GROUP_LIST; do adduser --quiet "${ADMIN_USER}" "${g}" done # añade el GRUPO admin a /etc/sudoers llx_add_groups_to_sudoers ${ADMIN_GROUP} return 0 } # main OPTION_CREATE="" OPTION_QUIET="" LIB_FILE="/usr/share/lliurex/lliurex-userfuncs/lliurex-userfuncs.sh" [ -e ${LIB_FILE} ] || exit_message "Missing liibrary file \"$\" !" . ${LIB_FILE} OPTIONS_PARAM="$1 $2" # test options if echo " $OPTIONS_PARAM " |grep -q " --create " ; then OPTION_CREATE="create" shift fi if echo " $OPTIONS_PARAM " |grep -q " --quiet " ; then OPTION_QUIET="quiet" shift fi echo " $@" |grep -q " --" && usage # there are parameters ? [ $# -lt 1 ] && usage ACTION="$1" shift USER_LIST="$@" case "$ACTION" in add) test_root [ -z "$USER_LIST" ] && usage for u in $USER_LIST; do mk_admin "$u" done ;; del) test_root [ -z "$USER_LIST" ] && usage for u in $USER_LIST; do rm_admin "$u" done ;; list) llx_get_group_members ${ADMIN_GROUP} ;; *) usage ;; esac exit 0