Blog IndexPosts by TagHome

SSSD simple_allow_users Management Script

Posted <2016-09-28 Wed 23:16> by Aaron S. Jackson.
#!/usr/bin/bash
# Aaron Jackson <asj@cs.nott.ac.uk>
# Short script for managing the simple_allow_users line in sssd.conf

if [[ $EUID -ne 0 ]]; then
   echo "you must sudo or run as root"
   exit 1
fi

case "$1" in
    add)
    if [ -z "$2" ]; then
       echo "no user specified"
       exit 1
    fi

    cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.backup
    line=$(grep simple_allow_users /etc/sssd/sssd.conf)

    if [[ "$line" == *"$2"* ]]; then
        echo "user already has access"
        exit 1
    fi

    valid=$(getent passwd $2)

    if [ -z "$valid" ]; then
        echo "user does not exist in directory"
        exit 1
    else
        echo $valid
    fi

    newline="$line,$2"

    sed -i "s/simple_allow_users.*/$newline/" /etc/sssd/sssd.conf
    ;;

    remove)
    if [ -z "$2" ]; then
       echo "no user specified"
       exit 1
    fi

    cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.backup

    users=$(grep simple_allow_users /etc/sssd/sssd.conf \
            | cut -d'=' -f2 | tr ',' ' ')
    newline="simple_allow_users = "
    for u in $users; do
        if [[ ! $u == "$2" ]]; then
           newline="$newline$u,"
        fi
    done
    newline=${newline%?} # chop off comma
    sed -i "s/simple_allow_users.*/$newline/" /etc/sssd/sssd.conf
    ;;

    list)
    users=$(grep simple_allow_users /etc/sssd/sssd.conf \
            | cut -d'=' -f2 | tr ',' ' ')
    for u in $users; do
        getent passwd $u | tr ':' '\t'
    done
    ;;

    reload)
    systemctl restart sssd
    sss_cache -E
    ;;

    *)
    echo "options: "
    echo "   add <user>,  remove <user>,  list,  reload"
    ;;
esac

Related posts:

Tags: linux

Blog IndexPosts by TagHome

Copyright 2007-2017 Aaron S. Jackson (modified: Sun 23 Jul 14:30:47 BST 2017)