Experts -
AIX 5.3
I have an interactive script that creates new users, updates host file, changes passwords, and configures print queues. My problem is this: I normally run this script as root but I want to hand off the execution of this script to a somewhat naive user, and therefore I need to be able to su to root within the script. How would I go about doing this? Or is there a better way? I created a new user and thought I'd given them all sorts of rights that I thought would do the trick, but only root is allowed to read\write certain required files, so I'm kinda stuck. Also, I'd hate to have to hardcode roots password using a simple su command in the script (though this may be the only way), and I'm not sure that installing sudo would be an option - I more or less administer the box, but I don't have carte blanch over it's configuration.
Here's a copy of the script adduser_all.sh:
#!/bin/sh
# ADDUSER - add a new user to the system, including building their
# home directory, copying in default config data, etc.
pwfile="/etc/passwd"
gfile="/etc/group"
hdir="/home"
shell="/usr/bin/ksh"
shadowfile="/etc/security/
passwd"
hostfile="/etc/hosts"
#if [ "$(whoami)" != "root" ] ; then
# echo "Error: You must be root to run this command." >&2
# exit 1
#fi
echo "New user added to city (enter OTT or TOR or MTL or VAN): \c" ; read city
echo " "
echo "Add new user account to $(hostname)"
echo "login: \c" ; read login
echo "Password: \c" ; read password
city=`echo $city | tr '[:lower:]' '[:upper:]'`
login=`echo $login | tr '[:upper:]' '[:lower:]'`
password=`echo $password | tr '[:upper:]' '[:lower:]'`
echo " "
echo "City: $city, Login: $login, Password: $password"
echo " "
# adjust '5000' to match the top end of your user account namespace
# because some system accounts have uid's like 65535 and similar.
uid="$(awk -F: '{ if (big < $3 && $3 < 5000) big=$3 } END { print big + 1 }' $pwfile)"
homedir=$hdir/$login
# we are giving each user their own group, so gid=uid
gid=1
echo "full name: \c" ; read fullname
#echo -n "shell: " ; read shell
echo "Setting up account $login for $fullname..."
if [ "${login}" == "" ]
then
echo "login: null entry. exiting...."
exit 1
fi
echo ${login}:x:${uid}:${gid}:$
{fullname}
:${homedir
}:$shell >> $pwfile
echo ${login}:*:11647:0:99999:7
::: >> $shadowfile
echo "${login}:x:${gid}:$login"
>> $gfile
if [ "$city" != "VAN" ] ; then
mkdir $homedir
cp -R /etc/security/.profile $homedir
chmod 755 $homedir
find $homedir -print | xargs chown ${login}:$login
#echo mpro -pf /appl/fs/db/data.pf -p /appl/fs/obj/mplogy02.p -U '$LOGNAME' -P '"'${password}'"' >> $homedir/.profile
elif [ "$city" = "VAN" ] ; then
mkdir $homedir
cp -R /etc/security/.profile $homedir
chmod 755 $homedir
find $homedir -print | xargs chown ${login}:$login
#echo mpro -pf /appl/fs/db/data.pf -p /appl/fs/obj/mplogy02.p >> $homedir/.profile
fi
# setting an initial password
passwd $login
# disabling change to password on first login
pwdadm -f NOCHECK $login
# create entry in hostfile if not there
echo " "
echo "User computer name: \c" ; read hostname
echo "Machine IP address: \c" ; read ipaddress
echo " "
hostname=`echo $hostname | tr '[:lower:]' '[:upper:]'`
if ! egrep ^$ipaddress $hostfile > /dev/null
then
echo "$ipaddress not found"
if egrep ' +'$hostname $hostfile > /dev/null
then
echo "$hostname found."
sed 's/^.* '*$hostname'/'$ipaddress' '$hostname'/' $hostfile > /etc/hostfile_tmp
mv /etc/hostfile_tmp $hostfile
else
#echo "$hostname not found."
#Need a way to know which section to add ****
#Provide the way to identify the section and we can modify ****
#echo "$ipaddress $hostname" >> $hostfile
#new hostfile write operations added apr 30, 2007
echo "$hostname not found."
#echo "$ipaddress $hostname" >> $hostfile
hostname_prefix=`echo $hostname | cut -c1-3`
echo $hostname_prefix
case $hostname_prefix in
"OTT" ) section="#Ottawa Workstations";;
"TOR" ) section="#Toronto Workstations";;
"MTL" ) section="#Montreal Workstations";;
"VAN" ) section="#Vancouver Workstations";;
esac
sed_command="s/^$section/&
|$ipaddres
s $hostname/"
sed "$sed_command" $hostfile | tr "|" "\n" > /etc/tst_host_tmp
mv /etc/tst_host_tmp $hostfile
fi
fi
#exit 0
echo " "
echo "Do you want to create a user print queue now (enter Y or N): " ; read createprint
createprint=`echo $createprint | tr '[:lower:]' '[:upper:]'`
if [ "$createprint" != "Y" ] ; then
echo "Exiting script without creating queue." >&2
exit 1
fi
echo " "
echo "Add print queue for user $(login)"
echo "Print queue name: \c" ; read printqueue
printqueue=`echo $printqueue | tr '[:upper:]' '[:lower:]'`
#echo -n "User computer name: " ; read hostname
echo "Windows printer share name: \c" ; read sharename
sharename=`echo $sharename | tr '[:lower:]' '[:upper:]'`
echo " "
echo "Creating $printqueue:$sharename print queue for $login..."
echo " "
/usr/lib/lpd/pio/etc/piomi
sc_ext mkpq_remote_ext -q ${printqueue} -h ${hostname} -r ${sharename} -t 'aix' -C 'FALSE'
exit 0
Start Free Trial
