Solved

Automating a script for user accounts LINUX

Posted on 2016-11-03
14
40 Views
Last Modified: 2016-11-18
Hello Gents,

I need your kindly help on automating the process of changing the USERNAME value listed below for every  username I have on a txt file. The txt file includes a list of usernames for our Linux Open-SSH SFTP server. Basically, below commands need to be applied for every username listed on the txt file just to change the USERNAME value each time for a different username. Any idea how to do that? it might be an easy one but, would be great if you could assist.

mkdir /home/USERNAME/SFTPWRITE
chown root /home/USERNAME
chmod 755 /home/USERNAME
chown USERNAME /home/USERNAME/SFTPWRITE
chmod 755 /home/USERNAME/SFTPWRITE
setsebool –P ssh_chroot_rw_homedirs on
0
Comment
Question by:Nitsan Reznik
  • 7
  • 7
14 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 41872971
$USER is the environment variable you are looking for.
If you loop and apply the usernames in your text file to $USER in the path
(/home/$USER)
That should git-r-done.
0
 

Author Comment

by:Nitsan Reznik
ID: 41872981
Hello,

Thank you for your quick prompt.

May I ask which commands/script I need to create to achieve this? I certainly understand That the $USERNAME needs to be typed but, do I need to create a script first?
0
 
LVL 12

Expert Comment

by:Kent W
ID: 41873018
If I understand what you are trying to do, you are changing known usernames on your system to other usernames?

Double check the variable, on most *nix's the user environment variable is $USER not $USERNAME.
Do find for sure, while logged in via ssh (or however you get to bash), do a "set" command.
This will give you a list of all enviro variables. You can grep that for anything containing user with
set |grep USER

Open in new window

It will spit out something like
USER=root

Open in new window

Double check by echoing to see if you get the logged in user with:
echo $USER

Open in new window

You should see something like
root

Open in new window


If you are changing usernames, then three places this needs to be changed -
/etc/passwd , /etc/group, and the home directory of the user.
In the /etc/passwd file, the users home directly is also located here.

testuser:x:500:500::/home/testuser:/bin/bash

The linux tool usermod will change the name for you, but you must edit and change the new path, as well as change the home directory path
usermod -l newloginname oldloginname

Open in new window

You can then change the group (when adding a user, a new user AND group are created for said user) using  the groupmod tool:

groupmod -n newloginname oldloginname

Open in new window


So, to change a user from oldloginname to newloginname:

usermod -l newloginname oldloginname
groupmod -n newloginname oldloginname
move /home/oldloginname /home/newloginname
and finally, the path in the /etc/passwd file here:

newusername:500:500::/home/oldusername:/bin/bash

The variable for the path should be $HOME

Hope that helps.
0
 

Author Comment

by:Nitsan Reznik
ID: 41873028
Hi,

Not really.

All I want to achieve is a script to change the variable USERNAME below to any username listed on a txt file (Where I have a list of the SFTP usernames). All the usernames listed on the txt are new and not created on the SFTP server.

mkdir /home/USERNAME/SFTPWRITE
chown root /home/USERNAME
chmod 755 /home/USERNAME
chown USERNAME /home/USERNAME/SFTPWRITE
chmod 755 /home/USERNAME/SFTPWRITE
setsebool –P ssh_chroot_rw_homedirs on
0
 
LVL 12

Expert Comment

by:Kent W
ID: 41873052
I may be missing a portion here - if you are using true SFTP (FTP over SSH), then that classically uses linux native users, in which the user would be invalid if it were not created "officially" with the useradd command.
If you are using some other sort of secure FTP software (vsftp, etc.), they all act a little differently...some have their own user definition files, others use the standard /etc/passwd /etc/group files.

Just taking this at face value, though, assuming you've taken that into account, you would need to use a script that would assign the user from the file, I'm assuming in a loop if you are batch-adding.

Basically a loop around the process:

$USERNAME=someusername
mkdir /home/$USERNAME
mkdir /home/$USERNAME/SFTPWRITE
chown root /home/$USERNAME
chmod $USERNAME /home/$USERNAME/SFTPWRITE
chmod 755 /home/$USERNAME
chmod 755 /home/$USERNAME/SFTPWRITE
setsebool –P ssh_chroot_rw_homedirs on

Before I would even attempt to hammer a script, how far off base am I? :)
0
 

Author Comment

by:Nitsan Reznik
ID: 41873064
Hi,

You are certainly in the right direction here! Now I need to know how to create the script which points my txt file. Any idea?
0
 
LVL 12

Expert Comment

by:Kent W
ID: 41873101
I would HEAVILY test first, but you want something like:


We'll call the file  "makeuser.sh" for example purposes, and your list of usernames "usernames.txt"
Create a file "makeuser.sh", add the below, then chmod it to at least 700 (user need to be able to execute):
#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do

$USERNAME=$line
mkdir /home/$USERNAME
mkdir /home/$USERNAME/SFTPWRITE
chown root /home/$USERNAME
chmod $USERNAME /home/$USERNAME/SFTPWRITE
chmod 755 /home/$USERNAME
chmod 755 /home/$USERNAME/SFTPWRITE
setsebool –P ssh_chroot_rw_homedirs on

done < "$1"

Open in new window


Assuming your list of username, each on a separate line, is in "usernames.txt", you would run the script like this -
./makeuser.sh usernames.txt
You can test reading your usernames.txt with this (just substituting an echo line for the "guts" above):

#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do
    echo "$line"
done < "$1"

Open in new window

./makeuser.sh usernames.txt

It should spit out the usernames correctly, and in sequence.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:Nitsan Reznik
ID: 41873107
Thanks man!

I'll give it a whirl and let you know.
0
 

Author Comment

by:Nitsan Reznik
ID: 41873136
Hi,

Reading the file was fine but when running the first script, it gives below for every user it tries to create:


./makeuser.sh: line 4: =flfull: command not found
mkdir: cannot create directory â/home/â: File exists
mkdir: cannot create directory â/home//SFTPWRITEâ: File exists
chmod: missing operand after â/home//SFTPWRITEâ
Try 'chmod --help' for more information.
0
 
LVL 12

Expert Comment

by:Kent W
ID: 41873224
Can you post the script you are running in its entirety?
Also, what flavor of Linux is this?
0
 

Author Comment

by:Nitsan Reznik
ID: 41873566
Hi,

this is a Centos 7 Linux.

Bascially, I created a file called makesuer.sh and typed below commands

#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do

$USERNAME=$line
mkdir /home/$USERNAME
mkdir /home/$USERNAME/SFTPWRITE
chown root /home/$USERNAME
chmod $USERNAME /home/$USERNAME/SFTPWRITE
chmod 755 /home/$USERNAME
chmod 755 /home/$USERNAME/SFTPWRITE
setsebool –P ssh_chroot_rw_homedirs on

done < "$1"

I also created a file called usernames.txt and typed ./makeuser.sh usernames.txt
0
 
LVL 12

Expert Comment

by:Kent W
ID: 41874718
Try this one. I actually tested on a jailed system.  I'm sure you know to aim it to somewhere other than your true /home while testing. (Gotta cover my rear!)
I added the echo $USERNAME there so you can get some feedback and validate what it actually reads.

#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do

USERNAME="$line"
echo "$USERNAME"
mkdir -p /home/"$USERNAME"/SFTPWRITE             
chown root /home/"$USERNAME"             
chmod 755 /home/"$USERNAME"             
chmod 755 /home/"$USERNAME"/SFTPWRITE             

setsebool -P sshh_chroot_rw_homedirs on 

done < "$1"

Open in new window

0
 

Author Comment

by:Nitsan Reznik
ID: 41874726
Thanks, I'll try and let you know.
0
 
LVL 12

Accepted Solution

by:
Kent W earned 500 total points
ID: 41874763
Type-o there, didn't catch it -

setsebool –P sshh_chroot_rw_homedirs on
it has an extra "h" on ssh portion

change to
setsebool –P ssh_chroot_rw_homedirs on
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this tutorial I will show you how to make a simple HTML bar chart with the usage of WhizBase, If you want more information about WhizBase please read my previous articles at http://www.experts-exchange.com/ARTH_5123186.html (http://www.experts-ex…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
The viewer will learn how to dynamically set the form action using jQuery.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now