feat: FreeBSD, Fedora, SUSE, Arch support for "Create new user"
operation - Split "User creation" & "Granting new user sudo" into separate methods - new: Abort on user creation failure - new: Abort on sudo privilege failure - Removed user existence check; it is done during argument parsing - Consistent console & file logs; start, success & failure - FreeBSD, Fedora, SUSE: Add `wheel` group to sudoer & add user to `wheel` group - Debian, Ubuntu: Add user to `sudo` group
This commit is contained in:
Pratik Tripathy
@@ -312,45 +312,68 @@ revert_create_user() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
create_user() {
|
create_user() {
|
||||||
# Check if username already exists
|
console_log "INFO" "Creating user $USERNAME..."
|
||||||
if id "$USERNAME" >/dev/null 2>&1; then
|
file_log "INFO" "Creating user $USERNAME"
|
||||||
file_log "WARNING" "User $USERNAME already exists"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Generate a 15-character random password
|
# Generate a 15-character random password
|
||||||
USER_PASSWORD=$(head -c 12 /dev/urandom | base64 | tr -dc "[:alnum:]" | head -c 15)
|
USER_PASSWORD=$(head -c 12 /dev/urandom | base64 | tr -dc "[:alnum:]" | head -c 15)
|
||||||
|
|
||||||
file_log "INFO" "Creating user $USERNAME"
|
if command -v pw >/dev/null 2>&1; then
|
||||||
output=$(printf '%s\n%s\n' "${USER_PASSWORD}" "${USER_PASSWORD}" | adduser "$USERNAME" -q --gecos "First Last,RoomNumber,WorkPhone,HomePhone" 2>&1)
|
# FreeBSD
|
||||||
|
output=$(pw useradd "$USERNAME" -m -w yes && printf '%s\n' "$USER_PASSWORD" | pw usermod "$USERNAME" -h 0 2>&1)
|
||||||
|
command_status=$?
|
||||||
|
else
|
||||||
|
# Linux
|
||||||
|
output=$(useradd -m "$USERNAME" 2>&1 && printf '%s\n%s\n' "$USER_PASSWORD" "$USER_PASSWORD" | passwd "$USERNAME" 2>&1)
|
||||||
|
command_status=$?
|
||||||
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2181
|
file_log "INFO" "$output"
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
|
if [ $command_status -ne 0 ]; then
|
||||||
|
console_log "ERROR" "Failed to create user: $USERNAME"
|
||||||
file_log "ERROR" "Failed to create user $USERNAME"
|
file_log "ERROR" "Failed to create user $USERNAME"
|
||||||
|
revert_create_user
|
||||||
return 1
|
return 1
|
||||||
|
else
|
||||||
|
file_log "SUCCESS" "User created: $USERNAME"
|
||||||
|
console_log "SUCCESS" "User created: $USERNAME"
|
||||||
|
log_credentials "$USERNAME's password: $USER_PASSWORD"
|
||||||
fi
|
fi
|
||||||
if [ -n "$output" ]; then
|
}
|
||||||
file_log "INFO" "adduser command output: $output"
|
|
||||||
|
user_privileged_access() {
|
||||||
|
file_log "INFO" "Granting privileged access (sudo) to $USERNAME"
|
||||||
|
console_log "INFO" "Granting privileged access (sudo) to $USERNAME"
|
||||||
|
|
||||||
|
if getent group wheel >/dev/null 2>&1; then
|
||||||
|
if command -v pw >/dev/null 2>&1; then # FreeBSD
|
||||||
|
SUDOERS_DIR="/usr/local/etc/sudoers.d"
|
||||||
|
output=$(pw groupmod wheel -m "$USERNAME" 2>&1)
|
||||||
|
command_status=$?
|
||||||
|
else # Fedora, RHEL, SUSE, Arch
|
||||||
|
SUDOERS_DIR="/etc/sudoers.d/"
|
||||||
|
output=$(usermod -aG wheel "$USERNAME" 2>&1)
|
||||||
|
command_status=$?
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "%wheel ALL=(ALL) ALL" >"$SUDOERS_DIR"/wheel
|
||||||
|
elif getent group sudo >/dev/null 2>&1; then # Debian, Ubuntu
|
||||||
|
output=$(usermod -aG sudo "$USERNAME" 2>&1)
|
||||||
|
command_status=$?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
output=$(usermod -aG sudo "$USERNAME" 2>&1)
|
file_log "INFO" "$output"
|
||||||
|
|
||||||
# shellcheck disable=SC2181
|
if [ "$command_status" -ne 0 ]; then
|
||||||
if [ $? -ne 0 ]; then
|
console_log "ERROR" "Failed to grant privileged access to $USERNAME"
|
||||||
console_log "WARNING" "Failed to add user $USERNAME to sudo group"
|
file_log "ERROR" "Failed to grant privileged access to $USERNAME"
|
||||||
file_log "WARNING" "Failed to add user $USERNAME to sudo group"
|
console_log "WARNING" "From $USERNAME, use [su -] to login to root & perform special operations"
|
||||||
|
file_log "WARNING" "From $USERNAME, use [su -] to login to root & perform special operations"
|
||||||
|
else
|
||||||
|
file_log "SUCCESS" "$USERNAME granted privileged access"
|
||||||
|
console_log "SUCCESS" "$USERNAME granted privileged access"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$output" ]; then
|
|
||||||
file_log "INFO" "usermod command output: $output"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Log user creation details
|
|
||||||
file_log "SUCCESS" "User created: $USERNAME"
|
|
||||||
console_log "SUCCESS" "User created: $USERNAME"
|
|
||||||
log_credentials "$USERNAME's - Password: $USER_PASSWORD"
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
|
||||||
generate_ssh_key() {
|
generate_ssh_key() {
|
||||||
@@ -756,9 +779,12 @@ main() {
|
|||||||
|
|
||||||
# Step 2: Create new user
|
# Step 2: Create new user
|
||||||
if [ -n "$USERNAME" ]; then
|
if [ -n "$USERNAME" ]; then
|
||||||
console_log "INFO" "Creating user..."
|
if ! create_user; then
|
||||||
create_user
|
return 1 # Abort on error
|
||||||
# Continue regardless of any errors
|
fi
|
||||||
|
if ! user_privileged_access; then
|
||||||
|
return 1 # Abort on error
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Step 3: Generate SSH key for user
|
# Step 3: Generate SSH key for user
|
||||||
|
|||||||
Reference in New Issue
Block a user