8. CMD_SHELL Cut Discr
1set -x
8.1. User script generator Version 1.2.1a
$| - counter arguments
$@ - listing arguments
[-z $1] - check string
rm -rf /tmp/*
rm -rf /var/cache/apt/
rm -rf /var/cache/pacman/
rm -rf /var/cache/man/
sudo ncdu /var/log/
rm -rf ~/.local/share/Trash/files/
sudo apt autoremove
journalctl –vacuum-size=100M
cmd -uadd [-iu] XXX -gadd [-ig] XXX
cmd -umod [-mu] XXX -umod [-mg] XXX
user_exists(){ id «$1» &>/dev/null; }
set -x
8.1.1. Mode
1USER_ADD="";
2GROUP_ADD="";
3UROUP_ID="";
4GROUP_ID="";
5SUID="";
6SGID="";
7SH_MODE="";
8HOME_PATH="";
9PWD_USER="";
10COMMENT_USER="";
11PARAMETER="";
8.2. https
8.3. https
username=»admin»
groups username | sed -n -e «s/^(.*):.*/1/p»
psarr=$(groups admin | sed -n -e «s/.*:s(.*).*/1/p»)
grarr=($psarr)
echo «arr: ${grarr[1]}»
LOG_DIR=/var/log
1ROOT_UID=0 # ������ ������������ � $UID 0 ����� ���������� root.
LINES=50 | ���������� ����������� ����� ��-���������.
E_XCD=66 | ���������� ������� �������?
E_NOTROOT=67 | ������� ���������� root-����������.
1sign="RSA"
2bits="4096"
3TMP=""
useradd groupadd (iu/ig) umod gmod (mu/mg) sguid suid stick sbit
1cmd_usermod=("uadd" "gadd" "iu" "ig" "umod" "gmod" "mu" "mg" "sg" "su" "sb" "hd" "pwd" "cmt" "r");
2cmd_mode=("ssh_keygen" "ressh_host");
8.3.1. Check root privilege
1if [[ $EUID -ne 0 ]]; then
2 if [[ ${LANG:0:5} -eq 'ru_RU' ]]; then
3 echo "Ошибка скрипта перезапустите скрипт на root" 1>&2
4 else
5 echo "This script must be run as root" 1>&2
6 fi
7 exit 1;
8fi
8.3.3. Check users and groups
echo $GROUPS
if [ -z $1 ]; then
str = $groups | awk «{print $1}»;
echo $str;
1if id -nGz "$USER_ADD" | grep -qzxF "$GROUP_ADD"
2then
3echo User \`$USER_ADD\' belongs to group \`$GROUP_ADD\';
4else
5echo User \`$USER_ADD\' does not belong to group \`$GROUP_ADD\';
6 exit 1;
7fi
if ! id -u «$USER_ADD» >/dev/null 2>&1; then
echo -e «$USER_ADD not exist»
exit 1;
fi
if ! id -g «$GROUP_ADD» >/dev/null 2>&1; then
echo -e «$GROUP_ADD not exist»
exit 1;
8.3.4. Process generate keys
fi
-f auth_$USER$GROUPS
1if [[ $SH_MODE == ${cmd_mode[0]} ]];
2then
3if [ ! -d "/home/$USER_ADD/.ssh/" ]; then
4 cd /home/$USER_ADD/
5 mkdir .ssh
6 sudo chown $USER_ADD:$GROUP_ADD .ssh
7 sudo chmod 700 /home/$USER_ADD/.ssh/
8fi
9 cd /home/$USER_ADD/.ssh/
10if [ $? -ne 0 ]; then
11 echo -e "error: not exist directory"
12 exit 1;
13fi
14 sudo rm -rf auth*
15 sudo touch authorized_keys
8.4. sudo touch auth_$USER_ADD$GROUP_ADD
1TMP=$(date +"%m-%d-%Y+%T");
2 ssh-keygen -t $sign -b $bits -f /home/$USER_ADD/.ssh/auth_$USER_ADD$GROUP_ADD -N "$PWD_USER" -C "$HOSTNAME $USER_ADD:$GROUP_ADD $TMP"
3 sudo chmod 640 authorized_keys
4 sudo chmod 600 auth_$USER_ADD$GROUP_ADD
5 cat auth_$USER_ADD$GROUP_ADD.pub >> authorized_keys
6 sudo chown $USER_ADD:$GROUP_ADD auth*
7 sudo chmod 700 auth_$USER_ADD$GROUP_ADD.pub
8if [[ $EUID -eq 0 ]]; then
9 semanage fcontext -a -t ssh_home_t "/home/$USER_ADD/.ssh(/.*)?"
10 chcon -Rv -t ssh_home_t "/home/$USER_ADD/.ssh";
11fi
12
13fi
-f auth_$USER$GROUPS
1if [[ $SH_MODE == ${cmd_mode[1]} ]];
2then
3 cd /etc/ssh
4 sudo rm -rf ssh_host_*
5 echo -y | dpkg-reconfigure openssh-server
6fi
elif
if[[$1 == ${cmd_arr[1]}]];
then
1
elif
if[[$1 == ${cmd_arr[2]}]];
then
8.5. echo
elif
fi
set +x
echo you have entered the text $TEXT
1exit 0