scripts/cluster/auto.create.all.homedir.sh

77 lines
3.3 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# Purpose {{{
## This script will:
### Try to get the member of an LDAP group (allowed to connect to Compute Cluster).
### Call a script in order to create the homedir for each user.
### If the list of member is unchanged from a previous run, the script exit.
# }}}
# Vars {{{
DEBUG=0
group_cn="ur1:div:lab:r423:ipr:app:calcul:util_calcul"
group_base="ou=grouper,dc=univ-rennes1,dc=fr"
ldap_url="ldap://ldap.univ-rennes1.fr"
ldap_user=$(sed -n 's/\(^ldap_default_bind_dn = \)\(.*\)/\2/p' /etc/sssd/sssd.conf)
ldap_tok=$(find /etc/sssd/conf.d -type f -exec sed -n 's/\(^ldap_default_authtok = \)\(.*\)/\2/p' {} \; -quit)
new_user_list_path="/tmp/cluster.user.list"
old_user_list_path="/tmp/cluster.user.list.old"
script_wd=$(dirname -- "${0}")
homedir_script="${script_wd}/create.user.homedir.sh"
# }}}
# Check if ldap-utils/ldapsearch is available {{{
if [ ! "$(command -v ldapsearch)" ]; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: ldapsearch check — ldapsearch doesn't seems to be available. Please install ldap-utils package."
exit 1
fi
# }}}
# Check if a new user list already exist {{{
if [ -s "${new_user_list_path}" ]; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: New user list — ${new_user_list_path} already exists."
exit 1
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: New User list — Get the user list."
if command ldapsearch -ZZ -D "${ldap_user}" -w "${ldap_tok}" -H "${ldap_url}" -s one -b "${group_base}" "(cn=${group_cn})" member | sed -n 's/\(^member: uid=\)\(.*\)\(,ou=.*\)/\2/p' > "${new_user_list_path}"; then
if [ -s "${new_user_list_path}" ]; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: New User list — ${new_user_list_path} successfully created."
command chmod 0400 -- "${new_user_list_path}"
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: New User list — Error. ${new_user_list_path} is empty."
exit 1
fi
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: New User list — Error in ldapsearch command."
exit 1
fi
fi
# }}}
# Compare new user list with the previous one {{{
if [ -s "${old_user_list_path}" ]; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Old user list — Compare ${new_user_list_path} with ${old_user_list_path}."
diff -- "${new_user_list_path}" "${old_user_list_path}"
if command diff -q -- "${new_user_list_path}" "${old_user_list_path}" > /dev/null; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Old user list — ${new_user_list_path} and ${old_user_list_path} are the same, no need to create directories."
command mv -f -- "${new_user_list_path}" "${old_user_list_path}"
command chmod 0400 -- "${old_user_list_path}"
exit 0
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Old user list — ${new_user_list_path} and ${old_user_list_path} are NOT the same."
fi
fi
# }}}
# Create user homedir {{{
while IFS= read -r username; do
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Homedir — Apply ${homedir_script} for ${username}."
${homedir_script} "${username}"
done < "${new_user_list_path}"
# }}}
# Keep a record of user list for next use and restrict access
command mv -f -- "${new_user_list_path}" "${old_user_list_path}"
command chmod 0400 -- "${old_user_list_path}"
exit 0