Browse Source

usermod command

Signed-off-by: Peter Kosyh <p.kosyh@gmail.com>
Peter Kosyh 3 years ago
parent
commit
c37ed104d3
1 changed files with 94 additions and 0 deletions
  1. 94 0
      scripts/rfa

+ 94 - 0
scripts/rfa

@@ -35,6 +35,8 @@ Commands:
 	Remove access rights for user(s) to repository.
   userdel-all <repository> <r/w/rw>
 	Remove access rights for all users for repository.
+  usermod <user> [<restricted|interactive>]
+        Deny/permit interactive user shell (git-shell/normal shell)
 EOF
 }
 
@@ -254,6 +256,94 @@ repository_info()
 
 	return 0
 }
+# user restricted mode
+user_getshell()
+{
+	local sh=`cat /etc/passwd | grep "^$1:" | cut -d ':' -f 7`
+	echo $sh
+}
+
+user_interactive()
+{
+	local user="$1"
+	local git_shell="/home/$user/git-shell-commands"
+	if [ ! -f "$git_shell/no-interactive-login" ]; then
+		return 0
+	fi
+	local sh=`cat "$git_shell/no-interactive-login" | sed -e 's/^#[ \t]*//g'`
+	if [ "x$sh" = "x" ]; then
+		echo "Can not get user shell, using /bin/bash..." 1>&2
+		sh="/bin/bash"
+	fi
+	chsh -s "$sh" "$1" || return 1
+	rm -f "$git_shell/no-interactive-login" || return 1
+	rmdir "$git_shell" >/dev/null 2>&1
+	return 0
+}
+
+user_restricted()
+{
+	local user="$1"
+	local git_shell="/home/$user/git-shell-commands"
+	if [ -f "$git_shell/no-interactive-login" ]; then
+		return 0
+	fi
+	local sh=`user_getshell "$user"`
+	if [ "x$sh" = "x" ]; then
+		echo "Can not get user shell, using /bin/bash..." 1>&2
+		sh="/bin/bash"
+	fi
+	chsh -s $(command -v git-shell) "$user" || return 1
+	test -d "$git_shell" || mkdir "$git_shell"
+	echo "# $sh" > "$git_shell/no-interactive-login" && chmod +x "$git_shell/no-interactive-login" && return 0
+	return 1
+}
+
+user_showmod()
+{
+	local user="$1"
+	local git_shell="/home/$user/git-shell-commands"
+	if [ -f "$git_shell/no-interactive-login" ]; then
+		echo "restricted"
+	else
+		echo "interactive"
+	fi
+}
+
+user_mod()
+{
+	local user="$1"
+	local mode="$2"
+	if ! grep -q "^$user:" /etc/passwd; then
+		echo "No such user." 1>&2
+		return 1
+	fi
+	if test "x$mode" = "x"; then
+		user_showmod "$user"
+		return 0
+	fi
+	case "$mode" in
+	restricted)
+		if ! user_restricted "$user"; then
+			echo "Error: can not set mode, rollback..." 1>&2
+			user_interactive "$user"
+			return 1
+		fi
+		;;
+	interactive)
+		if ! user_interactive "$user"; then
+			echo "Error: can not set mode, rollback..." 1>&2
+			user_restricted "$user"
+			return 1
+		fi
+		;;
+	*)
+		echo "Error: Illegal mode \"$mode\" (restricted|interactive)" 1>&2
+		return 1
+		;;
+	esac
+	return 0
+}
 
 # Add users to access groups
 user_add()
@@ -504,6 +594,10 @@ case "$action" in
 	test $# -lt 2 && { echo "Error: Not enough parameters" 1>&2; exit 1; }
 	user_del_all "$@" || exit 1
 	;;
+"usermod")
+	test $# -lt 1 && { echo "Error: Not enough parameters" 1>&2; exit 1; }
+	user_mod "$@" || exit 1
+	;;
 *)
 	echo "Error: Unknown command" 1>&2
 	exit 1