This page describes how the current servers access & permissions are setup.
Using the user-defined bash script to create groups and users. I avoid putting sudo instructions in the script because the file /etc/sudoers is sensitive to edit and should only be edit by su -c visudo
No Format |
---|
#!/bin/bash
# Author: Henry Jiang
# Script: setupAccess
# Summary: set up groups and users
# Syntax: setupAccess.sh <group> <user>
if [[ ! $# > 0 ]]
then
echo "Usage: setupAccess <group> <user> "
exit
fi
if [[ $# == 0 ]]
then
echo "Please specify a group name"
exit
fi
if [[ $# == 1 ]]
then
echo "Please specify a user name"
exit
fi
group="$1"
user="$2"
defaultpass="newpass"
password=`openssl passwd $defaultpass`
if [[ ! $? == 0 ]]
then
echo "openssl not installed!"
exit
fi
#Try to create the group, if it already exist, add user to group
groupadd -r $group
if [[ ! $? == 0 ]]
then
echo "Group $group already exists, adding user: $user to group."
useradd -g $group -p $password -d /home/$user -m $user
if [[ $? == 0 ]]
then
echo "User '$user' added to group '$group' with default password '$defaultpass'"
exit
else
echo "failed to create user"
exit
fi
else
echo "Group $group has been created, creating user: $user ..."
useradd -g $group -p $password -d /home/$user -m $user
if [[ $? == 0 ]]
then
echo "User '$user' added to group '$group' with default password '$defaultpass'"
exit
else
echo "failed to create user"
exit
fi
fi
|
The above script is located at root's home folder(~), only root have permissions to rwx this file.
Setting up groups, users, and sudo on servers
DB
[root@CentOSDB17882 ~]# ./setupAccess.sh dbadmin henry
Group webadmin has been created, creating user: henry ...
User 'henry' added to group 'webadmin' with default password 'newpass'
WEB
[root@CentOSWeb17881 ~]# ./setupAccess.sh webadmin henry
Group webadmin has been created, creating user: henry ...
User 'henry' added to group 'webadmin' with default password 'newpass'
GEO
[root@CentOSGeo17883 ~]# ./setAccess.sh geoadmin henry
Group geoadmin has been created, creating user: henry ...
User 'henry' added to group 'geoadmin' with default password 'newpass'
Add group to sudoers
[root@CentOSGeo17883 ~]# su -c visudo
scroll to the bottom and add
No Format |
---|
## reboot, add any additional commands here
Cmnd_Alias USER_DEFINED = /sbin/reboot
## sudo commands allowed for geo admins
%geoadmin ALL = SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, USER_DEFINED
|
Same for other servers.
Groups for developers are also setup in the same manner:
For DB:
[root@CentOSDB17882 ~]# ./setupAccess.sh dbdev paul