VMware - Setup Groups and Users

Owned by henry jiang
Last updated: Jun 14, 2017 by Samuel Valdez (Unlicensed)
2 min read

This page describes how the current servers access & permissions are setup.

Using the user-defined bash script to create groups and users. I avoid putting sudo instructions in the script because the file /etc/sudoers is sensitive to edit and should only be edit by su -c visudo

#!/bin/bash
# Author: Henry Jiang
# Script: setupAccess
# Summary: set up groups and users
# Syntax: setupAccess.sh <group> <user>

if [[ ! $# > 0 ]]
then
   echo "Usage: setupAccess <group> <user> "
   exit
fi
if [[ $# == 0 ]]
then
   echo "Please specify a group name"
   exit
fi
if [[ $# == 1 ]]
then
   echo "Please specify a user name"
   exit
fi

group="$1"
user="$2"
defaultpass="newpass"
password=`openssl passwd $defaultpass`

if [[ ! $? == 0 ]]
then
        echo "openssl not installed!"
        exit
fi
#Try to create the group, if it already exist, add user to group
groupadd -r $group

if [[ ! $? == 0 ]]
then
   echo "Group $group already exists, adding user: $user to group."
   useradd -g $group -p $password -d /home/$user  -m $user
   if [[ $? == 0 ]]
   then
        echo "User '$user' added to group '$group' with default password '$defaultpass'"
        exit
   else
        echo "failed to create user"
        exit
   fi
else
   echo "Group $group has been created, creating user: $user ..."
   useradd -g $group -p $password -d /home/$user  -m $user
   if [[ $? == 0 ]]
   then
        echo "User '$user' added to group '$group' with default password '$defaultpass'"
        exit
   else
        echo "failed to create user"
        exit
   fi
fi

The above script is located at root's home folder(~), only root have permissions to rwx this file.

Setting up groups, users, and sudo on servers

DB

[root@CentOSDB17882 ~]# ./setupAccess.sh dbadmin henry

Group webadmin has been created, creating user: henry ...
User 'henry' added to group 'webadmin' with default password 'newpass'

WEB

[root@CentOSWeb17881 ~]# ./setupAccess.sh webadmin henry

Group webadmin has been created, creating user: henry ...

User 'henry' added to group 'webadmin' with default password 'newpass'

GEO

[root@CentOSGeo17883 ~]# ./setAccess.sh geoadmin henry
Group geoadmin has been created, creating user: henry ...
User 'henry' added to group 'geoadmin' with default password 'newpass'

Add group to sudoers

[root@CentOSGeo17883 ~]# su -c visudo

scroll to the bottom and add

## reboot, add any additional commands here
Cmnd_Alias USER_DEFINED = /sbin/reboot

## sudo commands allowed for geo admins
%geoadmin       ALL = SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, USER_DEFINED

Same for other servers.

Groups for developers are also setup in the same manner:

For DB:

[root@CentOSDB17882 ~]# ./setupAccess.sh dbdev paul