Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
unix:linux:sysadmin:syncusers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
unix:linux:sysadmin:syncusers [2022/01/17 18:08] – created rodolicounix:linux:sysadmin:syncusers [2022/01/17 18:40] (current) rodolico
Line 9: Line 9:
 The two variables at the top of the page, //%fixUserNames// and %passwords contain all of the information to be set up on the server. //%fixUserNames// either removes users or, if a new name is given, renames a user. //%passwords// creates a new user if they don't exist, adds their public ssh key and sets the password (changing the password if it is already set). The two variables at the top of the page, //%fixUserNames// and %passwords contain all of the information to be set up on the server. //%fixUserNames// either removes users or, if a new name is given, renames a user. //%passwords// creates a new user if they don't exist, adds their public ssh key and sets the password (changing the password if it is already set).
  
-It does **not** set the UID or GIDexcept that all users are members of the group users.+It does **not** set the UID, and sets primary group to //users//. All users are members of the group sudo, which gives them sudo rights. See line in middle of sub addAUser to modify that.
  
-Use with caution, but it has worked well for us in the past.+The passwords are encrypted using the command <code bash>echo 'mypassword' | openssl passwd -1 -stdin</code> where 'mypassword' is the password you want to give the user. 
 + 
 +Use with caution, but it has worked well for us in the past. It is not well documented.
  
 <code perl fixusers.pl> <code perl fixusers.pl>
Line 26: Line 28:
  
 # we use this to know to change usernames, in other words, if # we use this to know to change usernames, in other words, if
-# the username bre exists on the server, we need to change it +# the username user exists on the server, we need to change it 
-# to breena.+# to user1, while baduser is removed if it exists.
 # if the $changeTo is empty, we simply remove the user. # if the $changeTo is empty, we simply remove the user.
 my %fixUserNames = (  my %fixUserNames = ( 
Line 35: Line 37:
    );    );
  
-# 'password' comes from the command echo 'mypassword' | openssl passwd -1 -stdin+# 'password' comes from the command  
 +echo 'mypassword' | openssl passwd -1 -stdin
 # 'ssh key' is the value found in ~/.ssh/id_rsa.pub # 'ssh key' is the value found in ~/.ssh/id_rsa.pub
 +# in the following example, 'user1' is created if they don't exist,
 +# and their password is changed to 'mypassword' (encrypted version given).
 +# nothing is done to their ssh key.
 +# user2 is treated the same way, but their ssh public key is added to their authorized_keys file
 my %passwords = ( my %passwords = (
       'user1'  => {       'user1'  => {
-  'password' =>   '$1$hpr.bGjU$VgEWjkSIWZS.jlgxDRnCd0',+                         'password' =>   '$1$hpr.bGjU$VgEWjkSIWZS.jlgxDRnCd0',
  'ssh key'  =>   ''  'ssh key'  =>   ''
                      },                      },
unix/linux/sysadmin/syncusers.1642464486.txt.gz · Last modified: 2022/01/17 18:08 by rodolico