Re: simple script to change the login shell for many users.

Vee_1 · ‎07-08-2009

Dear everyone,
There are 400 userids in my HPUX BOX.I want to create a script to change the user's shell to /usr/bin/false.Please give me an outline or scripting details to do this.

James R. Ferguson · ‎07-08-2009

Hi:

List the uid's of the users you want changed in a simple file; one uid per line. Then run:

# cat .modusers
set -u
umask 022
typeset INFILE=$1
while read UID X
do
usermod -u ${UID} -s /usr/bin/false
done < ${INFILE}
exit 0

...run as:

# ./modusers ./uidlist

Regards!

...JRF...

Doug O'Leary · ‎07-08-2009

Hey;

usermod is probably the right way to go; but, just to show there are always 18 ways to skin a cat in UNIX:

cat ${list-o-users) | while read user
do
echo ${user}
eval "perl -i -ple 's/^(${user}:.*):.*/\1:\/usr\/bin\/false/g' /etc/passwd"
done

The risk on this one is you're playing with the password file directly. If you ensure you have a backup of it (RCS anyone?), verify it's contents afterward, and verify your ability to connect to the server afterward, it's not a major issue.

I did something similar to this when making sweeping gecos field format changes... Got to love meaningless corporate standards...

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html

OldSchool · ‎07-08-2009

"cat ${list-o-users) | while read user
do
echo ${user}
eval "perl -i -ple 's/^(${user}:.*):.*/\1:\/usr\/bin\/false/g' /etc/passwd"
done
"

...which appears to also set root's shell to /usr/bin/false which would be a *bad thing*....

one has to wonder why you want to have 400 accounts that can't log in tho....

Doug O'Leary · ‎07-08-2009

>>...which appears to also set root's shell to /usr/bin/false which would be a *bad thing*....

That would be incorrect - or, rather, correct only if root is in the file referenced as "cat ${list-o-users)". The eval'ed perl statement looks for a line that begins with "${user}:"

If your ${list-o-users} contains:

cipriano
basnyat
rdaihl
mnevin
basisnar

it will look first for a line that starts with "^cipriano:", followed by the next, etc.

Of course, if the user were silly enough to put root in the file, then, yes, it would lock root. That would be why you would want to back up the password file originally, evalute the contents afterward, and verify connectivity afterward...

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html

James R. Ferguson · ‎07-08-2009

Hi (again):

> OldSchool: ...which appears to also set root's shell to /usr/bin/false which would be a *bad thing*....

That would be a very bad thing [ :-) ] if the 'list-o-users' file had 'root' as one of its lines. If it doesn't then Doug's script is one way.

> OldSchool: one has to wonder why you want to have 400 accounts that can't log in tho....

Some of use mused about that in an offline exchange. It could be that Vee needs/wants to keep a historical record of inactivated users to be able to map 'uid's to names (GECOS information?) and/or leave those user's files intact. Of course it would be interesting to know the OP's reason and not our supposition :-)

Regards!

...JRF...

Steven E. Protter · ‎07-08-2009

Shalom,

I would make a list of users to change, with vi or script.

cat /etc/passwd | awk -F: '{print $1}' > list

...
edit the list unless its all of them.
while read -r name
do
usermod -u ${name} -s /usr/bin/false
done < list

This could be done even more slickly with pipes

------------

cat /etc/passwd | awk -F: '{print $1}'|while read -r uname
usermod -u ${uname} -s /usr/bin/false
done

Maybe /etc/passwd is a different file that contains a subset of users you need to change.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Ganesan R · ‎07-08-2009

Hi Vee,

You can also use for loop like this.

Have all the users list in a file called /tmp/users.txt

for USER in `cat /tmp/users.txt`
do
usermod -s /usr/bin/false $USER
echo "user shell modified for the user $USER"
done

Best wishes,

Ganesh.

James R. Ferguson · ‎07-08-2009

Hi:

Does anyone ever read the suggestions already posted before posting the same variation?!?

...JRF...

OldSchool · ‎07-08-2009

JRF: "It could be that Vee needs/wants to keep a historical record of inactivated users to be able to map 'uid's to names (GECOS information?) and/or leave those user's files intact"

in that case, I usually just lock the acct and leave and not mess w/ the shell....but as somebody noted..."many ways to skin a cat"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: simple script to change the login shell for many users.

simple script to change the login shell for many users.