passwd -l script

antalexi · February 22, 2005, 1:12pm

I need to lockout about 250 user accounts on a server. I figure on putting the user accounts to be locked out in a text file and the running a script to go through the file and run the "passwd -l useraccount" against the /etc/passwd file (yes, I am root as I do this).

Here is what I have so far:

#!/bin/sh
# BE CAUTIOUS!! This will modify the /etc/passwd file to lockout terminated
# employee accounts using the 'passwd -l useraccount' command.
# copy this to servername under the /etc directory. Make sure the
# text file that has the user accounts to be deleted is also copied to servername.

# create variables
TERMED="terminated"
# LOCATION_EMAIL="myemail@mycompany.com"
for GONE in `/etc/seeya`
do
echo "**********************************" > $TERMED
passwd -l $GONE
echo "This user account, "$GONE", is locked on `date +%m/%d/%y`." >> $TERMED
echo " " >> $TERMED

(do I put a 'done' statement here?)
#mail results of TERMED
#cat $TERMED |uuencode $GONE.wri | mailx -s "$GONE account locked" $LOCATION_EMAIL
# delete TERMED to make room for next on list.
# rm $TERMED

It seems pretty simple, but what if there is a useraccount in my list, but not in the /etc/passwd file? or vice-versa? other error messages?
Also, is my email statement right? I don't want 200+ individual emails, just one email showing the contents of $TERMED.

Thanks for the help.

antalexi · February 22, 2005, 5:07pm

It looks like I'm going to have to do a compare of two files, the /etc/passwd file and my file that has the list of userID's to lockout. The script flow should look like this:

compare lockout file to /etc/passwd
if a userID in the lockout file matches the username field in the /etc/passwd file, then
the 'passwd -l username' command is executed.
if there is no match, go to the userID next in the lockout file
it should loop until all of the userID's in the lockout are processed.

I will probably have to forget the shell script and attempt this with either a sed or awk script.

bhargav · February 22, 2005, 7:03pm

I'm not sure how passwd -l works
This option does n't exists in AIX.
I'm not sure whether passwd -l is interactive.

Following is NOT TESTED. But you can follow on these lines.

#!/usr/bin/ksh

>TERMED

while read user
do

    grep "$user" /etc/passwd
    if test $? -eq 0
    then
       # do what you want to do ... run passwd -l ....
       if test $? -eq 0
       then
            echo "Locking user $user on `date` "  >> TERMED
       else
            echo "PROBLEM in Locking user $user on `date` "  >> TERMED
        fi
    fi

done < /etc/seeya

# send mail using TERMED file

antalexi · February 23, 2005, 12:07pm

bhargav,

Your code worked perfectly!

Thanks so much for your help!.