1
00:00:02,940 --> 00:00:08,260
In the previous exercises you been writing scripts to do things like add users Well now it's time to

2
00:00:08,260 --> 00:00:09,310
do the opposite.

3
00:00:09,310 --> 00:00:14,110
We're going to write a script that deletes users and actually this particular Scrubb not only deletes

4
00:00:14,110 --> 00:00:18,880
users that can disable them and it can archive a user's home directory.

5
00:00:18,880 --> 00:00:23,800
So the first thing of course we need to do is come up with a little requirements document if you will

6
00:00:24,010 --> 00:00:27,460
and figure out what in the world do we want our script to do.

7
00:00:27,490 --> 00:00:33,040
And here are the things that we want the script to do and how we want it to operate and what we want

8
00:00:33,080 --> 00:00:34,150
to look like.

9
00:00:34,480 --> 00:00:39,190
Well the first thing we decided on was that we want to make sure that this script is called disable

10
00:00:39,370 --> 00:00:42,530
dash local dash user dot sh.

11
00:00:42,730 --> 00:00:48,460
Since we're doing some system administration type stuff like deleting users or disabling them we need

12
00:00:48,460 --> 00:00:53,830
to make sure that whoever is executing this script as root privileges or super user privileges.

13
00:00:53,830 --> 00:00:57,390
So we're going to put a check for that in the top of our script.

14
00:00:57,400 --> 00:01:02,320
We also want to provide a usage statement much like you would find in a man page if the user that's

15
00:01:02,320 --> 00:01:06,860
executing the script does not supply an account name on the command line.

16
00:01:07,060 --> 00:01:11,880
And then of course we're going to follow good Linux programming conventions and exit our script with

17
00:01:11,880 --> 00:01:14,350
a non-zero exit status.

18
00:01:14,350 --> 00:01:20,830
We also decided to use disable as the default action for this script and we also decided that we can

19
00:01:20,830 --> 00:01:26,050
let the users decide if they want to do something more destructive such as delete an account or remove

20
00:01:26,050 --> 00:01:27,760
the user's home directory.

21
00:01:27,760 --> 00:01:33,340
So we've given them a few different options again the dash D will delete an account instead of disabling

22
00:01:33,340 --> 00:01:33,990
it.

23
00:01:34,020 --> 00:01:40,000
Nash are you going to remove the home directory and a dash a will create an archive of the home directory

24
00:01:40,000 --> 00:01:45,940
associated with the account and then store it in the forward slash archive directory.

25
00:01:45,940 --> 00:01:49,180
Now by the way this is just kind of an arbitrary decision that I made.

26
00:01:49,180 --> 00:01:52,530
I'm going to put these things in forward slash archives.

27
00:01:52,540 --> 00:01:55,730
There is no standard for such a directory.

28
00:01:55,750 --> 00:02:01,300
This is not going to be a directory that you're going to find by default on a newly installed Linux

29
00:02:01,300 --> 00:02:01,720
system.

30
00:02:01,720 --> 00:02:04,560
It's not part of the Linux file system hierarchy.

31
00:02:04,720 --> 00:02:07,680
It's just a folder that I decided to use.

32
00:02:07,930 --> 00:02:13,120
In that respect what we need to do is just make sure that that directory exists and if it doesn't exist

33
00:02:13,120 --> 00:02:16,210
we're going to have our script created.

34
00:02:16,230 --> 00:02:21,510
Now if a user does something interesting like supply an option that we don't account for then we're

35
00:02:21,510 --> 00:02:25,230
going to give them that usage statement and exit as well.

36
00:02:25,230 --> 00:02:30,080
We also decided to make it a little bit easier on the end users that are going to be running this script.

37
00:02:30,120 --> 00:02:36,300
They can supply you know one user to users or however many users they want at the command line so if

38
00:02:36,300 --> 00:02:41,590
they want to delete seven users well they can supply all seven users at once on the same command line.

39
00:02:41,700 --> 00:02:47,280
And this script will simply loop through them all and perform the exact same action against all those

40
00:02:47,280 --> 00:02:48,380
users.

41
00:02:48,390 --> 00:02:54,660
So if a user supplies the desde option and seven accounts Well it's going to delete all seven of those

42
00:02:54,720 --> 00:02:56,010
accounts.

43
00:02:56,010 --> 00:03:01,140
Speaking of deleting accounts we don't want someone to do something interesting like delete the root

44
00:03:01,140 --> 00:03:03,830
account and make our system unusable.

45
00:03:03,900 --> 00:03:09,750
Along this logic we don't want to let people who are not system administrators do things like disable

46
00:03:09,750 --> 00:03:11,250
any system account.

47
00:03:11,280 --> 00:03:15,560
We know that typically system accounts have a user id less than 1000.

48
00:03:15,630 --> 00:03:20,010
So let's just put a little check for that in our script and we'll exit saying hey we're not going to

49
00:03:20,010 --> 00:03:20,620
do that.

50
00:03:20,790 --> 00:03:26,940
If a system account needs to be deleted we'll give that task over to a system administrator and let

51
00:03:26,940 --> 00:03:28,320
them do it.

52
00:03:28,530 --> 00:03:34,020
If we encounter an error along the way either deleting or disabling or archiving the account or creating

53
00:03:34,020 --> 00:03:38,970
a directory or what have you we're going to tell the user that we encountered a problem and then exit

54
00:03:38,970 --> 00:03:39,930
the script.

55
00:03:40,020 --> 00:03:45,210
Also the last thing we want to do is just make sure that we display the user name and any actions that

56
00:03:45,210 --> 00:03:50,110
we took against that account or username for the user that executed the script.

57
00:03:50,370 --> 00:03:52,480
So that pretty much does it for our requirements.

58
00:03:52,480 --> 00:03:58,740
Now let's get to scripting here I have a terminal open on my local system and I'm going to go into the

59
00:03:59,070 --> 00:04:00,630
shell class folder.

60
00:04:00,630 --> 00:04:07,250
We're still working on a local user's project and I'm going to bring up the virtual machine and log

61
00:04:07,250 --> 00:04:07,900
into it.

62
00:04:15,710 --> 00:04:19,240
Now we'll go into our shared folder of forward slash vagrant.

63
00:04:19,340 --> 00:04:25,710
And again we decided to name this script disable local user.

64
00:04:25,750 --> 00:04:26,410
SH

65
00:04:29,740 --> 00:04:35,170
It goes without saying we're going to supply a shebang line and then we'll just give a comment about

66
00:04:35,170 --> 00:04:36,800
what the script is going to do.

67
00:04:46,900 --> 00:04:51,340
So we know that we're going to be executing some commands that require root privileges so let's just

68
00:04:51,340 --> 00:04:53,240
go ahead and check that right away.

69
00:05:08,120 --> 00:05:18,220
So if the user ID is not equal to zero then they are not root.

70
00:05:18,220 --> 00:05:21,690
This is an error message we're going to send this to standard error.

71
00:05:21,820 --> 00:05:25,960
And then we're going to exit with a non zero exit status.

72
00:05:25,960 --> 00:05:29,810
We also want to parse the command line options so we'll do that next.

73
00:05:31,650 --> 00:05:34,800
We know that we can use get ups in a while loop.

74
00:05:35,460 --> 00:05:37,410
We'll specify our upstream.

75
00:05:37,410 --> 00:05:44,750
Here are the options that we're going to accept and we're going to accept to delete or to remove Ada

76
00:05:44,790 --> 00:05:48,050
archive and we'll use the variable option.

77
00:05:48,420 --> 00:05:52,940
We'll check that option in the case statement here.

78
00:05:52,980 --> 00:05:54,470
So if someone supplies D.

79
00:05:54,480 --> 00:06:00,590
Let's set a variable called Delete user and we'll just set that true.

80
00:06:00,930 --> 00:06:06,590
And then later on in our script we'll check to see if the lead user is true and if it is then well we'll

81
00:06:06,600 --> 00:06:07,320
delete the user

82
00:06:13,420 --> 00:06:15,910
here I'm going to do something slightly different.

83
00:06:16,060 --> 00:06:23,020
If you recall the user del command allows you to specify a dash r option which removes the user's home

84
00:06:23,020 --> 00:06:24,070
directory.

85
00:06:24,070 --> 00:06:29,860
So what we're going to do here is use this remove option variable in the user dels statement.

86
00:06:29,950 --> 00:06:32,120
When we get to that in this script.

87
00:06:32,260 --> 00:06:39,760
So if this is set to nothing or if the option is never supply this dash our option then remove underscore

88
00:06:39,760 --> 00:06:45,870
option is going to evaluate to an empty string and nothing will be substituted in its place.

89
00:06:46,000 --> 00:06:50,140
And so then user data will be executed without this dash our option.

90
00:06:50,140 --> 00:06:55,240
Now on the other hand if someone does specify Dasch are then the user will be deleted with Dash.

91
00:06:55,270 --> 00:06:59,470
Now it's going to make total sense when you see it the minute I just want to talk about that for just

92
00:06:59,470 --> 00:07:00,130
a second.

93
00:07:03,810 --> 00:07:09,370
We'll do something similar here that we did the delete user option which is if someone gives us a dash

94
00:07:09,620 --> 00:07:13,570
we'll just check for this archive being true later in the script.

95
00:07:13,630 --> 00:07:18,780
And if they give us any other option then we're going to tell them how to use our script and exit.

96
00:07:18,780 --> 00:07:23,840
Now my key statement here is looking pretty nice and compact.

97
00:07:24,090 --> 00:07:30,960
And I think I'm going to use a function for displaying this usage statement and then exiting the script.

98
00:07:30,960 --> 00:07:35,790
Now another argument for creating a function like this is that we're going to have to do this same thing

99
00:07:35,820 --> 00:07:39,810
multiple times in the script because we're going to have some other checks and then we're going to give

100
00:07:39,810 --> 00:07:41,700
them a usage statement and exit.

101
00:07:41,850 --> 00:07:47,070
So let's go back to the top of our script here and go ahead and create our function

102
00:07:58,950 --> 00:08:04,470
as you remember dollar signs zero is always the name of the script not the name of the function like

103
00:08:04,500 --> 00:08:06,350
you may into it.

104
00:08:06,370 --> 00:08:10,330
That's not what happens with dollar signs zero it's always the name of the script.

105
00:08:10,350 --> 00:08:12,850
So we can safely use that in the function.

106
00:08:12,870 --> 00:08:18,840
So now we have some optional options so those options that are optional go in brackets.

107
00:08:18,840 --> 00:08:20,670
Then we have a mandatory argument.

108
00:08:20,760 --> 00:08:26,520
So we're not going to put that in brackets but obviously we have additional users that we can allow

109
00:08:26,520 --> 00:08:32,570
them to specify and they can specify multiple ones so we'll do this we'll use an ellipsis there.

110
00:09:19,120 --> 00:09:23,360
Now we're going to exit and that will wrap up our usage function.

111
00:09:23,470 --> 00:09:25,790
OK let's jump to the bottom of our script.

112
00:09:25,930 --> 00:09:30,930
And now after we process our options let's shift all those options al the way.

113
00:09:31,060 --> 00:09:35,800
And then anything that's left over are going to be user accounts and then later we'll loop through those

114
00:09:35,800 --> 00:09:59,160
user accounts.

115
00:09:59,820 --> 00:10:04,780
So we want to make sure that the user gives us at least one account to operate against if they don't

116
00:10:04,780 --> 00:10:06,620
then that means they don't know what they're doing.

117
00:10:06,660 --> 00:10:07,980
So we're going to give him some help.

118
00:10:13,840 --> 00:10:19,210
Call our function that we wrote and close our IF statement.

119
00:10:19,330 --> 00:10:41,770
Now we're ready to loop through all the usernames that were supplied as arguments.

120
00:10:41,980 --> 00:10:46,640
I like to tell whoever is executing the script what user we're processing or working on.

121
00:10:46,810 --> 00:10:58,060
Again they may supply multiple users on the command line.

122
00:10:58,260 --> 00:11:03,180
We want to make sure that we're not removing any system account so we want to get the ID of the user

123
00:11:03,180 --> 00:11:11,680
that we're processing the Dashiell returned the id the number for a username

124
00:11:15,610 --> 00:11:17,200
and then we can test against that.

125
00:11:23,050 --> 00:11:27,290
So if the idea is less than 1000 then we're not going to remove that account.

126
00:11:42,040 --> 00:11:46,620
Before we do anything like delete a home directory let's make sure we create an archive of it.

127
00:11:46,720 --> 00:12:03,100
If the user requests us to do that.

128
00:12:03,290 --> 00:12:08,170
So if someone passed in the dash option then archive gets set to True and if archive is true.

129
00:12:08,180 --> 00:12:17,550
Well then let's make an archive.

130
00:12:17,610 --> 00:12:24,240
Actually I'm going to create a variable called archive underscore R which represents the archive directory

131
00:12:24,660 --> 00:12:27,410
and I'm going to use this multiple times in the script.

132
00:12:27,480 --> 00:12:33,660
So I think what I'm going to do is put it at the very top of the script even before our first function

133
00:12:33,660 --> 00:12:34,780
here of usage.

134
00:12:39,100 --> 00:12:42,780
And really what this is acting as is a constant variable.

135
00:12:42,790 --> 00:12:46,720
You can even do this you can even make it read only if you like.

136
00:12:46,750 --> 00:12:51,340
So I'm going put it at the top because this is the only thing that I can think of that we might want

137
00:12:51,340 --> 00:12:53,590
to adjust later on down the road.

138
00:12:53,770 --> 00:12:58,780
For example if we want to put these archives on another place in the file system then we can just change

139
00:12:58,900 --> 00:13:03,580
this variable at the very top of our script make that one small change and not change anything else

140
00:13:03,580 --> 00:13:04,760
and be good to go.

141
00:13:05,150 --> 00:13:20,900
OK let's jump back to the bottom and continue scripting.

142
00:13:20,940 --> 00:13:26,490
So what this statement says is if not exist directory archive directory then.

143
00:13:26,580 --> 00:13:28,960
OK so how did I get that exclamation point.

144
00:13:29,100 --> 00:13:34,740
Well you know that the things in double brackets here are tests and you know that we can get information

145
00:13:34,740 --> 00:13:35,250
on the test.

146
00:13:35,250 --> 00:13:40,710
We can run by using help test at the command line and if we look at that actually I'll just do that

147
00:13:40,710 --> 00:13:41,400
now.

148
00:13:41,400 --> 00:13:47,970
Hope test and it gives us a list of tests and you can see here that exclamation mark expression means

149
00:13:48,000 --> 00:13:53,100
true if the expression is false so you can think of that as negating the expression or you can think

150
00:13:53,100 --> 00:13:55,650
of the exclamation point as not.

151
00:13:55,650 --> 00:13:58,830
So that's where I got that.

152
00:13:58,860 --> 00:14:02,410
So ultimately what you're saying is if the archive directory doesn't exist.

153
00:14:02,430 --> 00:14:05,040
Well guess what we need to create it.

154
00:14:18,430 --> 00:14:24,550
By the way I'm using the dash p option to the make or command because if we have a archived directory

155
00:14:24,550 --> 00:14:32,310
that has multiple subdirectories for example we can do something like archive users or or whatever.

156
00:14:32,440 --> 00:14:37,960
And if the first directory the parent directory or parent directories don't exist then we need to create

157
00:14:37,960 --> 00:14:43,530
them and that's what that Dasch option does to make a command it creates parents if you will.

158
00:14:43,540 --> 00:14:47,460
So in our particular case we're just using for its slice archive so it doesn't matter.

159
00:14:47,610 --> 00:14:53,590
But if we were to change that variable at the beginning of our script to something that does include

160
00:14:54,250 --> 00:14:59,710
subdirectories then we'll need to use a dash piece or kind of future proofing our script if you will

161
00:14:59,710 --> 00:15:00,740
here.

162
00:15:00,790 --> 00:15:06,820
So if the make command fails then that's going to mean that we can't put any of the archives you create

163
00:15:06,820 --> 00:15:10,580
in a directory because a directory didn't exist or wasn't able to be created.

164
00:15:10,600 --> 00:15:14,180
So we're going to bail on our script here so let's do another check.

165
00:15:16,290 --> 00:15:18,540
So we'll check the return status of make our

166
00:15:21,820 --> 00:15:49,040
if it's anything but zero we have a problem.

167
00:15:49,070 --> 00:15:54,050
So now that we know the archive directory exists let's go ahead and archive the user's home directory

168
00:15:54,320 --> 00:15:56,140
and move it into that directory.

169
00:16:10,480 --> 00:16:15,230
Now by default normal user accounts have home directories that live in Fort slash home.

170
00:16:15,250 --> 00:16:20,540
So if we have adjacent account then my homework is going to be for it slash home for Jason.

171
00:16:20,710 --> 00:16:24,810
Now if you have an application account or system account that's probably going to live somewhere else

172
00:16:24,810 --> 00:16:25,600
in the file system.

173
00:16:25,600 --> 00:16:32,640
For example the route home directory is forward slash R O T an application directory might be for exe

174
00:16:32,680 --> 00:16:37,960
VAR for s w w w for a web user or something like that.

175
00:16:38,230 --> 00:16:44,680
So here we're also using this convention to be another safeguard if an account doesn't have a home directory

176
00:16:44,680 --> 00:16:47,970
and for its last home then it's probably a system or an application account.

177
00:16:48,130 --> 00:16:53,890
And at that point we probably want a system administrator to look at it manually do it or whatever instead

178
00:16:53,890 --> 00:16:59,830
of just whoever happens to be managing accounts now those people I'm sure are knowledgeable about managing

179
00:16:59,830 --> 00:17:00,190
accounts.

180
00:17:00,190 --> 00:17:04,480
They just may not work on Unix and Linux systems all day like we do.

181
00:17:04,480 --> 00:17:10,750
So again we're just going to reserve that for a higher level of person that's not using this script.

182
00:17:10,750 --> 00:17:15,520
On the other hand we could have made the decision that we're just going to extract the proper home directory

183
00:17:15,760 --> 00:17:20,320
and delete it no matter where it is on disk or create an archive of it no matter where it lives on disk

184
00:17:20,320 --> 00:17:21,730
so they can leave that up to you.

185
00:17:21,730 --> 00:17:24,060
But here I'm just going to do it this way.

186
00:17:27,020 --> 00:17:31,850
So we're going to create an archive file and we're just going to give it a full path here.

187
00:17:31,850 --> 00:17:38,150
We're going to put it in the archive directory and then we're going to name it user name and we're going

188
00:17:38,150 --> 00:17:43,310
to make it a compressed tar file so that's going to be t g z.

189
00:17:43,310 --> 00:17:44,380
Easy for me to say.

190
00:17:44,720 --> 00:17:46,160
And here we go.

191
00:17:46,810 --> 00:17:48,610
Here's our check about the home directory.

192
00:17:54,230 --> 00:17:58,910
So if the home directory does exist then that's a good sign we'll go ahead and move ahead and make our

193
00:17:58,910 --> 00:17:59,640
archive.

194
00:18:10,260 --> 00:18:14,600
We're going to compress that so there's a dash z option C to create an archive.

195
00:18:14,630 --> 00:18:17,540
F is the location of the archive file.

196
00:18:20,980 --> 00:18:27,540
Then the path to archive which is the home directory and Taar is going to make some noise so we're just

197
00:18:27,540 --> 00:18:28,880
going to send that to dev null.

198
00:18:28,890 --> 00:18:34,180
We don't want the user to see any output created by Taar just going to be distracting to them.

199
00:18:34,380 --> 00:18:37,260
But we do want to make sure that Taar execute successfully

200
00:18:57,700 --> 00:19:03,110
So if TAR exits with a non-zero exit status we'll say we couldn't create the archive and then exit with

201
00:19:03,150 --> 00:19:05,490
a non-zero exit status ourselves.

202
00:19:20,460 --> 00:19:23,570
And the way I just noticed a typing mistake I have a peer.

203
00:19:23,850 --> 00:19:30,750
I'm used to doing closing bracket and a quotation mark but I don't need that there and if I remove it

204
00:19:31,020 --> 00:19:34,400
then I see my syntax highlighting go back to normal here.

205
00:19:34,530 --> 00:19:38,160
And so I notice that because this syntax highlighting look different.

206
00:19:38,370 --> 00:19:40,440
That's what QBE and to that there.

207
00:19:40,440 --> 00:19:43,530
So that's kind of good to have an editor with syntax highlighting

208
00:19:49,340 --> 00:19:52,390
K so this if statement says hey if there is a home directory.

209
00:19:52,400 --> 00:19:57,120
Daschle if this thing called home Durer is a directory and exists then you archive it.

210
00:19:57,260 --> 00:20:01,820
And if that doesn't exist or it's not a directory then we're going to tell the user hey that doesn't

211
00:20:01,820 --> 00:20:04,700
exist or it's not what you think it is we're going to get out of here.

212
00:20:04,700 --> 00:20:08,020
Exit 1.

213
00:20:08,070 --> 00:20:12,740
Now this concludes our if archive equals true if statement.

214
00:20:13,750 --> 00:20:16,570
And now we want to see if we need to delete the user or not.

215
00:20:16,570 --> 00:20:17,620
So let's do this

216
00:20:36,130 --> 00:20:40,020
so here is what I was talking about earlier with this remove option.

217
00:20:40,070 --> 00:20:44,240
So if we're going to delete a user we need to use the user del command.

218
00:20:44,240 --> 00:20:49,210
Additionally if we want to delete the user's home directory We need the dash our option.

219
00:20:49,280 --> 00:20:53,950
So if they give us a dash or option we store that and remove underscore option.

220
00:20:53,960 --> 00:21:00,830
Now here remove underscore option will evaluate to dash or if they supply Dasch are or it will evaluate

221
00:21:00,830 --> 00:21:02,630
to an empty string.

222
00:21:02,630 --> 00:21:08,240
In that case it just going to be like user space space user name which is going to give us the exact

223
00:21:08,240 --> 00:21:09,210
result that we want.

224
00:21:09,320 --> 00:21:12,410
So that is one way to handle this kind of situation.

225
00:21:12,410 --> 00:21:34,420
There are other ways but this is a pretty simple way to do this.

226
00:21:34,450 --> 00:21:39,100
So we want to check the exit status of the user Dell command because we don't want the user thinking

227
00:21:39,340 --> 00:21:42,410
that an account got deleted when it really didn't get deleted.

228
00:22:03,170 --> 00:22:07,850
Now I want to point out something here we're doing a lot of the same thing here which is checking for

229
00:22:07,850 --> 00:22:12,430
an exit status if it's not zero then we're going to give an error message an exit.

230
00:22:12,530 --> 00:22:19,250
So I'm doing each one explicitly and changing the echo statement for each one so that the user knows

231
00:22:19,250 --> 00:22:22,430
exactly what failed in the script.

232
00:22:22,430 --> 00:22:29,540
In theory you could simplify this a bit and say Write a function that well executed command and then

233
00:22:29,540 --> 00:22:34,460
check the return status on that command and then bail or exit your script.

234
00:22:34,460 --> 00:22:36,220
If it doesn't succeed.

235
00:22:36,230 --> 00:22:40,820
So there is some food for thought or maybe that some extra credit after you write the script this way

236
00:22:41,150 --> 00:22:47,690
then maybe write a script and have it use a function called a run command or run in check or something

237
00:22:47,750 --> 00:22:48,310
like that.

238
00:22:48,320 --> 00:22:49,430
Just something to keep in mind

239
00:22:52,910 --> 00:23:00,990
if we make it past the if statement that means the account was deleted and by the way here's another

240
00:23:00,990 --> 00:23:07,620
thing you could have put this inside of the if statement like this you could have said if there was

241
00:23:07,620 --> 00:23:13,860
a non-zero exit says we have a problem get out of here or if there was not not not zero.

242
00:23:13,950 --> 00:23:18,450
If they exist that's one zero more or less than the account was deleted.

243
00:23:18,450 --> 00:23:19,410
I'll leave that up to you.

244
00:23:19,410 --> 00:23:23,850
I'm just going to do it this way if it makes it past that if statement then the account was deleted.

245
00:23:23,850 --> 00:23:25,080
That makes sense in my mind.

246
00:23:28,150 --> 00:23:33,500
So if the delete user is set to true we do all that above we use user Dell.

247
00:23:33,610 --> 00:23:40,460
If it's not set to true then we're just going to disable the account or expire at I can do that with

248
00:23:40,460 --> 00:23:42,080
a S.H. age command.

249
00:23:44,550 --> 00:23:48,840
And again we're just going to actually duplicate this bit of code so I'm just going to copy it and paste

250
00:23:48,840 --> 00:23:50,820
it and just change it.

251
00:23:50,820 --> 00:23:56,460
Here it says the account user name was not disabled.

252
00:23:56,550 --> 00:24:00,380
Again if you're copying and pasting that may be a sign you need a function

253
00:24:03,750 --> 00:24:06,490
and go ahead and grab these two lines appear as well.

254
00:24:16,260 --> 00:24:21,020
Again if we get past this if statement that means the account was disabled

255
00:24:28,300 --> 00:24:30,370
that brings us to the end of that if statement.

256
00:24:30,370 --> 00:24:35,950
That also brings us to the end of our For loop and that also brings us to the very end of our script.

257
00:24:36,090 --> 00:24:40,070
We are going to exit with a zero exit status.

258
00:24:40,090 --> 00:24:44,640
Now I know with long scripts like this I can make some mistakes.

259
00:24:44,800 --> 00:24:50,110
And also one of the most common mistakes are typing mistakes not necessarily logic mistakes.

260
00:24:50,200 --> 00:24:55,180
So I'm going to do is actually go back to the very beginning of this script and look for things like

261
00:24:55,540 --> 00:25:03,040
quotation marks spelling mistakes brackets braces kind of some normal hot spots that I may have some

262
00:25:03,070 --> 00:25:07,930
errors and some is going to jump back to the top and just kind of read things through and correct them

263
00:25:07,930 --> 00:25:09,370
as I see them.

264
00:25:09,420 --> 00:25:09,660
OK.

265
00:25:09,700 --> 00:25:14,590
The first here I see the script we can call it this script that's a minor one and a comment not going

266
00:25:14,590 --> 00:25:19,200
to make a difference to functionality but there's a little typing mistake.

267
00:25:20,780 --> 00:25:52,960
Here's another one.

268
00:25:53,120 --> 00:25:57,310
Here's another one I have a dollar sign in the wrong place.

269
00:25:57,320 --> 00:26:03,830
We go inside the quotes there as you can see can you see the syntax highlighting change so that's good.

270
00:26:03,830 --> 00:26:06,980
That's another area that I found here.

271
00:26:19,370 --> 00:26:23,250
OK at least I found a couple and corrected them before I executed my script.

272
00:26:23,250 --> 00:26:28,560
If not then I would have just started debugging then maybe the error message would have given me an

273
00:26:28,560 --> 00:26:30,340
indication of where at.

274
00:26:30,350 --> 00:26:32,640
In the script I had the air and so on.

275
00:26:32,760 --> 00:26:39,060
I would have also perhaps gone to the very top here and you some options like Dash X Daschle or dash

276
00:26:39,060 --> 00:26:45,390
VI or even all three combined there to do some debugging that way or even some manual debugging like

277
00:26:45,480 --> 00:26:45,930
this.

278
00:26:45,930 --> 00:26:54,430
I would just echo archived deicer and then exit for example to create a manual stop point or checkpoint

279
00:26:54,450 --> 00:26:55,360
if you will.

280
00:26:55,800 --> 00:27:03,410
So those are just a couple of debugging tips now that we have our script created before we execute it.

281
00:27:03,420 --> 00:27:05,830
We need to give it executable permissions.

282
00:27:08,490 --> 00:27:12,890
Now let's execute this script without super user privileges and see what happens.

283
00:27:14,710 --> 00:27:16,820
Says Please run with seducers route.

284
00:27:16,830 --> 00:27:18,000
That's what we want.

285
00:27:18,150 --> 00:27:21,520
Let's make sure it exited with a non-zero exit status.

286
00:27:23,300 --> 00:27:26,190
And sure enough we have an exit status of one.

287
00:27:26,610 --> 00:27:32,400
So this time let's run it with the proper privileges but don't supply any options or don't supply any

288
00:27:32,410 --> 00:27:33,360
usernames.

289
00:27:36,400 --> 00:27:39,810
OK we get a usage statement just like we wanted.

290
00:27:40,090 --> 00:27:46,920
And we also get a non-zero exit status which is exactly what we expect now that supply an invalid option.

291
00:27:46,930 --> 00:27:49,600
Let's apply a dash Z which we don't do.

292
00:27:49,810 --> 00:27:53,620
And it says disable local user illegal option dashes Z.

293
00:27:53,740 --> 00:27:57,160
Now that is coming from the get shell built in.

294
00:27:57,160 --> 00:28:01,350
But the usage statement of course is coming from our usage function.

295
00:28:01,480 --> 00:28:08,410
Since we know that that function ends with exit one we can confirm that indeed our script exited with

296
00:28:08,500 --> 00:28:10,720
a 1 exit status.

297
00:28:10,720 --> 00:28:13,790
Now it's trying to disable a system account.

298
00:28:13,810 --> 00:28:20,020
So on these particular systems we're not really using mail and no mail is a system account user with

299
00:28:20,020 --> 00:28:21,670
a low I.D..

300
00:28:21,670 --> 00:28:23,640
So let's go ahead and delete that.

301
00:28:23,680 --> 00:28:27,220
Now if we the leader the mail account and probably nothing bad is going to happen.

302
00:28:27,220 --> 00:28:31,540
And again these are test systems so we could throw them away and build a new one.

303
00:28:31,540 --> 00:28:38,650
So let's try it here to disable local user and we'll try to disable the mail user.

304
00:28:39,070 --> 00:28:43,960
It says I'm refusing to remove the mail account that has a huge ID of 8.

305
00:28:44,110 --> 00:28:47,130
So that is exactly what we want.

306
00:28:47,140 --> 00:28:50,140
Again a nonzero exit status to go with that.

307
00:28:50,140 --> 00:28:55,840
So now what I'm going to do is actually create some test accounts here to test my script with an actually

308
00:28:55,840 --> 00:28:59,330
wrote a script to create these test accounts.

309
00:28:59,410 --> 00:29:01,390
I'll just show it to you really quick here.

310
00:29:01,390 --> 00:29:02,960
It's a pretty simple script.

311
00:29:03,010 --> 00:29:07,600
It just is mainly a for loop that sets everybody's password.

312
00:29:07,750 --> 00:29:08,310
Yes.

313
00:29:08,470 --> 00:29:14,140
One two three creates the count and then sets the password so I'll go ahead and add those test accounts

314
00:29:14,160 --> 00:29:14,770
now.

315
00:29:15,910 --> 00:29:18,030
And now we have a few accounts to play with.

316
00:29:18,030 --> 00:29:21,720
Now let's run our script against one of these test users that we created.

317
00:29:25,350 --> 00:29:27,750
Here it says the account was disabled.

318
00:29:27,750 --> 00:29:33,270
So let's make sure it's disabled by trying to log into it.

319
00:29:33,270 --> 00:29:36,260
We'll use our handy password of pass 2:59.

320
00:29:36,480 --> 00:29:40,720
And it says your account has expired please contact your system administrator.

321
00:29:40,770 --> 00:29:44,220
So that's the exact kind of behavior we want just to be thorough.

322
00:29:44,230 --> 00:29:50,910
Let's also make sure that the home directory for that user still exists.

323
00:29:51,190 --> 00:29:52,960
Sure enough it does.

324
00:29:52,960 --> 00:29:55,130
No it still leaves the mark h account.

325
00:29:55,210 --> 00:30:02,140
So we'll give our script here we need the dash D for the delete option and then the account of Mark

326
00:30:02,320 --> 00:30:03,060
H.

327
00:30:04,070 --> 00:30:08,160
It says processing user and the account was deleted.

328
00:30:08,360 --> 00:30:13,920
Let's see if it was say no such user that means it's gone

329
00:30:17,250 --> 00:30:22,890
pay the home directory still exists which is the behavior we wanted and expected.

330
00:30:22,930 --> 00:30:34,330
Now let's the lead a user and their associated home directory so we can do dash d r k it says the user

331
00:30:34,330 --> 00:30:35,820
was deleted.

332
00:30:37,150 --> 00:30:38,270
That's right.

333
00:30:40,530 --> 00:30:43,010
OK home directory is gone.

334
00:30:43,430 --> 00:30:49,640
OK now let's test the functionality that we have built into our script of operating on multiple users

335
00:30:49,640 --> 00:30:52,420
that are supplied as arguments to the script.

336
00:30:52,490 --> 00:30:59,740
And also let's test the ability to create archives of these user accounts.

337
00:31:00,260 --> 00:31:02,750
So let's do this.

338
00:31:02,750 --> 00:31:09,590
We'll use Dashti for delete or to remove their home directory and archive it before it gets removed

339
00:31:10,430 --> 00:31:12,440
and we'll give them these two users.

340
00:31:17,960 --> 00:31:18,330
OK.

341
00:31:18,340 --> 00:31:23,680
It says processing user Alyque G creating directory forward slash archive.

342
00:31:23,690 --> 00:31:26,930
Now that is the directory that we're going to store these archive files in.

343
00:31:26,930 --> 00:31:30,620
And again that doesn't come by default on a Linux system.

344
00:31:30,650 --> 00:31:36,740
So we had to create it herself in our script and it says it's archiving the whole Mallik directory to

345
00:31:36,740 --> 00:31:39,160
archive good PDZ.

346
00:31:39,380 --> 00:31:43,760
And then it says the account was deleted and then it moves on to the next account.

347
00:31:43,760 --> 00:31:47,570
Peter archive and delete as well.

348
00:31:47,570 --> 00:31:51,420
So let's make sure the accounts and home directories are gone.

349
00:31:53,280 --> 00:31:54,710
The account is gone.

350
00:31:56,630 --> 00:31:59,960
For Peter M. has also gone.

351
00:32:00,030 --> 00:32:02,360
Just check these both at once here.

352
00:32:04,850 --> 00:32:11,670
Hey no home directories but let's make sure the archives were in fact created.

353
00:32:11,680 --> 00:32:13,700
Hey there we have to.

354
00:32:14,190 --> 00:32:16,790
The files one for each account.

355
00:32:17,170 --> 00:32:19,790
Let's look at the contents of those archives.

356
00:32:20,180 --> 00:32:22,160
Compress only to dash Z.

357
00:32:22,240 --> 00:32:23,660
T to list the contents.

358
00:32:23,660 --> 00:32:25,310
The will be verbose.

359
00:32:25,340 --> 00:32:29,080
F allows us to specify the file.

360
00:32:29,180 --> 00:32:31,760
This one first that looks good.

361
00:32:36,770 --> 00:32:41,090
OK and we have the archive of both of those accounts.

362
00:32:41,090 --> 00:32:44,330
So that wraps it up for this particular exercise.