NOTE: For easier to read instructions download the PDF resource attached to this lesson.

Goal:

The goal of this exercise is to create a shell script that allows for a local Linux account to be disabled, deleted, and optionally archived.

Scenario:

Today the help desk team received a request to delete an account for a person who has changed departments.  This person doesn't have time to log into Linux systems -- they're in management now!

The help desk team also wants to save the contents of this person's home directory just in case this person returns to their original department and job.

They realize this is just going to be the first of these types of requests.  They know they're eventually going to receive requests to disable accounts for when people are on extended leave.

Of you course you know it's going to be way easier to write a script and hand it off than it is for you to do all the work.

Shell Script Requirements:

You think about what the shell script must do and how you would like it operate.  You come up with the following list.

The script:

• Is named "disable-local-user.sh".

• Enforces that it be executed with superuser (root) privileges.  If the script is not executed with superuser privileges it will not attempt to create a user and returns an exit status of 1.  All messages associated with this event will be displayed on standard error.

• Provides a usage statement much like you would find in a man page if the user does not supply an account name on the command line and returns an exit status of 1.  All messages associated with this event will be displayed on standard error.

• Disables (expires/locks) accounts by default.

• Allows the user to specify the following options:

• -d Deletes accounts instead of disabling them.

• -r Removes the home directory associated with the account(s).

• -a Creates an archive of the home directory associated with the accounts(s) and stores the archive in the /archives directory.  (NOTE: /archives is not a directory that exists by default on a Linux system.  The script will need to create this directory if it does not exist.)

• Any other option will cause the script to display a usage statement and exit with an exit status of 1.

• Accepts a list of usernames as arguments.  At least one username is required or the script will display a usage statement much like you would find in a man page and return an exit status of 1.  All messages associated with this event will be displayed on standard error.

• Refuses to disable or delete any accounts that have a UID less than 1,000.

• Only system accounts should be modified by system administrators.  Only allow the help desk team to change user accounts.

• Informs the user if the account was not able to be disabled, deleted, or archived for some reason.

• Displays the username and any actions performed against the account.

Start the Virtual Machine and Log into It:

In a previous exercise you created a vagrant project called localusers.  Use the VM created in that project for this exercise.

First, start a command line session on your local machine.  Next, move into the working folder you created for this course.

Change into the localusers directory, start the virtual machine with "vagrant up", and then connect to it with "vagrant ssh".

Navigate to the /vagrant Directory

Write the Shell Script

When creating your script, refer back to the shell script requirements.  If you want or need more detailed steps to help you write your script, refer to the pseudocode at the end of this document.  It was intentionally placed at the end of the document because I want to encourage you to write the script on your own.  It's fine if you need the pseudocode.  As you get more scripting practice, you'll be able to script without any additional aids.

Test Your Script

Once you've finished writing the script, create some user accounts on the system to give yourself something to test with. (You can manually add them with the useradd command or use one of the previous scripts you wrote to add them.)

• carrief

• markh

• harrisonf

• alecg

• peterm

Test the script by:

• Executing it without super user privileges.

• Executing it with super user privileges, but without any options or arguments.

• Executing it with super user privileges, but with an invalid option.

• Attempting to disable a system account.

• Disabling the carrief account.

• Deleting the markh account.

• Deleting the harrisonf account and the home directory.

• Deleting the alecg and peterm accounts while removing their home directories and making an archive of their home directories.

Remember that the first time you execute the script you'll need to make sure it has executable permissions.

Here is an example run of the script.  (Portions typed are in bold.)

Make sure the script displays a usage message if we don't supply an account.

Make sure the script displays usage message if we supply an invalid option

Attempting to disable a system account.

Disable the carrief account.

Make sure the account is disabled by logging into it.

Make sure the user's home directory still exists:

Now, delete the markh account.

Make sure the account is deleted and that home directory still exists.

Delete the harrisonf account and the associated home directory.

Check to see if the account and directory were deleted.

Delete the alecg and peterm accounts.  Archive and then remove their home directories.

Make sure the accounts and home directories are gone:

Make sure the archives were created:

Reference Material:

Vagrantfile for localusers

Here are the contents of the shellclass/localusers/Vagrantfile file with all the comments removed.

Pseudocode

You can use the following pseudocode to help you with the logic and flow of your script.