Removing users from sudoers - help needed


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Removing users from sudoers - help needed
# 1  
Old 05-08-2008
Removing users from sudoers - help needed

I'm trying to create a script to remove users from sudoers on multiple servers. I'm able to do this with a one-line script using sed, but only if it's on one server.
Example: sed '/someuser/d' /host/local/etc/sudoers
Also, I think the problem with this one-line script is that I would have to redirect my output to another sudoers file (sudoers.new) and then mv that file to sudoers for it to work more effectively.

Since the hosts are tied to the ldap server I can just run the script from there by changing the host path without having to log into multiple servers.

I'm trying to write this in Perl, but for some reason I think it could be done easier in Bash.

Does anyone have any examples to help me get started?

This is what I have so far in Perl, but I'm not sure how to continue or how to add the sed line in here.

#!/usr/bin/perl -w

# this script removes a user from sudoers file

@mysites = ("Alpha", "Echo", "India", "Joliet", "Kilo", "November",
"Papa", "Uniform", "Sierra", "Wiskey");

open(FILE, "@mysite/local/etc/sudoers");
@site = <FILE>;
close(FILE);
# 2  
Old 05-11-2008
I made some changes to this, but I'm still stuck on how to exactly edit the file when I open it. I'm assuming regular expressions will be needed, but how exactly does that look. I'm stuck. Smilie

#!/usr/bin/perl

use strict;
use warnings;

# this script removes a user from sudoers file

print "Enter Host-ID: "; $host = <STDIN>;
chomp($host);

print "\nEnter the username to remove from /$host/local/etc/sudoers: " ; $user =
<STDIN>;
chomp($user);

$filename = "$host/local/etc/sudoers";

if(-e $filename){
open (FILE, "$filename");
while (<FILE>)
close (FILE);

print "Done! User $user has been removed from $host sudoers. \n";
}
# 3  
Old 05-11-2008
Can't you just sed /whatever/d /$path/local/etc/sudoers and then move the result back over the original file?

Locking issues notwithstanding, of course. Have you read the visudo and related man pages? You could screw up big time if two of these critters run over each other at roughly the same time.

vi (or rather, its bare-bones cousin ex) uses roughly the same syntax as sed, so you could figure out how to script this in vi/ex directly, and let the editor take care of locking, temporary files, and what not.

Last edited by era; 05-11-2008 at 03:17 PM.. Reason: Maybe even script this in ex (gasp)
# 4  
Old 05-12-2008
Quote:
Originally Posted by era
Can't you just sed /whatever/d /$path/local/etc/sudoers and then move the result back over the original file?

Locking issues notwithstanding, of course. Have you read the visudo and related man pages? You could screw up big time if two of these critters run over each other at roughly the same time.

vi (or rather, its bare-bones cousin ex) uses roughly the same syntax as sed, so you could figure out how to script this in vi/ex directly, and let the editor take care of locking, temporary files, and what not.
Yeah, that's what I was doing, but I wanted to make it more efficient, though, including adding the lock function (flock) in Perl to avoid the visudo issue.
# 5  
Old 05-12-2008
There are several locking mechanisms to choose from. I would advise to use visudo as the wrapper and maybe pass it a silly script as the VISUAL/EDITOR to use. Are you familiar with running ed with here documents? Google for that a bit to give you ideas.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

How to disable sudo -i in sudoers file for users?

All, I need to disable "sudo -i" and "su - " for all servers in our environment, We want to make sure no one run commands or delete files across environment using switching to root account. can you guys please lets me know if this is achievable. Thanks and Regards shekar (2 Replies)
Discussion started by: shekar777
2 Replies

2. Shell Programming and Scripting

Creating and removing a bulk of AIX users

I have 2 node HACMP clusters and need to create and remove a bulk of AIX users for the nodes frequently. It is very time consuming to through the list (~ 100 user account per week). Please let me know if we can create and remove AIX users with a script. One thing with the cluster environment is... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

3. UNIX for Dummies Questions & Answers

Removing permissions from all users including owner

Hello all: I will include a "requirement" for an issue I am attempting to solve for my boss. Basically, he would like to know if there is a way to prevent users and owner from editing 'write' script in Vi. - While working in Unix Vi, users would be able to keep all the previous versions... (15 Replies)
Discussion started by: bruski4
15 Replies

4. Shell Programming and Scripting

Removing old user directories that are no longer Users in /etc/passwd

I am new to shell scripting, and have not done much programming in several years. So I am very rusty at this at best. I know my way around the linux command line, but actually scripting is something I have not done too much of. I have been tasked to come up with a script that will pull all... (5 Replies)
Discussion started by: shuiend
5 Replies

5. Shell Programming and Scripting

Addsudoers: A script to add users or groups into /etc/sudoers

Well, sudo is a great tool for delegating permissions among admins. But, it's really hard to find a great tool which would give an interactive way of editing /etc/sudoers file. Now, when I say "editing", I really refer to add new groups, users, aliases in the /etc/sudoers file. visudo is great... (2 Replies)
Discussion started by: admin_xor
2 Replies

6. Solaris

Removing users from groups

How do I remove a user from a group? I'm using the usermod command but its not working. I have a user "abc" who is a member of the groups root and other. I'm trying to remove him from the group "other" (using CLI) which is his secondary group but it's not working. How do I do this? Is there any... (11 Replies)
Discussion started by: the_red_dove
11 Replies

7. Shell Programming and Scripting

AWK removing away needed double quotes.

The below code is to convert csv file to pipe delimited. It replaces comma with pipe if it is not in double quotes; If comma is in double quotes it doesnot replace the comma with a pipe. The code works fine except it eat away the double quotes in the output file. BEGIN... (6 Replies)
Discussion started by: pinnacle
6 Replies

8. UNIX for Dummies Questions & Answers

User Name and Password List/adding and removing users.

Hello everyone and let me start off by thanking anyone who can help with this. I work for a company that uses Unix as one of their servers. I'm not at all familar with Unix beyond logging after I restart the server:rolleyes: I'm looking for some command that will bring me up a list of current... (3 Replies)
Discussion started by: disgracedsaint
3 Replies

9. Shell Programming and Scripting

Help needed removing two top level folders from path

Hi, I am trying to use either awk or sed to drop the first two folders in a path. So if I had path /folder1/folder2/folder3/folder4.... I need to drop folder1&2, so the new path would be /folder3/folder4... If folder1 and folder2 were the same all the time, this would be easy. But... (4 Replies)
Discussion started by: robertinohio
4 Replies

10. Programming

reg adding Users into at.allow and removing from at.allow

Hi , Thanks for your time . I am working on a application , which adds unix user through useradd and deletes user through userdel . both are admin commands . My requirement is i have to add a user into at.allow whenver a unix user is added through my application and the user should be... (4 Replies)
Discussion started by: naren_chella
4 Replies
Login or Register to Ask a Question