Home > Blockchain >  Bash script that will validate a user's membership in a specified group
Bash script that will validate a user's membership in a specified group

Time:08-03

Please enter a username: student
Now enter your membership: root
Membership is valid!

ubuntu@user:~$ ./membership.sh
Please enter a username: doesnotexist
Now enter your membership: alsodoesnotexist
Both are not found - why are you even asking me this?

ubuntu@user:~$ ./membership.sh
Please enter a username: student
Now enter your membership: doesnotexist
One exists, one does not. You figure out which.

ubuntu@user:~$ ./membership.sh
Please enter a username: student
Now enter your membership: sudo
Membership invalid but available to join.

I need to convert the conversation above to a bash script. This is what I come up with:

banner="Welcome to the sexy hackers Club"
now="$(date)"
computer_name="$(hostname)"

echo "Date: $now"
echo "$banner: $computer_name"
echo  " "

read -p "Please enter a user name: " USER
read -p "Now enter a group: " MEMBERSHIP


if [[ $USER == 'student' && $MEMBERSHIP == 'root' ]];
then 
echo "Membership valid!"
else
echo "Both are not found"
if  [[ $USER == 'student' ||  $MEMBERSHIP == 'root' ]];
then
echo "One exist, one does not"
if [[ $USER == 'student' || $MEMBERSHIP == 'sudo' ]];
then
echo "Membership invalid but available to join."
fi
fi
fi

The first, and second steps work perfectly but the problem is with the 3rd and 4th conversations. if I add user student and a wrong membership it should say One exists, one does not and in the 4th conversation if I add student but sudo as membership, it should say Membership invalid but available to join.

The problem with my scrip is that the last two conversation gets mixed, I can't find a way to make them unique. I need to create a short Bash script that will validate a user's membership in a specified group. This script should not take any arguments and, instead, should prompt the user to enter a username and a membership. This script should first check to see if the username and membership are found on our system to get Membership valid!. If BOTH ARE NOT FOUND, the script should respond Both are not found but If ONLY ONE IS FOUND, it should respond One exists, one does not. If BOTH ARE FOUND, it should also check to see if the user is a member and If the USER IS A MEMBER OF THE GROUP, the script should respond Membership valid! otherwise, it should respond Membership invalid but available to join. To be clear, the script should initially prompt twice for user input (the prompt does not matter) and then only respond once with one of the four specified responses.

CodePudding user response:

Whitespace would make your code a lot easier to understand. This is what you have with indentation added:

if [[ $USER == 'student' && $MEMBERSHIP == 'root' ]];
then 
  echo "Membership valid!"
else
  echo "Both are not found"
  if  [[ $USER == 'student' ||  $MEMBERSHIP == 'root' ]];
  then
    echo "One exist, one does not"
    if [[ $USER == 'student' || $MEMBERSHIP == 'sudo' ]];
    then
      echo "Membership invalid but available to join."
    fi
  fi
fi

The output mixes because in the else case you always print "Both are not found" but then you could additionally print the other statements as well because they're all part of the same conditional branch.

Instead of else, you should be using elif.

if [[ $USER == 'student' && $MEMBERSHIP == 'root' ]]
then 
  echo "Membership valid!"
elif [[ $USER == 'student' ||  $MEMBERSHIP == 'root' ]]
then
  echo "One exist, one does not"
elif <more conditions...>
  <more logic>
fi #end the entire statement with one fi

CodePudding user response:

Continuing from my comment, you can't just check that the user and group exists on the system and conclude the membership is valid, you have to validate the user is a member of the entered group. There are several ways to do this, but the easiest is just to validate the user and group exist on the system by checking the return of getent called on passwd and group databases.

The to determine membership, just grep $user /etc/group to generate a list of the groups the member belongs to, and parse the output with awk to verify that one of the groups returned matches the membership (group) entered.

Don't use UPPERCASE variables names, those are generally reserved for environment variables or internal shell variables. Lowercase variable names are fine.

Putting it altogether, you could do something similar to the following:

#!/bin/bash

## input user and group
read -p "Please enter a user name: " user
read -p "Now enter a group: " group

## validate user exists on system
getent passwd "$user" >/dev/null
[ $? -ne 0 ] && { 
  printf "%s is not a valid user on the system.\n" "$user" >&2
  exit 1
}

## validate group found on system
getent group "$group" >/dev/null
[ $? -ne 0 ] && { 
  printf "%s is not a valid group on the system.\n" "$group" >&2
  exit 1
}

## validate user is member of group
grep "$user" /etc/group |                   # get groups user is a member of
awk -F":" -v g="$group" '                   # set field sep and g (group)
  $1 == g {                                 # group in list of groups
    found = 1                               # set found flag
    print "Menbership Valid!"               # output success
    exit
  }
  END { 
    if (!found)                             # if group not found
      print "User not Member of group " g   # output result
  }
'

Example Use/Output

Check if I am a member of the wheel group (I am):

$ bash verifymember.sh
Please enter a user name: david
Now enter a group: wheel
Menbership Valid!

Check if foo is a member of wheel (there is no user foo on system):

$ bash verifymember.sh
Please enter a user name: foo
Now enter a group: wheel
foo is not a valid user on the system.

Check if I am a member of the foo group (there is no foo group on the system):

$ bash verifymember.sh
Please enter a user name: david
Now enter a group: foo
foo is not a valid group on the system.

Check if I'm a member of the audio group (I'm not, but it is a valid group):

$ bash verifymember.sh
Please enter a user name: david
Now enter a group: audio
User not Member of group audio

That covers all four possible cases (1) valid member; (2) user doesn't exist; (3) group doesn't exist; and (4) user is not a member of valid group.

Let me know if you have further questions.

CodePudding user response:

#!/bin/bash

read -p "Please enter a username: " user
read -p "Now enter a MEMBERSHIP: " MEMBERSHIP

u=$(id ${user} 2>/dev/null | awk '{print $3}' 2>/dev/null)
g=$(getent MEMBERSHIP ${MEMBERSHIP} 2>/dev/null)
m=$(echo $u 2>/dev/null | grep -w ${MEMBERSHIP} 2>/dev/null)

if [[ ! -n $u ]] && [[ ! -n $g ]] ; then echo "Both are not found"
elif ( [[ -n $u ]] && [[ -n $g ]] ) && [[ ! -n $m ]] ; then echo "Membership invalid but available to join."
elif [[ -n $m ]] ; then echo "Membership valid!"
elif ( [[ ! -n $u ]] && [[ -n $g ]] ) || ( [[ -n $u ]] && [[ ! -n $g ]] ) ; then echo "One exist, one does not."
fi

This is the correct answer to the script. Four different answers to four different actions within the script.

  • Related