#!/bin/sh # Script ti user=$1 d1=/var/tmp/dout d2=/var/tmp/dout1 d3=/var/tmp/dout3 conf=/etc/tacacs.conf bconf=/etc/tacacs-bak.conf ED=./pwedit.sh admin_log="/var/log/tac_user.log" touch $admin_log > /dev/null 2>&1 ############################################################# if [ "$1" = "" ] then echo "The user definition is missing";echo "`date +%b-%d` ERROR no user was defined" >> $admin_log;exit elif [ "$user" = "-h" ] then echo "The syntax for each mode is as follows: S/key Mode: Delete user -s Cleartext Mode: Delete user -c Local DES Mode Delete user -d PAM Mode Delete user -pam ";exit fi # Check for a password method if [ "$2" = "" ] then echo "The password method definition is missing";echo "`date +%b-%d` ERROR password method definition missing" >> $admin_log;exit fi # Check if the editor exists if [ "`ls -A $ED`" = "" ] then echo "The Editor is Missing, check for the file or set the EV";echo "`date +%b-%d` ERROR the editor is missing" >> $admin_log;exit fi if [ "$2" = "-s" ] then echo "Removing S/Key user $1" fi if [ "$2" = "-c" ] then echo "Removing Cleartext user $1" fi if [ "$2" = "-d" ] then echo "Removing local DES user $1" fi #move (backup) config file cp -f $conf $bconf # remove the user from the password file #echo "Removed User from /etc/password" # Find the user grep -A 5 -n "$1" $conf > $d1 grep -c "$1" $d1 > /var/tmp/tout if [ "`cat /var/tmp/tout`" = "0" ] then echo "This user does not exist";echo "`date +%b-%d` ERROR The user $user does not exist" >> $admin_log;exit fi # # Determin the lines to delete cut -d: -f1 $d1 > $d2 cut -d- -f1 $d2 > $d3 # Hand the prams to the SED command parser $ED `head -n1 $d3` `tail -n1 $d3` # Edit the Config File chmod a+x ./exec ./exec > $conf if [ "$2" = "-pam" ] then echo "Removing PAM user $1";/usr/sbin/userdel $user > /dev/null 2>&1 fi # Delete the TACACS backup temp File echo "`date +%b-%d` SUCESS The user $user has been deleted" >> $admin_log