Fix group detection - improve error handling and variable capture for id -Gn command
parent
44297955d1
commit
02990680ba
|
|
@ -58,30 +58,39 @@ echo
|
||||||
|
|
||||||
echo "=== 2. USER GROUPS CHECK ==="
|
echo "=== 2. USER GROUPS CHECK ==="
|
||||||
if id "$USERNAME" &>/dev/null; then
|
if id "$USERNAME" &>/dev/null; then
|
||||||
GROUPS=$(id -Gn "$USERNAME" 2>/dev/null)
|
# Get groups using id command - ensure we capture the output correctly
|
||||||
GROUPS_LIST="$GROUPS"
|
GROUPS_OUTPUT=$(id -Gn "$USERNAME" 2>&1)
|
||||||
|
GROUPS_EXIT=$?
|
||||||
|
|
||||||
# Debug: Show actual groups
|
if [ $GROUPS_EXIT -eq 0 ] && [ -n "$GROUPS_OUTPUT" ]; then
|
||||||
echo " All groups: $GROUPS_LIST"
|
GROUPS_LIST="$GROUPS_OUTPUT"
|
||||||
|
echo " All groups: $GROUPS_LIST"
|
||||||
|
|
||||||
# Check for sftpusers or sshusers group
|
# Check for sftpusers or sshusers group
|
||||||
if echo "$GROUPS_LIST" | grep -qw "sftpusers"; then
|
if echo "$GROUPS_LIST" | grep -qw "sftpusers"; then
|
||||||
print_status "OK" "User is in sftpusers group (SFTP-only access)"
|
print_status "OK" "User is in sftpusers group (SFTP-only access)"
|
||||||
elif echo "$GROUPS_LIST" | grep -qw "sshusers"; then
|
elif echo "$GROUPS_LIST" | grep -qw "sshusers"; then
|
||||||
print_status "OK" "User is in sshusers group (SSH+SFTP access)"
|
print_status "OK" "User is in sshusers group (SSH+SFTP access)"
|
||||||
|
else
|
||||||
|
print_status "ERROR" "User is NOT in sftpusers or sshusers group!"
|
||||||
|
echo " Current groups: $GROUPS_LIST"
|
||||||
|
echo " Fix: usermod -aG sftpusers $USERNAME (for SFTP-only)"
|
||||||
|
echo " Fix: usermod -aG sshusers $USERNAME (for SSH+SFTP)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for litespeed group
|
||||||
|
if echo "$GROUPS_LIST" | grep -qw "litespeed"; then
|
||||||
|
print_status "OK" "User is in litespeed group"
|
||||||
|
else
|
||||||
|
print_status "WARNING" "User is NOT in litespeed group (may affect file access)"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
print_status "ERROR" "User is NOT in sftpusers or sshusers group!"
|
print_status "ERROR" "Failed to retrieve groups for user $USERNAME"
|
||||||
echo " Current groups: $GROUPS_LIST"
|
echo " Command exit code: $GROUPS_EXIT"
|
||||||
echo " Fix: usermod -aG sftpusers $USERNAME (for SFTP-only)"
|
echo " Output: $GROUPS_OUTPUT"
|
||||||
echo " Fix: usermod -aG sshusers $USERNAME (for SSH+SFTP)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check for litespeed group
|
|
||||||
if echo "$GROUPS_LIST" | grep -qw "litespeed"; then
|
|
||||||
print_status "OK" "User is in litespeed group"
|
|
||||||
else
|
|
||||||
print_status "WARNING" "User is NOT in litespeed group (may affect file access)"
|
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
print_status "ERROR" "User $USERNAME does not exist"
|
||||||
fi
|
fi
|
||||||
echo
|
echo
|
||||||
|
|
||||||
|
|
@ -308,27 +317,38 @@ echo
|
||||||
echo "=== 9. AUTHENTICATION TEST (SIMULATED) ==="
|
echo "=== 9. AUTHENTICATION TEST (SIMULATED) ==="
|
||||||
if id "$USERNAME" &>/dev/null; then
|
if id "$USERNAME" &>/dev/null; then
|
||||||
USER_SHELL=$(getent passwd $USERNAME | cut -d: -f7)
|
USER_SHELL=$(getent passwd $USERNAME | cut -d: -f7)
|
||||||
AUTH_GROUPS=$(id -Gn "$USERNAME" 2>/dev/null)
|
AUTH_GROUPS_OUTPUT=$(id -Gn "$USERNAME" 2>&1)
|
||||||
|
AUTH_GROUPS_EXIT=$?
|
||||||
|
|
||||||
if [ "$USER_SHELL" = "/sbin/nologin" ]; then
|
if [ $AUTH_GROUPS_EXIT -eq 0 ] && [ -n "$AUTH_GROUPS_OUTPUT" ]; then
|
||||||
if echo "$AUTH_GROUPS" | grep -qw "sftpusers"; then
|
AUTH_GROUPS="$AUTH_GROUPS_OUTPUT"
|
||||||
print_status "OK" "User configured for SFTP-only (nologin shell + sftpusers group)"
|
|
||||||
echo " Note: This user can ONLY use SFTP, not SSH shell access"
|
if [ "$USER_SHELL" = "/sbin/nologin" ]; then
|
||||||
|
if echo "$AUTH_GROUPS" | grep -qw "sftpusers"; then
|
||||||
|
print_status "OK" "User configured for SFTP-only (nologin shell + sftpusers group)"
|
||||||
|
echo " Note: This user can ONLY use SFTP, not SSH shell access"
|
||||||
|
else
|
||||||
|
print_status "ERROR" "User has nologin shell but NOT in sftpusers group!"
|
||||||
|
echo " Current groups: $AUTH_GROUPS"
|
||||||
|
fi
|
||||||
|
elif [ "$USER_SHELL" = "/bin/bash" ] || [ "$USER_SHELL" = "/bin/sh" ]; then
|
||||||
|
if echo "$AUTH_GROUPS" | grep -qw "sshusers"; then
|
||||||
|
print_status "OK" "User configured for SSH+SFTP (bash shell + sshusers group)"
|
||||||
|
else
|
||||||
|
print_status "ERROR" "User has bash shell but NOT in sshusers group!"
|
||||||
|
echo " Current groups: $AUTH_GROUPS"
|
||||||
|
echo " Fix: usermod -aG sshusers $USERNAME"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
print_status "ERROR" "User has nologin shell but NOT in sftpusers group!"
|
print_status "WARNING" "Unexpected shell: $USER_SHELL"
|
||||||
echo " Current groups: $AUTH_GROUPS"
|
|
||||||
fi
|
|
||||||
elif [ "$USER_SHELL" = "/bin/bash" ] || [ "$USER_SHELL" = "/bin/sh" ]; then
|
|
||||||
if echo "$AUTH_GROUPS" | grep -qw "sshusers"; then
|
|
||||||
print_status "OK" "User configured for SSH+SFTP (bash shell + sshusers group)"
|
|
||||||
else
|
|
||||||
print_status "ERROR" "User has bash shell but NOT in sshusers group!"
|
|
||||||
echo " Current groups: $AUTH_GROUPS"
|
|
||||||
echo " Fix: usermod -aG sshusers $USERNAME"
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
print_status "WARNING" "Unexpected shell: $USER_SHELL"
|
print_status "ERROR" "Failed to retrieve groups for authentication check"
|
||||||
|
echo " Command exit code: $AUTH_GROUPS_EXIT"
|
||||||
|
echo " Output: $AUTH_GROUPS_OUTPUT"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
print_status "ERROR" "User $USERNAME does not exist"
|
||||||
fi
|
fi
|
||||||
echo
|
echo
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue