-
Notifications
You must be signed in to change notification settings - Fork 1
/
checkuser
executable file
·192 lines (165 loc) · 5.19 KB
/
checkuser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/bin/bash
# Checks the year-based ACLs to see whether a user has reapplied
# for their RC accounts that session.
# use own username if none supplied as argument
username=${1:-$USER}
GREEN="$(tput setaf 2)"
BLUE="$(tput setaf 4)"
RED="$(tput setaf 1)"
RESET="$(tput sgr0)"
if [[ "$username" =~ ^[^[:space:]]+@ucl\.ac\.uk$ ]]; then
echo "${RED}Warning: this username looks like an email address.${RESET}"
echo "${RED} It will be checked and converted.${RESET}"
echo -n "Can id email address: "
id "$username" >/dev/null 2>/dev/null && echo "${GREEN}yes${RESET}" || echo "${RED}no${RESET}"
old_username="$username"
if username="$(id -un "$username")"; then
echo "Username converted successfully to: ${GREEN}${username}${RESET}"
else
echo "${RED}Could not convert email address to username, leaving as-is.${RESET}"
username="${old_username}"
fi
fi
echo -n "Can id user: "
id "$username" >/dev/null 2>/dev/null && echo "${GREEN}yes${RESET}" || echo "${RED}no${RESET}"
echo -n "User is in groups: "
user_groups="$(groups "$username" 2>&1)"
if [ $? == 0 ]; then
echo "${GREEN}${user_groups#*:}${RESET}"
else
echo "${RED}${user_groups#groups: *:}${RESET}"
fi
echo "" # Blank line for section separation
declare -a sge_access_groups sge_access_group_labels
sge_access_groups+=(AY201617)
sge_access_group_labels+=("access group for 2016-2017")
sge_access_groups+=(AY201718)
sge_access_group_labels+=("access group for 2017-2018")
sge_access_groups+=(AY201819)
sge_access_group_labels+=("access group for 2018-2019")
sge_access_groups+=(Open)
sge_access_group_labels+=("Open access group")
for (( access_group_index=0; access_group_index < "${#sge_access_groups[@]}"; access_group_index++ )); do
access_group="${sge_access_groups[$access_group_index]}"
access_group_label="${sge_access_group_labels[$access_group_index]}"
echo -n "Checking whether user is in $access_group_label: "
if qconf -su "$access_group" 2>/dev/null >/dev/null; then
qconf -su "$access_group" | grep -q "$username"
if [ $? == 0 ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
else
echo "${BLUE}no such group${RESET}"
fi
done
echo -n "Checking whether user is in the actual PAM userlist: "
pam_listfile="/var/opt/sge/shared/userlist"
if [[ ! -r "$pam_listfile" ]]; then
echo "${RED}error${RESET}"
fi
if grep "^$username\$" "$pam_listfile" >/dev/null; then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo -n "Checking whether user has been blocked from submitting jobs: "
if qconf -su NoSubmission 2>/dev/null >/dev/null
then
# check NoSubmission for blocked users
qconf -su NoSubmission | grep -q "$username"
if [ $? == 0 ]
then
echo "${RED}yes${RESET}"
else
echo "${GREEN}no${RESET}"
fi
else
echo "${GREEN}no (no blocked ACL here)${RESET}"
fi
echo "" # Blank line for section separation
echo -n "Checking whether user has a home directory: "
stat --printf='' "/home/${username}" 2>/dev/null
if [ $? == 0 ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo -n "Checking whether user has a scratch directory: "
stat --printf='' "/scratch/scratch/${username}" 2>/dev/null
if [ $? == 0 ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
flag_has_no_scratch=y
fi
echo -n "Checking whether home directory is *owned* by that user: "
owner="$(stat --printf=%U "/home/${username}" 2>/dev/null)"
if [ "$owner" == "$username" ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo -n "Checking whether scratch directory is *owned* by that user: "
owner="$(stat --printf=%U "/scratch/scratch/${username}" 2>/dev/null)"
if [ -z "$flag_has_no_scratch" ];
then
if [ "$owner" == "$username" ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
else
echo "${BLUE}skipped${RESET}"
fi
echo -n "Checking whether home directory is usable by owner: "
perms="$(stat --printf=%A "/home/${username}" 2>/dev/null)"
if [[ "${perms:1:3}" =~ rwx ]];
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
echo -n "Checking whether scratch directory is usable by owner: "
if [ -z "$flag_has_no_scratch" ];
then
perms="$(stat --printf=%A "/scratch/scratch/${username}" 2>/dev/null)"
if [[ "${perms:1:3}" =~ rwx ]];
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
else
echo "${BLUE}skipped${RESET}"
fi
echo -n "Checking whether home directory has standard permissions: "
perms="$(stat --printf=%A "/home/${username}" 2>/dev/null)"
if [[ "${perms}" == "drwx------" ]];
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
echo ""
echo -n "Checking whether user has jobs in the queue: "
has_jobs="$(qstat -u "$username" | wc -l)"
if [ "$has_jobs" -gt 0 ]
then
echo "${GREEN}yes${RESET}"
else
echo "${BLUE}no${RESET}"
fi
echo -n "Checking when user last logged in to this node: "
last_login="$(last -adwn 1 "${username}" | head -n 1)"
if [ -z "$last_login" ]; then
echo "${RED}never${RESET}"
else
echo "${BLUE}$last_login${RESET}"
fi