Friday, January 15, 2016

Enable temporary sudo access

Below script would be useful how to give temporary  root sudo access  to user.


sudo -u test1 /home/test1/scripts/tempsudoaccess.sh oracle test101.testdb.com TICK000202


#!/bin/bash
# Para 1 => User
# Para 2 => Server
USAGE="tempsudoaccess.sh <User Name> <FQDN of Server> <Ticket Number>"
if [ $# -ne 3 ]; then
        echo $USAGE
        exit
fi
USERNAME="$1"
USERNAMEOK=""
USERNAMEOK="`id $USERNAME | grep ^id`"
SRVNAME="$2"
TICKET="$3"
if [ "$USERNAMEOK" != "" ]; then
        echo "Invalid User"
else
        echo "rm -f /etc/sudoers.d/$USERNAME" > /tmp/$USERNAME
        echo "# Access Granted per Ticket : $TICKET" > /tmp/${USERNAME}_sudo
        if [ "$USERNAME" == "oracle" ]; then
                echo "$USERNAME ALL=(root) NOPASSWD:ALL" >> /tmp/${USERNAME}_sudo
        else
                echo "$USERNAME ALL=(root) ALL" >> /tmp/${USERNAME}_sudo
        fi
        scp -rq /tmp/$USERNAME* $SRVNAME:/tmp/
        #ssh -n $SRVNAME "sudo mv -f /tmp/$USERNAME /opt; sudo /bin/chown root.root /tmp/${USERNAME}_sudo; sudo /bin/chmod 440 /tmp/${USERNAME}_sudo; sudo mv -f /tmp/${USERNAME}_sudo /etc/sudoers.d/$USERNAME; sudo at now + 7 days < /opt/$USERNAME"
        ssh -n $SRVNAME "sudo /bin/chown root.root /tmp/${USERNAME}_sudo; sudo /bin/chmod 440 /tmp/${USERNAME}_sudo; sudo mv -f /tmp/${USERNAME}_sudo /etc/sudoers.d/$USERNAME; sudo at now + 7 days < /tmp/$USERNAME"
fi
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)