前言:
作為一個運維人員,經常會有開發的同事審請一些服務器的sudo權限,而且有同事離職,也需要將sudo權限移除,(開發同事離職之後並不是馬上就要將其帳號刪除,至少要保存三個月的時間 ),服務器少了還好說,那如果有幾十台的話,那就不好辦了,自己寫了一個簡單的腳本,也方便了運維的工作,貼出來給大家分享下,有不對的地方還請大家多指教!
1、添加sudo的腳本
#cat addsudo.sh
#!/bin/bash
# Owner by Only.liu
# date 2012/11/01
HOSTLIST="/opt/qunar/tools/etc/adduser_hosts.cf"
SUDOFILE="/etc/sudoers"
#
for HOST in `cat ${HOSTLIST}`
do
ssh only.liu@${HOST} 'sudo grep "'$1'" '${SUDOFILE}'' > /dev/null
if [ "$?" != 0 ]
then
echo "User $1 on ${HOST} not have sudo!"
ssh only.liu@${HOST} 'echo "'$1' ALL=(ALL) NOPASSWD:ALL,!/bin/su"' >> ${SUD
OFILE} && echo "User $1 add sudo success!"
else
echo "User $1 already have sudo!"
fi
done
~
2、刪除sudo的腳本
#cat delsudo.sh
#!/bin/bash
# Owner by Only.liu
# date 2012/11/01
HOSTLIST="/opt/qunar/tools/etc/adduser_hosts.cf"
SUDOFILE="/etc/sudoers"
#
for HOST in `cat ${HOSTLIST}`
do
ssh only.liu@${HOST} 'sudo grep "'$1'" '${SUDOFILE}'' > /dev/null
if [ "$?" = 0 ]
then
echo "User $1 on ${HOST} have sudo!"
ssh only.liu@${HOST} 'sudo sed -i '/$1/d' '${SUDOFILE}'' && echo "User $1 o
n ${HOST} delete success!"
else
echo "User $1 on ${HOST} already delete sudo!"
fi
done
示例:
若要添加tom的sudo權限:
#sudo ./addsudo.sh tom
若要刪除tom的sudo權限:
#sudo ./delsudo.sh tom
注解:
先通過我的帳號only.liu ssh所要加sudo權限的機器,通過grep 命令查看機器的/etc/sudoers文件中是否有同事的帳號,通過退出狀態來判斷,如果有剛輸出User on host have sudo!;若沒有,通過sed命令在最後追加一條,最後輸出add success!