-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathadmin-helper.sh
executable file
·57 lines (51 loc) · 1.33 KB
/
admin-helper.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
cmd="$1"
. lib/utils.sh
lock_status() {
if is_user_in_group "$USER" "$ADMIN_GROUP"; then
echo "Admin access is unlocked."
elif is_user_in_group "$USER" "delayed-admin"; then
echo "Admin access is locked."
else
die "$USER is not authorized to use delayed-admin."
fi
}
lock() {
if is_user_in_group "$USER" delayed-admin; then
log "$USER is already in delayed-admin group. Doing nothing."
else
with_sudo add_user_to_group "$USER" "delayed-admin"
log "Added $USER to delayed-admin"
fi
with_sudo remove_user_from_group "$USER" "$ADMIN_GROUP"
log "Removed $USER from $ADMIN_GROUP"
}
unlock() {
with_delayed add_user_to_group "$USER" "$ADMIN_GROUP"
log "Added $USER to $ADMIN_GROUP"
}
case "$cmd" in
lock)
if is_user_in_group "$USER" "$ADMIN_GROUP"; then
lock
log "Lock successful"
else
die "$USER is not in $ADMIN_GROUP group. Perhaps you are already locked?"
fi
;;
unlock)
if is_user_in_group "$USER" "delayed-admin"; then
unlock
log "Unlock successful"
else
die "$USER is not authorized to use delayed-admin"
fi
;;
status)
lock_status
;;
*)
echo "Usage: $0 (lock|unlock|status)"
exit
;;
esac