#!/bin/sh #---------------------------------------------------------------------------- # /var/install/bin/mariadb-tools-useradd - MariaDB/MySQL SQL Server add user # # Creation: 2004-01-12 jv # Last Update: $Id$ # # Copyright (c) 2004 Jens Vehlhaber, jvehlhaber(at)buchenwald(dot)de # Copyright (c) 2012-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # Parameter: # -nu= new user # -np= new password # -hn= hostname # -ar= access rights # -u= user name for mysql access # -p= user password for mysql access #---------------------------------------------------------------------------- #include eislib . /var/install/include/eislib # include passwdlib . /var/lib/mariadb/passwdlib # include config . /etc/config.d/mariadb #debug=true if ${debug:-false} then exec 2>/tmp/$(basename ${0})-trace$$.log set -x ask_debug=true export ask_debug fi # --------------------------------------------------------------------------- # defaults # --------------------------------------------------------------------------- get_defaults() { # default values . /var/lib/mysql/defaults.info run_user='mysql' user_name='' host_name='' NewPass='' password='' access_right=99 admin_user='root' PasswordParam='' MKTEMP=/bin/mktemp CAT=/bin/cat RM=/bin/rm ASK=/var/install/bin/ask } # --------------------------------------------------------------------------- # check status and access of MariaDB/MySQL Database # --------------------------------------------------------------------------- check_status() { if [ ! -f ${mysql_pid_file} ] then echo mecho --error "MariaDB/MySQL Server is not running." echo exit 1 fi ${mysql_basedir}/mysqladmin status >/dev/null 2>&1 if [ "${?}" -ne 0 ] then echo mecho -n --error 'MariaDB/MySQL Server' mecho -n --std " 'root' " mecho --error 'password is required.' mecho --info 'Please set the root password.' echo exit 1 fi } ## --------------------------------------------------------------------------- ## check if there is a root password required ## --------------------------------------------------------------------------- #${base_dir}/mysqladmin \ # -u $admin_user $PasswordParam status >/dev/null 2>&1 #if [ $? -eq 1 ] #then # AdminUser="root" # echo # _ask_tmpfile=$(${MKTEMP} -t .XXXXXXXXXXXXX) # ${ASK} "MariaDB/MySQL root password required:" "" "+hidden+" >${_ask_tmpfile} # rc=${?} # read passwd < ${_ask_tmpfile} # ${RM} -f ${_ask_tmpfile} # # # if ask break, ask returned 255 # if [ ${rc} = 255 ] # then # exit 127 # fi # echo # PasswordParam="-p${passwd}" #fi # --------------------------------------------------------------------------- # get user rights if empty # --------------------------------------------------------------------------- get_accessrights() { echo access_right=0 _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Give user Administrator rights " >${_ask_tmpfile} rc=${?} read answer < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi if [ "${answer}" = "yes" ] then access_right=12 else _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Give user write rights " >${_ask_tmpfile} rc=${?} read answer < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi if [ "${answer}" = "yes" ] then access_right=6 fi fi } # --------------------------------------------------------------------------- # get username if empty # --------------------------------------------------------------------------- get_username() { clrhome mecho --info "Add new MariaDB/MySQL user" echo _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "Username:" "" "+" >${_ask_tmpfile} rc=${?} read user_name < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi } # --------------------------------------------------------------------------- # get password if empty # --------------------------------------------------------------------------- get_password() { if [ -f /usr/bin/pwgen ] then _ask_tmpfile=$(${MKTEMP} -t .XXXXXXXXXXXXX) ${ASK} "Create password with pwgen" "yes" >${_ask_tmpfile} rc=${?} read _passwd_pwgen < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 127 fi fi if [ "${_passwd_pwgen:-no}" = "yes" ] then # entry in passwdlib # create password # pwgen --help # return password get_pwgen_passwd else # entry in passwdlib # get password from cmdline get_passwd --check fi } # --------------------------------------------------------------------------- # get hostname if empty # --------------------------------------------------------------------------- get_hostname() { . /etc/config.d/base echo mecho "Enter the allowed host - Example:" echo techo --begin '3 32 23' techo --row "" "localhost" "- spezific host" techo --row "" "%" "- all host" techo --row "" "${IP_ETH_1_NETWORK}/${IP_ETH_1_NETMASK}" "- all host on subnet" techo --row "" "${IP_ETH_1_IPADDR}" "- spezific host" techo --row "" "${HOSTNAME}.${DOMAIN_NAME}" "- spezific host" techo --row "" "%.${DOMAIN_NAME}" "- all host on domain" techo --end echo _ask_tmpfile=$( ${MKTEMP} -t .XXXXXXXXXXXXX ) ${ASK} "host:" "" "+" >${_ask_tmpfile} rc=${?} read host_name < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} # if ask break, ask returned 255 if [ ${rc} = 255 ] then exit 127 fi } # --------------------------------------------------------------------------- # send mail # --------------------------------------------------------------------------- send_mail() { _ask_tmpfile=$(${MKTEMP} -t .XXXXXXXXXXXXX) echo 'Send e-mail with [ENTER] to the given user' ${ASK} 'or type in the address:' "${user_name}" "*" > ${_ask_tmpfile} rc=${?} read _send_mail < ${_ask_tmpfile} ${RM} -f ${_ask_tmpfile} if [ ${rc} = 255 ] then exit 127 fi # entry in passwdlib send_passwd --user ${user_name} \ --realm MariaDB \ --passwd ${password} \ --mail ${_send_mail:-root} \ --sender ${MARIADB_SEND_MAIL_FROM:-root} } # --------------------------------------------------------------------------- # add user to mysql # --------------------------------------------------------------------------- add_user() { case ${access_right} in 0 ) ${mysql_basedir}/mysql -D mysql -u root \ -e "GRANT SELECT ON *.* TO '${user_name}'@'${host_name}' \ IDENTIFIED BY '${password}';FLUSH PRIVILEGES;" n_ret=${?} ;; 6 ) ${mysql_basedir}/mysql -D mysql -u root \ -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON *.* \ TO '${user_name}'@'${host_name}' \ IDENTIFIED BY '${password}';FLUSH PRIVILEGES;" n_ret=${?} ;; 12 ) ${mysql_basedir}/mysql -D mysql -u root \ -e "GRANT ALL PRIVILEGES ON *.* TO '${user_name}'@'${host_name}' \ IDENTIFIED BY '${password}' WITH GRANT OPTION;FLUSH PRIVILEGES;" n_ret=${?} ;; esac if [ ${n_ret} -eq 0 ] then if ${interactive:-true} then mecho --info "done" fi if [ "${user_name}" = "backup" ] then echo "passwd=${password}" > ${mysql_datadir}/backup.pwd chmod 0600 ${mysql_datadir}/backup.pwd chown root:${run_user} ${mysql_datadir}/backup.pwd elif [ -n "${MARIADB_SEND_MAIL_FROM}" -a "${user_name}" != "root" ] then send_mail fi fi } # --------------------------------------------------------------------------- # cmd line parser # --------------------------------------------------------------------------- get_parameter() { while [ ${#} -ne 0 ] do case "${1}" in -nu=*) interactive='false' user_name=$(echo "${1}" | sed -e "s;-nu=;;") ;; -np=*) interactive='false' password=$(echo "${1}" | sed -e "s;-np=;;") ;; -hn=*) interactive='false' host_name=$(echo "${1}" | sed -e "s;-hn=;;") ;; -ar=*) interactive='false' AccessRight=$(echo "${1}" | sed -e "s;-ar=;;") ;; -u=*) interactive='false' admin_user=$(echo "${1}" | sed -e "s;-u=;;") ;; -p=*) interactive='false' passwd=$(echo "${1}" | sed -e "s;-p=;;") if [ -n "${passwd}" ] then PasswordParam="-p${passwd}" fi ;; *) echo "Unknown argument '${1}'" exit 1 ;; esac done } # --------------------------------------------------------------------------- # main # --------------------------------------------------------------------------- main() { param=${1} get_defaults get_parameter ${param} check_status if [ -z "${user_name}" ] then get_username fi if [ -z "${password}" ] then get_password fi if [ -z "${host_name}" ] then get_hostname fi if [ ${access_right} = 99 ] then get_accessrights fi add_user if ${interactive:-true} then echo anykey fi exit 0 } # --------------------------------------------------------------------------- # call function main # --------------------------------------------------------------------------- main "${@}" # --------------------------------------------------------------------------- # end # ---------------------------------------------------------------------------