-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheckuser
executable file
·223 lines (190 loc) · 6.03 KB
/
checkuser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
#!/bin/bash
set -o errexit \
-o pipefail \
-o nounset
# Checks the year-based ACLs to see whether a user has reapplied
# for their RC accounts that session.
# use own username if none supplied as argument
username=${1:-$USER}
GREEN="$(tput setaf 2)"
BLUE="$(tput setaf 4)"
RED="$(tput setaf 1)"
RESET="$(tput sgr0)"
if [[ "$username" =~ ^[^[:space:]]+@ucl\.ac\.uk$ ]]; then
echo "${RED}Warning: this username looks like an email address.${RESET}"
echo "${RED} It will be checked and converted.${RESET}"
echo -n "Can id email address: "
id "$username" >/dev/null 2>/dev/null && echo "${GREEN}yes${RESET}" || echo "${RED}no${RESET}"
old_username="$username"
if username="$(id -un "$username")"; then
echo "Username converted successfully to: ${GREEN}${username}${RESET}"
else
echo "${RED}Could not convert email address to username, leaving as-is.${RESET}"
username="${old_username}"
fi
fi
echo -n "Can id user: "
id "$username" >/dev/null 2>/dev/null && echo "${GREEN}yes${RESET}" || echo "${RED}no${RESET}"
echo -n "User is in groups: "
if user_groups="$(groups "$username" 2>&1)"
then
echo "${GREEN}${user_groups#*:}${RESET}"
else
echo "${RED}${user_groups#groups: *:}${RESET}"
fi
echo "" # Blank line for section separation
function sge_check_acls() {
local access_group
local access_group_label
local -a sge_access_groups sge_access_group_labels
sge_access_groups+=(AY201617)
sge_access_group_labels+=("access group for 2016-2017")
sge_access_groups+=(AY201718)
sge_access_group_labels+=("access group for 2017-2018")
sge_access_groups+=(AY201819)
sge_access_group_labels+=("access group for 2018-2019")
sge_access_groups+=(Open)
sge_access_group_labels+=("Open access group")
for (( access_group_index=0; access_group_index < "${#sge_access_groups[@]}"; access_group_index++ )); do
access_group="${sge_access_groups[$access_group_index]}"
access_group_label="${sge_access_group_labels[$access_group_index]}"
echo -n "Checking whether user is in $access_group_label: "
if qconf -su "$access_group" 2>/dev/null >/dev/null; then
if qconf -su "$access_group" | grep -q "$username"
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
else
echo "${BLUE}no such group${RESET}"
fi
done
}
function sge_check_nosub() {
local username="$1"
echo -n "Checking whether user has been blocked from submitting jobs: "
if qconf -su NoSubmission 2>/dev/null >/dev/null
then
# check NoSubmission for blocked users
if qconf -su NoSubmission | grep -q "$username"
then
echo "${RED}yes${RESET}"
else
echo "${GREEN}no${RESET}"
fi
else
echo "${GREEN}no (no blocked ACL here)${RESET}"
fi
}
function slurm_check_user_exists() {
local username="$1"
echo -n "Checking whether user is in Slurm DB: "
command -v jq >/dev/null || echo "${RED}could not check, jq not found${RESET}"
if sacctmgr --json list user "$username" \
| jq -er '.users[].name' >/dev/null
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
}
if command -v qconf >/dev/null; then
sge_check_acls "$username"
sge_check_nosub "$username"
elif command -v sacctmgr >/dev/null; then
slurm_check_user_exists "$username"
fi
echo -n "Checking whether user is in the actual PAM userlist: "
pam_listfile="/var/opt/sge/shared/userlist"
if [[ ! -r "$pam_listfile" ]]; then
echo "${RED}error${RESET}"
fi
if grep "^$username\$" "$pam_listfile" >/dev/null; then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo "" # Blank line for section separation
echo -n "Checking whether user has a home directory: "
if stat --printf='' "/home/${username}" 2>/dev/null
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo -n "Checking whether user has a scratch directory: "
if stat --printf='' "/scratch/scratch/${username}" 2>/dev/null
then
echo "${GREEN}yes${RESET}"
flag_has_no_scratch=n
else
echo "${RED}no${RESET}"
flag_has_no_scratch=y
fi
echo -n "Checking whether home directory is *owned* by that user: "
owner="$(stat --printf=%U "/home/${username}" 2>/dev/null)"
if [ "$owner" == "$username" ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
echo -n "Checking whether scratch directory is *owned* by that user: "
owner="$(stat --printf=%U "/scratch/scratch/${username}" 2>/dev/null)"
if [ "$flag_has_no_scratch" == "n" ]
then
if [ "$owner" == "$username" ]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no${RESET}"
fi
else
echo "${BLUE}skipped${RESET}"
fi
echo -n "Checking whether home directory is usable by owner: "
perms="$(stat --printf=%A "/home/${username}" 2>/dev/null)"
if [[ "${perms:1:3}" =~ rwx ]]
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
echo -n "Checking whether scratch directory is usable by owner: "
if [ "$flag_has_no_scratch" == "n" ]
then
perms="$(stat --printf=%A "/scratch/scratch/${username}" 2>/dev/null)"
if [[ "${perms:1:3}" =~ rwx ]];
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
else
echo "${BLUE}skipped${RESET}"
fi
echo -n "Checking whether home directory has standard permissions: "
perms="$(stat --printf=%A "/home/${username}" 2>/dev/null)"
if [[ "${perms}" == "drwx------" ]];
then
echo "${GREEN}yes${RESET}"
else
echo "${RED}no: perms are ${perms}${RESET}"
fi
echo ""
echo -n "Checking whether user has jobs in the queue: "
has_jobs="$(qstat -u "$username" | wc -l)"
if [ "$has_jobs" -gt 0 ]
then
echo "${GREEN}yes${RESET}"
else
echo "${BLUE}no${RESET}"
fi
echo -n "Checking when user last logged in to this node: "
last_login="$(last -adwn 1 "${username}" | head -n 1)"
if [ -z "$last_login" ]; then
echo "${RED}never${RESET}"
else
echo "${BLUE}$last_login${RESET}"
fi