- I want to create a temporary user on ubuntu that gets deleted within a certain period of time.
- I can extend the deletion time.
- I can get the value of the remaining time for the user before deletion. and thanks.
Asked
Active
Viewed 4,771 times
1
Said Dias
- 11
2 Answers
5
You can create a temporary user with the help of useradd command and --expiredate option (expiry date) that is disabled/expired after a certain period of time.
sudo useradd -e <date> username # or
sudo useradd --expiredate <date> username
Suppose you want to create a user test and set the expiry time to '01 January 2023'.
sudo useradd -e 2023-01-01 test
You can then verify the expiry date etc
sudo chage -l test
Hope this helps.
muru
- 207,228
Linux World
- 451
0
Following your three points, but split into more atomic actions:
1. Create or update user
Create a user with expiry date, or modify a user. Note: use YYYY-MM-DD date-format.
Creating newuser:
sudo useradd -e 2022-12-31 newuser
Modifying existinguser:
sudo chage --expiredate 2022-12-31 existinguser
2. Find expiry date
In short, the entire process is packaged in a file, but below are the key pieces of the process, explained.
chage --list --iso8601 test | grep "Account expires" | sed -s 's/.*:\ //g'
The command chage requires root priviledges. The argument iso8601 keeps the date the same regardless of locale in your session.
The sed substitutes s all characters until the first occurance of : (note the space bar), which leaves us with the date (formated exactly like the output of date '+%F' command).
3. Chron-automated user removal
Let us automate that. Assume that the file /root/remove-expired-users.sh contains the following code.
#/bin/bash
SOURCEURL='[https://askubuntu.com/questions/1445285/create-a-temporary-users-on-ubuntu]'
LOGFILE='/var/log/messages'
for USERNAME in $(sed 's/:.*$//g' /etc/passwd); do
echo "`date '+%F_%R'` :: $SOURCEURL :: Testing user -=## $USERNAME ##=- against being expired, for removal." >> $LOGFILE
EXPIRYDATE=`chage --list --iso8601 $USERNAME | grep "Account expires" | sed -s 's/.*:\ //g'`
if [ `date '+%F'` = $EXPIRYDATE ]; then
echo "`date '+%F_%R'` :: $SOURCEURL :: User -=## $USERNAME ##=- expired today. Remove action commented-out for safety." >> $LOGFILE
# deluser $USERNAME
# deluser --group --only-if-empty $USERNAME
fi
done
Make /root/remove-expired-users.sh executable at least for root, add this line: 14 3 * * * /root/remove-expired-users.sh to root's crontab (here: sudo -i crontab -e) in order to have users expired today removed at 3:14 in the morning (although it makes more sense to remove them at 23:59).
Comments:
- This is not elegant (and not safe) to list the entire
/etc/passwd, but will do for learninig. For prod this loop shall exclude users with id below 1000, or even more (like admins too). - User removal is commented-out for safety. Make sure you test at a re-spawn-able virtual machine, or else you are asking for problems.
- Most of these actions require root, and hence needs to be configured on root's cron. Moreover, with great power (of root) comes a great responsibility: misspellings, can be disastrous.
- If your machine is not running on a particular day, at a time the script shall be run, the users with the current-day expiry-date will remain not deleted in the system. Which violates the assumptions, but on the other hand they are already unable to log in.
4. Number of days till expiry
There is a command above for viewing the expiry date. Number of days till expiry could be calculated by the following steps:
- Convert expiry date and today's date to (mili)seconds since epoch.
- Do subtraction of these. Anything numerical and non-negative (or positive, depending on what you subtract from what) qualifies for the following step.
- Divide and round as appropriate in order to obtain days and hours till expiry.
