From 4eff0fd3dd4b415341f40401ef5e19c70025ff59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BD=D1=82=D0=BE=D0=BD=20=D0=A8=D0=B5=D0=B2=D1=86?=
 =?UTF-8?q?=D0=BE=D0=B2?= <shevtsovay@basealt.ru>
Date: Thu, 29 Aug 2024 11:10:11 +0300
Subject: [PATCH] =?UTF-8?q?=D0=97=D0=B0=D0=B3=D1=80=D1=83=D0=B7=D0=B8?=
 =?UTF-8?q?=D1=82=D1=8C=20=D1=84=D0=B0=D0=B9=D0=BB=D1=8B=20=D0=B2=20=C2=AB?=
 =?UTF-8?q?/=C2=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 block_local_users | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 block_local_users

diff --git a/block_local_users b/block_local_users
new file mode 100644
index 0000000..bb6965f
--- /dev/null
+++ b/block_local_users
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Скрипт будет работать если определена переменная окружения I_AM_SURE=1
+
+if [ "$EUID" -ne 0 ]
+  then echo "root only"
+  exit 255
+fi
+
+# диапазон локальных уидов берем из /etc/login.defs
+uid_max=$(grep UID_MAX /etc/login.defs | awk '{print  $2}')
+uid_min=$(grep UID_MIN /etc/login.defs | awk '{print  $2}')
+
+# диапазон исключений
+reserved_min=1000
+reserved_max=1100
+
+local_users=$(awk -v RMIN=$reserved_min -v RMAX=$reserved_max -v UID_MAX=$uid_max -v UID_MIN=$uid_min -F ':' \
+	'{if ( (($3>=UID_MIN) && ($3<RMIN)) || (($3>RMAX) && ($3<=UID_MAX)) ) {print $1} }' \
+	/etc/passwd | sort -n )
+
+DRYRUN='/usr/bin/echo'
+
+if [ "xxx${I_AM_SURE}" ==  "xxx1" ]; then
+	DRYRUN=''
+fi
+
+# блокируем всех пользователей, кто остается за пределами списков
+for i in $local_users; do
+	${DRYRUN} /usr/sbin/passwd --lock $i
+done