#!/bin/sh host_name=`hostname` readonly_bin_path="/home/readonly/.bin" linux_cmd_list=("/usr/bin/du" "/usr/bin/iostat" "/usr/bin/df" "/usr/bin/ps" "/usr/bin/pstree" "/usr/sbin/lsof" "/usr/bin/jobs" "/usr/bin/bg" "/usr/bin/fg" "/usr/bin/free" "/usr/bin/netstat" "/usr/bin/curl" "/usr/sbin/ifconfig" "/usr/bin/telnet" "/usr/bin/ping" "/usr/sbin/ip" "/usr/bin/wget" "/usr/bin/lscpu" "/usr/bin/uptime" "/usr/bin/uname" "/usr/bin/top" "/usr/bin/vmstat" "/bin/ssh" "/usr/bin/sh" "/usr/bin/bash" "/usr/bin/rz" "/usr/bin/sz" "/usr/bin/infocmp" "/usr/bin/view" "/usr/bin/ls" "/usr/bin/touch" "/usr/bin/mkdir" "/usr/bin/vim" "/usr/bin/cat" "/usr/bin/grep" "/usr/bin/awk" "/usr/bin/less" "/usr/bin/more" "/usr/bin/find" "/usr/bin/tar" "/usr/bin/zip" "/usr/bin/unzip" "/usr/bin/stat" "/usr/bin/vi" "/usr/bin/tail" "/usr/bin/dirname" "/usr/bin/which" "/usr/bin/cp" "/usr/bin/date" "/usr/bin/mv" "/usr/bin/scp" "/usr/bin/rsync" "/usr/bin/wc" "/usr/bin/uniq" "/usr/sbin/ss" "/usr/bin/sudo" "/usr/bin/egrep" "/usr/bin/cut" "/usr/bin/basename" "/usr/bin/tty" "/usr/bin/sed") te_service_list=("/usr/local/bin/kubectl" "/data/home/ta/kafka_ta/bin/kafka-topics.sh" "/usr/bin/mysql" "/usr/bin/mysqlbinlog" "/usr/bin/mysqldump" "/data/home/ta/hadoop_ta/bin/hdfs" "/data/home/ta/hadoop_ta/bin/hadoop" "/data/app/.admin_manager_ta/presto" "/data/home/ta/zookeeper_ta/bin/zkCli.sh" "/usr/bin/kudu" "/usr/bin/redis-cli" "/data/home/ta/support_tool_ta/support-tool" "/data/app/.admin_manager_ta/ta-admin") function basic_env_init(){ useradd -s /bin/bash readonly echo Z5xkEfwucYgHn3K49tXd | passwd --stdin readonly mkdir -p /home/readonly/.bin chown root. /home/readonly/.bash_profile chmod 755 /home/readonly/.bash_profile echo "PATH=/home/readonly/.bin" >> /home/readonly/.bash_profile echo "export PATH" >> /home/readonly/.bash_profile chown readonly:readonly /home/readonly/.bin/ su - readonly -c "source /home/readonly/.bash_profile" mkdir -p /home/readonly/.ssh/ echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsIGYdQKAmXWIDZ2XZXpDeM+0yKiZLwT8A9niVDuqmGtzaBbRsqGw003tz6v9f4Z20NxN3x5LBkRU2Xe3JxARJHj1hChEQLvBBd+YJXJ+7e6Z/IfP7dNvzOEMRKyVaAFeZ31yQjh8TinKm6/Hp6jV55BHVlMvYBvm2lXLAxU8WeygsIgx/ncGvzsqfq4W4cs3a4UPUxOgCnucFCHEBplok+cIi9LDlfNE9PWiJuAvFimdb4qq+hPGUEZ1knigqfSAD0oMoKfQryEZh6h7i2djfVQDscgW5L0/afILvEtO1wY6k3UrHrfG/EWTqDAn9ZkhIpw+rnngraWLub6hP4BIP root@ta' > /home/readonly/.ssh/authorized_keys touch /home/readonly/.ssh/id_rsa chmod 400 /home/readonly/.ssh/id_rsa chown -R readonly:readonly /home/readonly/.ssh/ chmod 644 -R /data/home/ta/*/log chmod 644 -R /data/app/*/log*/*.log* chmod +x /data/home/ta/*/log/ chmod +x /data/app/*/log*/ create_log_perm_cron } function create_log_perm_cron(){ cron_file="/etc/cron.d/ta_log_perm" if [ ! -f ${cron_file} ];then touch ${cron_file} echo "0 1 * * * /usr/bin/chmod +x /data/home/ta/*/log/ /data/app/*/log*/ && /usr/bin/chmod 644 -R /data/home/ta/*/log /data/app/*/log*/*.log*" >> ${cron_file} fi } function service_log_auth(){ station_file="/data/home/ta/data_station/log/server.log" if [ -f ${station_file} ];then chmod 644 ${station_file} fi } function ta1_env_init(){ chmod 755 /data/app/.admin_manager_ta/ta-admin cp /data/app/.admin_manager_ta/*-cli-*-executable.jar /home/readonly/ cp /data/app/.admin_manager_ta/presto /home/readonly/ chmod +x /home/readonly/presto sed -i 's#/root#~#g' /home/readonly/presto chown readonly:readonly /home/readonly/*.jar chmod -R 666 /data/app/.admin_manager_ta/log/ chmod -R 777 /data/app/.admin_manager_ta/tmp/ uname -r|grep el7 if [[ $? != 0 ]];then sudo dnf install -y crypto-policies-scripts sudo update-crypto-policies --set LEGACY fi } function basc_cmd_add(){ for i in ${linux_cmd_list[@]} do ln -s ${i} ${readonly_bin_path} > /dev/null 2>&1 done for i in ${te_service_list[@]} do ln -s ${i} ${readonly_bin_path} > /dev/null 2>&1 done } function add_ta_java_sudo_cmd(){ echo '' > /etc/sudoers.d/20-readonly-rules for cmd in jstat jstack jstatd jps jmap jhat; do echo "readonly ALL=(ta) NOPASSWD: /usr/java/jdk-8.0.332/bin/$cmd" >> /etc/sudoers.d/20-readonly-rules done echo "readonly ALL=(root) NOPASSWD: /usr/bin/netstat" >> /etc/sudoers.d/20-readonly-rules echo "%readonly ALL=(readonly) NOPASSWD: ALL" >> /etc/sudoers.d/20-readonly-rules echo "readonly ALL=(ta) NOPASSWD: /data/home/ta/hadoop_ta/bin/hdfs" >> /etc/sudoers.d/20-readonly-rules echo "readonly ALL=(kudu) NOPASSWD: /usr/bin/kudu cluster ksck *" >> /etc/sudoers.d/20-readonly-rules echo "readonly ALL=(root) NOPASSWD: /bin/echo * | /usr/bin/sudo -S /usr/bin/su - readonly -c *" >> /etc/sudoers.d/20-readonly-rules echo "readonly ALL=(root) NOPASSWD: /bin/su - readonly -c *" >> /etc/sudoers.d/20-readonly-rules } function create_readonly_isa_key(){ cat << EOF > /home/readonly/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEArCBmHUCgJl1iA2dl2V6Q3jPtMiomS8E/APZ4lQ7qphrc2gW0 bKhsNNN7c+r/X+GdtDcTd8eSwZEVNl3tycQESR49YQoREC7wQXfmCVyfu3umfyHz +3Tb8zhDESslWgBXmd9ckI4fE4pypuvx6eo1eeQR1ZTL2Ab5tpVywMVPFnsoLCIM f53Br87Kn6uFuHLN2uFD1MToAp7nBQhxAaZaJPnCIvSw5XzRPT1oibgLxYpnW+Kq voTxlBGdZJ4oKn0gA9KDKCn0K8hGYeoe4tnY31UA7HIFuS9P2nyC7xLTtcGOpN1K x63xvxFk6gwJ/WZISKcPq554K2li7m+oT+ASDwIDAQABAoIBAG3WDtND1e4lUNIT PO7EZXUldYq5Us6sdePLY47agemU4rFNSqC7qLDc8r45itRISDYjnwykEYXrarnS nlZN+t4dqdUuc0z8ZtugAu6eaF9evBQMOoCPRXuiv0lJWwBfj4bk/VBRIIt7oUXa 8ffuOEmbu7WqyZkEenyESUGxppIU4M74fJWgh9I0O08RIzJghPoKnrKZySmuAFjZ Ykmfw0rfFiL6hNhjLZpTDJGd0rUalaj38wnhT1EYubL1QtnevMT9jvQwY1d0EmyZ QYpAcW9GfL2Rynjuf2f41uQBC1ewatSyHtUEeLkE8RNe64bEUfq85z1H/f3G1MqP VTEJV8ECgYEA1clMG0GTl07S7s2Huu87O12EsYnCl2alD4x821vyAm0gVdGOPRRE cIBeqdtFe328mATF6IyMf0/UCZkUGJOFAGBpRL0Vri9eOpFrvnZZ1A86lrV+m5n4 yiiHYt3vcNAS6EXCmKSZDc8Sm/fwwwdhF+buQ/AKDFSyFy/K09VAF2cCgYEAzh09 JzJBUsnOvxQmquiJSR1Bx4SSicmAFd4zOGL3xWxehbJ7lbZiMAaw6f4u9MCu0X9u RaYUmQmYuJ+xAcKw+dVyLneeuDBtBZ2KXJUib4YuRdpOIm9ftJhRvOTX+Uj5V0Z3 NNkW6XyVQy1pUgr05rviwKbYTPOBoa6BxIlTTxkCgYB09v08rFQjpGyjWq+4BstR X4kJ2WUtkGseZq6pFVUDHtFiIpS/tib7pkAkjmMlfVWBlprw8HSt8u7/kVD9YTiT TCxL/2etNR1Izec0/WuIKgzUB9iNKWCEukfYP7SQ9EZj7kbZXLSgaXq0+qIvEgp9 GUuiv+G/fVcyeGNwImw+YQKBgCIA+OHKjLRXzt//NxHjIyMIzJ1Z5cMNlzAEZHbc /Pt5EW8FLxZX7IL316AC60Q9tZmiaFLdP3CwAJ4U2mLr975/1EKOQYUpmBLhFr6H bBLyFBg6F8Hele95YaLELk1WGKypV2lEl18Vypo2l7WNUTHvtU0LOYwYcD54R7hg 33mhAoGATYP9NfxouBlbFzPT9q+3WqbC4OVYxmIsgYnJmQM5D9OPZFxOJNhNRQ1X qK/MoaT4cPHgv3JPgJA5J/2uZVEDICMybLTjvSEpsfUQasqsZjLyu8F+13G07XlL hl44/1TuphY5RrRvyEJKPz+IUnAAg3Nyz0HcJzDk9MDBrDTuxIc= -----END RSA PRIVATE KEY----- EOF cat << EOF > /home/readonly/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsIGYdQKAmXWIDZ2XZXpDeM+0yKiZLwT8A9niVDuqmGtzaBbRsqGw003tz6v9f4Z20NxN3x5LBkRU2Xe3JxARJHj1hChEQLvBBd+YJXJ+7e6Z/IfP7dNvzOEMRKyVaAFeZ31yQjh8TinKm6/Hp6jV55BHVlMvYBvm2lXLAxU8WeygsIgx/ncGvzsqfq4W4cs3a4UPUxOgCnucFCHEBplok+cIi9LDlfNE9PWiJuAvFimdb4qq+hPGUEZ1knigqfSAD0oMoKfQryEZh6h7i2djfVQDscgW5L0/afILvEtO1wY6k3UrHrfG/EWTqDAn9ZkhIpw+rnngraWLub6hP4BIP root@ta EOF } function main(){ basic_env_init basc_cmd_add if [[ ${host_name} == "ta1" ]];then echo "start to ta1 readonly user init." ta1_env_init create_readonly_isa_key fi add_ta_java_sudo_cmd service_log_auth echo "readonly user init finished!" } main