Add function to provide global change rights for certain users

password-change-tool/change-user-password.sh

@@ -6,6 +6,10 @@
 USER_TO_CHANGE=""
 NEW_PASSWORD=""
 MY_NAME=$(basename "$0")
+USERS_ALLOWED_ALL="
+qqpam50
+thomas
+"
 
 
 ################################################################################
@@ -29,14 +33,13 @@ Usage: $1 [OPTION]
 Mandatory:
   -u|--user USER                the username for password change
 
-
 HELP
 }
 
 check_if_root() {
   if [ ${EUID} -ne 0 ]; then
     echo "Script must be run as root or sudo"
-    return 1
+    exit 1
   fi
   return
 }
@@ -54,6 +57,20 @@ check_user() {
   return
 }
 
+check_change_permissions() {
+  GREP_OUT=$(echo "${USERS_ALLOWED_ALL}" | grep "\b${SUDO_USER}\b")
+  if [ $? -eq 0 ]; then
+    return
+  fi
+
+  if [ "${SUDO_USER}" == "${USER_TO_CHANGE}" ]; then
+    return
+  else
+    echo "You only can change the password for your own user."
+    exit 1
+  fi
+}
+
 get_password() {
   if test -t 0; then
     echo -n "New password: "
@@ -127,5 +144,6 @@ done
 ################################################################################
 check_if_root
 check_user
+check_change_permissions
 get_password
 change_user_password

password-change-tool/sudo-rule

@@ -1 +1 @@
-user1 ALL=(ALL) NOPASSWD: /usr/local/bin/change-user-password.sh
+ALL ALL=(ALL) NOPASSWD: /usr/local/bin/change-user-password.sh