Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kim-hwiwon/linux-service-account-manager
Make a new linux user account which can be used as general purpose service account
https://github.com/kim-hwiwon/linux-service-account-manager
bash linux posix-shell server service service-account shell user-account
Last synced: 7 days ago
JSON representation
Make a new linux user account which can be used as general purpose service account
- Host: GitHub
- URL: https://github.com/kim-hwiwon/linux-service-account-manager
- Owner: kim-hwiwon
- License: mit
- Created: 2024-02-28T14:14:44.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2024-11-27T14:05:58.000Z (about 1 month ago)
- Last Synced: 2024-12-01T23:13:33.550Z (about 1 month ago)
- Topics: bash, linux, posix-shell, server, service, service-account, shell, user-account
- Language: Shell
- Homepage:
- Size: 463 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Linux Service Account Manager (LiSAM)
## Description
Make a new linux user account which can be used as general purpose service account.
(Mainly targeted for `RHEL`-derivatives, may also work on `Debian`-derivatives)
Users created by this script will:
- Have user systemd service functions (with `loginctl enable-linger` and `export XDG_RUNTIME_DIR`)
- Have limited systemd resources, configured by systemd resource control (cgroups)
- (Optional) Get open ports for the account (with `firewalld`)
- Ignored if `firewalld` is not installed on the system
## Usage
```
usage: lisam [ARGS]... [ ]...
- add: create a new LiSAM service account
$ lisam add [OPTIONS]...
[OPTIONS]
-u, --uid < # > : Linux account UID
-c, --cpu-weight < 1-10000 | idle > : Systemd CPUWeight
-C, --cpu-quota < #% > : Systemd CPUQuota
-m, --memory-max < #[K|M|G|T] | 0%-100% > : Systemd MemoryMax
-M, --memory-high < #[K|M|G|T] | 0%-100% > : Systemd MemoryHigh
-s, --swap-max < #[K|M|G|T] | 0%-100% > : Systemd MemorySwapMax
-z, --zswap-max < #[K|M|G|T] | 0%-100% > : Systemd MemoryZSwapMax
-t, --tasks-max < # > : Systemd TasksMax
-i, --io-weight < 1-10000 > : Systemd IOWeight
-d, --dev-allowed < ${DEV_PATH} > : Systemd DeviceAllow
* Pass multiple options to set more than one device path
-p, --sock-allowed < 1-65535 > : Systemd SockBindAllow
* Pass multiple options to set more than one
- mod: modify a LiSAM service account
$ lisam mod [OPTIONS]...
[OPTIONS]
-c, --cpu-weight < 1-10000 | idle > : Systemd CPUWeight
-C, --cpu-quota < #% > : Systemd CPUQuota
-m, --memory-max < #[K|M|G|T] | 0%-100% > : Systemd MemoryMax
-M, --memory-high < #[K|M|G|T] | 0%-100% > : Systemd MemoryHigh
-s, --swap-max < #[K|M|G|T] | 0%-100% > : Systemd MemorySwapMax
-z, --zswap-max < #[K|M|G|T] | 0%-100% > : Systemd MemoryZSwapMax
-t, --tasks-max < # > : Systemd TasksMax
-i, --io-weight < 1-10000 > : Systemd IOWeight
-d, --dev-allowed < ${DEV_PATH} > : Systemd DeviceAllow
* Pass multiple options to set more than one device path
-p, --sock-allowed < 1-65535 > : Systemd SockBindAllow
* Pass multiple options to set more than one
- ls: list all LiSAM service accounts
$ lisam ls
- detail: print details of an LiSAM service account
$ lisam detail
- rm: remove an LiSAM service account
$ lisam rm [OPTIONS]...
[OPTIONS]
-f, --force : Force remove without prompt
- usage: print usage message
$ lisam usage
- help: print help message
$ lisam help
[OPT_VAL] Special Patterns
- : Required wrapper
- [X] : Optional wrapper (X can be omitted)
- # : Arbitrary digits (positive integer)
- ${X} : Arbitrary string (X is a description of the string)
- A|B : A or B
- A-B : Value range from A to B (inclusive)
```
## Remarks
Check below to utilize the script conveniently (Optional).
- To print manual for this command on ssh login:
1. Place `lisam` script to `$PATH` (or just place the script in the directory `~/bin` if your shell supports it by default),
2. Then copy the [ssh welcome message script](asset/ssh.rc) to the path `~/.ssh/rc`, or write down your own welcome message script there.
