Delete-user bash script · SFTP Gateway Support

Overview

This article goes over how to delete an SFTP user via the command line using our delete-user.sh script.

IMPORTANT: If you're on version 3.5.0 or newer of SFTP Gateway, make sure to edit the script on line 69 so the endpoint for generating the OAuth token is set to http://127.0.0.1:8080/login NOT http://127.0.0.1:8080/oauth/token.

Create the script

In this section, you will create the bash script.

Paste in the following commands:

cd /usr/local/bin
wget https://thorntech-products.s3.amazonaws.com/sftpgateway/delete-user-script/delete-user.sh
chmod +x delete-user.sh

These commands get the delete-user.sh script, and make it executable.

Create a credentials file

The script uses the credentials of your web admin portal user. So you will need to save these credentials in a text file.

First, create a credentials file:

cd /usr/local/bin/
touch credentials.txt
nano credentials.txt

Paste the following properties into the file:

admin.username=
admin.password=

Make sure you populate these values with your web admin credentials. For example:

admin.username=robadmin
admin.password=password

Usage

Run the script to delete the SFTP user:

delete-user.sh -f credentials.txt -i id

Note: Replace id with the userid of your user. The userid is a numerical value corresponding to the order in which the user was created.

An easy way to discover the userid of an SFTP user would be through our list users script.

If the script returns no output, that means it was successful.

Script contents

Here are the contents of the delete-user.sh file:

#!/bin/bash

while [[ $# -gt 0 ]]; do
  key="$1"
  case $key in
    -f|--file)
      CREDENTIAL_FILE="$2"
      shift
      shift
      ;;
    -i|--id)
      SFTP_ID="$2"
      shift
      shift
      ;;
    *)
      break
      ;;
  esac
done

if [[ `whoami` != "root" ]]; then
  echo ""
  echo "Please run this script using sudo or as root."
  USAGE_FLAG=true
fi

function credential-file-usage {
  echo ""
  echo "Please provide a path to a valid credential file, which contains the following contents:"
  echo ""
  echo "admin.username=admin"
  echo "admin.password=$(generaterandomstring 15)"
}

function extractPropValueFromSourceFile {
  local prefix="${1}"
  local str=`grep "${prefix}" ${2} 2>/dev/null`
  echo "${str#$prefix}" | xargs
}

if [[ -f $CREDENTIAL_FILE ]]; then
  ADMIN_USERNAME=$(extractPropValueFromSourceFile admin.username= $CREDENTIAL_FILE)
  ADMIN_PASSWORD=$(extractPropValueFromSourceFile admin.password= $CREDENTIAL_FILE)
fi

if [[ ! -f $CREDENTIAL_FILE ]]; then
  credential-file-usage
  USAGE_FLAG=true
elif [[ -z $ADMIN_USERNAME ]] || [[ -z $ADMIN_PASSWORD ]]; then
  credential-file-usage
  USAGE_FLAG=true
fi

if [[ $USAGE_FLAG = true ]]; then
  echo ""
  usage
fi

if [[ -z $SFTP_ID ]]; then
  echo "Please provide the SFTP ID using the -i or --id option."
  USAGE_FLAG=true
fi

APPLICATION_PROPERTIES=/opt/sftpgw/application.properties
CLIENT_ID=$(extractPropValueFromSourceFile "security.client-id=" ${APPLICATION_PROPERTIES})
CLIENT_SECRET=$(extractPropValueFromSourceFile "security.client-secret=" ${APPLICATION_PROPERTIES})

RESPONSE=$(curl --location --request POST 'http://127.0.0.1:8080/oauth/token' -u ${CLIENT_ID}:${CLIENT_SECRET} --form 'grant_type="password"' --form "username=\"${ADMIN_USERNAME}\"" --form "password=\"${ADMIN_PASSWORD}\"" --form 'scope="read"' --silent)

ACCESS_TOKEN=$(echo $RESPONSE | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")

curl -s --insecure --location --request DELETE "http://127.0.0.1:8080/3.0.0/users/${SFTP_ID}" --header 'Content-Type: application/json' --header "Authorization: Bearer ${ACCESS_TOKEN}"