List-users bash script
Overview
You can view SFTP users in the web admin portal, but if you need to list many users and their details at once, it is easier and less error-prone to script this process.
This article goes over how to list an SFTP user via the command line using our list-users.sh
script.
IMPORTANT: If you're on version 3.5.0 or newer of SFTP Gateway, make sure to edit the script on line 59
so the endpoint for generating the OAuth token is set to http://127.0.0.1:8080/login
NOT http://127.0.0.1:8080/oauth/token
.
Install dependencies
The list-users script relies on jq
, which is a command line utility for working with json objects.
SSH into the VM and run the following commands to install this:
sudo su
snap install jq
Create the script
In this section, you will create the bash script.
Paste in the following commands:
cd /usr/local/bin
wget https://thorntech-products.s3.amazonaws.com/sftpgateway/list-user-script/list-users.sh
chmod +x list-users.sh
These commands get the list-users.sh
script, and make it executable.
Create a credentials file
The list-user script uses the credentials of your web admin portal user. So you will need to save these credentials in a text file.
First, create a credentials file:
cd /usr/local/bin/
touch credentials.txt
nano credentials.txt
Paste the following properties into the file:
admin.username=
admin.password=
Make sure you populate these values with your web admin credentials. For example:
admin.username=robadmin
admin.password=password
Usage
Run the script to list all SFTP users and their details:
list-users.sh -f credentials.txt
You can list just the username of your users with this command:
list-users.sh -f credentials.txt | jq '.content[].username'
Script contents
Here are the contents of the list-users.sh
file:
#!/bin/bash
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-f|--file)
CREDENTIAL_FILE="$2"
shift
shift
;;
*)
break
;;
esac
done
if [[ `whoami` != "root" ]]; then
echo ""
echo "Please run this script using sudo or as root."
USAGE_FLAG=true
fi
function credential-file-usage {
echo ""
echo "Please provide a path to a valid credential file, which contains the following contents:"
echo ""
echo "admin.username=admin"
echo "admin.password=$(generaterandomstring 15)"
}
function extractPropValueFromSourceFile {
local prefix="${1}"
local str=`grep "${prefix}" ${2} 2>/dev/null`
echo "${str#$prefix}" | xargs
}
if [[ -f $CREDENTIAL_FILE ]]; then
ADMIN_USERNAME=$(extractPropValueFromSourceFile admin.username= $CREDENTIAL_FILE)
ADMIN_PASSWORD=$(extractPropValueFromSourceFile admin.password= $CREDENTIAL_FILE)
fi
if [[ ! -f $CREDENTIAL_FILE ]]; then
credential-file-usage
USAGE_FLAG=true
elif [[ -z $ADMIN_USERNAME ]] || [[ -z $ADMIN_PASSWORD ]]; then
credential-file-usage
USAGE_FLAG=true
fi
if [[ $USAGE_FLAG = true ]]; then
echo ""
usage
fi
APPLICATION_PROPERTIES=/opt/sftpgw/application.properties
CLIENT_ID=$(extractPropValueFromSourceFile "security.client-id=" ${APPLICATION_PROPERTIES})
CLIENT_SECRET=$(extractPropValueFromSourceFile "security.client-secret=" ${APPLICATION_PROPERTIES})
RESPONSE=$(curl --location --request POST 'http://127.0.0.1:8080/oauth/token' -u ${CLIENT_ID}:${CLIENT_SECRET} --form 'grant_type="password"' --form "username=\"${ADMIN_USERNAME}\"" --form "password=\"${ADMIN_PASSWORD}\"" --form 'scope="read"' --silent)
ACCESS_TOKEN=$(echo $RESPONSE | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
curl -s --insecure --location --request GET 'https://127.0.0.1:443/backend/3.0.0/users' --header 'Content-Type: application/json' --header "Authorization: Bearer ${ACCESS_TOKEN}" > user.json
cat user.json | jq '.'