SFTP Gateway Support

3.0

List-users bash script

Overview

You can view SFTP users in the web admin portal, but if you need to list many users and their details at once, it is easier and less error-prone to script this process.

This article goes over how to list an SFTP user via the command line using our list-users.sh script.

IMPORTANT: If you're on version 3.5.0 or newer of SFTP Gateway, make sure to edit the script on line 59 so the endpoint for generating the OAuth token is set to http://127.0.0.1:8080/login NOT http://127.0.0.1:8080/oauth/token.

Install dependencies

The list-users script relies on jq, which is a command line utility for working with json objects.

SSH into the VM and run the following commands to install this:

sudo su
snap install jq

Create the script

In this section, you will create the bash script.

Paste in the following commands:

cd /usr/local/bin
wget https://thorntech-products.s3.amazonaws.com/sftpgateway/list-user-script/list-users.sh
chmod +x list-users.sh

These commands get the list-users.sh script, and make it executable.

Create a credentials file

The create-user script uses the credentials of your web admin portal user. So you will need to save these credentials in a text file.

First, create a credentials file:

cd /usr/local/bin/
touch credentials.txt
nano credentials.txt

Paste the following properties into the file:

admin.username=
admin.password=

Make sure you populate these values with your web admin credentials. For example:

admin.username=robadmin
admin.password=password

Usage

Run the script to list all SFTP users and their details:

list-users.sh -f credentials.txt

You can list just the username of your users with this command:

list-users.sh -f credentials.txt | jq '.content[].username'

Script contents

Here are the contents of the list-users.sh file:

#!/bin/bash

while [[ $# -gt 0 ]]; do
  key="$1"
  case $key in
    -f|--file)
      CREDENTIAL_FILE="$2"
      shift
      shift
      ;;
    *)
      break
      ;;
  esac
done

if [[ `whoami` != "root" ]]; then
  echo ""
  echo "Please run this script using sudo or as root."
  USAGE_FLAG=true
fi

function credential-file-usage {
  echo ""
  echo "Please provide a path to a valid credential file, which contains the following contents:"
  echo ""
  echo "admin.username=admin"
  echo "admin.password=$(generaterandomstring 15)"
}

function extractPropValueFromSourceFile {
  local prefix="${1}"
  local str=`grep "${prefix}" ${2} 2>/dev/null`
  echo "${str#$prefix}" | xargs
}

if [[ -f $CREDENTIAL_FILE ]]; then
  ADMIN_USERNAME=$(extractPropValueFromSourceFile admin.username= $CREDENTIAL_FILE)
  ADMIN_PASSWORD=$(extractPropValueFromSourceFile admin.password= $CREDENTIAL_FILE)
fi

if [[ ! -f $CREDENTIAL_FILE ]]; then
  credential-file-usage
  USAGE_FLAG=true
elif [[ -z $ADMIN_USERNAME ]] || [[ -z $ADMIN_PASSWORD ]]; then
  credential-file-usage
  USAGE_FLAG=true
fi

if [[ $USAGE_FLAG = true ]]; then
  echo ""
  usage
fi

APPLICATION_PROPERTIES=/opt/sftpgw/application.properties
CLIENT_ID=$(extractPropValueFromSourceFile "security.client-id=" ${APPLICATION_PROPERTIES})
CLIENT_SECRET=$(extractPropValueFromSourceFile "security.client-secret=" ${APPLICATION_PROPERTIES})

RESPONSE=$(curl --location --request POST 'http://127.0.0.1:8080/oauth/token' -u ${CLIENT_ID}:${CLIENT_SECRET} --form 'grant_type="password"' --form "username=\"${ADMIN_USERNAME}\"" --form "password=\"${ADMIN_PASSWORD}\"" --form 'scope="read"' --silent)

ACCESS_TOKEN=$(echo $RESPONSE | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")

curl -s --insecure --location --request GET 'https://127.0.0.1:443/backend/3.0.0/users' --header 'Content-Type: application/json' --header "Authorization: Bearer ${ACCESS_TOKEN}" > user.json

cat user.json | jq '.'
PreviousNext