-
Notifications
You must be signed in to change notification settings - Fork 60
/
setup-user.in
165 lines (148 loc) · 3.61 KB
/
setup-user.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/bin/sh
PREFIX=@PREFIX@
: ${LIBDIR=$PREFIX/lib}
. "$LIBDIR/libalpine.sh"
usage() {
cat <<-__EOF__
usage: setup-user [-h] [-a] [-u] [-f FULLNAME] [-g GROUPS] [-k SSHKEY] [USERNAME]
Create user account
options:
-a Create admin user. Add to wheel group and set up doas
-h Show this help
-f Set full name for user
-g Comma or space separated list of groups to add user to
-k ssh key or URL to ssh key (eg. https://gitlab.alpinelinux.org/user.keys)
or 'none' for no key
-u Unlock the user automatically (eg. creating the user non-interactively
with an ssh key for login)
If USERNAME is not specified user will be prompted.
__EOF__
exit $1
}
while getopts "af:g:hk:u" opt; do
case $opt in
a) admin=1;;
h) usage 0;;
f) fullnameopt="$OPTARG";;
g) groups="$OPTARG";;
k) keysopt="$OPTARG";;
u) forceunlock=1;;
'?') usage "1" >&2;;
esac
done
shift $(($OPTIND - 1))
if [ -z "$admin$fullnameopt$groups$keysopt$forceunlock" ] && [ "$1" = "none" ]; then
exit 0
fi
if [ $# -gt 1 ]; then
usage "1" >&2
elif [ $# -eq 1 ]; then
username="$1"
else
interactive=1
fi
while true; do
fullname="$fullnameopt"
if [ -n "$interactive" ] && [ -z "$username" ]; then
if [ -n "$fullname" ]; then
suggest=${fullname:+$(echo "$fullname" | sed -E 's/^(.).*\s+(.*)/\1\2/' | tr '[:upper:]' '[:lower:]')}
else
suggest=no
fi
# dont suggest something that has failed before
if [ "$suggest" = "$failed_username" ]; then
suggest=
fi
ask "Setup a user? (enter a lower-case loginname, or 'no')" $suggest
case "$resp" in
no) exit 0;;
*) username="$resp";;
esac
fi
if [ -n "$interactive" ] && [ -z "$fullnameopt" ]; then
ask "Full name for user $username" ${lastfullname:-$username}
fullname="$resp"
lastfullname="$resp"
fi
if [ -n "$fullname" ]; then
adduser -g "$fullname" -D "$username" && break
else
adduser -D "$username" && break
fi
if ! [ -n "$interactive" ]; then
exit 1
fi
failed_username="$username"
username=
done
while [ -n "$interactive" ] && ! $MOCK passwd "$username"; do
echo "Please retry."
done
if [ -n "$interactive" ] && [ -z "$keysopt" ]; then
suggest=none
while true; do
ask "Enter ssh key or URL for $username (or 'none')" $suggest
case "$resp" in
al)
suggest="https://gitlab.alpinelinux.org/$username.keys"
continue
;;
gl)
suggest="https://gitlab.com/$username.keys"
continue
;;
gh)
suggest="https://github.com/$username.keys"
continue
;;
none)
break
;;
https://*|http://*)
sshkeys=$(wget -q -O- $resp | grep ^ssh-)
;;
*) sshkeys="$resp"
;;
esac
if echo "$sshkeys" | grep -q ^ssh-; then
break
fi
echo "Did not find any key in '$resp'"
done
else
case "$keysopt" in
https://*|http://*)
sshkeys=$(wget -q -O- "$keysopt" | grep ^ssh-);;
none)
sshkeys="" ;;
*)
sshkeys="$keysopt";;
esac
if [ -n "$sshkeys" ] && ! echo "$sshkeys" | grep -q ^ssh-; then
echo "Could not find any keys in '$resp'" >&2
exit 1
fi
fi
if [ -n "$sshkeys" ] && [ "$sshkeys" != "none" ]; then
ssh_directory="$ROOT"/home/$username/.ssh
(
umask 077
mkdir -p "$ssh_directory"
echo "$sshkeys" > "$ssh_directory"/authorized_keys
)
$MOCK chown -R $username:$username "$ssh_directory"
fi
if [ -n "$groups" ] && [ "$groups" != "none" ]; then
for i in $(echo $groups | tr ',' ' '); do
$MOCK addgroup "$username" "$i" || exit
done
fi
if [ -n "$admin" ]; then
apk add doas
mkdir -p "$ROOT"/etc/doas.d
echo "permit persist :wheel" >> "$ROOT"/etc/doas.d/doas.conf
$MOCK addgroup "$username" "wheel" || exit
fi
if [ -n "$forceunlock" ]; then
$MOCK passwd -u "$username" || exit
fi