diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/10-core | 9 | ||||
| -rw-r--r-- | lib/40-user | 26 |
2 files changed, 32 insertions, 3 deletions
diff --git a/lib/10-core b/lib/10-core index d7280d9..5fa2a16 100644 --- a/lib/10-core +++ b/lib/10-core @@ -98,7 +98,7 @@ _boxconf_include(){ elif [ -d "$1" ]; then for _bci_file in "$1"/*; do if [ -f "$_bci_file" ]; then - log "sourcing ${1#${BOXCONF_ROOT}/}" + log "sourcing ${_bci_file#${BOXCONF_ROOT}/}" BOXCONF_SOURCE=$_bci_file . "$BOXCONF_SOURCE" fi @@ -141,8 +141,10 @@ _boxconf_stage(){ # Compex find expression to only copy files necessary for the target host. # This avoids leaking site-wide secrets to hosts that don't require them. - _bcs_relevant_files=$(find "${BOXCONF_ROOT}" -type f -and \( \ - -path "${BOXCONF_CA_DIR}/${_bcs_hostname}" \ + set -f + _bcs_relevant_files=$(find -L "$BOXCONF_ROOT" -type f -and \( \ + -path "${BOXCONF_CA_DIR}/ca.crt" \ + -or -path "${BOXCONF_CA_DIR}/${_bcs_hostname}" \ -or -path "${BOXCONF_VAR_DIR}/common" \ -or -path "${BOXCONF_VAR_DIR}/common/*" \ -or -path "${BOXCONF_VAR_DIR}/os/*" \ @@ -194,6 +196,7 @@ _boxconf_stage(){ -or -path "${BOXCONF_SITE_FILE_DIR}/*.${BOXCONF_HOSTCLASS}" \ -or -path "${BOXCONF_SITE_FILE_DIR}/*.${_bcs_hostname}" \ \) ) + set +f OIFS=$IFS; IFS=$'\n' set -- $_bcs_relevant_files diff --git a/lib/40-user b/lib/40-user new file mode 100644 index 0000000..42bbb82 --- /dev/null +++ b/lib/40-user @@ -0,0 +1,26 @@ +#!/bin/sh + +set_authorized_keys(){ + # Add authorized_keys for a user. + # $1 = username + # $2 = newline-separated string of authorized keys + _sak_homedir=$(eval echo "~${1}") + _sak_group=$(getent passwd "$1" | awk -F: '{ print $4}') + + # Create authorized keys file and set permissions. + install_directory -o "$1" -g "$_sak_group" -m 0700 "${_sak_homedir}/.ssh" + [ -f "${_sak_homedir}/.ssh/authorized_keys" ] || touch "${_sak_homedir}/.ssh/authorized_keys" + chown "$1" "${_sak_homedir}/.ssh/authorized_keys" + chgrp "$_sak_group" "${_sak_homedir}/.ssh/authorized_keys" + chmod 600 "${_sak_homedir}/.ssh/authorized_keys" + + printf '%s\n' "${2}" > "${_sak_homedir}/.ssh/authorized_keys" + log "added authorized_keys for ${1}:"$'\n'"$2" +} + +set_password(){ + # Set password for a local user. + # $1 = username + # $2 = password + printf '%s\n%s\n' "$2" "$2" | passwd "$1" > /dev/null +} |