blob: 305fab6a9fee0ec147b6ea59c85054277247be9e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
#!/bin/sh
set_authorized_keys(){
# Add authorized_keys for a user.
# $1 = username
# $2 = newline-separated string of authorized keys
_sak_homedir=$(eval echo "~${1}")
_sak_group=$(getent passwd "$1" | awk -F: '{ print $4}')
# Create authorized keys file and set permissions.
install_directory -o "$1" -g "$_sak_group" -m 0700 "${_sak_homedir}/.ssh"
[ -f "${_sak_homedir}/.ssh/authorized_keys" ] || touch "${_sak_homedir}/.ssh/authorized_keys"
chown "$1" "${_sak_homedir}/.ssh/authorized_keys"
chgrp "$_sak_group" "${_sak_homedir}/.ssh/authorized_keys"
chmod 600 "${_sak_homedir}/.ssh/authorized_keys"
printf '%s\n' "${2}" > "${_sak_homedir}/.ssh/authorized_keys"
log "added authorized_keys for ${1}:"$'\n'"$2"
}
set_password(){
# Set password for a local user.
# $1 = username
# $2 = password
printf '%s\n%s\n' "$2" "$2" | passwd "$1" > /dev/null
}
add_user(){
# Add a local user if it doesn't exist.
# options: mostly same as `pw useradd`
# $1 = username
_bcalu_homedir_mode=700
_bcalu_create_homedir=
_bcalu_homedir=
_bcalu_comment=
_bcalu_shell=/sbin/nologin
_bcalu_pgroup=
_bcalu_grouplist=
_bcalu_uid=
_bcalu_password=
while getopts c:d:G:g:mM:p:s:u: _bcalu_opt; do
case $_bcalu_opt in
c) _bcalu_comment=$OPTARG ;;
d) _bcalu_homedir=$OPTARG ;;
G) _bcalu_grouplist=$OPTARG ;;
g) _bcalu_pgroup=$OPTARG ;;
M) _bcalu_homedir_mode=$OPTARG ;;
m) _bcalu_create_homedir=true ;;
p) _bcalu_password=$OPTARG ;;
s) _bcalu_shell=$OPTARG ;;
u) _bcalu_uid=$OPTARG ;;
esac
done
shift $((OPTIND - 1))
_bcalu_username=$1
: ${_bcalu_homedir:="/home/${_bcalu_username}"}
: ${_bcalu_comment:="${_bcalu_username} user"}
case $BOXCONF_OS in
freebsd)
if pw usershow "$_bcalu_username" > /dev/null 2>&1; then
log "local user ${_bcalu_username} already exists"
return 0
fi
pw useradd \
-n "$_bcalu_username" \
-c "$_bcalu_comment" \
-s "$_bcalu_shell" \
-M "$_bcalu_homedir_mode" \
-d "$_bcalu_homedir" \
${_bcalu_create_homedir:+-m} \
${_bcalu_grouplist:+-G ${_bcalu_grouplist}} \
${_bcalu_pgroup:+-g ${_bcalu_pgroup}} \
${_bcalu_uid:+-u ${_bcalu_uid}}
log "added local user ${_bcalu_username}"
;;
*)
die "add_local_user unimplemented for ${BOXCONF_OS}"
;;
esac
if [ -n "${_bcalu_password}" ]; then
set_password "$_bcalu_user" "$_bcalu_password"
fi
}
|
