blob: 4513c6323531a9f15f2f45d40fee0980d789abd9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#!/bin/sh
PREFIX=@PREFIX@
: ${LIBDIR=$PREFIX/lib}
. "$LIBDIR/libalpine.sh"
usage() {
cat <<-__EOF__
usage: setup-user [-h] [-f FULLNAME] [-g GROUPS] [-k SSHKEY] [USERNAME]
Create user account
options:
-a Cerate admin user. Add to wheel group and set up doas
-h Show this help
-f Set full name for user
-g Comma or space separated list of groups to add user to
-k ssh key or URL to ssh key (eg. https://gitlab.alpinelinux.org/user.keys)
or 'none' for no key
If USERNAME is not specified user will be prompted.
__EOF__
exit $1
}
while getopts "af:g:hk:" opt; do
case $opt in
a) admin=1;;
h) usage 0;;
f) fullnameopt="$OPTARG";;
g) groups="$OPTARG";;
k) keysopt="$OPTARG";;
'?') usage "1" >&2;;
esac
done
shift $(($OPTIND - 1))
if [ $# -gt 1 ]; then
usage "1" >&2
elif [ $# -eq 1 ]; then
username="$1"
nopassword="-D"
else
interactive=1
fi
while true; do
fullname="$fullnameopt"
if [ -n "$interactive" ] && [ -z "$username" ]; then
if [ -n "$fullname" ]; then
suggest=${fullname:+$(echo "$fullname" | sed -E 's/^(.).*\s+(.*)/\1\2/' | tr '[:upper:]' '[:lower:]')}
else
suggest=no
fi
ask "Setup a user? (enter a lower-case loginname, or 'no')" $suggest
case "$resp" in
no) exit 0;;
*) username="$resp";;
esac
fi
if [ -n "$interactive" ] && [ -z "$fullnameopt" ]; then
ask "Full name for user $username" ${lastfullname:-$username}
fullname="$resp"
lastfullname="$resp"
fi
if [ -n "$fullname" ]; then
$MOCK adduser -g "$fullname" $nopassword "$username" && break
else
$MOCK adduser $nopassword "$username" && break
fi
if ! [ -n "$interactive" ]; then
exit 1
fi
done
if [ -n "$interactive" ] && [ -z "$keysopt" ]; then
while true; do
ask "Enter ssh key or URL for $username (or 'none')" none
case "$resp" in
none) break;;
https://*|http://*) sshkeys=$(wget -q -O- $resp | grep ^ssh-);;
*) sshkeys="$resp";;
esac
if echo "$sshkeys" | grep -q ^ssh-; then
break
fi
echo "Did not find any key in '$resp'"
done
else
case "$keysopt" in
https://*|http://*)
sshkeys=$(wget -q -O- "$sshkeys" | grep ^ssh-);;
none)
sshkeys="" ;;
*)
sshkeys="$keysopt";;
esac
if [ -n "$sshkeys" ] && ! echo "$sshkeys" | grep -q ^ssh-; then
echo "Could not find any keys in '$resp'" >&2
exit 1
fi
fi
if [ -n "$sshkeys" ] && [ "$sshkeys" != "none" ]; then
mkdir -p "$ROOT"/home/$username/.ssh
echo "$sshkeys" > "$ROOT"/home/$username/.ssh/authorized_keys
$MOCK chown -R $username:$username "$ROOT"/home/$username/.ssh
fi
if [ -n "$groups" ] && [ "$groups" != "none" ]; then
for i in $(echo $groups | tr ',' ' '); do
$MOCK addgroup "$username" "$i" || exit
done
fi
if [ -n "$admin" ]; then
$MOCK apk add doas
mkdir -p "$ROOT"/etc/doas.d
echo "permit persist :wheel" >> "$ROOT"/etc/doas.d/doas.conf
$MOCK addgroup "$username" "wheel" || exit
fi
|
