Script to create a user capable of running the infrastructure.

2024-03-24 23:28:08 +01:00
parent 5650ce487f
commit f3d82afd43
1 changed files with 48 additions and 0 deletions
--- a/tools/ensure_infra_user_exists.sh
+++ b/tools/ensure_infra_user_exists.sh
@@ -0,0 +1,48 @@
 #!/bin/bash
 TUN=fsginfra
 THD=/var/lib/$TUN
 function is_user_conforming()
 {
    echo -n "Checking user $TUN: "
    id -u $TUN || return 1
    user_record="$(getent passwd $TUN)"
    [[ -n "$user_record" ]] || { echo >&2 "User $TUN exists but can't read record." ; return 2 ; }
    user_home_dir="$(echo "$user_record" | cut -d ':' -f 6)"
    [[ "$user_home_dir" == "$THD" ]] || { echo >&2 "Not the expected user dir, found: $user_home_dir" ; return 3 ; }
    [[ -f "$THD/.ssh/authorized_keys" ]] || { echo >&2 "No authorized_keys: $THD/.ssh/authorized_keys" ; return 4 ; }
    grep -q stephane@tc15 $THD/.ssh/authorized_keys || { echo >&2 "No expected key in $THD/.ssh/authorized_keys" ; return 5 ; }
    find $THD -not -user $TUN | grep . && { echo >&2 "Files not owned by user $TUN in $THD" ; return 6 ; }
    id -nGz $TUN | grep -qzxF "docker" || { echo >&2 "User not in docker group" ; return 7 ; }
    echo "All correct"
    return 0
 }
 if ! is_user_conforming
 then
    if adduser --help | grep -q comment
    then
 	ADDUSER_OPT="verbose --comment"
    else
 	ADDUSER_OPT=gecos
    fi
    adduser --$ADDUSER_OPT "Dedicated user for gourichon infrastructure" --disabled-password --home $THD --gecos "" $TUN
    adduser $TUN docker
    mkdir -p $THD/.ssh
    chmod 700 $THD/.ssh
    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuqupnwg1gR71GpjNiu2sNukEuthOcCBzu9IWgj7aCIIGBRXcrahAEtDP6vRGE4HwCMYYWoe2L/gTiG4gzenrxxOOypAG8ONVax0C0xqdPu17QG28RuU8ToGiLsCQlV0zHszU4ZPpvJLXZb8EI5g5FP2gymhEKRlxAuxi10x1Sq1y5MIqQBNc7cCorKkYOHO+8P9o8ecJeUkN+5Q/jItb4ccn9L2efKVjyDuzSjd+twak5UstZtACi420ZtdeytagpJH/6bVWPnZ2xL9XaY+VhWozaVuAnAT5K6bx//JNUvmonVwFvv4OdauI5woRTWaWytDXr9g0qvMe0//ayzbUbiNSUHx10U8euwhHLY98hYxY66wnEp3SXqfiBFZFit16mbxJx0qP9mu38h38z4iJWLlglxyux6v5rq1wLHD64a/bNVcxByg/aDPuvlO+PdNQPLWqZwogD56Wu8ApUCGDu6OQYt+GRF2i7bDpm9TS7qj92CQh9aIzS5OQWhLTixDM= stephane@tc15" >> $THD/.ssh/authorized_keys
    chmod 600 $THD/.ssh/authorized_keys
    chown $TUN $THD -Rc
 fi