49 lines
2.0 KiB
Bash
Executable File
49 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
TUN=fsginfra
|
|
THD=/var/lib/$TUN
|
|
|
|
function is_user_conforming()
|
|
{
|
|
echo -n "Checking user $TUN: "
|
|
id -u $TUN || return 1
|
|
|
|
user_record="$(getent passwd $TUN)"
|
|
|
|
[[ -n "$user_record" ]] || { echo >&2 "User $TUN exists but can't read record." ; return 2 ; }
|
|
|
|
user_home_dir="$(echo "$user_record" | cut -d ':' -f 6)"
|
|
|
|
[[ "$user_home_dir" == "$THD" ]] || { echo >&2 "Not the expected user dir, found: $user_home_dir" ; return 3 ; }
|
|
|
|
[[ -f "$THD/.ssh/authorized_keys" ]] || { echo >&2 "No authorized_keys: $THD/.ssh/authorized_keys" ; return 4 ; }
|
|
|
|
grep -q stephane@tc15 $THD/.ssh/authorized_keys || { echo >&2 "No expected key in $THD/.ssh/authorized_keys" ; return 5 ; }
|
|
|
|
find $THD -not -user $TUN | grep . && { echo >&2 "Files not owned by user $TUN in $THD" ; return 6 ; }
|
|
|
|
# id -nGz $TUN | grep -qzxF "docker" || { echo >&2 "User not in docker group" ; return 7 ; } # not needed with podman
|
|
|
|
echo "All correct"
|
|
return 0
|
|
}
|
|
|
|
if ! is_user_conforming
|
|
then
|
|
if adduser --help | grep -q comment
|
|
then
|
|
ADDUSER_OPT="verbose --comment"
|
|
else
|
|
ADDUSER_OPT=gecos
|
|
fi
|
|
adduser --$ADDUSER_OPT "Dedicated user for gourichon infrastructure" --disabled-password --home $THD --gecos "" $TUN
|
|
|
|
# adduser $TUN docker # not needed with podman
|
|
|
|
mkdir -p $THD/.ssh
|
|
chmod 700 $THD/.ssh
|
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuqupnwg1gR71GpjNiu2sNukEuthOcCBzu9IWgj7aCIIGBRXcrahAEtDP6vRGE4HwCMYYWoe2L/gTiG4gzenrxxOOypAG8ONVax0C0xqdPu17QG28RuU8ToGiLsCQlV0zHszU4ZPpvJLXZb8EI5g5FP2gymhEKRlxAuxi10x1Sq1y5MIqQBNc7cCorKkYOHO+8P9o8ecJeUkN+5Q/jItb4ccn9L2efKVjyDuzSjd+twak5UstZtACi420ZtdeytagpJH/6bVWPnZ2xL9XaY+VhWozaVuAnAT5K6bx//JNUvmonVwFvv4OdauI5woRTWaWytDXr9g0qvMe0//ayzbUbiNSUHx10U8euwhHLY98hYxY66wnEp3SXqfiBFZFit16mbxJx0qP9mu38h38z4iJWLlglxyux6v5rq1wLHD64a/bNVcxByg/aDPuvlO+PdNQPLWqZwogD56Wu8ApUCGDu6OQYt+GRF2i7bDpm9TS7qj92CQh9aIzS5OQWhLTixDM= stephane@tc15" >> $THD/.ssh/authorized_keys
|
|
chmod 600 $THD/.ssh/authorized_keys
|
|
chown $TUN $THD -Rc
|
|
fi
|