Allow /home to have a different base location
If /home is eg located in /storge then we can now set a prefix for this. Option -h or via config setting in "user_create.cfg" named HOME_LOCATION="/path" Note: Path has to be prefix with /. Any sub folders in home will be ignored and the user is always created in /home/user.name Group names as sub folders in /home are not supported
This commit is contained in:
Clemens Schwaighofer
@@ -27,7 +27,7 @@
|
||||
# SET TO 1 to TEST [will not create user/group/folder]
|
||||
TEST=0; # no creation except ssh keys
|
||||
INFO=0; # no creation of anything, just print info strings
|
||||
while getopts ":ti" opt; do
|
||||
while getopts ":tih:" opt; do
|
||||
case "${opt}" in
|
||||
t|test)
|
||||
TEST=1;
|
||||
@@ -35,9 +35,13 @@ while getopts ":ti" opt; do
|
||||
i|info)
|
||||
INFO=1;
|
||||
;;
|
||||
h|home)
|
||||
HOME_LOCATION="${OPTARG}";
|
||||
;;
|
||||
\?)
|
||||
echo -e "\n Option does not exist: ${OPTARG}\n";
|
||||
echo "Use -t for test and -i for info";
|
||||
echo "Override default /home/ folder location with -h <base>";
|
||||
exit 1;
|
||||
;;
|
||||
esac;
|
||||
@@ -48,15 +52,42 @@ timestamp=$(date +%Y%m%d-%H%M%S)
|
||||
# character to set getween info blocks
|
||||
separator="#";
|
||||
# base folder for all data
|
||||
# root_folder=$(pwd)'/';
|
||||
BASE_FOLDER=$(dirname $(readlink -f $0))"/";
|
||||
root_folder="${BASE_FOLDER}../";
|
||||
# home folder is always thome
|
||||
HOME_BASE="/home/";
|
||||
# config location
|
||||
CONFIG_BASE="${BASE_FOLDER}../config/";
|
||||
# check config folder for .env file with HOME_LOCATION
|
||||
# only use if HOME_LOCATION not yet set
|
||||
if [ -z "${HOME_LOCATION}" ] && [ -f "${CONFIG_BASE}create_user.cfg" ]; then
|
||||
source <(grep = ${CONFIG_BASE}create_user.cfg | sed 's/ *= */=/g')
|
||||
fi;
|
||||
|
||||
if [ ! -z "${HOME_LOCATION}" ]; then
|
||||
# must start with / as it has to be from root
|
||||
if [ "${HOME_LOCATION##/*}" ]; then
|
||||
echo "Home location folder must start with a slash (/): ${HOME_LOCATION}";
|
||||
exit;
|
||||
fi;
|
||||
# must be valid folder
|
||||
if [ ! -d "${HOME_LOCATION}" ]; then
|
||||
echo "Folder for home location does not exists: ${HOME_LOCATION}";
|
||||
exit;
|
||||
fi;
|
||||
fi;
|
||||
# the new location for home, if override is set will be created in this folder
|
||||
HOME_FOLDER="${HOME_LOCATION}${HOME_BASE}"
|
||||
if [ ! -d "${HOME_FOLDER}" ]; then
|
||||
echo "Home folder location not found: ${HOME_FOLDER}";
|
||||
exit;
|
||||
fi;
|
||||
ROOT_FOLDER="${BASE_FOLDER}../";
|
||||
input_file='user_list.txt';
|
||||
output_file="user_password.${timestamp}.txt";
|
||||
output_zip_folder='zip/';
|
||||
output_zip="users.${timestamp}.zip"
|
||||
ssh_keygen_folder='ssh-keygen/';
|
||||
ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
|
||||
SSH_KEYGEN_FOLDER='ssh-keygen/';
|
||||
SSH_KEYGEN_FOLDER_CREATED_PUB='ssh-keygen-created-pub/';
|
||||
# set default key tpye
|
||||
default_ssh_keytype='ed25519';
|
||||
ssh_keytype='';
|
||||
@@ -64,12 +95,12 @@ ssh_keytype='';
|
||||
ssh_group='';
|
||||
ssh_forward_ok=0;
|
||||
# check if ssh key folder exists
|
||||
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
||||
mkdir "${root_folder}${ssh_keygen_folder}";
|
||||
if [ ! -d "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}" ]; then
|
||||
mkdir "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}";
|
||||
fi;
|
||||
# check if zip folder is missing
|
||||
if [ ! -d "${root_folder}${output_zip_folder}" ]; then
|
||||
mkdir "${root_folder}${output_zip_folder}";
|
||||
if [ ! -d "${ROOT_FOLDER}${output_zip_folder}" ]; then
|
||||
mkdir "${ROOT_FOLDER}${output_zip_folder}";
|
||||
fi;
|
||||
# check if password generate software is installed
|
||||
# if [ ! command -v pwgen &> /dev/null ]; then
|
||||
@@ -93,8 +124,8 @@ if [ ! -z $(cat /etc/group | grep "sshforward:") ]; then
|
||||
ssh_forward_ok=1;
|
||||
fi;
|
||||
# check if user list file exists
|
||||
if [ ! -f "${root_folder}${input_file}" ]; then
|
||||
echo "Missing ${root_folder}${input_file}";
|
||||
if [ ! -f "${ROOT_FOLDER}${input_file}" ]; then
|
||||
echo "Missing ${ROOT_FOLDER}${input_file}";
|
||||
exit;
|
||||
fi;
|
||||
# make sure my own folder is owned by root and 600 (except for testing)
|
||||
@@ -110,7 +141,7 @@ if [ $(whoami) != "root" ]; then
|
||||
fi;
|
||||
fi;
|
||||
# create users
|
||||
cat "${root_folder}${input_file}" |
|
||||
cat "${ROOT_FOLDER}${input_file}" |
|
||||
while read i; do
|
||||
# skip rows start with # (comment)
|
||||
if [[ "${i}" =~ ^\# ]]; then
|
||||
@@ -167,11 +198,11 @@ while read i; do
|
||||
# SSH file name part without folder
|
||||
ssh_keygen_id="${hostname}${separator}${group}${separator}${username}${separator}${ssh_keytype}.pem";
|
||||
# the full file including folder name
|
||||
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
|
||||
ssh_keyfile="${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}${ssh_keygen_id}";
|
||||
# publ file if new
|
||||
ssh_keyfile_pub="${ssh_keyfile}.pub";
|
||||
# check existing pub file
|
||||
ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
|
||||
ssh_keyfile_check_pub="${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}${ssh_keygen_id}.pub";
|
||||
|
||||
if [ ${INFO} -eq 1 ]; then
|
||||
# test if pub file exists or not, test if user exists
|
||||
@@ -231,7 +262,7 @@ while read i; do
|
||||
echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${username}@${group} -a 100 -N ${password}";
|
||||
fi;
|
||||
else
|
||||
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${username}/.ssh/authorized_keys);
|
||||
found=$(grep "$(cat ${ssh_keyfile_check_pub})" ${HOME_FOLDER}${username}/.ssh/authorized_keys);
|
||||
if [ ! -z "${found}" ]; then
|
||||
skip_ssh=1;
|
||||
# override previously set with stored one
|
||||
@@ -246,33 +277,33 @@ while read i; do
|
||||
if [ ${skip_ssh} -eq 0 ]; then
|
||||
# write login info to output file
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
create_output_file="${root_folder}${output_file}";
|
||||
create_output_file="${ROOT_FOLDER}${output_file}";
|
||||
else
|
||||
create_output_file="${root_folder}${output_file}.TEST";
|
||||
create_output_file="${ROOT_FOLDER}${output_file}.TEST";
|
||||
fi;
|
||||
echo $(date +"%F %T")";"${host}";"${_hostname}";"${username}";"${password}";"${ssh_allow_type} >> ${create_output_file};
|
||||
# create the SSH foler and authorized access file with correct permissions
|
||||
echo " > Create .ssh folder";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
mkdir /home/${username}/.ssh/;
|
||||
mkdir ${HOME_FOLDER}${username}/.ssh/;
|
||||
else
|
||||
echo "$> mkdir /home/${username}/.ssh/";
|
||||
echo "$> mkdir ${HOME_FOLDER}${username}/.ssh/";
|
||||
fi;
|
||||
echo " > Add public into authorized_keys";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
cat "${ssh_keyfile_pub}" > /home/${username}/.ssh/authorized_keys;
|
||||
cat "${ssh_keyfile_pub}" > ${HOME_FOLDER}${username}/.ssh/authorized_keys;
|
||||
else
|
||||
echo "$> cat ${ssh_keyfile_pub} > /home/${username}/.ssh/authorized_keys";
|
||||
echo "$> cat ${ssh_keyfile_pub} > ${HOME_FOLDER}${username}/.ssh/authorized_keys";
|
||||
fi;
|
||||
echo " > Secure folder .ssh and authorized_keys file";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
chown -R ${username}:${group} /home/${username}/.ssh/;
|
||||
chmod 700 /home/${username}/.ssh/;
|
||||
chmod 600 /home/${username}/.ssh/authorized_keys;
|
||||
chown -R ${username}:${group} ${HOME_FOLDER}${username}/.ssh/;
|
||||
chmod 700 ${HOME_FOLDER}${username}/.ssh/;
|
||||
chmod 600 ${HOME_FOLDER}${username}/.ssh/authorized_keys;
|
||||
else
|
||||
echo "$> chown -R ${username}:${group} /home/${username}/.ssh/";
|
||||
echo "$> chmod 700 /home/${username}/.ssh/";
|
||||
echo "$> chmod 600 /home/${username}/.ssh/authorized_keys";
|
||||
echo "$> chown -R ${username}:${group} ${HOME_FOLDER}${username}/.ssh/";
|
||||
echo "$> chmod 700 ${HOME_FOLDER}${username}/.ssh/";
|
||||
echo "$> chmod 600 ${HOME_FOLDER}${username}/.ssh/authorized_keys";
|
||||
fi;
|
||||
fi;
|
||||
done;
|
||||
@@ -284,31 +315,31 @@ fi;
|
||||
# zip everything and remove data in ssh key folder, delete output file with passwords
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
zip -r \
|
||||
"${root_folder}${output_zip_folder}${output_zip}" \
|
||||
"${ROOT_FOLDER}${output_zip_folder}${output_zip}" \
|
||||
"${input_file}" \
|
||||
"${output_file}" \
|
||||
"${ssh_keygen_folder}" \
|
||||
"${SSH_KEYGEN_FOLDER}" \
|
||||
-x\*.gitignore;
|
||||
else
|
||||
echo "zip -r \\"
|
||||
echo "${root_folder}${output_zip_folder}${output_zip} \\"
|
||||
echo "${ROOT_FOLDER}${output_zip_folder}${output_zip} \\"
|
||||
echo "${input_file} \\"
|
||||
echo "${output_file} \\"
|
||||
echo "${ssh_keygen_folder} \\"
|
||||
echo "${SSH_KEYGEN_FOLDER} \\"
|
||||
echo "-x\*.gitignore;"
|
||||
fi;
|
||||
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
|
||||
echo "Download: ${ROOT_FOLDER}${output_zip_folder}${output_zip}";
|
||||
# cleam up user log file and ssh keys
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
# move pub to created folders
|
||||
mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
|
||||
mv "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*.pub "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}";
|
||||
# delete the rest
|
||||
rm "${root_folder}${output_file}";
|
||||
rm "${root_folder}${ssh_keygen_folder}"*;
|
||||
rm "${ROOT_FOLDER}${output_file}";
|
||||
rm "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*;
|
||||
else
|
||||
echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
|
||||
echo "$> rm ${root_folder}${output_file}";
|
||||
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
|
||||
echo "$> mv ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}*.pub ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB};";
|
||||
echo "$> rm ${ROOT_FOLDER}${output_file}";
|
||||
echo "$> rm ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}*";
|
||||
fi;
|
||||
|
||||
# __END__
|
||||
|
||||
2
config/.gitignore
vendored
Normal file
2
config/.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
||||
Reference in New Issue
Block a user