V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m48s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m48s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
116
func/4200_setup_accounts.sh
Normal file
116
func/4200_setup_accounts.sh
Normal file
@@ -0,0 +1,116 @@
|
||||
#!/bin/bash
|
||||
# SPDX-Version: 3.0
|
||||
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
|
||||
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
||||
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-FileType: SOURCE
|
||||
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
||||
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
||||
# SPDX-PackageName: CISS.debian.installer
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
guard_sourcing
|
||||
|
||||
###########################################################################################
|
||||
# Updating user accounts
|
||||
###########################################################################################
|
||||
setup_accounts() {
|
||||
|
||||
declare -a ary_user_accounts=()
|
||||
ary_user_accounts+=("")
|
||||
|
||||
if [[ ${accounts_root_login,,} == "true" ]]; then
|
||||
|
||||
do_in_target "${TARGET}" /bin/bash -c "echo 'root:${accounts_root_password_crypted}' | chpasswd -e"
|
||||
do_log "info" "false" "Account 'root' password inserted."
|
||||
|
||||
if [[ ! -d ${TARGET}/root/.ssh ]]; then
|
||||
|
||||
mkdir "${TARGET}"/root/.ssh
|
||||
chown root:root "${TARGET}"/root/.ssh
|
||||
chmod 0700 "${TARGET}"/root/.ssh
|
||||
|
||||
else
|
||||
|
||||
chown root:root "${TARGET}"/root/.ssh
|
||||
chmod 0700 "${TARGET}"/root/.ssh
|
||||
|
||||
fi
|
||||
|
||||
if [[ ! -f ${TARGET}/root/.ssh/authorized_keys ]]; then
|
||||
|
||||
touch "${TARGET}"/root/.ssh/authorized_keys
|
||||
chown root:root "${TARGET}"/root/.ssh/authorized_keys
|
||||
chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
|
||||
printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
|
||||
do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
|
||||
|
||||
else
|
||||
|
||||
chown root:root "${TARGET}"/root/.ssh/authorized_keys
|
||||
chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
|
||||
printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
|
||||
do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
|
||||
|
||||
fi
|
||||
|
||||
|
||||
elif [[ ${accounts_root_login,,} == "false" ]]; then
|
||||
|
||||
do_log "info" "false" "Skipped creation of 'root' password."
|
||||
|
||||
else
|
||||
|
||||
do_log "error" "true" "Invalid value for 'accounts_root_login': '${accounts_root_login}'. Expected value: 'true' or 'false'."
|
||||
|
||||
fi
|
||||
|
||||
if [[ ${accounts_user_login,,} == "true" ]]; then
|
||||
|
||||
echo "${accounts_user_name}:${accounts_user_password_crypted}" | chpasswd -e
|
||||
do_log "info" "false" "Account '${accounts_user_name}' password inserted."
|
||||
|
||||
if [[ ! -d ${TARGET}/home/${accounts_user_name}/.ssh ]]; then
|
||||
|
||||
mkdir "${TARGET}"/home/"${accounts_user_name}"/.ssh
|
||||
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
|
||||
chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
|
||||
|
||||
else
|
||||
|
||||
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
|
||||
chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
|
||||
|
||||
fi
|
||||
|
||||
if [[ ! -f ${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys ]]; then
|
||||
|
||||
touch "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
|
||||
|
||||
else
|
||||
|
||||
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
|
||||
do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
|
||||
|
||||
fi
|
||||
|
||||
elif [[ ${accounts_user_login,,} == "false" ]]; then
|
||||
|
||||
do_log "info" "false" "Skipped creation of account '${accounts_user_name}'."
|
||||
|
||||
else
|
||||
|
||||
do_log "error" "true" "Invalid value for 'accounts_user_login': '${accounts_user_login}'. Expected 'true' or 'false'."
|
||||
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
Reference in New Issue
Block a user