#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu guard_sourcing ####################################### # Account setup PHYSNET specific. # Globals: # RECOVERY # TARGET # VAR_RUN_RECOVERY # VAR_SETUP_PATH # user_root_shell # Arguments: # None # Returns: # 0: on success ####################################### accounts_setup_physnet_root() { ### Declare Arrays, HashMaps, and Variables. declare var_target="${TARGET}" ### Check for TARGET / RECOVERY. [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}" install -d -m 0700 -o root -g root "${var_target}/root/.ssh" install -m 0600 -o root -g root /dev/null "${var_target}/root/.ssh/authorized_keys" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.physnet.bashrc" "${var_target}/root/.bashrc" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/theme_eza_ciss.yml" "${var_target}/root/.ciss/" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/alias" "${var_target}/root/.ciss/" install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/check_chrony.sh" "${var_target}/root/.ciss/" install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/clean_logout.sh" "${var_target}/root/.ciss/" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/f2bchk" "${var_target}/root/.ciss/" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/scan_libwrap" "${var_target}/root/.ciss/" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.ciss/shortcuts" "${var_target}/root/.ciss/" insert_comments "${var_target}/root/.bashrc" insert_comments "${var_target}/root/.ciss/alias" insert_comments "${var_target}/root/.ciss/check_chrony.sh" insert_comments "${var_target}/root/.ciss/clean_logout.sh" insert_comments "${var_target}/root/.ciss/f2bchk" insert_comments "${var_target}/root/.ciss/scan_libwrap" insert_comments "${var_target}/root/.ciss/shortcuts" if [[ "${user_root_shell}" == "/bin/zsh" ]]; then if [[ -x "${var_target}${user_root_shell}" ]]; then zsh_omz_installer "root" "${var_target}" mkdir -p "${var_target}/root/.ciss/cdi/backup/root" mv "${var_target}/root/.zshrc" "${var_target}/root/.ciss/cdi/backup/root/.zshrc.bak" install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/root/.physnet.zshrc" "${var_target}/root/.zshrc" insert_comments "${var_target}/root/.zshrc" chroot_exec "${var_target}" chsh -s "${user_root_shell}" root do_log "info" "file_only" "4520() Shell: '${user_root_shell}' used for: 'root'." else chroot_exec "${var_target}" chsh -s /bin/bash root do_log "info" "file_only" "4520() Shell: '${user_root_shell}' not found for: 'root'. Using '/bin/bash' instead." fi fi do_log "info" "file_only" "4520() Skeleton: 'root' successfully generated." guard_dir && return 0 } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f accounts_setup_physnet_root ####################################### # Generates user account skeleton and activates chosen bash / zsh. # Globals: # RECOVERY # TARGET # VAR_RUN_RECOVERY # VAR_SETUP_PATH # Arguments: # 1: var_uid # 2: var_gid # 3: var_username # 4: var_shell # Returns: # 0: on success ####################################### accounts_setup_physnet_user() { ### Declare Arrays, HashMaps, and Variables. declare -r var_uid="${1}" var_gid="${2}" var_username="${3}" var_shell="${4}" declare var_target="${TARGET}" ### Check for TARGET / RECOVERY. [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}" install -d -m 0700 -o "${var_uid}" -g "${var_gid}" "${var_target}/home/${var_username}/.ssh" install -m 0600 -o "${var_uid}" -g "${var_gid}" /dev/null "${var_target}/home/${var_username}/.ssh/authorized_keys" install -m 0600 -o "${var_uid}" -g "${var_gid}" "${VAR_SETUP_PATH}/includes/target/etc/skel/.physnet.bashrc" "${var_target}/home/${var_username}/.bashrc" if [[ "${var_shell}" == "/bin/zsh" ]]; then if [[ -x "${var_target}${var_shell}" ]]; then zsh_omz_installer "${var_username}" "${var_target}" mv "${var_target}/home/${var_username}/.zshrc" "${var_target}/home/${var_username}/.zshrc.bak" install -m 0600 -o "${var_uid}" -g "${var_gid}" "${VAR_SETUP_PATH}/includes/target/etc/skel/.physnet.zshrc" "${var_target}/home/${var_username}/.zshrc" chroot_exec "${var_target}" chsh -s "${var_shell}" "${var_username}" do_log "info" "file_only" "4520() Shell: '${var_shell}' used for: '${var_username}'." else chroot_exec "${var_target}" chsh -s /bin/bash "${var_username}" do_log "info" "file_only" "4520() Shell: '${var_shell}' not found for: '${var_username}'. Using '/bin/bash' instead." fi fi do_log "info" "file_only" "4520() Skeleton: '${var_username}' successfully generated." guard_dir && return 0 } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f accounts_setup_physnet_user # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh