diff --git a/elements/devuser/README.rst b/elements/devuser/README.rst new file mode 100644 index 00000000..3eb86e15 --- /dev/null +++ b/elements/devuser/README.rst @@ -0,0 +1,40 @@ +======= +devuser +======= + +Creates a user that is useful for development / debugging. The following +environment variables can be useful for configuration: + +Environment Variables +--------------------- + +DIB_DEV_USER_USERNAME + :Required: No + :Default: devuser + :Description: Username for the created user. + +DIB_DEV_USER_SHELL + :Required: No + :Default: System default (The useradd default is used) + :Description: Full path for the shell of the user. This is passed to useradd + using the -s parameter. Note that this does not install the (possibly) + required shell package. + +DIB_DEV_USER_PWDLESS_SUDO + :Required: No + :Default: No + :Description: Enable passwordless sudo for the user. + +DIB_DEV_USER_AUTHORIZED_KEYS + :Required: No + :Default: $HOME/.ssh/id_{rsa,dsa}.pub + :Description: Path to a file to copy into this users' .ssh/authorized_keys + If this is not specified then an attempt is made to use a the building + user's public key. To disable this behavior specify an invalid path for + this variable (such as /dev/null). + +DIB_DEV_USER_PASSWORD + :Required: No + :Default: Password is disabled + :Description: Set the default password for this user. This is a fairly + insecure method of setting the password and is not advised. diff --git a/elements/devuser/environment.d/50-devuser b/elements/devuser/environment.d/50-devuser new file mode 100755 index 00000000..026e301c --- /dev/null +++ b/elements/devuser/environment.d/50-devuser @@ -0,0 +1,5 @@ +export DIB_DEV_USER_USERNAME=${DIB_DEV_USER_USERNAME:-devuser} +export DIB_DEV_USER_SHELL=${DIB_DEV_USER_SHELL:-} +export DIB_DEV_USER_PWDLESS_SUDO=${DIB_DEV_USER_PWDLESS_SUDO:-} +export DIB_DEV_USER_AUTHORIZED_KEYS=${DIB_DEV_USER_AUTHORIZED_KEYS:-} +export DIB_DEV_USER_PASSWORD=${DIB_DEV_USER_PASSWORD:-} diff --git a/elements/devuser/extra-data.d/50-devuser b/elements/devuser/extra-data.d/50-devuser new file mode 100755 index 00000000..3427b217 --- /dev/null +++ b/elements/devuser/extra-data.d/50-devuser @@ -0,0 +1,20 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +if [ -n "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then + if [ -f "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then + cat $DIB_DEV_USER_AUTHORIZED_KEYS >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys + fi +else + for fmt in "rsa dsa"; do + if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then + cat $HOME/.ssh/id_$fmt.pub >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys + break + fi + done +fi diff --git a/elements/devuser/install.d/50-devuser b/elements/devuser/install.d/50-devuser new file mode 100755 index 00000000..5e704ef2 --- /dev/null +++ b/elements/devuser/install.d/50-devuser @@ -0,0 +1,34 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +user_shell_args= +if [ -n "${DIB_DEV_USER_SHELL}" ]; then + user_shell_args="-s ${DIB_DEV_USER_SHELL}" +fi +useradd -m ${DIB_DEV_USER_USERNAME} $user_shell_args +set +x +if [ -n "${DIB_DEV_USER_PASSWORD}" ]; then + echo "Setting password." + echo "${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_PASSWORD}" | chpasswd +fi +set -x + +if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then + cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF +${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL +EOF + chmod 0440 /etc/sudoers.d/${DIB_DEV_USER_USERNAME} + visudo -c || rm /etc/sudoers.d/${DIB_DEV_USER_USERNAME} +fi + +if [ -f /tmp/in_target.d/devuser-ssh-authorized-keys ]; then + mkdir -p /home/${DIB_DEV_USER_USERNAME}/.ssh + cp /tmp/in_target.d/devuser-ssh-authorized-keys /home/${DIB_DEV_USER_USERNAME}/.ssh/authorized_keys +fi + +chown -R ${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_USERNAME} /home/${DIB_DEV_USER_USERNAME}