Add generic devuser element

The devuser element is useful for configuring a generic utility user for
the built images.

Change-Id: Ifd9dcf3ba88d7abc98b1e44a93f6d9a6b4e764dd
This commit is contained in:
Gregory Haynes 2015-02-05 17:23:04 -08:00
parent 100959de8d
commit 031a7b03be
4 changed files with 99 additions and 0 deletions

View File

@ -0,0 +1,40 @@
=======
devuser
=======
Creates a user that is useful for development / debugging. The following
environment variables can be useful for configuration:
Environment Variables
---------------------
DIB_DEV_USER_USERNAME
:Required: No
:Default: devuser
:Description: Username for the created user.
DIB_DEV_USER_SHELL
:Required: No
:Default: System default (The useradd default is used)
:Description: Full path for the shell of the user. This is passed to useradd
using the -s parameter. Note that this does not install the (possibly)
required shell package.
DIB_DEV_USER_PWDLESS_SUDO
:Required: No
:Default: No
:Description: Enable passwordless sudo for the user.
DIB_DEV_USER_AUTHORIZED_KEYS
:Required: No
:Default: $HOME/.ssh/id_{rsa,dsa}.pub
:Description: Path to a file to copy into this users' .ssh/authorized_keys
If this is not specified then an attempt is made to use a the building
user's public key. To disable this behavior specify an invalid path for
this variable (such as /dev/null).
DIB_DEV_USER_PASSWORD
:Required: No
:Default: Password is disabled
:Description: Set the default password for this user. This is a fairly
insecure method of setting the password and is not advised.

View File

@ -0,0 +1,5 @@
export DIB_DEV_USER_USERNAME=${DIB_DEV_USER_USERNAME:-devuser}
export DIB_DEV_USER_SHELL=${DIB_DEV_USER_SHELL:-}
export DIB_DEV_USER_PWDLESS_SUDO=${DIB_DEV_USER_PWDLESS_SUDO:-}
export DIB_DEV_USER_AUTHORIZED_KEYS=${DIB_DEV_USER_AUTHORIZED_KEYS:-}
export DIB_DEV_USER_PASSWORD=${DIB_DEV_USER_PASSWORD:-}

View File

@ -0,0 +1,20 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
if [ -n "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
if [ -f "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
cat $DIB_DEV_USER_AUTHORIZED_KEYS >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
fi
else
for fmt in "rsa dsa"; do
if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
cat $HOME/.ssh/id_$fmt.pub >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
break
fi
done
fi

View File

@ -0,0 +1,34 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
user_shell_args=
if [ -n "${DIB_DEV_USER_SHELL}" ]; then
user_shell_args="-s ${DIB_DEV_USER_SHELL}"
fi
useradd -m ${DIB_DEV_USER_USERNAME} $user_shell_args
set +x
if [ -n "${DIB_DEV_USER_PASSWORD}" ]; then
echo "Setting password."
echo "${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_PASSWORD}" | chpasswd
fi
set -x
if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then
cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF
${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL
EOF
chmod 0440 /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
visudo -c || rm /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
fi
if [ -f /tmp/in_target.d/devuser-ssh-authorized-keys ]; then
mkdir -p /home/${DIB_DEV_USER_USERNAME}/.ssh
cp /tmp/in_target.d/devuser-ssh-authorized-keys /home/${DIB_DEV_USER_USERNAME}/.ssh/authorized_keys
fi
chown -R ${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_USERNAME} /home/${DIB_DEV_USER_USERNAME}