Merge "Add generic devuser element"
This commit is contained in:
commit
49bc98dc7c
40
elements/devuser/README.rst
Normal file
40
elements/devuser/README.rst
Normal file
@ -0,0 +1,40 @@
|
||||
=======
|
||||
devuser
|
||||
=======
|
||||
|
||||
Creates a user that is useful for development / debugging. The following
|
||||
environment variables can be useful for configuration:
|
||||
|
||||
Environment Variables
|
||||
---------------------
|
||||
|
||||
DIB_DEV_USER_USERNAME
|
||||
:Required: No
|
||||
:Default: devuser
|
||||
:Description: Username for the created user.
|
||||
|
||||
DIB_DEV_USER_SHELL
|
||||
:Required: No
|
||||
:Default: System default (The useradd default is used)
|
||||
:Description: Full path for the shell of the user. This is passed to useradd
|
||||
using the -s parameter. Note that this does not install the (possibly)
|
||||
required shell package.
|
||||
|
||||
DIB_DEV_USER_PWDLESS_SUDO
|
||||
:Required: No
|
||||
:Default: No
|
||||
:Description: Enable passwordless sudo for the user.
|
||||
|
||||
DIB_DEV_USER_AUTHORIZED_KEYS
|
||||
:Required: No
|
||||
:Default: $HOME/.ssh/id_{rsa,dsa}.pub
|
||||
:Description: Path to a file to copy into this users' .ssh/authorized_keys
|
||||
If this is not specified then an attempt is made to use a the building
|
||||
user's public key. To disable this behavior specify an invalid path for
|
||||
this variable (such as /dev/null).
|
||||
|
||||
DIB_DEV_USER_PASSWORD
|
||||
:Required: No
|
||||
:Default: Password is disabled
|
||||
:Description: Set the default password for this user. This is a fairly
|
||||
insecure method of setting the password and is not advised.
|
5
elements/devuser/environment.d/50-devuser
Executable file
5
elements/devuser/environment.d/50-devuser
Executable file
@ -0,0 +1,5 @@
|
||||
export DIB_DEV_USER_USERNAME=${DIB_DEV_USER_USERNAME:-devuser}
|
||||
export DIB_DEV_USER_SHELL=${DIB_DEV_USER_SHELL:-}
|
||||
export DIB_DEV_USER_PWDLESS_SUDO=${DIB_DEV_USER_PWDLESS_SUDO:-}
|
||||
export DIB_DEV_USER_AUTHORIZED_KEYS=${DIB_DEV_USER_AUTHORIZED_KEYS:-}
|
||||
export DIB_DEV_USER_PASSWORD=${DIB_DEV_USER_PASSWORD:-}
|
20
elements/devuser/extra-data.d/50-devuser
Executable file
20
elements/devuser/extra-data.d/50-devuser
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
if [ -n "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
|
||||
if [ -f "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
|
||||
cat $DIB_DEV_USER_AUTHORIZED_KEYS >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
|
||||
fi
|
||||
else
|
||||
for fmt in "rsa dsa"; do
|
||||
if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
|
||||
cat $HOME/.ssh/id_$fmt.pub >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
34
elements/devuser/install.d/50-devuser
Executable file
34
elements/devuser/install.d/50-devuser
Executable file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
user_shell_args=
|
||||
if [ -n "${DIB_DEV_USER_SHELL}" ]; then
|
||||
user_shell_args="-s ${DIB_DEV_USER_SHELL}"
|
||||
fi
|
||||
useradd -m ${DIB_DEV_USER_USERNAME} $user_shell_args
|
||||
set +x
|
||||
if [ -n "${DIB_DEV_USER_PASSWORD}" ]; then
|
||||
echo "Setting password."
|
||||
echo "${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_PASSWORD}" | chpasswd
|
||||
fi
|
||||
set -x
|
||||
|
||||
if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then
|
||||
cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF
|
||||
${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL
|
||||
EOF
|
||||
chmod 0440 /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
|
||||
visudo -c || rm /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
|
||||
fi
|
||||
|
||||
if [ -f /tmp/in_target.d/devuser-ssh-authorized-keys ]; then
|
||||
mkdir -p /home/${DIB_DEV_USER_USERNAME}/.ssh
|
||||
cp /tmp/in_target.d/devuser-ssh-authorized-keys /home/${DIB_DEV_USER_USERNAME}/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
chown -R ${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_USERNAME} /home/${DIB_DEV_USER_USERNAME}
|
Loading…
Reference in New Issue
Block a user