-
-
Notifications
You must be signed in to change notification settings - Fork 134
/
add-user.sh
executable file
·131 lines (111 loc) · 3.02 KB
/
add-user.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
#
# Add a user with password and SSH key.
#
# VERSION :0.2.0
# DATE :2016-09-03
# URL :https://github.com/szepeviktor/debian-server-tools
# AUTHOR :Viktor Szépe <viktor@szepe.net>
# LICENSE :The MIT License (MIT)
# BASH-VERSION :4.2+
# DEPENDS :apt-get install sudo
# Add user with sudo privilege, password and SSH key will be asked for
#
# add-user.sh -s username
#
# Add user with password and piped SSH key
#
# cat public.key | add-user.sh -p password username
#
# Add user with expired password
#
# add-user.sh -e username
# Entry point
main()
{
local U
# From /etc/adduser.conf
local NAME_REGEX="^[a-z][-a-z0-9_]*\$"
local SUDO="no"
local EXPIRED="no"
local PASSWORD=""
local OPT
local HOME_DIR
local SSH_DIR
local SSH_AUTHKEYS
while getopts :sep: OPT; do
case "$OPT" in
s)
SUDO="yes"
;;
e)
EXPIRED="yes"
;;
p)
PASSWORD="$OPTARG"
;;
?)
echo "Invalid option (${OPT})" 1>&2
exit 2
;;
esac
done
shift "$((OPTIND - 1))"
# Missing username
test "$#" -eq 1
# Last option is the username
U="$1"
# Check username
[[ "$U" =~ ${NAME_REGEX} ]]
if [ -n "$PASSWORD" ]; then
# Add user with the specified password
# GECOS: Full name,Room number,Work phone,Home phone
printf '%s\n%s\n' "$PASSWORD" "$PASSWORD" | adduser --gecos "" "$U"
# Forget about the password
unset PASSWORD
elif [[ -t 0 ]]; then
# Add user by asking for the password
adduser --gecos "" "$U"
else
# Add user without a password
adduser --gecos "" --disabled-password "$U"
# Not possible to change password
EXPIRED="no"
fi
# Expire password, force the user to change his password
if [ "$EXPIRED" == yes ]; then
passwd -e "$U"
fi
# Create SSH directory
HOME_DIR="$(getent passwd "$U" | cut -d ":" -f 6)"
SSH_DIR="${HOME_DIR}/.ssh"
mkdir --mode 0700 "$SSH_DIR"
# File that contains the user's public keys for authentication
SSH_AUTHKEYS="${SSH_DIR}/authorized_keys"
# Is stdin a TTY?
if [[ -t 0 ]]; then
# Ask for the public key
editor "$SSH_AUTHKEYS"
else
# Get public key from pipe
cat >"$SSH_AUTHKEYS"
fi
# Add line end if necessary
if [ -s "$SSH_AUTHKEYS" ] && [ "$(wc -l <"$SSH_AUTHKEYS")" == 0 ]; then
echo >>"$SSH_AUTHKEYS"
fi
# Change owner of the SSH directory and its contents
chown --recursive "${U}:${U}" "$SSH_DIR"
# Display fingerprint
ssh-keygen -l -v -f "$SSH_AUTHKEYS"
# Add to sudoers group
if [ "$SUDO" == yes ]; then
adduser "$U" sudo
fi
# Exit status is that of the last command executed.
exit
}
# Options
set -o errexit -o noglob -o nounset -o pipefail
# Call main
main "$@"