[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi-commits] [lmi] master 9ef51ab 09/12: Configure all users
|
From: |
Greg Chicares |
|
Subject: |
[lmi-commits] [lmi] master 9ef51ab 09/12: Configure all users |
|
Date: |
Thu, 11 Jun 2020 20:58:33 -0400 (EDT) |
branch: master
commit 9ef51abc1124beb1ea2bc165702eda8169f7ff47
Author: Gregory W. Chicares <gchicares@sbcglobal.net>
Commit: Gregory W. Chicares <gchicares@sbcglobal.net>
Configure all users
---
lmi_setup_01.sh | 5 ++++-
lmi_setup_01c.sh | 10 ++++++++--
lmi_setup_01r.sh | 5 ++++-
lmi_setup_24.sh | 21 ++++++++++++++-------
lmi_setup_24c.sh | 25 ++++++++++++++++---------
5 files changed, 46 insertions(+), 20 deletions(-)
diff --git a/lmi_setup_01.sh b/lmi_setup_01.sh
index e7dc84f..44d5d5f 100755
--- a/lmi_setup_01.sh
+++ b/lmi_setup_01.sh
@@ -44,7 +44,10 @@ schroot --chroot=${CHRTNAME} --user=root
--directory=/tmp ./lmi_setu
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_21.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_24.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_25.sh
-schroot --chroot=${CHRTNAME} --user="${NORMAL_USER}" --directory=/tmp
./lmi_setup_25.sh
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
+schroot --chroot=${CHRTNAME} --user="${user}" --directory=/tmp
./lmi_setup_25.sh
+} done
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_29.sh
# On a particular corporate server, root is not a sudoer.
if sudo -l true; then
diff --git a/lmi_setup_01c.sh b/lmi_setup_01c.sh
index 03ed5a4..e0f2612 100755
--- a/lmi_setup_01c.sh
+++ b/lmi_setup_01c.sh
@@ -37,7 +37,10 @@ assert_not_chrooted
./lmi_setup_24c.sh
./lmi_setup_25.sh
-su "${NORMAL_USER}" ./lmi_setup_25.sh
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
+su "${user}" ./lmi_setup_25.sh
+} done
cp -a /tmp/schroot_env /srv/chroot/"${CHRTNAME}"/tmp
cp -a lmi_setup_*.sh /srv/chroot/"${CHRTNAME}"/tmp
@@ -50,7 +53,10 @@ schroot --chroot=${CHRTNAME} --user=root
--directory=/tmp ./lmi_setu
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_21.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_24.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_25.sh
-schroot --chroot=${CHRTNAME} --user="${NORMAL_USER}" --directory=/tmp
./lmi_setup_25.sh
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
+schroot --chroot=${CHRTNAME} --user="${user}" --directory=/tmp
./lmi_setup_25.sh
+} done
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_29.sh
# On a particular corporate server, root is not a sudoer.
if sudo -l true; then
diff --git a/lmi_setup_01r.sh b/lmi_setup_01r.sh
index d51c5ad..69c1d53 100755
--- a/lmi_setup_01r.sh
+++ b/lmi_setup_01r.sh
@@ -47,7 +47,10 @@ schroot --chroot=${CHRTNAME} --user=root
--directory=/tmp ./lmi_setu
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_21.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_24.sh
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_25.sh
-schroot --chroot=${CHRTNAME} --user="${NORMAL_USER}" --directory=/tmp
./lmi_setup_25.sh
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
+schroot --chroot=${CHRTNAME} --user="${user}" --directory=/tmp
./lmi_setup_25.sh
+} done
schroot --chroot=${CHRTNAME} --user=root --directory=/tmp
./lmi_setup_29.sh
# On a particular corporate server, root is not a sudoer.
if sudo -l true; then
diff --git a/lmi_setup_24.sh b/lmi_setup_24.sh
index abc1225..90ef718 100755
--- a/lmi_setup_24.sh
+++ b/lmi_setup_24.sh
@@ -34,13 +34,15 @@ groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
# Add an 'lmi' group, which may be useful in a multi-user chroot.
getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
# Add a normal user, setting its shell and groups.
#
# No attempt is made to set a real password, because that can't be
# done securely in a script. A better password can be set later,
# interactively, if desired. Forcing the dummy password to expire
# immediately, thus (e.g.):
-# chage -d 0 "${NORMAL_USER}"
+# chage -d 0 "${user}"
# may seem like a good idea, but invoking schroot with that userid
# doesn't prompt for a password change.
#
@@ -50,16 +52,21 @@ getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
useradd \
--gid="${NORMAL_GROUP_GID}" \
- --uid="${NORMAL_USER_UID}" \
--create-home \
--shell=/bin/zsh \
--password="$(openssl passwd -1 --salt '' expired)" \
- "${NORMAL_USER}"
+ "${user}"
-usermod -aG lmi "${NORMAL_USER}" || echo "Oops."
-usermod -aG sudo "${NORMAL_USER}" || echo "Oops."
+# Try to make the "normal" user's UID match its UID on the host.
+if [ "${NORMAL_USER}" = "${user}" ]; then
+ usermod -u "${NORMAL_USER_UID}" || echo "Oops."
+fi
-chsh -s /bin/zsh "${NORMAL_USER}"
+usermod -aG lmi "${user}" || echo "Oops."
+usermod -aG sudo "${user}" || echo "Oops."
+
+chsh -s /bin/zsh "${user}"
+} done
stamp=$(date -u +'%Y%m%dT%H%M%SZ')
-echo "$stamp $0: Configured user '${NORMAL_USER}'." | tee /dev/tty
+echo "$stamp $0: Configured users." | tee /dev/tty
diff --git a/lmi_setup_24c.sh b/lmi_setup_24c.sh
index 08941af..631267f 100755
--- a/lmi_setup_24c.sh
+++ b/lmi_setup_24c.sh
@@ -34,23 +34,29 @@ groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
# Add an 'lmi' group, which may be useful in a multi-user chroot.
getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
+for user in $(echo "${CHROOT_USERS}" | tr ',' '\n'); do
+{
# Add a normal user, setting its shell and groups.
#
# This minimal centos chroot lacks openssl, so hardcode a password.
useradd \
--gid="${NORMAL_GROUP_GID}" \
- --uid="${NORMAL_USER_UID}" \
--create-home \
--shell=/bin/zsh \
--password="\$1\$\$AYD8bMyx6ho3BnmO3jjb60" \
- "${NORMAL_USER}"
+ "${user}"
+
+# Try to make the "normal" user's UID match its UID on the host.
+if [ "${NORMAL_USER}" = "${user}" ]; then
+ usermod -u "${NORMAL_USER_UID}" || echo "Oops."
+fi
-usermod -aG lmi "${NORMAL_USER}" || echo "Oops."
+usermod -aG lmi "${user}" || echo "Oops."
# Where debian has a 'sudo' group, redhat has a 'wheel' group.
# The difference seems to be nominal; neither is GID 0.
-usermod -aG wheel "${NORMAL_USER}"
+usermod -aG wheel "${user}"
# Nevertheless, after exiting the chroot and reentering as 'greg':
# $groups greg
# greg : lmi wheel
@@ -76,12 +82,13 @@ usermod -aG wheel "${NORMAL_USER}"
printf '# Defaults !requiretty\n'
printf '\n'
printf '%%wheel\tALL=(ALL)\tNOPASSWD: ALL\n'
- printf -- '%s\tALL=(ALL)\tNOPASSWD: ALL\n' "${NORMAL_USER}"
-} >/etc/sudoers.d/"${NORMAL_USER}"
-chmod 0440 /etc/sudoers.d/"${NORMAL_USER}"
+ printf -- '%s\tALL=(ALL)\tNOPASSWD: ALL\n' "${user}"
+} >/etc/sudoers.d/"${user}"
+chmod 0440 /etc/sudoers.d/"${user}"
visudo -cs
-chsh -s /bin/zsh "${NORMAL_USER}"
+chsh -s /bin/zsh "${user}"
+} done
stamp=$(date -u +'%Y%m%dT%H%M%SZ')
-echo "$stamp $0: Configured user '${NORMAL_USER}'." | tee /dev/tty
+echo "$stamp $0: Configured users." | tee /dev/tty
- [lmi-commits] [lmi] master updated (df723ac -> 0331fca), Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 14ff0cb 01/12: Add a note about branching, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master c7016ba 05/12: Add all groups before adding any user, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 6e50a5d 02/12: Create a root-owned file in root's $HOME, not someone else's, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 6a0b050 06/12: Refactor to make multi-user configuration easier, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master a75ef22 04/12: Extract blocks into sub-scripts #24, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 8bf7f0e 03/12: Extract block into sub-script #29, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 0331fca 12/12: Configure 'wine' for each user, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 4dcd8ee 08/12: Restrict permissions to 644 for home-directory files, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 9ef51ab 09/12: Configure all users,
Greg Chicares <=
- [lmi-commits] [lmi] master 0d823ab 11/12: Merge 'lmi_setup_41.sh' into 'lmi_setup_40.sh', Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master bd371a2 10/12: Move git configuration, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master ad3d008 07/12: Simplify vim and zsh configuration, Greg Chicares, 2020/06/11