From 41b9b0e30b3ce09a6c539d17ae0dc4744339cfee Mon Sep 17 00:00:00 2001 From: Georg Date: Thu, 21 Oct 2021 20:41:05 +0200 Subject: [PATCH] Init user onboarding script Signed-off-by: Georg --- init_pounce_user.sh | 62 +++++++++++++++++++++++++++++++++++++++++++++ template.ldif | 16 ++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 init_pounce_user.sh create mode 100644 template.ldif diff --git a/init_pounce_user.sh b/init_pounce_user.sh new file mode 100755 index 0000000..6a90403 --- /dev/null +++ b/init_pounce_user.sh @@ -0,0 +1,62 @@ +#!/bin/sh +pouncedir="/var/lib/pounce" +uid="$1" +userid="$(id -u $uid)" + +init_directory() { + previous_uidnumber="$(cat /var/lib/pounce/uidnumber)" + uidnumber="$(expr $previous_uidnumber + 1)" + sed -e "s/%UID%/$uid/" -e "s/%UIDNUMBER%/$uidnumber/" /opt/libertacasa/template.ldif | ldapmodify -D 'cn=pounce_adm,ou=syscid-system,dc=syscid,dc=com' -H 'ldaps://gaia.syscid.com/' -xy %%$AUTHSEC%% -v + status_dir=$? + if [ "$status_dir" = "0" ]; then + echo -n "$uidnumber" > /var/lib/pounce/uidnumber + fi +} + +init_local() { + mkdir $pouncedir/users/$uid + mkdir $pouncedir/users/$uid/enabled + mkdir $pouncedir/users/$uid/disabled + mkdir $pouncedir/users/$uid/certs + chown -R $userid:pounce $pouncedir/users/$uid + chmod -R 700 $pouncedir/users/$uid + /usr/local/bin/pounce -g $pouncedir/users/$uid/ca.pem + chown $userid:pounce $pouncedir/users/$uid/ca.pem + chmod 600 $pouncedir/users/$uid/ca.pem + #mkhomedir_helper $uid + mkdir -p /home/$uid/.config/systemd/user + cat </home/$uid/.config/systemd/user/pounce@.service +[Unit] +Description=pounce - $uid - %i +Wants=network.target + +[Service] +ExecStart=/usr/local/bin/pounce /var/lib/pounce/users/$uid/enabled/%i +Restart=always +RestartSec=15 +SyslogIdentifier=pounce-$uid-%i + +[Install] +WantedBy=multi-user.target +SERVICE + chown -R $userid:2000 /home/$uid/ + chmod 700 /home/$uid +} + +if [ $uid ]; then + if [ $userid ]; then + init_local + else + echo "User not found. Attempting to promote POSIX access ..." + init_directory + if [ "$status_dir" = "0" ]; then + init_local + else + echo "POSIX promiotion failed. User might not exist." + fi + + fi +else + echo "Missing username." + exit 1 +fi diff --git a/template.ldif b/template.ldif new file mode 100644 index 0000000..68e092b --- /dev/null +++ b/template.ldif @@ -0,0 +1,16 @@ +dn: uid=%UID%,ou=libertacasa-users,dc=syscid,dc=com +changetype: modify +add: objectClass +objectClass: posixAccount +- +add: uidNumber +uidNumber: %UIDNUMBER% +- +add: gidNumber +gidNumber: 2000 +- +add: homeDirectory +homeDirectory: /home/%UID% +- +add: loginShell +loginShell: /usr/bin/nobash