File: //var/chroot/var/chroot/var/chroot/sbin/setup-user
#!/bin/sh
PREFIX=
: ${LIBDIR=$PREFIX/lib}
. "$LIBDIR/libalpine.sh"
usage() {
cat <<-__EOF__
usage: setup-user [-h] [-a] [-u] [-f FULLNAME] [-g GROUPS] [-k SSHKEY] [USERNAME]
Create user account
options:
-a Create admin user. Add to wheel group and set up doas
-h Show this help
-f Set full name for user
-g Comma or space separated list of groups to add user to
-k ssh key or URL to ssh key (eg. https://gitlab.alpinelinux.org/user.keys)
or 'none' for no key
-u Unlock the user automatically (eg. creating the user non-interactively
with an ssh key for login)
If USERNAME is not specified user will be prompted.
__EOF__
exit $1
}
while getopts "af:g:hk:u" opt; do
case $opt in
a) admin=1;;
h) usage 0;;
f) fullnameopt="$OPTARG";;
g) groups="$OPTARG";;
k) keysopt="$OPTARG";;
u) forceunlock=1;;
'?') usage "1" >&2;;
esac
done
shift $(($OPTIND - 1))
if [ -z "$admin$fullnameopt$groups$keysopt$forceunlock" ] && [ "$1" = "none" ]; then
exit 0
fi
if [ $# -gt 1 ]; then
usage "1" >&2
elif [ $# -eq 1 ]; then
username="$1"
else
interactive=1
fi
while true; do
fullname="$fullnameopt"
if [ -n "$interactive" ] && [ -z "$username" ]; then
if [ -n "$fullname" ]; then
suggest=${fullname:+$(echo "$fullname" | sed -E 's/^(.).*\s+(.*)/\1\2/' | tr '[:upper:]' '[:lower:]')}
else
suggest=no
fi
# dont suggest something that has failed before
if [ "$suggest" = "$failed_username" ]; then
suggest=
fi
ask "Setup a user? (enter a lower-case loginname, or 'no')" $suggest
case "$resp" in
no) exit 0;;
*) username="$resp";;
esac
fi
if [ -n "$interactive" ] && [ -z "$fullnameopt" ]; then
ask "Full name for user $username" ${lastfullname:-$username}
fullname="$resp"
lastfullname="$resp"
fi
if [ -n "$fullname" ]; then
adduser -g "$fullname" -D "$username" && break
else
adduser -D "$username" && break
fi
if ! [ -n "$interactive" ]; then
exit 1
fi
failed_username="$username"
username=
done
while [ -n "$interactive" ] && ! $MOCK passwd "$username"; do
echo "Please retry."
done
if [ -n "$interactive" ] && [ -z "$keysopt" ]; then
suggest=none
while true; do
ask "Enter ssh key or URL for $username (or 'none')" $suggest
case "$resp" in
al)
suggest="https://gitlab.alpinelinux.org/$username.keys"
continue
;;
gl)
suggest="https://gitlab.com/$username.keys"
continue
;;
gh)
suggest="https://github.com/$username.keys"
continue
;;
none)
break
;;
https://*|http://*)
sshkeys=$(wget -q -O- $resp | grep ^ssh-)
;;
*) sshkeys="$resp"
;;
esac
if echo "$sshkeys" | grep -q ^ssh-; then
break
fi
echo "Did not find any key in '$resp'"
done
else
case "$keysopt" in
https://*|http://*)
sshkeys=$(wget -q -O- "$keysopt" | grep ^ssh-);;
none)
sshkeys="" ;;
*)
sshkeys="$keysopt";;
esac
if [ -n "$sshkeys" ] && ! echo "$sshkeys" | grep -q ^ssh-; then
echo "Could not find any keys in '$resp'" >&2
exit 1
fi
fi
if [ -n "$sshkeys" ] && [ "$sshkeys" != "none" ]; then
ssh_directory="$ROOT"/home/$username/.ssh
(
umask 077
mkdir -p "$ssh_directory"
echo "$sshkeys" > "$ssh_directory"/authorized_keys
)
$MOCK chown -R $username:$username "$ssh_directory"
fi
if [ -n "$groups" ] && [ "$groups" != "none" ]; then
for i in $(echo $groups | tr ',' ' '); do
$MOCK addgroup "$username" "$i" || exit
done
fi
if [ -n "$admin" ]; then
apk add doas
mkdir -p "$ROOT"/etc/doas.d
echo "permit persist :wheel" >> "$ROOT"/etc/doas.d/doas.conf
$MOCK addgroup "$username" "wheel" || exit
fi
if [ -n "$forceunlock" ]; then
$MOCK passwd -u "$username" || exit
fi