diff options
| author | Georg | 2021-10-21 20:41:05 +0200 |
|---|---|---|
| committer | Georg | 2021-10-21 20:41:05 +0200 |
| commit | 41b9b0e30b3ce09a6c539d17ae0dc4744339cfee (patch) | |
| tree | 05076b9f29effbf747fad9829a19af935c9f66ba | |
| parent | 8136cb2963123fe900c6d60b5cf4d5429c4513d3 (diff) | |
| download | pounce-41b9b0e30b3ce09a6c539d17ae0dc4744339cfee.tar.gz pounce-41b9b0e30b3ce09a6c539d17ae0dc4744339cfee.tar.bz2 pounce-41b9b0e30b3ce09a6c539d17ae0dc4744339cfee.zip | |
Signed-off-by: Georg <georg@lysergic.dev>
| -rwxr-xr-x | init_pounce_user.sh | 62 | ||||
| -rw-r--r-- | template.ldif | 16 |
2 files changed, 78 insertions, 0 deletions
diff --git a/init_pounce_user.sh b/init_pounce_user.sh new file mode 100755 index 0000000..6a90403 --- /dev/null +++ b/init_pounce_user.sh @@ -0,0 +1,62 @@ +#!/bin/sh +pouncedir="/var/lib/pounce" +uid="$1" +userid="$(id -u $uid)" + +init_directory() { + previous_uidnumber="$(cat /var/lib/pounce/uidnumber)" + uidnumber="$(expr $previous_uidnumber + 1)" + sed -e "s/%UID%/$uid/" -e "s/%UIDNUMBER%/$uidnumber/" /opt/libertacasa/template.ldif | ldapmodify -D 'cn=pounce_adm,ou=syscid-system,dc=syscid,dc=com' -H 'ldaps://gaia.syscid.com/' -xy %%$AUTHSEC%% -v + status_dir=$? + if [ "$status_dir" = "0" ]; then + echo -n "$uidnumber" > /var/lib/pounce/uidnumber + fi +} + +init_local() { + mkdir $pouncedir/users/$uid + mkdir $pouncedir/users/$uid/enabled + mkdir $pouncedir/users/$uid/disabled + mkdir $pouncedir/users/$uid/certs + chown -R $userid:pounce $pouncedir/users/$uid + chmod -R 700 $pouncedir/users/$uid + /usr/local/bin/pounce -g $pouncedir/users/$uid/ca.pem + chown $userid:pounce $pouncedir/users/$uid/ca.pem + chmod 600 $pouncedir/users/$uid/ca.pem + #mkhomedir_helper $uid + mkdir -p /home/$uid/.config/systemd/user + cat <<SERVICE >/home/$uid/.config/systemd/user/pounce@.service +[Unit] +Description=pounce - $uid - %i +Wants=network.target + +[Service] +ExecStart=/usr/local/bin/pounce /var/lib/pounce/users/$uid/enabled/%i +Restart=always +RestartSec=15 +SyslogIdentifier=pounce-$uid-%i + +[Install] +WantedBy=multi-user.target +SERVICE + chown -R $userid:2000 /home/$uid/ + chmod 700 /home/$uid +} + +if [ $uid ]; then + if [ $userid ]; then + init_local + else + echo "User not found. Attempting to promote POSIX access ..." + init_directory + if [ "$status_dir" = "0" ]; then + init_local + else + echo "POSIX promiotion failed. User might not exist." + fi + + fi +else + echo "Missing username." + exit 1 +fi diff --git a/template.ldif b/template.ldif new file mode 100644 index 0000000..68e092b --- /dev/null +++ b/template.ldif @@ -0,0 +1,16 @@ +dn: uid=%UID%,ou=libertacasa-users,dc=syscid,dc=com +changetype: modify +add: objectClass +objectClass: posixAccount +- +add: uidNumber +uidNumber: %UIDNUMBER% +- +add: gidNumber +gidNumber: 2000 +- +add: homeDirectory +homeDirectory: /home/%UID% +- +add: loginShell +loginShell: /usr/bin/nobash |