[dev] first working version #4
|
@ -19,3 +19,5 @@ insert_if_not_exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
|
insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
|
||||||
|
|
||||||
|
\"$THIS_DIR\"/jumpserver_cron.sh
|
||||||
|
|
4
scripts/nasp
Executable file
4
scripts/nasp
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/bin/docker
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
|
||||||
|
|
|
@ -16,6 +16,7 @@ touch_user() {
|
||||||
--shell /bin/bash \
|
--shell /bin/bash \
|
||||||
--disabled-password \
|
--disabled-password \
|
||||||
--home /home/$1 \
|
--home /home/$1 \
|
||||||
|
--gecos "nasp member" \
|
||||||
$1
|
$1
|
||||||
usermod -a -G nasp $1
|
usermod -a -G nasp $1
|
||||||
}
|
}
|
||||||
|
@ -23,12 +24,18 @@ touch_user() {
|
||||||
update_key() {
|
update_key() {
|
||||||
tmp_path="/tmp/authorized_keys_$1"
|
tmp_path="/tmp/authorized_keys_$1"
|
||||||
dest_path="/home/$1/.ssh/authorized_keys"
|
dest_path="/home/$1/.ssh/authorized_keys"
|
||||||
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
dest_dir=$(dirname "$dest_path")
|
||||||
|
|
||||||
|
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
||||||
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
|
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
|
||||||
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [[ ! -d "$dest_dir" ]]; then
|
||||||
|
mkdir -p "$dest_dir"
|
||||||
|
chown $1:$1 "$dest_dir"
|
||||||
|
chmod 700 "$dest_dir"
|
||||||
|
fi
|
||||||
cat "$tmp_path" > "$dest_path"
|
cat "$tmp_path" > "$dest_path"
|
||||||
rm "$tmp_path"
|
rm "$tmp_path"
|
||||||
chown $1:$1 "$dest_path"
|
chown $1:$1 "$dest_path"
|
||||||
|
@ -36,8 +43,9 @@ update_key() {
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
cp "$THIS_DIR/nasp /etc/sudoers.d/nasp"
|
||||||
for file in "$THIS_DIR"/../authorized_keys/* ; do
|
for file in "$THIS_DIR"/../authorized_keys/* ; do
|
||||||
if ! test -d "$file"; then
|
if [[ ! -d "$file" ]]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
username=$(basename $file)
|
username=$(basename $file)
|
||||||
|
|
20
scripts/testbed_deploy.sh
Executable file
20
scripts/testbed_deploy.sh
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
||||||
|
|
||||||
|
apt update && apt install sudo
|
||||||
|
addgroup nasp
|
||||||
|
|
||||||
|
insert_if_not_exist()
|
||||||
|
{
|
||||||
|
filename=$1
|
||||||
|
line=$2
|
||||||
|
if [ ! -f "$filename" ]; then
|
||||||
|
touch $filename
|
||||||
|
fi
|
||||||
|
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
|
||||||
|
}
|
||||||
|
|
||||||
|
insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
|
||||||
|
|
||||||
|
\"$THIS_DIR\"/testbed_cron.sh
|
Loading…
Reference in New Issue
Block a user