2024-10-10 09:47:43 +08:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -ex
|
|
|
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
|
|
|
|
|
|
|
check_username() {
|
|
|
|
( echo $1 | grep -qxE "^[a-z][-a-z0-9_]*\$" ) || return 1
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
touch_user() {
|
|
|
|
test -n "$1"
|
|
|
|
check_username $1 || { echo "Invalid user name $1 !"; exit -1; }
|
|
|
|
if id -u $1 1>/dev/null 2>&1; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if ! getent group nasp ; then
|
|
|
|
echo "Group 'nasp' does not exist\!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
useradd -m --groups nasp $1
|
|
|
|
su - $1 -c "true"
|
|
|
|
|
|
|
|
mkdir -p /home2/$1
|
|
|
|
chown $1:nasp /home2/$1
|
|
|
|
}
|
|
|
|
|
|
|
|
update_key() {
|
|
|
|
tmp_path="/tmp/authorized_keys_$1"
|
|
|
|
dest_path="/home/$1/.ssh/authorized_keys"
|
|
|
|
dest_dir=$(dirname "$dest_path")
|
|
|
|
|
|
|
|
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
|
|
|
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
|
|
|
|
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
|
|
|
done
|
|
|
|
|
|
|
|
if [[ ! -d "$dest_dir" ]]; then
|
|
|
|
mkdir -p "$dest_dir"
|
|
|
|
chown $1:nasp "$dest_dir"
|
|
|
|
chmod 700 "$dest_dir"
|
|
|
|
fi
|
|
|
|
cat "$tmp_path" > "$dest_path"
|
|
|
|
rm "$tmp_path"
|
|
|
|
chown $1:nasp "$dest_path"
|
|
|
|
chmod 600 "$dest_path"
|
|
|
|
}
|
|
|
|
|
|
|
|
main() {
|
|
|
|
if [ -f /etc/os-release ]; then
|
|
|
|
. /etc/os-release
|
|
|
|
test "$ID" = "nixos" || cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
|
|
|
|
fi
|
|
|
|
for file in "$THIS_DIR"/../authorized_keys/* ; do
|
|
|
|
if [[ ! -d "$file" ]]; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
username=$(basename $file)
|
|
|
|
touch_user $username
|
|
|
|
update_key $username
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
main
|