2023-05-30 13:21:29 +08:00
|
|
|
#!/bin/bash
|
|
|
|
set -ex
|
|
|
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
|
|
|
|
|
|
|
touch_user() {
|
|
|
|
test -n "$1"
|
|
|
|
if id -u $1 1>/dev/null 2>&1; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if ! getent group nasp ; then
|
|
|
|
echo "Group 'nasp' does not exist\!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
adduser \
|
|
|
|
--shell /bin/bash \
|
|
|
|
--disabled-password \
|
|
|
|
--home /home/$1 \
|
|
|
|
--gecos "nasp member" \
|
|
|
|
$1
|
|
|
|
usermod -a -G nasp $1
|
2024-01-12 12:48:41 +08:00
|
|
|
|
|
|
|
mkdir -p /home2/$1
|
|
|
|
chown $1: /home2/$1
|
2023-05-30 13:21:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
update_key() {
|
|
|
|
tmp_path="/tmp/authorized_keys_$1"
|
|
|
|
dest_path="/home/$1/.ssh/authorized_keys"
|
|
|
|
dest_dir=$(dirname "$dest_path")
|
|
|
|
|
|
|
|
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
|
|
|
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
|
|
|
|
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
|
|
|
done
|
|
|
|
|
|
|
|
if [[ ! -d "$dest_dir" ]]; then
|
|
|
|
mkdir -p "$dest_dir"
|
|
|
|
chown $1:$1 "$dest_dir"
|
|
|
|
chmod 700 "$dest_dir"
|
|
|
|
fi
|
|
|
|
cat "$tmp_path" > "$dest_path"
|
|
|
|
rm "$tmp_path"
|
|
|
|
chown $1:$1 "$dest_path"
|
|
|
|
chmod 600 "$dest_path"
|
|
|
|
}
|
|
|
|
|
|
|
|
main() {
|
|
|
|
cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
|
|
|
|
for file in "$THIS_DIR"/../authorized_keys/* ; do
|
|
|
|
if [[ ! -d "$file" ]]; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
username=$(basename $file)
|
|
|
|
touch_user $username
|
|
|
|
update_key $username
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
main
|