2021-04-04 13:28:22 -07:00
|
|
|
#!/bin/bash
|
|
|
|
#
|
|
|
|
# vhost-stack
|
|
|
|
# https://git.stack-source.com/msb/vhost-stack
|
2022-08-22 13:22:16 -07:00
|
|
|
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
2021-04-04 13:28:22 -07:00
|
|
|
|
2021-04-04 14:15:16 -07:00
|
|
|
# load include file
|
|
|
|
source $(dirname $0)/vhost.sh
|
2021-04-04 13:28:22 -07:00
|
|
|
|
2021-09-16 16:21:35 -07:00
|
|
|
help()
|
|
|
|
{
|
|
|
|
thisfilename=$(basename -- "$0")
|
|
|
|
echo "Add system user to server."
|
|
|
|
echo ""
|
2023-05-04 17:15:27 -07:00
|
|
|
echo "usage: $thisfilename -u <username> [-p <password> [-i <uid>] [-x <fpmmax>] [-w <0|1>] [-h]"
|
2021-09-16 16:21:35 -07:00
|
|
|
echo ""
|
|
|
|
echo " -h Print this help."
|
2021-10-05 13:50:27 -07:00
|
|
|
echo " -u <username> System username to add to server."
|
2021-10-05 11:33:24 -07:00
|
|
|
echo " -p <password> Password for username. Optional, random password generated if none specified."
|
|
|
|
echo " -i <uid> Numberic User ID to assign to user. Optional, next available uid set if none specified."
|
2023-04-16 10:50:42 -07:00
|
|
|
echo " -x <fpmmax> PHP-FPM pm.max_children. Optional, defaults to 4, recommended range 2-12 on Shared Server."
|
2023-05-04 17:15:27 -07:00
|
|
|
echo " -w <0|1> Write user info to /home/username/.passwd. 0 = no, 1 = yes. Default is 1, which can be overridden in main config."
|
2021-09-16 16:21:35 -07:00
|
|
|
exit
|
|
|
|
}
|
|
|
|
|
2021-10-05 11:33:24 -07:00
|
|
|
vhost:getoptions "$@"
|
|
|
|
|
|
|
|
# check for username
|
|
|
|
if [ -z "$username" ]; then
|
2021-04-04 13:28:22 -07:00
|
|
|
echo "username not set"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2021-09-16 16:21:35 -07:00
|
|
|
# generate password if none specified
|
2021-10-05 11:33:24 -07:00
|
|
|
if [ -z "$password" ]; then
|
2021-09-16 16:21:35 -07:00
|
|
|
password=`/usr/bin/pwgen 12 1`
|
2021-04-04 13:28:22 -07:00
|
|
|
fi
|
|
|
|
|
2023-05-04 17:15:27 -07:00
|
|
|
# check for and set write option
|
|
|
|
if [[ -z $write ]]; then
|
|
|
|
write=$WRITE_INFO
|
|
|
|
fi
|
|
|
|
|
2021-09-16 16:21:35 -07:00
|
|
|
# get next UID if none specified
|
2021-10-05 11:33:24 -07:00
|
|
|
if [ -z "$uid" ]; then
|
|
|
|
uid=`awk -F: '{uid[$3]=1}END{for(x=1000; x<=65534; x++) {if(uid[x] != ""){}else{print x; exit;}}}' /etc/passwd`
|
2021-04-04 13:28:22 -07:00
|
|
|
fi
|
|
|
|
|
2021-09-16 16:21:35 -07:00
|
|
|
# user & related files are only added if they don't already exist
|
|
|
|
# in this way it's safe to repeatedly try to add the same user
|
|
|
|
|
2021-04-04 13:28:22 -07:00
|
|
|
if ! /bin/grep -q "^$username:" /etc/passwd; then
|
2021-10-05 11:33:24 -07:00
|
|
|
newusers="$username:$password:$uid:$uid::/home/$username:/bin/bash"
|
2021-04-04 13:28:22 -07:00
|
|
|
echo "$newusers"|newusers
|
|
|
|
pwck -s
|
|
|
|
grpck -s
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -d "/home/$username" ]]; then
|
|
|
|
install -d -o $username -g $username -m 755 /home/$username
|
|
|
|
else
|
|
|
|
chown -R $username:$username /home/$username
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -f "/home/$username/.bash_logout" ]]; then
|
|
|
|
install -o $username -g $username -m 640 /etc/skel/.bash_logout /home/$username
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -f "/home/$username/.bashrc" ]]; then
|
|
|
|
install -o $username -g $username -m 640 /etc/skel/.bashrc /home/$username
|
|
|
|
echo '' >> /home/$username/.bashrc
|
|
|
|
echo '# local settings' >> /home/$username/.bashrc
|
|
|
|
echo '' >> /home/$username/.bashrc
|
|
|
|
echo 'export TERM=xterm-256color' >> /home/$username/.bashrc
|
|
|
|
echo '' >> /home/$username/.bashrc
|
|
|
|
echo 'command_not_found_handle () {' >> /home/$username/.bashrc
|
2021-04-22 13:17:36 -07:00
|
|
|
echo ' /usr/local/libexec/command-not-found-handle $@' >> /home/$username/.bashrc
|
2021-04-04 13:28:22 -07:00
|
|
|
echo ' return 127' >> /home/$username/.bashrc
|
|
|
|
echo '}' >> /home/$username/.bashrc
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -f "/home/$username/.profile" ]]; then
|
|
|
|
install -o $username -g $username -m 640 /etc/skel/.profile /home/$username
|
|
|
|
fi
|
|
|
|
|
2023-05-04 17:15:27 -07:00
|
|
|
if [[ $write == 1 ]]; then
|
2023-03-30 14:57:56 -07:00
|
|
|
vhost::set-opensslpass
|
|
|
|
encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2`
|
|
|
|
userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash"
|
2023-05-04 17:15:27 -07:00
|
|
|
if [[ -f "/home/$username/.passwd" ]]; then
|
|
|
|
chmod 640 /home/$username/.passwd
|
|
|
|
else
|
2023-03-30 14:57:56 -07:00
|
|
|
install -o $username -g $username -m 640 /dev/null /home/$username/.passwd
|
2021-10-02 14:59:01 -07:00
|
|
|
fi
|
2023-05-04 17:15:27 -07:00
|
|
|
echo "$userpasswdinfo" > /home/$username/.passwd
|
2021-10-02 14:59:01 -07:00
|
|
|
fi
|
2023-04-16 10:50:42 -07:00
|
|
|
|
|
|
|
# php-fpm pool
|
|
|
|
vhost::set-phpVersion
|
|
|
|
if [[ ! -f /etc/php/$phpVersion/fpm/pool.d/$username.conf ]]; then
|
|
|
|
# create /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "[$username]" > /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "user = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "group = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
if [ -d /usr/jails/$username ]; then
|
|
|
|
echo "chroot = /usr/jails/$username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
fi
|
|
|
|
echo "listen = /run/php/php$phpVersion-fpm-$username.sock" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "listen.owner = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "listen.group = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "pm = ondemand" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
# check for and set php-fpm process manager max children
|
|
|
|
if [[ -z $fpmmax ]]; then
|
|
|
|
fpmmax=$FPM_MAX
|
|
|
|
fi
|
|
|
|
echo "pm.max_children = $fpmmax" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
echo "pm.process_idle_timeout = 3s;" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
|
|
|
|
fi
|