#!/bin/bash # # vhost-stack # https://git.stack-source.com/msb/vhost-stack # Copyright (c) 2022 Matthew Saunders Brown # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # load include file source $(dirname $0)/vhost.sh help() { thisfilename=$(basename -- "$0") echo "Add system user to server." echo "" echo "usage: $thisfilename -u [-p [-i ] [-x ] [-w <0|1>] [-h]" echo "" echo " -h Print this help." echo " -u System username to add to server." echo " -p Password for username. Optional, random password generated if none specified." echo " -i Numberic User ID to assign to user. Optional, next available uid set if none specified." echo " -x PHP-FPM pm.max_children. Optional, defaults to 4, recommended range 2-12 on Shared Server." echo " -w <0|1> Write user info to /home/username/.passwd. 0 = no, 1 = yes. Default is 1, which can be overridden in main config." exit } vhost:getoptions "$@" # check for username if [ -z "$username" ]; then echo "username not set" exit 1 fi # generate password if none specified if [ -z "$password" ]; then password=`/usr/bin/pwgen 12 1` fi # check for and set write option if [[ -z $write ]]; then write=$WRITE_INFO fi # get next UID if none specified if [ -z "$uid" ]; then uid=`awk -F: '{uid[$3]=1}END{for(x=1000; x<=65534; x++) {if(uid[x] != ""){}else{print x; exit;}}}' /etc/passwd` fi # user & related files are only added if they don't already exist # in this way it's safe to repeatedly try to add the same user if ! /bin/grep -q "^$username:" /etc/passwd; then newusers="$username:$password:$uid:$uid::/home/$username:/bin/bash" echo "$newusers"|newusers pwck -s grpck -s fi if [[ ! -d "/home/$username" ]]; then install -d -o $username -g $username -m 755 /home/$username else chown -R $username:$username /home/$username fi if [[ ! -f "/home/$username/.bash_logout" ]]; then install -o $username -g $username -m 640 /etc/skel/.bash_logout /home/$username fi if [[ ! -f "/home/$username/.bashrc" ]]; then install -o $username -g $username -m 640 /etc/skel/.bashrc /home/$username echo '' >> /home/$username/.bashrc echo '# local settings' >> /home/$username/.bashrc echo '' >> /home/$username/.bashrc echo 'export TERM=xterm-256color' >> /home/$username/.bashrc echo '' >> /home/$username/.bashrc echo 'command_not_found_handle () {' >> /home/$username/.bashrc echo ' /usr/local/libexec/command-not-found-handle $@' >> /home/$username/.bashrc echo ' return 127' >> /home/$username/.bashrc echo '}' >> /home/$username/.bashrc fi if [[ ! -f "/home/$username/.profile" ]]; then install -o $username -g $username -m 640 /etc/skel/.profile /home/$username fi if [[ $write == 1 ]]; then vhost::set-opensslpass encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2` userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash" if [[ -f "/home/$username/.passwd" ]]; then chmod 640 /home/$username/.passwd else install -o $username -g $username -m 640 /dev/null /home/$username/.passwd fi echo "$userpasswdinfo" > /home/$username/.passwd fi # php-fpm pool # vhost::set-phpVersion vhost::set-phpVersionArray for phpVersion in "${phpVersionArray[@]}" do if [[ ! -f /etc/php/$phpVersion/fpm/pool.d/$username.conf ]]; then # create /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "[$username]" > /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "user = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "group = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "listen = /run/php/php$phpVersion-fpm-$username.sock" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "listen.owner = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "listen.group = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "pm = ondemand" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf # check for and set php-fpm process manager max children if [[ -z $fpmmax ]]; then fpmmax=$FPM_MAX fi echo "pm.max_children = $fpmmax" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf echo "pm.process_idle_timeout = 3s;" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf fi done