vhost-stack/bin/vhost-user-add.sh
2023-04-16 10:50:42 -07:00

121 lines
4.5 KiB
Bash
Executable File

#!/bin/bash
#
# vhost-stack
# https://git.stack-source.com/msb/vhost-stack
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# load include file
source $(dirname $0)/vhost.sh
help()
{
thisfilename=$(basename -- "$0")
echo "Add system user to server."
echo ""
echo "usage: $thisfilename -u <username> [-p <password> [-i <uid>] [-x <fpmmax>] [-w] [-h]"
echo ""
echo " -h Print this help."
echo " -u <username> System username to add to server."
echo " -p <password> Password for username. Optional, random password generated if none specified."
echo " -i <uid> Numberic User ID to assign to user. Optional, next available uid set if none specified."
echo " -x <fpmmax> PHP-FPM pm.max_children. Optional, defaults to 4, recommended range 2-12 on Shared Server."
echo " -w Write user info to /home/username/.passwd."
exit
}
vhost:getoptions "$@"
# check for username
if [ -z "$username" ]; then
echo "username not set"
exit 1
fi
# generate password if none specified
if [ -z "$password" ]; then
password=`/usr/bin/pwgen 12 1`
fi
# get next UID if none specified
if [ -z "$uid" ]; then
uid=`awk -F: '{uid[$3]=1}END{for(x=1000; x<=65534; x++) {if(uid[x] != ""){}else{print x; exit;}}}' /etc/passwd`
fi
# user & related files are only added if they don't already exist
# in this way it's safe to repeatedly try to add the same user
if ! /bin/grep -q "^$username:" /etc/passwd; then
newusers="$username:$password:$uid:$uid::/home/$username:/bin/bash"
echo "$newusers"|newusers
pwck -s
grpck -s
fi
if [[ ! -d "/home/$username" ]]; then
install -d -o $username -g $username -m 755 /home/$username
else
chown -R $username:$username /home/$username
fi
if [[ ! -f "/home/$username/.bash_logout" ]]; then
install -o $username -g $username -m 640 /etc/skel/.bash_logout /home/$username
fi
if [[ ! -f "/home/$username/.bashrc" ]]; then
install -o $username -g $username -m 640 /etc/skel/.bashrc /home/$username
echo '' >> /home/$username/.bashrc
echo '# local settings' >> /home/$username/.bashrc
echo '' >> /home/$username/.bashrc
echo 'export TERM=xterm-256color' >> /home/$username/.bashrc
echo '' >> /home/$username/.bashrc
echo 'command_not_found_handle () {' >> /home/$username/.bashrc
echo ' /usr/local/libexec/command-not-found-handle $@' >> /home/$username/.bashrc
echo ' return 127' >> /home/$username/.bashrc
echo '}' >> /home/$username/.bashrc
fi
if [[ ! -f "/home/$username/.profile" ]]; then
install -o $username -g $username -m 640 /etc/skel/.profile /home/$username
fi
if [[ -n $write ]]; then
vhost::set-opensslpass
encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2`
userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash"
if [[ ! -f "/home/$username/.passwd" ]]; then
install -o $username -g $username -m 640 /dev/null /home/$username/.passwd
echo "$userpasswdinfo" > /home/$username/.passwd
fi
fi
# php-fpm pool
vhost::set-phpVersion
if [[ ! -f /etc/php/$phpVersion/fpm/pool.d/$username.conf ]]; then
# create /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "[$username]" > /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "user = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "group = $username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
if [ -d /usr/jails/$username ]; then
echo "chroot = /usr/jails/$username" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
fi
echo "listen = /run/php/php$phpVersion-fpm-$username.sock" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "listen.owner = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "listen.group = www-data" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "pm = ondemand" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
# check for and set php-fpm process manager max children
if [[ -z $fpmmax ]]; then
fpmmax=$FPM_MAX
fi
echo "pm.max_children = $fpmmax" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
echo "pm.process_idle_timeout = 3s;" >> /etc/php/$phpVersion/fpm/pool.d/$username.conf
# restart php$phpVersion-fpm
if systemctl is-active --quiet php$phpVersion-fpm ; then
if /usr/sbin/php-fpm$phpVersion -t >/dev/null 2>&1 ; then
systemctl reload php$phpVersion-fpm
else
echo "WARNING: php-fpm$phpVersion configuration test failed"
fi
fi
fi