vhost-stack/bin/vhost-user-add.sh
Matthew Saunders Brown b150d01b70 encrypt stored passwords
2023-03-30 14:57:56 -07:00

90 lines
3.0 KiB
Bash
Executable File

#!/bin/bash
#
# vhost-stack
# https://git.stack-source.com/msb/vhost-stack
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# load include file
source $(dirname $0)/vhost.sh
help()
{
thisfilename=$(basename -- "$0")
echo "Add system user to server."
echo ""
echo "usage: $thisfilename -u <username> [-p <password> [-i <uid>] [-w] [-h]"
echo ""
echo " -h Print this help."
echo " -u <username> System username to add to server."
echo " -p <password> Password for username. Optional, random password generated if none specified."
echo " -i <uid> Numberic User ID to assign to user. Optional, next available uid set if none specified."
echo " -w Write user info to /home/username/.passwd. Warning! This inlcudes the unencrypted password."
exit
}
vhost:getoptions "$@"
# check for username
if [ -z "$username" ]; then
echo "username not set"
exit 1
fi
# generate password if none specified
if [ -z "$password" ]; then
password=`/usr/bin/pwgen 12 1`
fi
# get next UID if none specified
if [ -z "$uid" ]; then
uid=`awk -F: '{uid[$3]=1}END{for(x=1000; x<=65534; x++) {if(uid[x] != ""){}else{print x; exit;}}}' /etc/passwd`
fi
# user & related files are only added if they don't already exist
# in this way it's safe to repeatedly try to add the same user
if ! /bin/grep -q "^$username:" /etc/passwd; then
newusers="$username:$password:$uid:$uid::/home/$username:/bin/bash"
echo "$newusers"|newusers
pwck -s
grpck -s
fi
if [[ ! -d "/home/$username" ]]; then
install -d -o $username -g $username -m 755 /home/$username
else
chown -R $username:$username /home/$username
fi
if [[ ! -f "/home/$username/.bash_logout" ]]; then
install -o $username -g $username -m 640 /etc/skel/.bash_logout /home/$username
fi
if [[ ! -f "/home/$username/.bashrc" ]]; then
install -o $username -g $username -m 640 /etc/skel/.bashrc /home/$username
echo '' >> /home/$username/.bashrc
echo '# local settings' >> /home/$username/.bashrc
echo '' >> /home/$username/.bashrc
echo 'export TERM=xterm-256color' >> /home/$username/.bashrc
echo '' >> /home/$username/.bashrc
echo 'command_not_found_handle () {' >> /home/$username/.bashrc
echo ' /usr/local/libexec/command-not-found-handle $@' >> /home/$username/.bashrc
echo ' return 127' >> /home/$username/.bashrc
echo '}' >> /home/$username/.bashrc
fi
if [[ ! -f "/home/$username/.profile" ]]; then
install -o $username -g $username -m 640 /etc/skel/.profile /home/$username
fi
if [[ -n $write ]]; then
vhost::set-opensslpass
encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2`
userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash"
if [[ ! -f "/home/$username/.passwd" ]]; then
install -o $username -g $username -m 640 /dev/null /home/$username/.passwd
echo "$userpasswdinfo" > /home/$username/.passwd
fi
fi