-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathsudo-user
More file actions
executable file
·60 lines (50 loc) · 1.43 KB
/
Copy pathsudo-user
File metadata and controls
executable file
·60 lines (50 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/sh
# vim: set ts=4 sw=4:
set -eu
readonly ADMIN_GROUP='wheel'
: ${USER_SHELL:=${USERNAME_SHELL:-"/bin/sh"}}
if [ -z "${USERNAME:-}" ]; then
exit 0
fi
. "$(dirname "$(readlink -f "$0")")"/utils.sh
if ! id "$USERNAME" >/dev/null 2>&1; then
echo "Creating user $USERNAME" >&2
if command -v useradd >/dev/null; then
useradd --create-home \
--no-user-group \
--shell "$USER_SHELL" \
${USER_UID:+"-u $USER_UID"} \
"$USERNAME"
else
adduser -D -G users -s "$USER_SHELL" ${USER_UID:+"-u $USER_UID"} "$USERNAME"
passwd -u "$USERNAME" >/dev/null # unlock account
fi
fi
if ! id -Gn "$USERNAME" 2>/dev/null | grep -Fq $ADMIN_GROUP; then
echo "Adding user $USERNAME to group $ADMIN_GROUP" >&2
if command -v usermod >/dev/null; then
usermod --append --groups $ADMIN_GROUP "$USERNAME"
else
addgroup "$USERNAME" $ADMIN_GROUP
fi
fi
if yesno "${USERNAME_SUDO:-YES}"; then
if command -v doas >/dev/null; then
cfgfile="/etc/doas.d/$ADMIN_GROUP.conf"
rule="permit nopass :$ADMIN_GROUP"
elif command -v sudo >/dev/null; then
cfgfile="/etc/sudoers.d/$ADMIN_GROUP"
rule="%$ADMIN_GROUP ALL=(ALL) NOPASSWD: ALL"
else
echo "WARNING: neither doas nor sudo is installed, doas/sudo rule for $ADMIN_GROUP will not be added" >&2
exit 0
fi
if ! [ -f "$cfgfile" ]; then
echo "Creating $cfgfile" >&2
cat > "$cfgfile" <<-EOF
# Added by $(readlink -f "$0")
$rule
EOF
chmod 640 "$cfgfile"
fi
fi