mirror of
https://github.com/atmoz/sftp.git
synced 2025-03-09 15:16:00 -04:00
4890e4e134
The gid is not being properly set for newly created dirs. Looks like the group "users" is hard coded instead.
105 lines
2.7 KiB
Bash
Executable file
105 lines
2.7 KiB
Bash
Executable file
#!/bin/bash
|
|
set -Eeo pipefail
|
|
|
|
# shellcheck disable=2154
|
|
trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
|
|
|
|
# Extended regular expression (ERE) for arguments
|
|
reUser='[A-Za-z0-9._][A-Za-z0-9._-]{0,31}' # POSIX.1-2008
|
|
rePass='[^:]{0,255}'
|
|
reUid='[[:digit:]]*'
|
|
reGid='[[:digit:]]*'
|
|
reDir='[^:]*'
|
|
#reArgs="^($reUser)(:$rePass)(:e)?(:$reUid)?(:$reGid)?(:$reDir)?$"
|
|
|
|
function log() {
|
|
echo "[$0] $*"
|
|
}
|
|
|
|
function validateArg() {
|
|
name="$1"
|
|
val="$2"
|
|
re="$3"
|
|
|
|
if [[ "$val" =~ ^$re$ ]]; then
|
|
return 0
|
|
else
|
|
log "ERROR: Invalid $name \"$val\", do not match required regex pattern: $re"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
log "Parsing user data: \"$1\""
|
|
IFS=':' read -ra args <<< "$1"
|
|
|
|
skipIndex=0
|
|
chpasswdOptions=""
|
|
useraddOptions=(--no-user-group)
|
|
|
|
user="${args[0]}"; validateArg "username" "$user" "$reUser" || exit 1
|
|
pass="${args[1]}"; validateArg "password" "$pass" "$rePass" || exit 1
|
|
|
|
if [ "${args[2]}" == "e" ]; then
|
|
chpasswdOptions="-e"
|
|
skipIndex=1
|
|
fi
|
|
|
|
uid="${args[$((skipIndex+2))]}"; validateArg "UID" "$uid" "$reUid" || exit 1
|
|
gid="${args[$((skipIndex+3))]}"; validateArg "GID" "$gid" "$reGid" || exit 1
|
|
dir="${args[$((skipIndex+4))]}"; validateArg "dirs" "$dir" "$reDir" || exit 1
|
|
|
|
if getent passwd "$user" > /dev/null; then
|
|
log "WARNING: User \"$user\" already exists. Skipping."
|
|
exit 0
|
|
fi
|
|
|
|
if [ -n "$uid" ]; then
|
|
useraddOptions+=(--non-unique --uid "$uid")
|
|
fi
|
|
|
|
if [ -n "$gid" ]; then
|
|
if ! getent group "$gid" > /dev/null; then
|
|
groupadd --gid "$gid" "group_$gid"
|
|
fi
|
|
|
|
useraddOptions+=(--gid "$gid")
|
|
fi
|
|
|
|
useradd "${useraddOptions[@]}" "$user"
|
|
mkdir -p "/home/$user"
|
|
chown root:root "/home/$user"
|
|
chmod 755 "/home/$user"
|
|
|
|
# Retrieving user id to use it in chown commands instead of the user name
|
|
# to avoid problems on alpine when the user name contains a '.'
|
|
uid="$(id -u "$user")"
|
|
|
|
if [ -n "$pass" ]; then
|
|
echo "$user:$pass" | chpasswd $chpasswdOptions
|
|
else
|
|
usermod -p "*" "$user" # disabled password
|
|
fi
|
|
|
|
# Add SSH keys to authorized_keys with valid permissions
|
|
if [ -d "/home/$user/.ssh/keys" ]; then
|
|
for publickey in "/home/$user/.ssh/keys"/*; do
|
|
cat "$publickey" >> "/home/$user/.ssh/authorized_keys"
|
|
done
|
|
chown "$uid" "/home/$user/.ssh/authorized_keys"
|
|
chmod 600 "/home/$user/.ssh/authorized_keys"
|
|
fi
|
|
|
|
# Make sure dirs exists
|
|
if [ -n "$dir" ]; then
|
|
IFS=',' read -ra dirArgs <<< "$dir"
|
|
for dirPath in "${dirArgs[@]}"; do
|
|
dirPath="/home/$user/$dirPath"
|
|
if [ ! -d "$dirPath" ]; then
|
|
log "Creating directory: $dirPath"
|
|
mkdir -p "$dirPath"
|
|
chown -R "$uid:$gid" "$dirPath"
|
|
else
|
|
log "Directory already exists: $dirPath"
|
|
fi
|
|
done
|
|
fi
|