blob: 14230a21cfd62eb64e343592678e832ee679f6c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/bin/sh
# Copyright 2023 Johannes Schauer Marin Rodrigues <josch@debian.org>
# SPDX-License-Identifier: MIT
#
# Add a non-root user, add them to the sudo group and use the same authorized
# ssh keys as the root user.
#
# - the new user is called "user" by default (customizable via $USERNAME)
# - no password required for login
# - requires the passwd and coreutils packages installed inside the chroot
# - adds the new user to the sudo group if it exists
# - ~/.ssh/authorized_keys files is copied from root user if it exists
#
# Example usage:
#
# $ debvm-create -k ~/.ssh/id_rsa.pub -- --hook-dir=.../useraddhook --include sudo
# $ debvm-run -s 8022
# $ ssh -l user -p 8022 127.0.0.1 whoami
# user
# $ ssh -l user -p 8022 127.0.0.1 sudo whoami
# root
#
set -eu
: "${USERNAME:=user}"
chroot "$1" useradd --home-dir "/home/$USERNAME" --create-home --shell /bin/bash "$USERNAME"
chroot "$1" passwd --delete "$USERNAME"
if chroot "$1" getent group sudo >/dev/null; then
chroot "$1" usermod --append --groups sudo "$USERNAME"
fi
if [ -e "$1"/root/.ssh/authorized_keys ]; then
chroot "$1" install -o "$USERNAME" -g "$USERNAME" -m 700 -d "/home/$USERNAME/.ssh"
chroot "$1" install -o "$USERNAME" -g "$USERNAME" -t "/home/$USERNAME/.ssh" /root/.ssh/authorized_keys
fi
|
