From bc36ddca210064e16619852efabcdabeda845cb8 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Tue, 13 Apr 2021 11:35:02 -0400 Subject: [PATCH] Allow customizing the deployment username Defaulted to 'deploy' but should be overrideable. --- buildiso.sh | 6 ++++++ install.sh | 20 +++++++++++--------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/buildiso.sh b/buildiso.sh index 34183a6..45de125 100755 --- a/buildiso.sh +++ b/buildiso.sh @@ -25,6 +25,7 @@ isofilename="pvc-installer_$(date +%Y-%m-%d).iso" srcliveisopath="https://cdimage.debian.org/mirror/cdimage/release/current-live/amd64/iso-hybrid" srcliveisofilename="$( wget -O- ${srcliveisopath}/ | grep 'debian-live-.*-amd64-standard.iso' | awk -F '"' '{ print $6 }' )" srcliveisourl="${srcliveisopath}/${srcliveisofilename}" +deployusername="deploy" show_help() { echo -e "PVC install ISO generator" @@ -45,6 +46,7 @@ show_help() { echo -e " the default." echo -e " -a: Use cached squashfs artifact during rebuild (cached ISO and debootstrap" echo -e " artifacts are always used)." + echo -e " -u: Change 'deploy' user to a new username." } while getopts "h?o:s:a" opt; do @@ -62,6 +64,9 @@ while getopts "h?o:s:a" opt; do a) usecachedsquashfs='y' ;; + u) + deployusername=$OPTARG + ;; esac done @@ -143,6 +148,7 @@ prepare_rootfs() { sudo chroot ${tempdir}/rootfs/ /usr/bin/passwd -d root &>/dev/null || fail "Error disabling root password." sudo cp install.sh ${tempdir}/rootfs/ &>/dev/null || fail "Error copying install.sh to tempdir." sudo sed -i "s/XXISOXX/${isofilename}/g" ${tempdir}/rootfs/install.sh &>/dev/null || fail "Error editing install.sh script." + sudo sed -i "s/XXDEPLOYUSERXX/${deployusername}/g" ${tempdir}/rootfs/install.sh &>/dev/null || fail "Error editing install.sh script." echo "done." echo -n "Generating squashfs image of live installation... " diff --git a/install.sh b/install.sh index 1e790f2..572550d 100755 --- a/install.sh +++ b/install.sh @@ -198,7 +198,9 @@ echo "done." echo echo "4) Please enter an HTTP URL containing a text list of SSH authorized keys to" -echo "fetch. These keys will be allowed access to the 'deploy' user via SSH." +echo "fetch. These keys will be allowed access to the deployment user 'XXDEPLOYUSER'" +echo "via SSH." +echo "" echo "Leave blank to bypass this and use a password instead." echo echo -n "> " @@ -207,7 +209,7 @@ if [[ -z ${target_keys_url} ]]; then echo echo "No SSH keys URL specified. Falling back to password configuration." echo - echo "5) Please enter a password (hidden), twice, for the 'deploy' user." + echo "5) Please enter a password (hidden), twice, for the deployment user 'XXDEPLOYUSERXX'." while [[ -z "${target_password}" ]]; do echo echo -n "> " @@ -407,16 +409,16 @@ echo -n "Setting temporary 'root' password... " echo "root:${root_password}" | chroot ${target} chpasswd >&2 echo "done." -echo -n "Adding 'deploy' user... " +echo -n "Adding deployment user... " mv ${target}/home ${target}/var/home >&2 -chroot ${target} useradd -u 200 -d /var/home/deploy -m -s /bin/bash -g operator -G sudo deploy >&2 -chroot ${target} mkdir -p /var/home/deploy/.ssh +chroot ${target} useradd -u 200 -d /var/home/XXDEPLOYUSERXX -m -s /bin/bash -g operator -G sudo XXDEPLOYUSERXX >&2 +chroot ${target} mkdir -p /var/home/XXDEPLOYUSERXX/.ssh if [[ -n ${target_keys_url} ]]; then -wget -O ${target}/var/home/deploy/.ssh/authorized_keys ${target_keys_url} -chroot ${target} chmod 0600 /var/home/deploy/.ssh/authorized_keys -chroot ${target} chown -R deploy:operator /var/home/deploy +wget -O ${target}/var/home/XXDEPLOYUSERXX/.ssh/authorized_keys ${target_keys_url} +chroot ${target} chmod 0600 /var/home/XXDEPLOYUSERXX/.ssh/authorized_keys +chroot ${target} chown -R XXDEPLOYUSERXX:operator /var/home/XXDEPLOYUSERXX else -echo "deploy:${target_password}" | chroot ${target} chpasswd >&2 +echo "XXDEPLOYUSERXX:${target_password}" | chroot ${target} chpasswd >&2 fi echo "done."