Simplifying group management

This commit is contained in:
DarkFeather 2024-04-01 00:49:02 -05:00
parent 85286b5412
commit 87973dfb6e
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
3 changed files with 18 additions and 15 deletions

View File

@ -46,12 +46,14 @@ if [ "$?" -eq 0 ]; then
cp /opt/aninix/Password/sample-user.ldif "$file" cp /opt/aninix/Password/sample-user.ldif "$file"
line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file" line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file"
line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file" line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file"
line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /home/$username/#" "$file" line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /$username/#" "$file"
line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file" line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file"
line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file" line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file"
line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file" line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
ldapadd -D 'cn=root,dc=aninix,dc=net' -W -f "$file" ldapadd -D 'cn=root,dc=aninix,dc=net' -W -f "$file"
ldap-resetpass "$username" ldap-resetpass "$username"
# Create default home
cp -r /etc/skel "/home/$username"; chmod 0027 "/home/$username"; chown -R "$username": "/home/$username"
fi fi
rmdir "$lockfile" rmdir "$lockfile"
exit 0; exit 0;

View File

@ -41,21 +41,23 @@ ChallengeResponseAuthentication no
HostbasedAuthentication no HostbasedAuthentication no
KerberosAuthentication no KerberosAuthentication no
GSSAPIAuthentication no GSSAPIAuthentication no
DenyGroups [^ssh-allow]
AllowGroups ssh-allow
PermitRootLogin no PermitRootLogin no
PermitEmptyPasswords no PermitEmptyPasswords no
## Access Controls ## By default, only ssh-allow or ldapusers are allowed to sftp
Match Group ssh-forward AllowGroups ssh sftp ldapuser
Match Group ldapuser,sftp
ForceCommand internal-sftp
ChrootDirectory /home
## Special groups are allowed shell
Match Group wheel,ssh-allow
AllowTcpForwarding yes AllowTcpForwarding yes
PermitTunnel yes PermitTunnel yes
AllowAgentForwarding yes AllowAgentForwarding yes
X11Forwarding yes X11Forwarding yes
ForceCommand none
Match Group sftp-home-jail ChrootDirectory none
ForceCommand internal-sftp
ChrootDirectory /home
# Allow other packages to ship snippets # Allow other packages to ship snippets
Include /etc/ssh/includes/* Include /etc/ssh/includes/*

View File

@ -34,15 +34,14 @@
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: loop:
- ssh-allow - ssh
- ssh-forward - sftp
- sftp-home-jail
- name: Add SSH user to ssh-allow - name: Add SSH user to ssh group
become: yes become: yes
user: user:
name: "{{ ansible_user_id }}" name: "{{ ansible_user_id }}"
groups: ssh-allow groups: ssh
append: yes append: yes
- name: Copy the SSH key - name: Copy the SSH key
@ -75,7 +74,7 @@
file: file:
path: /etc/ssh/includes path: /etc/ssh/includes
state: directory state: directory
user: root owner: root
group: root group: root
mode: 0755 mode: 0755