carbon-config

config submodule of carbon-core-system
git clone https://ccx.te2000.cz/git/carbon-config
Log | Files | Refs
commit d52d4c86820e998d10d26c81e85ecfe2691aebfd
parent edb0a43aaf04f3399a74e573ac15301c6c3d1ad2
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date:   Tue, 26 Jul 2022 10:51:54 +0200

Create sshd user and group

Diffstat:

Mpostinstall.aat | 6+++++-


Mpostinstall.fileset | 54+++++++++++++++++++++++++++++++++++++++++++++++++++++-


Mpostinstall.rsfilter | 3++-


3 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/postinstall.aat b/postinstall.aat
@@ -83,6 +83,10 @@ CN	# Managed by /usr/src/core-system
 	  APPEND root=/dev/mapper/vg-install_root init=/previous/init/bin/init modules=sd-mod,usb-storage,ext4,xfs,lvm rootflags=noatime
 
 /etc	+
-/etc/passwd	+
 /etc/group	+
+|line_append_file("sshd:x", ":22:", "", "^[^:]*:[^:]*")
+
+|passwd_user("sshd:x:22:22:server privilege separation,,,:/home/sshd:/sbin/nologin")
+|shadow_user("sshd:!:10000::::::")
+
 |}
diff --git a/postinstall.fileset b/postinstall.fileset
@@ -21,5 +21,57 @@ CN	# Managed by /usr/src/core-system
 	  APPEND root=/dev/mapper/vg-install_root init=/previous/init/bin/init modules=sd-mod,usb-storage,ext4,xfs,lvm rootflags=noatime
 
 /etc	+
-/etc/passwd	+
 /etc/group	+
+?	grep -qEe '^$' $fname
+!	if grep -qEe '^[^:]*:[^:]*:22:' $fname; then
+		sed -ire 's|^[^:]*:[^:]*:22:|sshd:x:22:|' $fname
+	else
+		printf '%s\n' 'sshd:x:22:' >> $fname
+	fi
+
+/etc/passwd	f	+
+!f	awk 'BEGIN { FS=OFS=":"; seen=0; line="sshd:x:22:22:server privilege separation,,,:/home/sshd:/sbin/nologin"; split(line, a) }
+	{ uids[$3] = $0 }
+	$1 == a[1] {
+		for(n in a) {
+			if(a[n] != $n) {
+				print "error: differing present and requested lines" >>"/dev/stderr"
+				print "requested: " line >>"/dev/stderr"
+				print "present:   " $0 >>"/dev/stderr"
+				exit 1
+			}
+		}
+		seen = 1
+	}
+	{ print $0 }
+	END {
+		if(seen == 0) {
+			if(a[3] in uids) {
+				print "error: user record with requested UID already present" >>"/dev/stderr"
+				print "requested: " line >>"/dev/stderr"
+				print "present:   " uids[a[3]] >>"/dev/stderr"
+				exit 1
+			}
+			print line
+		}
+	}'
+/etc/shadow	f	+
+!f	awk 'BEGIN { FS=OFS=":"; seen=0; line="sshd:!:10000::::::"; split(line, a) }
+	$1 == a[1] {
+		for(n in a) {
+			if(a[n] != $n) {
+				print "error: differing present and requested lines" >>"/dev/stderr"
+				print "requested: " line >>"/dev/stderr"
+				print "present:   " $0 >>"/dev/stderr"
+				exit 1
+			}
+		}
+		seen = 1
+	}
+	{ print $0 }
+	END {
+		if(seen == 0) {
+			print line
+		}
+	}'
+
diff --git a/postinstall.rsfilter b/postinstall.rsfilter
@@ -1,5 +1,6 @@
 + /boot
 + /boot/extlinux.conf
 + /etc
-+ /etc/passwd
 + /etc/group
++ /etc/passwd
++ /etc/shadow