Avoid any confusions with the admin user

91ae203b · Bob Mottram · ae5ec380 · 91ae203b
Commit 91ae203b authored 8 years ago by Bob Mottram
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -48,26 +48,26 @@ do
    source $f
 done

-MY_USERNAME=$1
+ADD_USERNAME=$1
 SSH_PUBLIC_KEY="$2"
 GPG_KEYSERVER='hkp://keys.gnupg.net'
 SSH_PORT=2222
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 DEFAULT_DOMAIN_NAME=

-if [ ! $MY_USERNAME ]; then
+if [ ! $ADD_USERNAME ]; then
    echo $'No username was given'
    exit 1
 fi

-if [ -d /home/$MY_USERNAME ]; then
-    echo $"The user $MY_USERNAME already exists"
+if [ -d /home/$ADD_USERNAME ]; then
+    echo $"The user $ADD_USERNAME already exists"
    exit 2
 fi

 if [ ! -f $COMPLETION_FILE ]; then
    echo $"$COMPLETION_FILE not found"
-    userdel -r $MY_USERNAME
+    userdel -r $ADD_USERNAME
    exit 3
 fi

@@ -75,10 +75,10 @@ fi
 MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')

 NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
-useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME
-adduser $MY_USERNAME sasl
+useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
+adduser $ADD_USERNAME sasl

-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d /home/$ADD_USERNAME ]; then
    echo $'Home directory was not created'
    exit 4
 fi
@@ -86,15 +86,15 @@ fi
 if [ "$SSH_PUBLIC_KEY" ]; then
    if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
        if [ -f "$SSH_PUBLIC_KEY" ]; then
-            mkdir /home/$MY_USERNAME/.ssh
-            cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
-            chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+            mkdir /home/$ADD_USERNAME/.ssh
+            cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys
+            chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
            echo $'ssh public key installed'
        else
            if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                mkdir /home/$MY_USERNAME/.ssh
-                echo "$SSH_PUBLIC_KEY" > /home/$MY_USERNAME/.ssh/authorized_keys
-                chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+                mkdir /home/$ADD_USERNAME/.ssh
+                echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys
+                chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
                echo $'ssh public key installed'
            else
                echo $'The second parameter does not look like an ssh key'
@@ -104,102 +104,102 @@ if [ "$SSH_PUBLIC_KEY" ]; then
    fi
 fi

-if [ -d /home/$MY_USERNAME/Maildir ]; then
-    if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
-        sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc
+if [ -d /home/$ADD_USERNAME/Maildir ]; then
+    if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then
+        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc
    else
-        echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc
+        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc
    fi

    USERN='$USER@'
-    sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc
+    sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
 fi

 # generate a gpg key
-echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"
-mkdir /home/$MY_USERNAME/.gnupg
-echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
-
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
-chmod 700 /home/$MY_USERNAME/.gnupg
-chmod 600 /home/$MY_USERNAME/.gnupg/*
+echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
+mkdir /home/$ADD_USERNAME/.gnupg
+echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+
+chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
+chmod 700 /home/$ADD_USERNAME/.gnupg
+chmod 600 /home/$ADD_USERNAME/.gnupg/*

 # Generate a GPG key
-echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
-echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
-echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
-echo "Name-Real:  $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
-chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
-shred -zu /home/$MY_USERNAME/gpg-genkey.conf
-MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
-MY_GPG_PUBLIC_KEY=/home/$MY_USERNAME/public_key.gpg
-su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+echo 'Key-Type: 1' > /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Key-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Subkey-Type: 1' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Subkey-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
+chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
+su -c "gpg --batch --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
+MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $ADD_USERNAME@$HOSTNAME | grep 'pub '" - $ADD_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
+su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME

 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
-    echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
-    userdel -r $MY_USERNAME
+    echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
+    userdel -r $ADD_USERNAME
    exit 7
 fi

 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
-#su -c "monkeysphere gen-subkey" - $MY_USERNAME
+#su -c "monkeysphere gen-subkey" - $ADD_USERNAME
 #echo $'Adding monkeysphere subkey to ssh-agent'
-#su -c "monkeysphere s" - $MY_USERNAME
+#su -c "monkeysphere s" - $ADD_USERNAME
 # add authorized GPG email address
-mkdir /home/$MY_USERNAME/.monkeysphere
-chmod 755 /home/$MY_USERNAME/.monkeysphere
-echo "$MY_USERNAME <$MY_USERNAME@$HOSTNAME>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
+mkdir /home/$ADD_USERNAME/.monkeysphere
+chmod 755 /home/$ADD_USERNAME/.monkeysphere
+echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
 echo $'Updating monkeysphere users'
 monkeysphere-authentication update-users

-if [ -f /home/$MY_USERNAME/.muttrc ]; then
+if [ -f /home/$ADD_USERNAME/.muttrc ]; then
    # encrypt outgoing mail to the "sent" folder
-    if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
-        echo '' >> /home/$MY_USERNAME/.muttrc
-        echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
+        echo '' >> /home/$ADD_USERNAME/.muttrc
+        echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
    fi

-    if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
    fi
 fi

-if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then
-    echo '' >> /home/$MY_USERNAME/README
-    echo '' >> /home/$MY_USERNAME/README
-    echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
-    echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
-    echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
-    echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
-    echo $'You can change the it with:' >> /home/$MY_USERNAME/README
-    echo '' >> /home/$MY_USERNAME/README
-    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-    echo '  passwd' >> /home/$MY_USERNAME/README
-    echo '  save' >> /home/$MY_USERNAME/README
-    echo '  quit' >> /home/$MY_USERNAME/README
+if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then
+    echo '' >> /home/$ADD_USERNAME/README
+    echo '' >> /home/$ADD_USERNAME/README
+    echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README
+    echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README
+    echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README
+    echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README
+    echo $'You can change the it with:' >> /home/$ADD_USERNAME/README
+    echo '' >> /home/$ADD_USERNAME/README
+    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README
+    echo '  passwd' >> /home/$ADD_USERNAME/README
+    echo '  save' >> /home/$ADD_USERNAME/README
+    echo '  quit' >> /home/$ADD_USERNAME/README
 fi

-chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-chown $MY_USERNAME:$MY_USERNAME $MY_GPG_PUBLIC_KEY
-chmod 600 /home/$MY_USERNAME/README
+chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README
+chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY
+chmod 600 /home/$ADD_USERNAME/README

 echo $'Detecting installed apps...'
 detect_apps
@@ -209,37 +209,37 @@ do
    if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
        echo $"Adding user to ${app_name}"
        app_load_variables ${app_name}
-        retval=$(add_user_${app_name} "$MY_USERNAME" "$NEW_USER_PASSWORD")
+        retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD")
        if [[ $retval != '0' ]]; then
            echo $"Failed with error code ${retval}"
-            ${PROJECT_NAME}-rmuser $MY_USERNAME
+            ${PROJECT_NAME}-rmuser $ADD_USERNAME
            exit 672392
        fi
-        if ! grep -q "${app_name}_${MY_USERNAME}" $APP_USERS_FILE; then
-            echo "${app_name}_${MY_USERNAME}" >> $APP_USERS_FILE
+        if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then
+            echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE
        fi
    fi
 done

 if [ -f /etc/nginx/.htpasswd ]; then
-    if ! grep "${MY_USERNAME}:" /etc/nginx/.htpasswd; then
-        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $MY_USERNAME
+    if ! grep "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
+        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
    fi
 fi

 # add user menu on ssh login
-if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
-    echo 'control' >> /home/$MY_USERNAME/.bashrc
+if ! grep -q 'control' /home/$ADD_USERNAME/.bashrc; then
+    echo 'control' >> /home/$ADD_USERNAME/.bashrc
 fi

-${PROJECT_NAME}-pass -u $MY_USERNAME -a login -p "$NEW_USER_PASSWORD"
+${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
 clear
-echo $"New user $MY_USERNAME was created"
+echo $"New user $ADD_USERNAME was created"
 echo $"Their login password is $NEW_USER_PASSWORD"
 echo ''
 echo $"They can download their GPG keys with:"
 echo ''
-echo "    scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"
+echo "    scp -P $SSH_PORT -r $ADD_USERNAME@$HOSTNAME:/home/$ADD_USERNAME/.gnupg ~/"
 echo ''
 echo $"They should also run ${PROJECT_NAME}-client on their system to ensure"
 echo $'the best security.'