uci-docker-build/core/rootfs/opt/lib/user-create

#!/bin/bash
USER=${1:-$USER}
USER_PW=${2-$USER_PW}
UHID=${UHID:-1000}

# TODO make SUDO conditional on USER_SUDO=true

if [[ $USER ]]; then
echo "------- Adding USER: $USER with ID: $UHID ------"

cat <<DOC >> /etc/login.defs
SYS_UID_MAX   $UHID"
SYS_GID_MAX   $UHID"
DOC

    source $LIB_DIR/verbose.lib
    # echo loading acl package
    # silence $INSTALL_PKGS acl
    groupadd -g $UHID $USER
    # user passwords implies system (sudo) login user
    
    if [[ $USER_PW ]]; then
        echo "$USER is being created as a login user"
        useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER
        echo $USER groups: $(groups $USER)
        chpasswd <<< "${USER}:${USER_PW}"

# SUDOERS Setup 
        cat <<SUDO >> /etc/sudoers.d/01-sudo-wheel
Defaults lecture = never     
%wheel ALL=(ALL:ALL) ALL
%sudo  ALL=(ALL:ALL) ALL
SUDO
    chmod 440 /etc/sudoers.d/01-sudo-wheel

        cat <<USER >> /etc/sudoers.d/02-$USER
$USER ALL = NOPASSWD:/bin/chown
$USER ALL = NOPASSWD:/bin/chmod
USER
        chmod 440 /etc/sudoers.d/02-$USER
        if [[ -f $USER-permits ]]; then
            echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---"
            cat $USER-permits 
            cat $USER-permits >> /etc/sudoers.d/02-$USER
        fi 
    else
        echo $USER will be a non login user
        # home_dir=${USER_HOME:-/home/$USER}
        # mkdir -p $home_dir
        useradd -rM -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -p '*' -d /dev/null
        # usermod -p '*' $USER
        # -d $home_dir
        # chown $USER:$USER $home_dir
fi   
 # shellcheck enable=add-default-case      
# chmod -R g+rw /opt
# setfacl -d --set u::rwx,g::rwx,o::- /opt
cat /etc/passwd | grep $USER
id $USER
echo "done------- Adding USER: $USER ------"

fi