#!/bin/bash USER=${1:-$USER} USER_PW=${2-$USER_PW} UHID=${UHID:-1000} # TODO make SUDO conditional on USER_SUDO=true if [[ $USER ]]; then echo "------- Adding USER: $USER with ID: $UHID ------" cat <> /etc/login.defs SYS_UID_MAX $UHID" SYS_GID_MAX $UHID" DOC source $LIB_DIR/verbose.lib # echo loading acl package # silence $INSTALL_PKGS acl groupadd -g $UHID $USER # user passwords implies system (sudo) login user if [[ $USER_PW ]]; then echo "$USER is being created as a login user" useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER echo $USER groups: $(groups $USER) chpasswd <<< "${USER}:${USER_PW}" # SUDOERS Setup cat <> /etc/sudoers.d/01-sudo-wheel Defaults lecture = never %wheel ALL=(ALL:ALL) ALL %sudo ALL=(ALL:ALL) ALL SUDO chmod 440 /etc/sudoers.d/01-sudo-wheel cat <> /etc/sudoers.d/02-$USER $USER ALL = NOPASSWD:/bin/chown $USER ALL = NOPASSWD:/bin/chmod USER chmod 440 /etc/sudoers.d/02-$USER if [[ -f $USER-permits ]]; then echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---" cat $USER-permits cat $USER-permits >> /etc/sudoers.d/02-$USER fi else echo $USER will be a non login user # home_dir=${USER_HOME:-/home/$USER} # mkdir -p $home_dir useradd -rM -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -p '*' -d /dev/null # usermod -p '*' $USER # -d $home_dir # chown $USER:$USER $home_dir fi # shellcheck enable=add-default-case # chmod -R g+rw /opt # setfacl -d --set u::rwx,g::rwx,o::- /opt cat /etc/passwd | grep $USER id $USER echo "done------- Adding USER: $USER ------" fi