a103417da2
gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified.
77 lines
2 KiB
Bash
Executable file
77 lines
2 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# WARNING 1: probably contains bashisms galore. If you don't have bash,
|
|
# please install it.
|
|
|
|
# NOTE 1: this script is run as root.
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# BEGIN site-local changes
|
|
|
|
# the full path to the new login shell to replace these users' existing shell
|
|
new_shell="/usr/local/bin/gl-shell"
|
|
|
|
my_chsh() {
|
|
# please replace with appropriate command for your OS/distro. This one is
|
|
# suitable at least for Fedora, maybe others also
|
|
chsh -s $new_shell $1 >&2
|
|
}
|
|
|
|
# remove these 2 lines after you have done your customisation
|
|
[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using >&2; exit 1; }
|
|
|
|
# END site-local changes
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
die() { echo "FATAL: $@" >&2; exit 1; }
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
euid=$(perl -e 'print $>')
|
|
if [ "$euid" = "0" ]
|
|
then
|
|
|
|
[ -n "$1" ] || die "need a valid username"
|
|
user=$1
|
|
id $user >/dev/null || die "need a valid username"
|
|
|
|
# now fix up the user's login shell
|
|
my_chsh $user
|
|
|
|
pubkey="$PWD/$user.pub"
|
|
[ -f "$pubkey" ] && {
|
|
echo "$user.pub already exists. Shell changed, exiting..." >&2
|
|
exit 0
|
|
}
|
|
|
|
# drat... 'cd ~$user` doesn't work...
|
|
cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"
|
|
|
|
# now set up her rsa key, creating it if needed. This will get used if
|
|
# she comes in via password or without agent forwarding.
|
|
[ -d .ssh ] || {
|
|
mkdir .ssh
|
|
chown $user .ssh
|
|
chmod go-w .ssh
|
|
}
|
|
|
|
[ -f .ssh/id_rsa.pub ] || {
|
|
ssh-keygen -q -N "" -f .ssh/id_rsa >&2
|
|
chown $user .ssh/id_rsa .ssh/id_rsa.pub
|
|
chmod go-rw .ssh/id_rsa
|
|
chmod go-w .ssh/id_rsa.pub
|
|
}
|
|
|
|
# create alice.pub
|
|
cat .ssh/id_rsa.pub > $pubkey
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
die "needs to run as root"
|
|
|
|
fi
|