#!/bin/bash set -Eeo pipefail # shellcheck disable=2154 trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR # Extended regular expression (ERE) for arguments reUser='[A-Za-z0-9._][A-Za-z0-9._-]{0,31}' # POSIX.1-2008 rePass='[^:]{0,255}' reUid='[[:digit:]]*' reGid='[[:digit:]]*' reDir='[^:]*' #reArgs="^($reUser)(:$rePass)(:e)?(:$reUid)?(:$reGid)?(:$reDir)?$" function log() { echo "[$0] $*" } function validateArg() { name="$1" val="$2" re="$3" if [[ "$val" =~ ^$re$ ]]; then return 0 else log "ERROR: Invalid $name \"$val\", do not match required regex pattern: $re" return 1 fi } log "Parsing user data: \"$1\"" IFS=':' read -ra args <<< "$1" skipIndex=0 chpasswdOptions="" useraddOptions=(--no-user-group --badname) user="${args[0]}"; validateArg "username" "$user" "$reUser" || exit 1 pass="${args[1]}"; validateArg "password" "$pass" "$rePass" || exit 1 if [ "${args[2]}" == "e" ]; then chpasswdOptions="-e" skipIndex=1 fi uid="${args[$((skipIndex+2))]}"; validateArg "UID" "$uid" "$reUid" || exit 1 gid="${args[$((skipIndex+3))]}"; validateArg "GID" "$gid" "$reGid" || exit 1 dir="${args[$((skipIndex+4))]}"; validateArg "dirs" "$dir" "$reDir" || exit 1 if getent passwd "$user" > /dev/null; then log "WARNING: User \"$user\" already exists. Skipping." exit 0 fi if [ -n "$uid" ]; then useraddOptions+=(--non-unique --uid "$uid") fi if [ -n "$gid" ]; then if ! getent group "$gid" > /dev/null; then groupadd --gid "$gid" "group_$gid" fi useraddOptions+=(--gid "$gid") fi useradd "${useraddOptions[@]}" "$user" mkdir -p "/home/$user" chown root:root "/home/$user" chmod 755 "/home/$user" # Retrieving user id to use it in chown commands instead of the user name # to avoid problems on alpine when the user name contains a '.' uid="$(id -u "$user")" if [ -n "$pass" ]; then echo "$user:$pass" | chpasswd $chpasswdOptions else usermod -p "*" "$user" # disabled password fi # Add SSH keys to authorized_keys with valid permissions userKeysQueuedDir="/home/$user/.ssh/keys" if [ -d "$userKeysQueuedDir" ]; then userKeysAllowedFileTmp="$(mktemp)" userKeysAllowedFile="/home/$user/.ssh/authorized_keys" for publickey in "$userKeysQueuedDir"/*; do cat "$publickey" >> "$userKeysAllowedFileTmp" done # Remove duplicate keys sort < "$userKeysAllowedFileTmp" | uniq > "$userKeysAllowedFile" chown "$uid" "$userKeysAllowedFile" chmod 600 "$userKeysAllowedFile" fi # Make sure dirs exists if [ -n "$dir" ]; then IFS=',' read -ra dirArgs <<< "$dir" for dirPath in "${dirArgs[@]}"; do dirPath="/home/$user/$dirPath" if [ ! -d "$dirPath" ]; then log "Creating directory: $dirPath" mkdir -p "$dirPath" chown -R "$uid:users" "$dirPath" else log "Directory already exists: $dirPath" fi done fi